Mozilla Firefox is hands-down your best bet when it comes to privacy and security — It is fast, secure, open source, and is powered by an organization that actually cares about internet privacy and security.
Firefox runs on Gecko engine unlike the Blink engine, so you will be supporting the open internet from Google’s monopoly. Mozilla also updates the browser very frequently and it has robust features baked in for developers.
That’s why, I recommend Mozilla Firefox. It is the best alternative to Chromium-based browsers like Microsoft Edge, Google Chrome, and Brave.
Firefox is almost perfect out of the box, and most of the settings are already tweaked to protect your privacy but where it shines is its customizability.
In fact, It is so much customizable that the Tor Browser is actually a highly modified version of Firefox designed to run on Tor Network.
I am going to show you all the tweaks you can make to increase your privacy and security in this Firefox privacy and security guide:
Table of Contents
- Privacy and Security by Compartmentalization
- Browser Fingerprinting
- Firefox Privacy Settings
- Firefox about:config Privacy Settings
- Firefox user.js Templates
- Firefox Privacy Add-ons
- Awesome Firefox Add-ons
- New Firefox Privacy Features
- Additional Resources
- Firefox Privacy and Security Summary
Privacy and Security by Compartmentalization
Compartmentalization is the key to taking control of your online identity. You should always use different browsers for different scenarios.
I recommend using one browser where you are logged on with different services like your Mail, Calendar, Social Media, etc, and another one for private use, so that you can stay logged in without getting tracked.
You can also use something the add-on Firefox Multi-Account Containers to keep parts of your online life separated from each other.
Personally, I don’t use the Multi-Account Container — I have the habit of clearing everything after I am done browsing, which logs me out from everywhere.
Play around and see what works for you, The key is to not have all your eggs in the same basket.
Before you go ahead and make changes to your settings or install an add-on, You should consider your browser’s fingerprint (or device’s fingerprint).
Every time you visit a web page, your browser voluntarily sends information about its configuration like OS, browser type, available fonts, screen resolution, add-ons and a lot more, you can go visit DeviceInfo.me to see what data your browser is sending.
The problem is that if this combination of information is unique, it will facilitate identification without any tracking tools like cookies.
The ironic aspect of this is that the more measures you take to avoid tracking, the more unique your browser fingerprint becomes.
That’s why it’s recommended that you should not install or modify anything on your Tor Browser making every single user same.
More is not always better. You don’t need to use every add-on and tweak I am recommending here, the more you configure, the unique your browser fingerprint gets.
Choose wisely and confidently. You can check for browser fingerprinting using Panopticlick, a tool by Electronic Frontier Foundation.
Firefox Privacy Settings
These are all the basic tweaks you can do after installing Firefox. These settings are easy to configure.
To change these Settings, Just open Options page (Preferences on macOS) from the Menu.
Or, go to this URL: “about:preferences”
Change Your Search Engine
This is an easy one. Just go to Options/Preferences > Search > Default Search Engine and choose something other than Google.
You can choose from the drop-down menu or add another search engine by going to One-Click Search Engines > Find more search engines.
I recommend switching to DuckDuckGo, or some other privacy respecting search engine.
You should consider switching from Google as it collects lots of personal data by tracking you online to serve ads.
Enhanced Tracking Protection
This is Firefox’s built-in Content Blocking feature that blocks all kinds of:
To Enable Enhanced Tracking Protection, Just go to Options/Preferences > Privacy and Security > Enhanced Tracking Protection and select the Strict Mode.
Firefox by default uses Standard mode and warns about Strict mode as it may “cause some websites to break”.
Disable Content Blocking on Sites
You can always disable Enhanced Tracking Protection on certain websites by clicking on the shield icon to the left of the address bar, and flipping the switch.
Disabling Enhanced Tracking will of course allow trackers and cookies that undermine your privacy on that site, so you will have to consider that’s something you are willing to compromise on, on a site-by-site basis. Don’t worry, most of the websites usually don’t break!
DNS over HTTPS
DNS (or the Domain Name System) is how your browser converts domain names like techcorpus.com into IP Addresses like 127.0.0.0.
This is done because computers don’t understand URLs like techcorpus.com instead they can only make connections to IP addresses.
By default, you will be using your ISP’s DNS, which is usually unencrypted and facilitates logging up of websites you visit by your ISP.
Encrypting your DNS Traffic can shield your queries and add some privacy to your browsing. There are many ways to encrypt your DNS: DNS over HTTPS, DNS over TLS, DNSCrypt, etc.
Fortuitously, Firefox already has built in support for DNS over HTTPS.
To Enable DNS over HTTPS, Just go to Options/Preferences > General > Network Settings. In the bottom of Settings, You will be able to select “Enable DNS over HTTPS” and choose a Provider.
This is where you need to be a bit cautious because by choosing DoH provider, you’ll be sending all your DNS queries to a single provider, preferably Cloudflare unless you choose NextDNS or some other provider.
While using DoH does add some privacy protection from your ISP, you’re basically shifting that Trust to the DoH Provider. Make sure that’s something you’re comfortable with.
Another thing that must be noted is even when you’re using DoH, your ISP will still be able to what domains you are connecting due to Server Name Indication (SNI).
Firefox by default, is configured to share “technical and interaction data” with Mozilla. This may include ability to “install and run studies” as well as “backlogged crash reports”.
While Mozilla is one of the best privacy-respecting organizations, you should always prefer sending as little data as possible.
To disable Telemetry, Just go to Options/Preferences > Privacy and Security >Firefox Data Collection and Use.
Clear Cookies and Site Data
This setting is not for everyone as clearing cookies will log you out of all the websites and you will have to log in again.
However, It’s a pretty nifty feature that deletes all your cookies and site data when you close Firefox making it harder for websites to track you.
To enable Clear Cookies and Site Data, Just go to Options/Preferences > Privacy and Security > Cookies and Site Data and check mark the box next to “Delete cookies and site data when Firefox is closed”.
The “Do Not Track” Request
Firefox also gives you an option to request websites “do not track”. However, It’s usefulness has come into question because most of the websites will just ignore these requests and it also facilitates fingerprinting of your browser.
I recommend against turning on “Do Not Track” request feature which can be found in Browser Privacy Section. Learn more about DNT here.
Firefox About:Config Privacy Settings
Aside from the general menu settings that you already tweaked above. There are a number of “under the hood” settings that can help you gain better privacy and security.
If you have made change from above settings, you may notice some of these are already updated in about:config aka configuration editor.
To access the configuration editor in Firefox, simply enter about:config into the URL bar and hit Enter.
You will be prompted with a warning screen stating “Proceed with caution”. Just click “I accept the risk” button to continue.
You will be greeted with a blank screen with a search bar on the top with a Show All button.
Click on “Show All” button to view all the options or just search the ones you want to change via the search bar. Do note that preference names are case-sensitive but search terms are not.
You can modify preferences by just double clicking the preference name. There are two ways to change preference: Boolean (True-False) and String (Text).
For Boolean: Just Click the Toggle Button or Double Click the Preference Name.
For String: Just Click on Edit Button or Double Click the Preference Name and enter a New Value.
Click on the Checkmark to save the changes.
To reset a Preference to its Default Value, Click on the Reset Button, To Remove an Added Preference, Click on Delete Button.
You can also add own preferences.
Alright, here are the recommended changes:
Privacy and Security
media.peerconnection.enabled = false
WebRTC stands for “Web Real-Time Communication” — It’s a free, open source project that enables web browsers with RTC i.e. video and audio communication.
However, there is a flaw in browsers that support WebRTC which exposes your IP Address even when you are using a VPN.
If you want to disable all WebRTC Settings:
- media.peerconnection.turn.disable = true
- media.peerconnection.use_document_iceservers = false
- media.peerconnection.video.enabled = false
- media.peerconnection.identity.timeout = 1
Note: Disabling WebRTC will stop functioning of all kinds of video and audio chat apps like Skype, Hangouts on your Firefox Browser.
You can check for WebRTC leak here.
privacy.firstparty.isolate = true
First-Party Isolation is a result of the Tor Uplift Project, this preference isolates all cookies to the first party domain, with the goal of preventing tracking across different domains.
It also isolates cache, HTTP Authentication, DOM Storage, auto-form fill, favicons, and much more.
privacy.resistFingerprinting = true
It is another feature that is a part of Tor Uplift Project, this preference makes Firefox more resistant to browser fingerprinting.
privacy.trackingprotection.fingerprinting.enabled = true
Blocks fingerprinting in Firefox 67+
privacy.trackingprotection.cryptomining.enabled = true
Blocks cryptomining in Firefox 67+
privacy.trackingprotection.enabled = true
Another new Mozilla’s built-in tracking protection.
beacon.enabled = false
Blocks sending of data to servers when leaving pages.
geo.enabled = false
Disables geolocation feature that uses Google Location Services to get your Location from your IP Address.
webgl.disabled = true
browser.send_pings = false
Disables click tracking on websites.
browser.cache.offline.enable = false
Disables offline cache, It may lead to less performance but better privacy.
browser.urlbar.speculativeConnect.enabled = false
Disables preloading of AutoComplete URLs, which is a concern if URLs are suggested that you don’t want to connect to.
browser.safebrowsing.downloads.remote.enabled = false
Disables sending of information about downloaded executable files to Google Safe browsing.
browser.sessionstore.privacy_level = 2
Choose when to store extra information about a session like contents of forms, cookies, POST data, etc.
- 0 = Stores extra session data for any site.
- 1 = Stores extra session data only for unencrypted (non-HTTPS) sites.
- 2 = Never store extra session data.
dom.battery.enabled = false
Disables the ability to track the battery status of your device.
dom.event.clipboardevents.enabled = false
Disables the ability to track if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
media.navigator.enabled = false
Disables tracking of microphone and camera status of your device.
media.eme.enabled = false
Opts you out of CDM playback, uninstalls CDMs and stops all CDM downloads.
media.gmp-widevinecdm.enabled = false
Disables Widevine Content Decryption Module provided by Google that is used for playback on DRM-Controlled HTML5 content.
CDM (or Content Decryption Module) is a mechanism used by DRM (or Digital Rights Management) which enables online video and audio services to enforce that the content they provide is in accordance with their requirements.
You may not be able to play content on some sites that require DRM enabled, if you choose to disable widevine.
network.cookie.cookieBehavior = 1
Disables cookies. You can choose 0, 1 or 2.
- 0 = Accepts all cookies by default
- 1 = Accepts Only from the originating site (Blocks 3rd-party cookies)
- 2 = Blocks all cookies by default
network.cookie.lifetimePolicy = 2
Deletes cookies at the end of the session, you can choose 0, 1, 2 or 3. You don’t need to change it here if you have already done in options/preferences.
- 0 = Accepts cookies normally
- 1 = Prompts for each cookie
- 2 = Accepts for current session only
- 3 = Accepts for N days
network.http.referer.trimmingPolicy = 2
Sends only the scheme, host, and port in the Referer header. You can choose 0, 1 or 2.
- 0 = Sends the full URL in the referer header
- 1 = Sends the URL without its query string in the referer header
- 2 = Sends only the scheme, host, and port in the referer header
network.http.referer.XOriginPolicy = 2
Send only Referer header when the full hostnames match. You can choose from 0, 1 or 2.
- 0 = Sends Referer in all cases
- 1 = Sends Referer to same eTLD sites
- 2 = Sends Referer only when the full hostnames match
network.http.referer.XOriginTrimmingPolicy = 2
Sends only the scheme, host, and port in the referer header of cross-origin request when sending referer across origins. You can choose from 0, 1 or 2.
- 0 = Sends full URL in referer
- 1 = Sends URL without query string in referer
- 2 = Sends only send scheme, host, and port in referer
network.IDN_show_punycode = true
Renders IDNs (or Internationalized Domain Names) as their Punycode equivalent which prevents phishing attacks.
network.security.esni.enabled = true
Enables Encrypted SNI (or Server Name Indication) to make sites that support eSNI a bit more difficult to track.
Disable Firefox Prefetching
- network.dns.disablePrefetch = true
- network.dns.disablePrefetchFromHTTPS = true
- network.predictor.enabled = false
- network.predictor.enable-prefetch = false
- network.prefetch-next = false
Firefox “Safe Browsing”
Safe Browsing provides phishing protection and malware checks. However, It requires sending data like URL, File Hashes to Google, but that was the case before older versions as explained here.
Now-a-days Firefox takes a lot of measures to protect user privacy while providing Safe Browsing as explained by François Marier, a security engineer for Mozilla.
I recommend you keep Safe Browsing enabled on Firefox as it’s a pretty nifty tool and disabling it does not provide tangible privacy benefits.
If you wish to disable Safe Browsing feature, you can do it in about:config section:
- browser.safebrowsing.phishing.enabled = false
- browser.safebrowsing.malware.enabled = false
If something breaks and you aren’t able to access websites because of the changes you made in about:config section. You should be able to troubleshoot it.
If all goes wrong, you can always either Delete Firefox Preference Files or Refresh Firefox.
Delete Firefox Preference Files
- Click the Menu button, Click Help and Select Troubleshooting Information to open Troubleshooting Information tab.
- Under the Application Basics section next to Profile Folder, click Open Folder. Your profile folder will open.
- Click the Firefox menu and select Exit.
- Locate and delete the file prefs.js (or rename it, for example, to prefs.jsOLD, to keep the old file as a backup). If you find more than one, a prefs.js.moztmp file or a user.js file, delete (or rename) these as well.
- You can close the profile folder and open Firefox now.
The Refresh Feature restores Firefox to its default state while saving your essential information. It will reset preferences and remove other customizations, including added extensions and themes.
Firefox user.js Templates
A user.js is a configuration file for Mozilla Firefox that’s supposed to harden Firefox’s settings, and make it more private and secure. Here are some recommended user.js Templates:
You can also create a Firefox profile with the defaults you like using Firefox Profilemaker.
To install the user.js file you have just downloaded, Just copy the user.js file to the current user profile directory which can be found here:
|OS X||~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile|
Firefox Privacy Add-ons
Firefox has lots of great add-ons that will do wonders to your privacy, security and speed.
Mozilla has also started the Recommended Extensions Program to help its users find the safest, highest quality extensions.
When you are installing add-ons for Firefox, consider whether you are actually going to use them. Do remember the fingerprinting warning from earlier.
Keeping all that in mind, There are three add-ons I recommend for virtually everyone:
- uBlock Origin
- HTTPS Everywhere
All the three add-ons only complement the settings listed in this article, and they come preconfigured that won’t break the sites you visit.
uBlock Origin is the first add-on I get on any browser after installing it — It is an efficient and light-weight wide-spectrum blocker which blocks all kinds or ads, trackers and malware sites.
I trust uBlock Origin as it is completely open source and lets you enforce thousands more filters than any competing blocker.
And, unlike other so called “Ad Blockers” it doesn’t have any Monetization Strategy like “Acceptable Ads Program”.
It also makes your browsing experience much faster as you won’t be loading a lot of junk every time you open a web page, and hence saving a lot of bandwidth.
HTTPS is the secure, encrypted version of HTTP, the foundation of all communications on web. You can check if a website is using HTTPS or not by looking at URL, a green padlock followed by “https://” in your browser’s address bar is the way to go.
Of course, It only works with sites that already support HTTPS on their server’s side so you’ll have to keep an eye on your address bar or you can Just turn on “Encrypt All Sites Eligible” from the HTTPS Everywhere’s icon.
This will prompt you when it finds a website is not using HTTPS and you get to choose to whether to proceed or not.
These CDNs are hosted all over the world to facilitate faster browsing, but they also track you as you are constantly making connections to these servers, allowing them to build an accurate tracking profile on you.
With Decentraleyes installed, when your browser tries to make connection to a CDN to download say jQuery or bootstrap, it will check if you already have it and then serve the file from its cache.
Decentraleyes also has the added benefit of speeding up your browsing as you will be making fewer connections and saving your data.
Awesome Firefox Add-ons
All the mentioned add-ons are free and open source. There are lots of other great add-ons available for Firefox, You can also check Firefox Recommended Extensions Program.
Here are some awesome Firefox add-ons you may be interested in:
Cookie AutoDelete as the name states automatically deletes any cookies that are not needed. You won’t need this add-on if you have already made changes as mentioned above.
Privacy Badger is another add-on from Electronic Frontier Foundation entirely dedicated to blocking “Invisible Trackers”. It analyzes and blocks tracker and ads that violate the principle of user consent.
ClearURLs removes tracking elements from URLs to help protect your privacy when browse through the Internet.
Many websites use tracking elements in the URL (e.g. https://example.com?utm_source=newsletter1&utm_medium=email&utm_campaign=sale) to mark your online activity, which isn’t necessary for a website to be displayed.
Firefox Multi-Account Containers
Firefox Multi-Account Containers lets you isolate your work, shopping or personal browsing without having to clear your history, log in and out, or use multiple browsers.
It keeps parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.
User-Agent Switcher and Manager
User-Agent Switcher and Manager as the name suggest lets you spoof your browser type and operating system — making it harder for websites to track you and deliver distinct content.
You can also choose to randomize user-agent strings automatically.
It is basically a Point-and-Click Matrix-based firewall, which lets you filter net requests according to source, destination and type.
NoScript Security Suite
It uses “ClearClick Technology” to protect you against XSS, cross-zone DNS rebinding / CSRF attacks, and Clickjacking attempts.
Note: Both uMatrix and NoScript are made for advanced users who want powerful blockers and are ready to invest time and energy into customizing it.
New Firefox Privacy Features
Firefox has been launching a lot of great privacy and security features lately. I have already discussed a bunch of them above.
Here are some of those additional new Firefox privacy features:
DNS over HTTPS
I have already told you about DNS over HTTPS, It basically encrypts your DNS to protect your privacy.
Multi-Account Containers is Firefox’s in-house add-on that lets you isolate your work, shopping or personal browsing without having to clear your history, log in and out, or use multiple browsers.
Firefox Private Network
Firefox Private Network is basically a VPN (or Virtual Private Network) offered by Firefox.
The app version would cost you $4.99/month while the add-on is free for 12 hours/month, but it is only available in US.
Firefox Monitor warns, and allows you to check whether your email address has been exposed in an online data breach. It is launched in partnership with haveibeenpwned.com, a website by web security expert and creator of ASafaWeb Troy Hunt.
It lets you search for email address in public data breaches going back to 2007 or you can sign up for breach monitoring. It’ll also notify you in Firefox if you visit a site that’s been breached.
Firefox Lockwise is a simple password manager that lets you access the passwords you’ve saved in Firefox from anywhere — even outside the browser.
It is backed into your Firefox browser under Login and Passwords section, uses 256-bit encryption while syncing.
You can secure your passwords with Face or Touch ID, and it is available for both Android and iOS.
Firefox Send is a simple way to send files with end-to-end encryption. You can choose when your file link expires, the number of downloads, and add password for an extra layer of security.
It has a file size limit of 2.5 GB, and is available on the Web and Android.
Firefox Pocket is an app for managing reading list of your articles and videos from the Internet, it was earlier known as read it later, and was acquired by Firefox in 2017.
It is backed into your Firefox browser allowing you to save blogs, news sources, web pages and videos to one place with the click of a button and access it later from any device, be it Android, iOS or Web.
ToS;DR grades websites according to their Terms of Service agreements and Privacy Policies. It is community driven, and the analysis and ratings are published transparently by a community of reviewers.
Firefox Privacy and Security Summary
Firefox is the most comprehensive browser out there when it comes to privacy and security, when modified as recommended in this post. I hope you enjoyed reading about these privacy tweaks on Firefox.
That’s it for now folks!
I would be updating this guide with more privacy tools and information.
You can check out all the Privacy and Security Tools I recommend here.
Do let me know of any feedback, tips, or suggestions based on privacy and security tweaks you are using, feel free to drop a comment below!