Categories
Resources

Firefox Guide

Mozilla Firefox is hands-down your best bet when it comes to privacy and security — It is fast, secure, open source, and is powered by an organization that actually cares about internet privacy and security.

Firefox runs on Gecko engine unlike the Blink engine, so you will be supporting the open internet from Google’s monopoly. Mozilla also updates the browser very frequently and it has robust features baked in for developers.

That’s why, I recommend Mozilla Firefox. It is the best alternative to Chromium-based browsers like Microsoft Edge, Google Chrome, and Brave.

Firefox is almost perfect out of the box, and most of the settings are already tweaked to protect your privacy but where it shines is its customizability. In fact, It is so much customizable that the Tor Browser is actually a highly modified version of Firefox designed to run on Tor Network.

I am going to show you all the tweaks you can make to increase your privacy and security in this Firefox privacy and security guide.

Table of Contents

  1. Browser Compartmentalization
  2. Browser Fingerprinting
  3. Firefox Privacy Settings
  4. Firefox about:config Privacy Settings
  5. Firefox user.js Templates
  6. Firefox Privacy add-ons
  7. More Firefox add-ons
  8. New Firefox Privacy Features
  9. Additional Resources
  10. Firefox Privacy and Security Summary

Browser Compartmentalization

Compartmentalization is the key to taking control of your online identity. You should always use different browsers for different scenarios.

I recommend using one browser where you are logged on with different services like your Mail, Calendar, Social Media, etc, and another one for private use, so that you can stay logged in without getting tracked.

You can also use something the add-on Firefox Multi-Account Containers to keep parts of your online life separated from each other.

Personally, I don’t use the Multi-Account Container — I have the habit of clearing everything after I am done browsing, which logs me out from everywhere.

Play around and see what works for you, The key is to not have all your eggs in the same basket.

Browser Fingerprinting

Before you go ahead and make changes to your settings or install an add-on, You should consider your browser’s fingerprint (or device’s fingerprint).

Every time you visit a web page, your browser voluntarily sends information about its configuration like OS, browser type, available fonts, screen resolution, add-ons and a lot more, you can go visit DeviceInfo.me to see what data your browser is sending.

The problem is that if this combination of information is unique, it will facilitate identification without any tracking tools like cookies.

The ironic aspect of this is that the more measures you take to avoid tracking, the more unique your browser fingerprint becomes.

That’s why it’s recommended that you should not install or modify anything on your Tor Browser making every single user same.

More is not always better. You don’t need to use every add-on and tweak I am recommending here, the more you configure, the unique your browser fingerprint gets.

Choose wisely and confidently. You can check for browser fingerprinting using Panopticlick, by Electronic Frontier Foundation.

Firefox Privacy Settings

These are all the basic tweaks you can do after installing Firefox. These settings are easy to configure.

To change these Settings, Just open Options page (Preferences on macOS) from the Menu.

Or, go to this URL: “about:preferences”

Change Your Search Engine

This is an easy one. Just go to Options/Preferences > Search > Default Search Engine and choose something other than Google.

You can choose from the drop-down menu or add another search engine by going to One-Click Search Engines > Find more search engines.

Change Default Search Engine on Mozilla Firefox
Options/Preferences > Search > Default Search Engine

I recommend switching to DuckDuckGo, or some other privacy respecting search engine.

You should consider switching from Google as it collects lots of personal data by tracking online activity to serve personalized ads.

Enhanced Tracking Protection

This is Firefox’s built-in Content Blocking feature that blocks all kinds of:

  • Trackers
  • Cookies
  • Cryptominers
  • Fingerprinters
Enhanced Tracking Protection on Mozilla Firefox
Options/Preferences > Privacy and Security > Enhanced Tracking Protection

To Enable Enhanced Tracking Protection, Just go to Options/Preferences > Privacy and Security > Enhanced Tracking Protection and select the Strict Mode.

Firefox by default uses Standard mode and warns about Strict mode as it may “cause some websites to break”.

Disable Content Blocking on Sites

You can always disable Enhanced Tracking Protection on certain websites by clicking on the shield icon to the left of the address bar, and flipping the switch.

Disable Enhanced Tracking Protection on Mozilla Firefox
Disable Enhanced Tracking Protection on Certain Websites

Disabling Enhanced Tracking will of course allow trackers and cookies that undermine your privacy on that site, so you will have to consider that’s something you are willing to compromise on, on a site-by-site basis. Don’t worry, most of the websites usually don’t break!

DNS over HTTPS

DNS (or the Domain Name System) is how your browser converts domain names like techcorpus.com into IP Addresses like 127.0.0.1.

This is done because computers don’t understand URLs like techcorpus.com instead they can only make connections to IP addresses.

By default, you will be using your ISP’s DNS Resolver, which is usually unencrypted and facilitates logging up of websites you visit by your ISP.

Encrypting your DNS Traffic can shield your queries and add some privacy to your browsing. There are many ways to encrypt your DNS: DNS over HTTPS, DNS over TLS, DNSCrypt, etc.

Fortuitously, Firefox already has built in support for DNS over HTTPS.

To Enable DNS over HTTPS, Just go to Options/Preferences > General > Network Settings. In the bottom of Settings, You will be able to select “Enable DNS over HTTPS” and choose a Provider.

Enable DNS over HTTPS on Mozilla Firefox
Options/Preferences > General > Network Settings

This is where you need to be a bit cautious because by choosing DoH provider, you’ll be sending all your DNS queries to a single provider, preferably Cloudflare unless you choose NextDNS or some other provider.

While using DoH does add some privacy protection from your ISP, you’re basically shifting that Trust to the DoH Provider. Make sure that’s something you’re comfortable with.

Another thing that must be noted is even when you’re using DoH, your ISP will still be able to what domains you are connecting due to Server Name Indication (SNI).

You can Encrypt SNI in Firefox but it is right now supported by a few servers. So, DoH is better than nothing until eSNI (Encrypted SNI) and DNSSEC are finalized.

Disable Telemetry

Firefox by default, is configured to share “technical and interaction data” with Mozilla. This may include ability to “install and run studies” as well as “backlogged crash reports”.

While Mozilla is one of the best privacy-respecting organizations, you should always prefer sending as little data as possible.

You can learn more about these Data Collection, Studies, and Crash Reports, but I would recommend disabling these settings.

To disable Telemetry, Just go to Options/Preferences > Privacy and Security >Firefox Data Collection and Use.

Disable Data Collection and Telemetry on Mozilla Firefox
Options/Preferences > Privacy and Security > Firefox Data Collections and Use

Clear Cookies & Site Data

This setting is not for everyone as clearing cookies will log you out of all the websites and you will have to log in again.

However, It’s a pretty nifty feature that deletes all your cookies and site data when you close Firefox making it harder for websites to track you.

To enable Clear Cookies and Site Data, Just go to Options/Preferences > Privacy and Security > Cookies and Site Data and check mark the box next to “Delete cookies and site data when Firefox is closed”.

Clear Cookies and Site Data on Mozilla Firefox
Options/Preferences > Privacy and Security > Cookies and Site Data

The “Do Not Track” Request

Firefox also gives you an option to request websites “do not track”. However, It’s usefulness has come into question because most of the websites will just ignore these requests and it also facilitates fingerprinting of your browser.

I recommend against turning on “Do Not Track” request feature which can be found in Browser Privacy Section. Learn more about DNT here.

Firefox about:config Settings

Aside from the general menu settings that you already tweaked above. There are a number of “under the hood” settings that can help you gain better privacy and security.

If you have made change from above settings, you may notice some of these are already updated in about:config aka configuration editor.

To access the configuration editor in Firefox, simply enter about:config into the URL bar and hit Enter.

You will be prompted with a warning screen stating “Proceed with caution”. Just click “I accept the risk” button to continue.

about:config Settings on Mozilla Firefox
about:config

You will be greeted with a blank screen with a search bar on the top with a Show All button.

Click on “Show All” button to view all the options or just search the ones you want to change via the search bar. Do note that preference names are case-sensitive but search terms are not.

about:config settings page on mozilla firefox
about:config Settings Page

Modifying Preferences

You can modify preferences by just double clicking the preference name. There are two ways to change preference: Boolean (True-False) and String (Text).

For Boolean: Just Click the Toggle Button or Double Click the Preference Name.

For String: Just Click on Edit Button or Double Click the Preference Name and enter a New Value.

Click on the Checkmark to save the changes.

To reset a Preference to its Default Value, Click on the Reset Button, To Remove an Added Preference, Click on Delete Button.

You can also add own preferences.

Alright, here are the recommended changes:

Privacy and Security

media.peerconnection.enabled = false

WebRTC stands for Web Real-Time Communication — a free, open source project that enables web browsers with RTC i.e. video and audio communication.

However, there is a flaw in browsers that support WebRTC which exposes your IP Address even when you are using a VPN.

Disable WebRTC on Mozilla Firefox
Disable WebRTC On Firefox using about:config

If you want to disable all WebRTC Settings:

  • media.peerconnection.turn.disable = true
  • media.peerconnection.use_document_iceservers = false
  • media.peerconnection.video.enabled = false
  • media.peerconnection.identity.timeout = 1

Note: Disabling WebRTC will stop functioning of all kinds of video and audio chat apps like Skype, Hangouts on your Firefox Browser.

You can check for WebRTC leak here.

privacy.firstparty.isolate = true

First-Party Isolation is a result of the Tor Uplift Project, this preference isolates all cookies to the first party domain, with the goal of preventing tracking across different domains.

It also isolates cache, HTTP Authentication, DOM Storage, auto-form fill, favicons, and much more.

privacy.resistFingerprinting = true

It is another feature that is a part of Tor Uplift Project, this preference makes Firefox more resistant to browser fingerprinting.

privacy.trackingprotection.fingerprinting.enabled = true

Blocks fingerprinting in Firefox 67+

privacy.trackingprotection.cryptomining.enabled = true

Blocks cryptomining in Firefox 67+

privacy.trackingprotection.enabled = true

Another new Mozilla’s built-in tracking protection.

beacon.enabled = false

Blocks sending of data to servers when leaving pages.

geo.enabled = false

Disables geolocation feature that uses Google Location Services to get your Location from your IP Address.

webgl.disabled = true

Disables WebGL (or Web-based Graphics Library) — a JavaScript API used by websites to access your video card to render interactive 2D and 3D-graphics within the browser without any Plugins. Learn more.

Browser

browser.send_pings = false

Disables click tracking on websites.

browser.cache.offline.enable = false

Disables offline cache, It may lead to less performance but better privacy.

browser.urlbar.speculativeConnect.enabled = false

Disables preloading of AutoComplete URLs, which is a concern if URLs are suggested that you don’t want to connect to.

browser.safebrowsing.downloads.remote.enabled = false

Disables sending of information about downloaded executable files to Google Safe browsing.

browser.sessionstore.privacy_level = 2

Choose when to store extra information about a session like contents of forms, cookies, POST data, etc.

Set Session Privacy on Mozilla Firefox
Set Session Privacy on Firefox using about:config
  • 0 = Stores extra session data for any site.
  • 1 = Stores extra session data only for unencrypted (non-HTTPS) sites.
  • 2 = Never store extra session data.

DOM

dom.battery.enabled = false

Disables the ability to track the battery status of your device.

dom.event.clipboardevents.enabled = false

Disables the ability to track if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.

Media

media.navigator.enabled = false

Disables tracking of microphone and camera status of your device.

media.eme.enabled = false

Opts you out of CDM playback, uninstalls CDMs and stops all CDM downloads.

media.gmp-widevinecdm.enabled = false

Disables Widevine Content Decryption Module provided by Google that is used for playback on DRM-Controlled HTML5 content.

CDM (or Content Decryption Module) is a mechanism used by DRM (or Digital Rights Management) which enables online video and audio services to enforce that the content they provide is in accordance with their requirements.

You may not be able to play content on some sites that require DRM enabled, if you choose to disable widevine.

Network

network.cookie.cookieBehavior = 1

Disables cookies. You can choose 0, 1 or 2.

  • 0 = Accepts all cookies by default
  • 1 = Accepts Only from the originating site (Blocks 3rd-party cookies)
  • 2 = Blocks all cookies by default

network.cookie.lifetimePolicy = 2

Deletes cookies at the end of the session, you can choose 0, 1, 2 or 3. You don’t need to change it here if you have already done in options/preferences.

  • 0 = Accepts cookies normally
  • 1 = Prompts for each cookie
  • 2 = Accepts for current session only
  • 3 = Accepts for N days

network.http.referer.trimmingPolicy = 2

Sends only the scheme, host, and port in the Referer header. You can choose 0, 1 or 2.

  • 0 = Sends the full URL in the referer header
  • 1 = Sends the URL without its query string in the referer header
  • 2 = Sends only the scheme, host, and port in the referer header

network.http.referer.XOriginPolicy = 2

Send only Referer header when the full hostnames match. You can choose from 0, 1 or 2.

  • 0 = Sends Referer in all cases
  • 1 = Sends Referer to same eTLD sites
  • 2 = Sends Referer only when the full hostnames match

network.http.referer.XOriginTrimmingPolicy = 2

Sends only the scheme, host, and port in the referer header of cross-origin request when sending referer across origins. You can choose from 0, 1 or 2.

  • 0 = Sends full URL in referer
  • 1 = Sends URL without query string in referer
  • 2 = Sends only send scheme, host, and port in referer

network.IDN_show_punycode = true

Renders IDNs (or Internationalized Domain Names) as their Punycode equivalent which prevents phishing attacks.

network.security.esni.enabled = true

Enables Encrypted SNI (or Server Name Indication) to make sites that support eSNI a bit more difficult to track.

Disable Firefox Prefetching

Firefox prefetches pages it thinks you will visit next which cause cookies to from the prefetched site to be loaded.

  • network.dns.disablePrefetch = true
  • network.dns.disablePrefetchFromHTTPS = true
  • network.predictor.enabled = false
  • network.predictor.enable-prefetch = false
  • network.prefetch-next = false

Firefox “Safe Browsing”

Safe Browsing provides phishing protection and malware checks. However, It requires sending data like URL, File Hashes to Google, but that was the case before older versions as explained here.

Now-a-days Firefox takes a lot of measures to protect user privacy while providing Safe Browsing as explained by François Marier, a security engineer for Mozilla.

I recommend you keep Safe Browsing enabled on Firefox as it’s a pretty nifty tool and disabling it does not provide tangible privacy benefits.

If you wish to disable Safe Browsing feature, you can do it in about:config section:

  • browser.safebrowsing.phishing.enabled = false
  • browser.safebrowsing.malware.enabled = false

Resolving Issues

If something breaks and you aren’t able to access websites because of the changes you made in about:config section. You should be able to troubleshoot it.

If all goes wrong, you can always either Delete Firefox Preference Files or Refresh Firefox.

Delete Firefox Preference Files

  • Click the Menu button, Click Help and Select Troubleshooting Information to open Troubleshooting Information tab.
  • Under the Application Basics section next to Profile Folder, click Open Folder. Your profile folder will open.
  • Click the Firefox menu and select Exit.
  • Locate and delete the file prefs.js (or rename it, for example, to prefs.jsOLD, to keep the old file as a backup). If you find more than one, a prefs.js.moztmp file or a user.js file, delete (or rename) these as well.
  • You can close the profile folder and open Firefox now.

Refresh Firefox

The Refresh Feature restores Firefox to its default state while saving your essential information. It will reset preferences and remove other customizations, including added extensions and themes.

Firefox user.js Templates

A user.js is a configuration file for Mozilla Firefox that’s supposed to harden Firefox’s settings, and make it more private and secure. Here are some recommended user.js Templates:

You can also create a Firefox profile with the defaults you like using Firefox Profilemaker.

To install the user.js file you have just downloaded, Just copy the user.js file to the current user profile directory which can be found here:

OSPath
Windows 7/8/10%APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile\user.js
Linux~/.mozilla/firefox/XXXXXXXX.your_profile/user.js
OS X~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile
Android/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile
Install Firefox user.js file to increase your Privacy and Security Online

Firefox Privacy Add-ons

Firefox has lots of great add-ons that will do wonders to your privacy, security and speed. Mozilla has also started the Recommended Extensions Program to help its users find the safest, highest quality extensions.

Check out all the add-ons i recommend for better privacy and security.

When you are installing add-ons for Firefox, consider whether you are actually going to use them. Do remember the fingerprinting warning from earlier.

Keeping all that in mind, There are three add-ons I recommend for virtually everyone:

  • uBlock Origin
  • HTTPS Everywhere
  • Decentraleyes

All the three add-ons only complement the settings listed in this article, and they come preconfigured that won’t break the sites you visit.

uBlock Origin

uBlock Origin
uBlock Origin

uBlock Origin is the first add-on i get on any browser after installing it — It is an open source, efficient and light-weight wide-spectrum blocker which blocks all kinds or ads, trackers and malware sites.

And, unlike other so called “Ad Blockers” it doesn’t have any Monetization Strategy like “Acceptable Ads Program”.

HTTPS Everywhere

HTTPS Everywhere
HTTPS Everywhere

HTTPS Everywhere is an open source add-on by EFF that rewrites normal HTTP connection requests to HTTPS (encrypted version of HTTP) wherever possible.

It only works on sites that already support HTTPS on their server’s side so you’ll have to keep an eye on your address bar or you can just turn on “Encrypt All Sites Eligible” from the HTTPS Everywhere’s icon.

Enable Encrypt All Sites on HTTPS Everywhere on Mozilla Firefox
Enable Encrypt All Sites on HTTPS Everywhere

This will prompt you when it finds a website is not using HTTPS and you get to choose to whether to proceed or not.

Decentraleyes

Decentraleyes
Decentraleyes

Decentraleyes is a very innovative open source add-on that works by impersonating a CDN on your device locally.

With Decentraleyes installed, when your browser tries to make connection to a CDN to download say jQuery or bootstrap, it will check if you already have it and then serve the file from its cache.

Decentraleyes also has the added benefit of speeding up your browsing as you will be making fewer connections and saving your data.

More Firefox Add-ons

All the mentioned add-ons are free and open source. There are lots of other great add-ons available for Firefox, You can also check Firefox Recommended Extensions Program.

Here are some awesome Firefox add-ons you may be interested in:

Cookie AutoDelete

Cookie AutoDelete as the name states automatically deletes any cookies that are not needed. You won’t need this add-on if you have already made changes as mentioned above.

Privacy Badger

Privacy Badger is another add-on from Electronic Frontier Foundation entirely dedicated to blocking “Invisible Trackers”. It analyzes and blocks tracker and ads that violate the principle of user consent.

ClearURLs

ClearURLs removes tracking elements from URLs to help protect your privacy when browse through the Internet.

Firefox Multi-Account Containers

Firefox Multi-Account Containers lets you isolate your work, shopping or personal browsing without having to clear your history, log in and out, or use multiple browsers.

It keeps parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.

User-Agent Switcher & Manager

User-Agent Switcher and Manager as the name suggest lets you spoof your browser type and operating system — making it harder for websites to track you and deliver distinct content.

You can also choose to randomize user-agent strings automatically.

uMatrix

uMatrix is another add-on from the same developer behind uBlock Origin.

It is basically a Point-and-Click Matrix-based firewall, which lets you filter net requests according to source, destination and type.

NoScript Security Suite

NoScript is a powerful script blocker, that is also included in Tor browser designed to identify and block JavaScript, Java, and Flash running in websites

It uses “ClearClick Technology” to protect you against XSS, cross-zone DNS rebinding / CSRF attacks, and Clickjacking attempts.

Note: Both uMatrix and NoScript are made for advanced users who want powerful blockers and are ready to invest time and energy into customizing it.

New Firefox Privacy Features

Firefox has been launching a lot of great privacy and security features lately. I have already discussed a bunch of them above.

Here are some of those additional new Firefox privacy features:

DNS over HTTPS

I have already told you about DNS over HTTPS, It basically encrypts your DNS to protect your privacy.

Multi-Account Containers

Multi-Account Containers is Firefox’s in-house add-on that lets you isolate your work, shopping or personal browsing without having to clear your history, log in and out, or use multiple browsers.

Multi-Account Containers on Mozilla Firefox
Multi-Account Containers on Firefox

Firefox Private Network

Firefox Private Network is basically a VPN (or Virtual Private Network) offered by Firefox.

It is available as an add-On (Browser-Level) and App (Device-Level), both are currently in beta and you’ll have to join waiting list.

The app version would cost you $4.99/month while the add-on is free for 12 hours/month, but it is only available in US.

Firefox Monitor

Firefox Monitor warns, and allows you to check whether your email address has been exposed in an online data breach. It is launched in partnership with haveibeenpwned.com, a website by web security expert and creator of ASafaWeb Troy Hunt.

It lets you search for email address in public data breaches going back to 2007 or you can sign up for breach monitoring. It’ll also notify you in Firefox if you visit a site that’s been breached.

Firefox Lockwise

Firefox Lockwise is a simple password manager that lets you access the passwords you’ve saved in Firefox from anywhere — even outside the browser.

It is backed into your Firefox browser under Login and Passwords section, uses 256-bit encryption while syncing.

You can secure your passwords with Face or Touch ID, and it is available for both Android and iOS.

Firefox Send

Firefox Send is a simple way to send files with end-to-end encryption. You can choose when your file link expires, the number of downloads, and add password for an extra layer of security.

It has a file size limit of 2.5 GB, and is available on the Web and Android.

Firefox Pocket

Firefox Pocket is an app for managing reading list of your articles and videos from the Internet, it was earlier known as read it later, and was acquired by Firefox in 2017.

It is backed into your Firefox browser allowing you to save blogs, news sources, web pages and videos to one place with the click of a button and access it later from any device, be it Android, iOS or Web.

Additional Resources

Mozilla’s Privacy Policy — You should consider reading the privacy statements of any organization you deal with.

I know reading privacy policy is a tedious task and not a lot of people care about it, This is where Terms of Service; Didn’t Read (or, ToS;DR) comes in to save the day.

ToS;DR grades websites according to their Terms of Service agreements and Privacy Policies. It is community driven, and the analysis and ratings are published transparently by a community of reviewers.

Firefox Privacy and Security

Mozilla Firefox is the most comprehensive browser out there when it comes to privacy and security, when modified as recommended in this post. I hope you enjoyed reading about these privacy tweaks on Firefox.

That’s all Folks!

I will be updating this page frequently with more privacy and security tools and information. You can check out all the privacy and security tools i recommend here.

Do let me know of any feedback, tips, or suggestions based on privacy and security tools you are using, feel free to drop a comment below!

One reply on “Firefox Guide”

I’m impressed, I have to admit. Rarely do I come across a blog that’s equally educative and engaging, and let me tell you, you’ve hit the nail on the head. The issue is something which not enough folks are speaking intelligently about. I’m very happy I came across this in my search for something regarding this.|

Leave a Reply

Your email address will not be published. Required fields are marked *