How to Strengthen Firefox Privacy and Security in 2024

Ali Qamar  - Cybersecurity Analyst
Last updated: August 22, 2024
Share

Firefox is among the most secure mainstream browsers. Still, there are some loose ends. This post features Firefox privacy recommendations and tweaks to strengthen Mozilla browser security.

THE TAKEAWAYS

Firefox is the most customizable browser, allowing users to adjust the settings according to their requirements. Here are some ways to strengthen your privacy and security:

  • Enable private browsing
  • Use VPN extension
  • Clear cookies and caches
  • Add ad blocker extension

When looking for top privacy-oriented browsers, Mozilla Firefox is one of the first ones that arguably comes to mind. Like most browsers on the Internet today, Firefox continues to make bold steps to address digital privacy and security.

In addition, the browser comes with many settings and configurations you can use to enhance your online security. That’s not all. Mozilla Firefox’s greatest feature is that it’s highly customizable, which is not the case with other browsers.

In this article, we will explain how you can enhance your Firefox security and privacy.

A brief history of the Mozilla Firefox browser

Firefox has undergone a series of changes ever since it was launched by the Mozilla Foundation in 2004. Before that time, the Firefox browser only existed as a university project of Marc Andreessen in the early 90s at the University of Illinois.

The Bachelor of Computer Science degree holder worked for the National Center for Supercomputing Applications around the same time Sir Tim Berners-Lee introduced Mark II, an early version of the ViolaWWW browser (a discontinued browser now).

Mark joined Eric Bana in creating a browser for UNIX named NCSA Mosaic. Released in June 1993, it was adopted by Macintosh and Windows. When Mark graduated in 1994, they changed the company’s name to Netscape Communications Corporation.

Mosaic Netscape 0.29, also known as Netscape Navigator, was their first project. The project came as a mosaic killer or simply Mozilla, representing a Godzilla creature as their cartoon logo.

But it was not until 1998 that AOL acquired Netscape, and by June 2002, they started building Mozilla Firefox, which was named Phoenix at the time. This new web browser received a lot of traction, and in 2003, Mozilla announced plans to work on this project even more.

It was in 2004 that the first stable version of Mozilla Firefox 0.8 was released. By the time Google Chrome got introduced in September 2008, Firefox had controlled more than 30% of all browser usage on the internet.

Fast forward to 2020, Firefox has 10% of browser usage, while Chrome has captured the rest of 70%. The best thing is that Mozilla Firefox is still an open-source project.

Some vital heads-ups before securing your Firefox

Firefox Browser Security

As noted earlier, on top of its secure code, the browser has many techniques and tweaks to keep you safe online.

However, below are some important considerations you need to make before proceeding to Firefox tips for enhanced privacy, add-ons, extensive configuration settings, and tweaks that ensure your safety online.

We will discuss these in detail a little later, but we will also discuss them quickly.

Browser fingerprinting

A browser fingerprint is information that a remote service collects from you to identify your device or machine. The websites you visit quickly identify unique users and track how they behave online.

So, how do I deal with browser fingerprinting in Firefox? The Firefox browser has configurations that allow plugins to be used as long as they align with your operating system. So, you choose specific settings to know how you get tracked or see the accuracy of the tools you use to stay safe online.

In fact, if you use your fingerprinting tools well, you could end up bypassing any form of tracking by websites online. It might sound ironic and insidious, but the more measures you have to avoid web tracking, the more your browser fingerprints become unique.

The Tor Browser is one of the most popular anti-fingerprinting platforms that you can use. But, as long as you are using Firefox, you can still use a plane OS and your normal beloved browser to build a defense against fingerprinting.


Adblocking

Not too long ago, The Guardian Magazine screamed a headline that Firefox is fighting against Facebook and Google advertisement programs for the future of web privacy. The browser is not necessarily aiming at any of those tech giants at all, though.

The problem with these companies is that they have lots of tracking in place, and Firefox (for optimum user privacy) prevents them from doing this. An update to the browser in June 2019 brought robustly enhanced tracking protection, automatically becoming part of the browser’s standard settings.

Advertisers, trackers, and crypto miners will not show or have power over this browser’s uses. Previously, this feature was only available for the Beta and Firefox nightly versions, but now it’s available in the standard model. The browser blocks pervasive cookies used by ad trackers that potentially expose you online to make ad blocking possible.


Threat modeling

Among the best ways to keep yourself safe online is to have a model that helps you understand your online threats. So, what exactly is threat modeling? Simply put, you map out your adversaries and know from whom you are trying to hide your data.

The enemy could be the big tech companies, the government, or the ordinary stranger.

Once you understand your threat, you will put in place measures that work efficiently to protect you. It would be best to do this because it helps form a strategy to use your Mozilla Firefox browser to stay safe online. Also, it enables you to know if the tools you will use are feasible from a financial point of view.


DNS over HTTPS

A domain name system DNS is more potent than HTTPS. The DNS means that your browser turns the domain name of a website into a numerical address. For example, PrivacySavvy.com becomes 194.1.147.13. Computers only connect to IP addresses. Therefore, you can easily mask your location or prevent getting tracked online.

DNS is not encrypted by default. Typically, it can let third parties see what you are doing online and leave, then change your IP to redirect to websites.

Therefore, once you use encrypted DNS, you prevent any of these from happening. Encrypted DNS should be in the form of DNS over TLS, DNS-over-HTTPS (DoH), or dnscrypt. These encrypted forms prevent your ISP from accessing your queries. So, nobody can tamper with what you do online.

Mozilla recently embraced the native support for DNS over HTTPS. You have to head to the general page and search for network settings. Then, at the bottom, you will find settings that allow you to enable DNS over HTTPS. Once you choose your provider, you may also want to ensure that you rely on an ISP provider that has encrypted the Server Name Indication eSNI so they don’t invade your privacy.

To disable DoH in Firefox, hover over to Menu, then Options, and then General. There, you click on the Settings button after scrolling down to Network Settings. A box will appear; scroll down until you see Enable DNS over HTTPS to enable or disable it.


Web extensions

Firefox extensions are some of the tools you get when using Mozilla Firefox. Mozilla Foundation’s browser has moved from its old-fashioned add-ons to the web extensions section. Beginning with the Firefox 57 quantum, you can now use web extension add-ons.

Firefox add-ons and extensions will help you change your experience with the browser. You can improve your security or even try to play around with themes and understand how it feels to use the new platform.


What to do (for ultimate privacy and security) when you first install the Firefox browser

Installing the Mozilla Firefox browser might be one of the best decisions you’ll ever make. This browser’s safety and functionality features will fit your online escapades and give you much power.

But there are certain things you have to understand before you have your browser installed. For instance, if you are running on Windows 10, you might receive a warning that tries to scare you from making this installation. Microsoft wants you only to use their applications. You need to be smarter and make your own decisions for your security. Ready?

Head to the Mozilla website and download the best version for your device and operating system. Once you click the ‘download or get it now’ button, the system will detect the best version for your device and start downloading it automatically.

Open the downloaded file and run it. When the installation is completed (in about one to two minutes), Firefox will open.

Mozilla Firefox first look after installation

You can then choose to sign in or synchronize with your other accounts. Another thing you might need to do is probably make the Mozilla Firefox browser your default browser.

You may want to use specific settings and hacks to reinforce your browser’s security. Let’s get started with adjusting your Firefox settings for better protection and privacy:

1. Disable telemetry

The Mozilla Firefox browser collects some telemetry by default. Telemetry is a feature in browsers that collects data such as performance metrics. It’s a browser’s way of getting feedback from its users so they can improve their services. These include histograms, scalars, and data payloads. This information is then sent to the server for processing.

Of course, it’s harmless, mostly because it only goes to Firefox, and no personal information could identify you. However, Mozilla only allows you to opt out instead of opt-in, so you may want to tighten your privacy.

Disabling telemetry in Firefox is straightforward. First, head to the Privacy and Security section in your Settings menu (the three horizontal dots you see on the top-right). There, you will find a section named Firefox Data Collection and Usage. Here, you need to check or uncheck options depending on your preferences.

If you are using Firefox for Android, you need to go to your menu (three vertical dots on the top-right corner) and then go to Settings. There you should select Data Collection, which is available in the Privacy & Security section. You might want to uncheck all three options there.

Note: You can also run the about:config command in your browser and disable telemetry through it. To go this route, make sure you set toolkit.telemetry.enabled to false there. We will talk about Firefox about:config settings in detail a little below in this article.


2. Change your default search engine

In the past, Firefox used to run on Bing, and then it shifted to Google. You might understand Mozilla’s decision from a financial point of view, but; you have to admit that neither Google nor Bing is a friend to your privacy.

A private search engine such as DuckDuckGo will give you a little more privacy. Here is a list of the search engines Firefox provides you with to choose from.

Firefox search engines list

The good thing about multiple options here is that they provide an easy way to choose your favorite search engine.

You would want to change your search engine to DuckDuckGo there, and to do that:

  1. Got to the Menu.
  2. Click on Options.
  3. Now, the Default Search Engine (pro tip: you can use the search box available at the top-right that reads ‘Find in Options’ to find the search engines list in Firefox).
  4. You will see DuckDuckGo in a drop-down list there; that’s what you need to select.
  5. All done.

Firefox does not have a list with too many alternative search engines available in its settings area by default. However, DuckDuckGo is the recommended search engine we want you to settle on for your browser. Also, you can get more choices by clicking the Find More search engines button that you could find in the One-Click Search Engines option available in the Firefox Options tab.


3. Enable tracking protection

One of the most significant problems with the internet today is that almost every website wants to track you down. These tracking options get deployed by advertisers and websites that want to learn your online behavior.

With tracking protection, your Firefox protects your browsing data from being collected by sites. In essence, you will not have a good online profile having browsing information that those websites could take advantage of without you knowing.

Activating tracking protection in Firefox is fairly easy:

  1. Go to the menu (by clicking three dots on the top-right corner of your browser).
  2. Select Options.
  3. Head over to the Privacy and Security tab on the left side.
  4. Look for the Tracking Protection section there, and Always choose among the options you see there.
  5. All done.
Firefox Tracking Protection Settings

You might have only the Content Blocking option in your Privacy and Security tab in your Firefox. If so, you simply change it to Strict from Standard mode there.


4. Turn on the Do Not Track Protection

Most standard browsers have a BLT or do not track option that informs websites you’re visiting that you do not like the idea of getting tracked.

Remember that it is up to those websites to decide whether they want to obey your command or not. So, tweaking your browser settings to enable the Do Not Track feature might not help you achieve better privacy goals.

Still, it won’t hurt to use this Firefox privacy feature, too. Like the above, you can enable this feature in the Content Blocking section available in Firefox’s Privacy & Security Tab.

Do Not Track me feature in Mozilla Firefox

5. Disable the WebTRC

Sometimes you want to communicate with other online users using video calls, voice, or P2P sharing of files. In this case, you may install or allow WebTRC on your browser. The new Firefox Hello chat, and video client has the functionality that lets you talk privately with Opera and Chrome browser users without installing any extensions.

The problem with this feature is that it shows your IP address even when using a VPN. That can allow websites to detect the device proxy server you’re using. If you believe that WebRTC is unnecessary for your work, you can disable it altogether.

It is straightforward to do. Follow the steps below to disable WebTRC in Firefox:

  1. Type about: config in your browser address bar and press enter.
  2. Now, press/click the button that reads I’ll be careful; I promise!
  3. Look for media. Peer connection. enable
  4. You need to set the column Value as False there. Double-click, and it will do so.
  5. Done.

6. Remove DRM

When you want to watch videos on streaming services like Hulu, Netflix, or Amazon Prime, you must use Digital Rights Management (DRM) to encrypt content and protect the copyright. These streaming websites depend on DRM to ensure they limit what you do with their videos.

When Mozilla finally included DRM in their browser in 2015, many privacy advocates raised concerns. That is understandable. However, it only meant that the Mozilla Foundation wanted to meet the standards of streaming Netflix seamlessly on Firefox.

There was a big debate because many users felt the open-source project was getting hijacked by business-oriented administrators. Mozilla even went ahead to use a separate sandbox to run the DRM. In theory, nobody can access the DRM apart from Mozilla, and the DRM would not harm users.

But if you are a privacy perfectionist, you may want to delete the DRM from your browser. Of course, this comes with its limitations because you may be unable to access DRM-protected content online.

Since taking action here can affect your ability to stream Netflix and other videos onward, we recommend you take this tweak as optional and not mandatory for maximizing your privacy on Firefox. And as noted above, having DRM available in your browser is not risky either. Still, if you want to do it, follow the steps below:

  1. Click on the menu (the three dots in the top-right corner) and pick Options.
  2. Now, type in DRM in the search box in the top-right corner of your Options screen. Digital Rights Management (DRM) Content instantly appears as you type.
  3. The only option available is Play DRM-controlled content should be checked; uncheck it.
  4. Next, go to about addons using your browser address bar. There you need to click on Plugins available on the left side.
  5. Two plugins are dubbed Widevine Content Decryption Module and Primetime Content Decryption Module. Click on the three dots ahead of their names, and select the Never Activate option for both.
  6. Now, get to about support by typing it in your address bar. Scroll down to find the Profile Folder (on the left side of your screen) and click the Open Folder button.
  7. There you need to locate and delete two sub-folders gmp-widevinecdm and gmp-eme-adobe.
  8. Restart your Firefox. You are now done with getting rid of DRM.

7. Turn off blocking for specific websites

You can disable blocking for specific websites (the ones you fully trust). This puts them on your whitelist while you look to enhance your Firefox privacy and security.

The first step is to decide on websites you use often and those that are confirmed to be secure enough for you.

To do so, go to the website you want to whitelist and click the shield icon. A window will appear where you can see a toggle button that reads, “Enhanced Tracking Protection is On for this site.ā€ Simply uncheck the toggle option available there to disable content blocking for the website.

Disable Firefox content blocking for specific websites

Online safety tips

When it comes to choosing the right security add-ons, you need to think about a few things. First, you must consider the level of security an add-on or extension offers. Then it would help if you found out how it affects your browser’s performance.

Also, it would help if you compare the features and pricing (if any) of the services you get from these add-ons. If you want to boost your Firefox security levels, we recommend you embrace the following privacy extensions:

uBlock Origin

If you want a robust adblocker that ensures you don’t get tracked, you should look no further than the uBlock Origin add-on. Although it’s relatively light, uBlock Origin is quite powerful, especially in filtering content you don’t want on your browser.

But the downside is that using ad blockers and non-tracking scripts could hurt your experience on some web pages. But uBlock Origin comes in handy with its Whitelighting features. You can use its Element Picker or Element Zapper feature to customize how a webpage runs on your browser.


Privacy Badger

Privacy Badger

Privacy Badger add-on from the Electronic Frontier Foundation (EFF) is primarily an anti-tracking extension that also serves as an ad blocker. These two functions may seem to overlap, but they complement each other, as running them concurrently is possible.

Unlike typical ad blockers, Privacy Badger does not keep blocklists. Instead, it tracks The Script of the web pages you lord and informs your browser not to load any questionable content. That means it only allows you to access secure web pages.

The way it works is simple. You can see The Script on a web page and see those trying to track you. Then the privacy badger add-on allows you to block or allow cookies or scripts.


HTTPS Everywhere

HTTPS Everywhere is one of the essential tools you should have on your Mozilla Firefox browser for optimum security. Developed by Electronic Frontier Foundation (EFF), this add-on ensures you connect securely to all the websites you visit.

As long as you visit even a non-HTTPS website with this extension activated, you will connect securely. Many websites with HTTPS still boast HTTP by default in some parts, which means they are insecure.

Here we would recommend you not rely on any extension or tool only. Stay alert from your side, too. Always ensure that the padlock icon on the left side of the URL bar is locked and green, which means that you are connecting to HTTPS enabled website.


No Script

If you want a completely free and open-source Firefox privacy add-on, NoScript is the way to go. It stops Java, Flash, and JavaScript from running on suspicious websites.

NoScript allows you to control the scripts on a website as you visit one. Some websites built on complicated technologies can refuse to obey this add-on on your browser. However, with a few tweaks, you can make it work.

You can add a few websites to your whitelist, but that means you must first understand that a few risks could be involved. Of course, this is not for average users because it requires some knowledge and skills in computer privacy. But as you are here, we are optimistic you will easily beat the challenges.


uMatrix

uMatrix

Team uBlock Origin is behind this add-on development, which offers a balance between uBlock and NoScript. So, you enjoy lots of control and customization options. However, this may not come in the ready-made way as you will have to do some customizations.

The good thing is that you donā€™t have to be tech-savvy to set uMatrix up. If you can read the instructions, you will easily tweak the interface.

If you are going to use uMatrix, you may not have to use Privacy Badger, NoScript, or uBlock Origin because you benefit from all three add-ons in one plugin.


Cookie AutoDelete

If you have been using any popular self-destructing cookies plug-in, then it’s high time to embrace Cookie Auto-Delete. This one fits everyday internet users’ Firefox well, especially in deleting all HTTP cookies that do not go away when you close the tab.

With this tool, you gain an extra layer of protection from cookies tracking without necessarily breaking the websites you wish to use. You will protect your privacy and device from eTags and DOM from storage because this add-on cleans up all these.

Nonetheless, you can tweak a few settings to prevent third-party cookies on your Firefox browser.

How to deactivate Firefox third-party cookies

Your third-party cookie settings determine your level of privacy and security when browsing. Advertisement networks may use third-party cookies to monitor and track your online activities and target you with personalized ads. However, you can tweak Firefox settings to prevent monitoring and tracking through these cookies.

  1. Open the Firefox sandwich menu and click the ā€˜Settingsā€™ tab.
  2. Click the ā€˜Privacy and Securityā€™ option.
  3. Once the page opens, look for the ā€˜Enhanced Tracking Protectionā€™ section. The default option is set to standard. Modify it to Custom and Tick Fingerprinters, crypto-miners, Tracking content, and Cookies for higher levels of privacy and security.o.
  4. From the two drop-down menus next to Tracking and Cookie content, select ā€˜All third-party cookiesā€™ and ā€˜In all Windows,ā€™ respectively.
  5. Check the ‘Always’ option below the section ā€˜Do Not Trackā€™ signal.
  6. Scroll down and find the phrase ā€˜Delete site data and cookies when Firefox is closed.ā€™
  7. Uncheck the saving passwords and logins box in the ā€˜Login and Passwordsā€™ section.
  8. Tick ā€˜Use Custom settingsā€™ in the ā€˜Historyā€™ menu. Below that, check the ā€˜Delete History when Firefox is closedā€™ box.
  9. Go to the ā€˜Permissionsā€™ section and ensure the ā€˜Warn you when websites try to install add-onsā€™ and ā€˜Block pop-up windowsā€™ options are checked.
  10. Uncheck all boxes under ā€˜Firefox data use and collectionā€™.11. Tick the boxes under ā€˜Dangerous Software Protection and Deceptive Content.ā€™

BetterPrivacy

If you want your Mozilla Firefox browser to work optimally, you need to make sure that you control cookies. The BetterPrivacy add-on ensures that all these unnecessary cookies are removed regularly.

Some people have claimed that the BetterPrivacy plugin has become obsolete because most websites no longer use Flash. But you see, you’re not sure about the websites that still rely on Flash technology. That means you may always want to have better privacy and self-destructing cookies plug-ins together. Again, data privacy mainly works to control all flash cookies.


Random Agent Spoofer

If you conceptualize what a VPN does, you will understand how the Random Agent Spoofer works. There’s been a heated-up debate on whether this is ethical, which is something you can learn in our guide on whether VPNs are legal.

Whenever you surf a site, a user agent will tell that website what kind of operating system device or location you are accessing from. Some websites process this information to ensure their services are customized for readers. Others rely on the user agent information to improve your user experience.

Unfortunately, some websites might try deploying browser fingerprinting. For this reason, you need to access sites with random agent spoofing. For example, suppose you are logging in to Google.com from your iPhone Safari browser. However, the random agent spoofer will tell Google that you are actually using Firefox installed on a Windows PC.

That makes it difficult for the websites you visit to deploy any browser fingerprinting. The information they get is distorted, and the person they will try to profile is not you.

Although the random agent spoofer add-on and others of its kind are not technically aiming to prevent browser fingerprinting, they still help ensure your information is not displayed online.

If you want absolute protection against browser fingerprinting, you may want to try the Tor Browser. But these extensions will give you a good experience without distorting your privacy.


Canvas Defender

Canvas Defender

If you use Mozilla Firefox, you may have a built-in canvas fingerprinting feature, especially in its latest versions. If the element is not yet available to you, adding the Canvas Defender extension to your browser is a great idea.

Canvas fingerprinting is a common way in which websites collect information from you.

The script tells your browser to provide a hidden drawing as an ID card that can identify you. Through this kind of information, online services can track you down. Canvas Defender steps in to prevent your browser from creating this unique identification.


Decentraleyes

Firefox comes with built-in add-ons that prevent tracking. But sometimes, you want an extra layer of protection, so you might want to try the decentralized extension.

This extension hosts CMD resources locally to browse the internet without relying on trackers. When websites try to request the browser to store more cache, the Decentraleyes extension blocks this request. Instead, it serves the browser with local versions of the CDN. You can think of this as an impersonation of the CMDs that have been stored locally in your browser.

Whenever a website wants to download any jQuery, the extension will refute it and connect it to a remote CDN. The add-on will serve files from its cache; therefore, you won’t get tracked down.

Decentrelayes addon also speeds up your browsing experience because every cache needed to load a webpage is obtained from the local files. Files getting loaded locally means everything is served instantly, and you’re going to not a huge difference in your browser’s speed and performance when you do this.


Bloody Vikings!

You will not want to publish your actual email in email listing requirements if you are a nerdy privacy enthusiast. You may want to have a randomly created email to do your online stuff without revealing your real identity.

Bloody Vikings come in handy whenever you want a temporary email address. You need to right-click on any email registration form, and the bloody Vikings will fill up that with random temporary email addresses automatically. You can then continue with your registrations or anything else you do online without revealing your personal information or real identity.


Multi accounts containers

It’s important to recall that most tech companies try to track you as much as possible. They mostly use cookies available on your browser to create an online profile about you so that they can present customized adverts.

That’s why if you enter a website while trying to review a car, you will find such adverts on your Facebook profile. That is how powerful websites’ tracking systems are. For this reason, you may want to ensure that Facebook, Google, and other companies that try to trace you online will only find cache or cookies from websites you have visited.

That will only be possible if you create a container that stores cookies from a specific website so that if that website tries to track you, it will only find cookies from its own website. This limits how websites can track you down and help preserve your digital privacy.

Multi-Account Containers add-on offers alternatives to the regular deleting of cookies ā€” the container places in your hands the power to control what websites do on your browser.


Firefox Private Network Extension

Mozilla introduced its new Virtual Private Network (VPN) as part of the project in July 2020. The Firefox Private Network is supposed to offer security on ISP or public networks.

If you don’t trust your ISP provider administrator, ensure you protect yourself from getting tracked by your ISP. We would also recommend that you choose a VPN that is right for you and understand what it entails to have a strong VPN on your side.


Mailvelope

Mailvelope

The last thing you want is another person spying on your cell phone or eavesdropping your emails. Like conventional letters, emails are very private. They should be treated as the main company delivers a wrapped parcel, personal only (which is why we usually use envelopes for conventional mail).

In the virtual space, it’s challenging to have a way to wrap up your message so that it can be delivered to the recipient securely. The good thing is many secure email providers exist today, but the virtual space now has technologies that can hide your email from getting read by anyone.

Try to think of what it would be like to send your Ph.D. dissertations over email, and you might realize your messages’ sensitivity. Indeed, you don’t want anyone else to alter it before you present it. At such a time, you may want to add another layer of protection to your email to ensure it will reach its destination securely and unchanged.

In such cases, an add-on like Mailvelope will ensure you are protected. This open-source extension is entirely compatible with Yahoo, Gmail, Hotmail, and GMX. It implements PGP, and that’s why it has proved to be a useful tool to protect emails from online eavesdropping.


KeePassHttp-Connector

Keeping your password safe is the first rule of online privacy. The last thing you want is for a person to have access to your digital profiles. Remember, you could quickly lose a lot of money or hurt your reputation if your personal or business profiles are compromised.

You need to make sure that you are passwords are well-managed. KeePassHttp-Connector add-on is an open-source password manager that helps keep all your online login credentials safe.

Better yet, we recommend you look at our list of best password managers and pick one you like the most.


Firefox Privacy Settings extension

Privacy Settings extension for Mozilla

Mozilla Firefox offers lots of control in its privacy settings, but you must be quite savvy to access those configurations. That is where you can try to use an addon that gets you there immediately.

The average Firefox user will have a hard time trying to understand the configuration settings. Those advanced settings require you to enter advanced numerical values, so you may want some help.

Privacy Settings addon helps you to access those advanced configuration settings with one click. You will realize that using this one-click control allows you to access a lot of your settings to be provided on a GUI interface.

It does not change the configuration settings but makes it easier for you to access and customize settings. You can also disable or enable any of the locations that fortify your security.


So, should you install all these add-ons?

Well, youā€™re probably trying to get to the top of the game for enhanced Firefox security and privacy. You donā€™t want anyone snooping on your web browsing activities; still, we know it might be tempting to cramp all these extensions onto your browser.

But thereā€™s a catch. You won’t be safe if you install all the security add-ons and modify the settings. The key rule of hiding online is to keep a low profile, which also applies to the internet.

You could still get exposure if you have all these settings and add-ons.

First, you need to get out of the crowd, which means keeping a low profile of yourself on the internet. Then, throwing every VPN, anti-fingerprinting manager, and cache management extension into your Firefox will only slow your digital exposure down.

And, if Firefox offers an inbuilt service, you donā€™t need an add-on that does the same thing. You need to watch out for your options.


How to enhance Firefox security with about:config tweaks

If you’re an advanced user of Firefox, you can always rely on about:config settings. There are numerous modifications you can make by simply dialing about:config.

We believe this is the best way to modify your settings to improve Firefox privacy because it gives you so much power. If you have installed new extensions or have changed any settings by the time you get to this section, do not worry. You can always see if playing with any of the advanced Firefox security settings will eliminate the need for any add-on you have on your browser.

Firefox about:config privacy tweaks warning

The first time you log onto the about config settings section, you will likely be prompted with a message that warns you about your security and performance. Accepting the risk will take you to a field where you are supposed to type or search out the preferences you want to modify.

Admittedly, you could do some damage. That is why you must pay close attention. In the end, you will find it genuinely worth it.

Once you have entered about:config settings in Mozilla Firefox, you’re going to see a screen with a long list of modifications that you can make.

You may tap on the show all button if you would rather want to scan through the list and don’t want to search for a specific function. The screen will then show you all the available options. In this case, you will be given hundreds of preferences to modify. Modifying the preferences merely takes you to double-click on a given function name.

enhance Firefox secure with About:Config tweaks

Double-clicking the option changes the value of the preference from True to false. For instance, if you choose an integer, you can double-click and then choose true as the boxā€™s value that opens.

Here are our recommended modifications you may want to make to have the best Firefox security settings:

browser.privatebrowsing.autostart

You don’t want anyone to have study trails of the things you’ve been browsing online. This Firefox command helps you to prevent people from looking at your browsing information. You don’t want to leave footprints on your browser, especially when browsing ethical websites.

When you switch to private browsing, no third party can access cookies or any records or history of websites you have been browsing. However, unfortunately, even though nobody can look at your browsing data on your computer, the ISP will have the privilege of peeping through in your Private Browsing mode. Therefore, you may want some extra protection measures.

At the same time, you should always consider using the private browsing mode even if you are on your own or are the sole user of your laptop because of its cookie-blocking functionalities. You must set this preference to true, which switches Firefox to always start in private browsing mode.


browser.startup.homepage

Mozilla Firefox will, by default, open its homepage that displays a Google search box. You must understand that commercial search engines like Yahoo and Google store lots of information about you.

And as a privacy maniac, this is precisely what you’re trying to prevent. If you want to start on a different page, then you should run this command and enter a website of your choice.


browser.startup.page

If you prefer that you are, Firefox opens on a blank page. You can change it to 0 by running this command.


browser.safebrowsing.phishing.enabled*

Firefox comes with Google safe browsing extensions by default. This extension prevents phishing and ensures that websites you visit get scanned through a Google blacklist. Thus, if a website has been blacklisted in Google’s database, it will not be allowed to load on your browser.

Google is a for-profit business; ultimately, the search giant always tries to prepare a history of your interests and then recommend websites that seem to be safe. We recommend that you turn the value to false to prevent Google from meddling with your online expeditions.


browser.safebrowsing.malware.enabled*

Google licenses its fishing protection to Mozilla Firefox, and you can access this feature through this command. Browsing through this method reports back to Google, so we recommend setting the value to false.


datareporting.healthreport.uploadEnabled

You can see how your browser performs and how much space or resources it uses. The good thing about this is that it tells whether Mozilla is good enough for you. Of course, you must use a compatible device that supports the Mozilla Firefox browser.

Whenever there is a health report, it is anonymously uploaded into the Mozilla system. This helps in development, especially in improving Firefox’s privacy.

However, because sometimes this can set you up for exposure, you may want to change this setting to False. By doing so, you will still see the report, but it will not be sent to the Mozilla Firefox team.

Some websites are so advanced that they can tell when you cut, copy, or paste anything on their platforms. Some of them will even prevent you from right-clicking through their content. Sometimes, these websites will record or even change the content of the text.

Others will even bar you from pasting that content into any form. So, you can use this advanced setting command to control your actions. Set the false entry for this query, and you will prevent any website from taking away your power.


dom.storage.enabled*

Commercial search engines are there to make money from the information they have about you. Google, Bing, Facebook, and other tech giants are always working hard to get hold of your browsing information and cookies so they can use them to draw a profile for you.

Once they can tell which websites you visit, your location, demographic information, and online interests, they draw a pattern that they can use to customize ads. So, they use pernicious methods to steal your browsing history, web storage, and other information from your browser.

Cookies are at the center of this, and as long as you can choose how cookies get stored on your Mozilla Firefox, you will always have a head start in escaping this ā€œtheft.ā€ We recommend you turn the value for this setting to false.

Please note that you might have to deal with a few broken websites, so you must do it cautiously.


geo.enabled*

Location awareness is a technique websites use to know your location and customize your feeds. As an online security enthusiast, the last thing you want to happen is for someone to know your exact IP location or device information. It is a brainer that the data can be used to track your precise location in real life. So, this is something you want to avoid. To keep yourself safe, use this configuration to set the value to false.

Also, look for geo.wifi.uri to prevent the system from sending any information about your Wi-Fi. With this setting, you can prevent Google from using its geolocation capabilities.

The Google Location Service, therefore, can be set to false to ensure that you do not get tracked. If you set the geo.enabled* setting to false, you may not have to use this. However, if you still feel itā€™s essential to stay watertight, you can change to the localhost or loopback address 127.0.0.1.


media.peerconnection.enabled

Web Real-Time Communication WebRTC is an excellent tool, especially when incorporating videos, chats, or file sharing. Firefox Hello video client lets you securely talk to other Chrome, Opera, and Firefox users.

However, WebRTC can give away your device information and IP address even when using a VPN. Although advanced VPN clients automatically block WebRTC, you can disable it yourself by changing its value to false.


We recommend using a good manager for your cookies, such as the CookieAutoDelete. However, if you wish to allow only the cookies that come from the server, you can do that by tweaking this about:config setting. To do so, change the value to 1.


Cookie AutoDelete addon helps you manage your cookies a great deal. But, if you can handle the configuration, you may not need an add-on. To ensure your cookies expire at the end of every session, set this configuration’s value to 2.

That way, when you close the browser, all sessional cookies will be deleted at that time. No websites you visit will track the pages you visited or obtain your true browsing data from then on.


network.dns.disablePrefetch

DNS prefetching improves page load time. Firefox memory users DNS-prefetch by resolving the names of your domain name similarly and proactively. This practice is good for user experience but could not be very good for privacy. You can set this value to true to ensure that your DNS prefetching has been turned off.


network.http.sendRefererHeader

When you click hyperlinks, the page you’re about to visit could request information from the source page. It’s a common practice, especially with websites where individuals make referral commissions. The website you are about to leave might send information to the website you are headed to. And this means your information is going to be shared across these platforms.

Mozilla usually doesn’t like people who disable referrer headings. Still, this could be handy if you want to stay safe and secure online. Change the value to 0, meaning you will never send any referral header.


network.http.sendSecureXSiteReferrer*

This one is quite the same as the previous option. The only difference is that it will let you be tracked through all the websites that you’ve been to visit. To ensure you disable this, you need to change its value to false.


network.prefetch-next*

Firefox tries to speed up your browsing by first searching the links on a web page and scanning them. And when it finds you idle on a site, it preloads linked-to webpages.

That is why when you go to new pages from an already visited page, they will open quickly because they’ve already been loaded. Disabling this option slows down your browsing, but if you look at it from a privacy point of view, you realize it serves a lot. We recommend trading your speed for security; hence, we urge you to change its value to false.


privacy.donottrackheader.enabled*

These days, browsers come with a do not track feature that requests websites that they shouldn’t monitor you. With all its privacy functionalities, Firefox also has this feature that tries to tell websites not to track you. But you need to understand that websites can comply with or deny your request at their will. Still, it is worth setting the value to true, though.


privacy.donottrackheader.value*

The settings above are meant to activate the do not track feature. But this value setting states exactly what the instruction is about. For instance, when you set the request to 1, websites will receive instructions not to track you.


toolkit.telemetry.enabled

Any statistical data that adds value to your browser’s responsiveness performance or usage is part of telemetry. Firefox typically sends a report to Mozilla, especially to help developers know how to improve the platform. The telemetrics sent there can expose your privacy, so you should keep this value false.


Avoid too many add-ons

Reusing Passwords

Whenever you use extensions and other modifications, it’s crucial to understand that most of them will more likely make your browser a bit slower.

Yes, you want to achieve the maximum-possible Firefox security and privacy; still, you don’t want to be like a kid who’s always topping up on his ice cream.

You want to have just enough Firefox browser addons that you need for your ideal privacy.

Remember, when you have too many items, you could break some things and slow down your browser performance.

Just look for a balance between the number of add-ons you need and tweaks you can make manually through about:config. Ensure not to install too many extensions and that you only engage in necessary settings.

If you have a fast machine, adding all our recommended Firefox privacy and security add-ons won’t affect your browser speed much. And, being privacy enthusiasts, we would always trade speed with security for all the precautions we would want to take for optimum protection online. But looking for a balance as much as possible is always recommended.

Wait, what is private browsing (aka incognito mode) all about?

Browse Internet Anonymously

Almost every browser out there in the market today has an option for Private Browsing. The Incognito mode, however, is usually misunderstood. Just because you are in ā€œprivateā€ doesnā€™t mean you are secure.

For instance, when you open the Private Window, the pages you visit will not get saved on your history. Texts, cookies, downloads, passwords, and files will not be stored. So, other computer users cannot find evidence of the sites you visited.

But the incognito mode offers just that and nothing else. In other words, it only prevents your family members from knowing what you were watching or which portals you visited.

When using Firefox 57+, you get Tracking Protection enabled by default when you are in incognito. However, you must remember that it does not hide your internet connection, IP address, or ISP.

Websites you visit will see where you are, your device, and any other telemetric data as they wish. Your ISP will also be able to monitor your online surfing from their end.

Thus, Private Browsing only protects you online from your colleagues, family, and friends who may have physical access to your computer. But, it will not help you beyond that. If you want to hide your browsing info from your ISP and other third parties, you better start using VPNs or the Tor browser.

Understand Mozilla’s privacy policy

Crowd contributions of projects such as Firefox may sometimes delude people into feeling they can do everything. But itā€™s always prudent to ensure you have read and understood the privacy policy of the service or tool you wish to use.

Our research shows that only about 5% of web visitors open (let alone read) the Privacy Policy or Terms and Conditions. Just like that, more than 95% of people miss out on the opportunity to grasp how their information is used.

And worse, you might be set on the path of making mistakes. We know sometimes it’s too good a deal to ask difficult questions from a provider, but when you are interested in software, or your privacy depends on it, you have to guard your lifeline. Just read and understand those privacy policies thoroughly.

Yes, Mozilla Firefox is open source, unlike Google Chrome, Apple Safari, Microsoft Edge, and Internet Explorer, which are all proprietary web browsers. That means no for-profit corporation is behind pushing the project to make money, which suggests it does not have a real need to track users. And on top of that, it has been audited by independent researchers multiple times.

Still, we recommend you read the Firefox privacy policy to make it your habit and see if you find anything disagreeable.

Our take on Firefox’s safe browsing feature

Thousands of Firefox users have petitioned for the removal of the Safe Browsing option feature. Some people raise privacy concerns, while others even state that it offers a ground for Google tracking.

But, newer Safe Browsing features no longer have the ā€œReal-time lookupā€ method of analyzing website URLs. The procedure has been obsolete since 2011.

According to Mozilla security engineer Francois Marier, Firefox protects users using the following privacy precautions:

The browser strips off Query string parameters from URLs. So, your downloads are protected.

Whenever Firefox requests hashes for 32-bit prefixes, the browser hides your identity and instead sends some ā€œnoise.ā€

Mozilla has a separate Cookie Container for storing Safe Browser cookies. So, it becomes difficult for anyone to abuse the service. Separating the cookie jars ensures that your Safe Browsing cookies donā€™t mix with your session cookies.

So, if you plan to disable Safe Browsing, know there are no perks to that — at least not in terms of privacy protection. However, if you want to disable Firefox Safe Browsing, deploy the configurations in about:config settings.

browser.safebrowsing.malware.enabled = false

browser.safebrowsing.phishing.enabled = false

Proceed with caution

After changing the privacy settings on your browser, your overall browsing experience is likely to change, and some websites may not load properly. Therefore, we recommend the incremental approach, where you gradually adjust your settings and install add-ons to determine which combination best suits your needs. This approach allows you to add sites to whitelists or create exceptions as you modify your settings.

FAQs

Strict enhanced Tracking protection blocks the Fingerprinters, crypto-miners, cross-site cookies, social media trackers, and tracking content in all windows. Follow these steps to enable it.

1. Click the shield on the left side of the address bar.

2. Go to protection settings which will open “Privacy and Security settings.”

3. Select “Strict” under Enhanced Tracking Protection.

4. Click the “Reload all Tabs” button to apply your new privacy settings.

Firefox’s private mode does not protect you from tracking and monitoring from your internet service provider (ISP) or employer. The private mode only keeps your local browsing private by deleting history and cookies. However, you can use a Virtual Private Network (VPN) if you don’t want anyone spying on your online activities. A VPN is a privacy-enhancing tool that encrypts your connection in a secure tunnel by routing it through remote servers. This way, no one can intercept your data or monitor your online activities, including your ISP.

Hiding your IP address when browsing is vital because it shields you from being targeted by attackers and advertising networks. Firefox Private Network uses Proxy servers in Cloudflare’s network to hide your IP address and protect you from third-party trackers online.

Share this article

About the Author

Ali Qamar

Ali Qamar

Cybersecurity Analyst
46 Posts

A strong passion drives Ali Qamar. He wants to empower internet users with privacy knowledge. He founded PrivacySavvy, an authority dedicated to fostering a security-conscious online community. Ali believes in individual liberty. He has been a vocal advocate for digital privacy rights long before Edward Snowden's mass surveillance revelation shook the world. Ali recently co-authored a book called "The VPN Imperative." It is available on Amazon. The book is a testament to his relentless quest to raise awareness about the importance of online privacy and security. Ali has a computing degree from Pakistan's top IT institution. He understands the details of encryption, VPNs, and privacy well. Many see Ali as an authority in his field. The local press often seeks his insights. His work has appeared in many famous publications. These include SecurityAffairs, Ehacking, HackRead, Lifewire, Business.com, Intego, and Infosec Magazine. He is inclined to transformative ideas. This is clear in his work. It aims to reshape how people approach and prioritize their online privacy. Through PrivacySavvy and his writing, Ali Qamar champions digital freedom. He gives internet users the knowledge and tools they need. They use these to reclaim control over their data. They can then navigate the online world with confidence and security.

More from Ali Qamar

Comments

No comments.