Firefox browser is known for its high capability of being customizable. The customization is usually referred to the visual part, i.e. changing the order of toolbar elements or adding a new element in the toolbar area. However, the customization can go to much deeper levels. In this short blog post, I will demonstrate how to enhance Firefox browser to fully protect your privacy while keeping an eye open on security side.

There are many sources you can get attacked online regarding violation in your privacy. Most of these attacks are due to third-party scrips available in most visited websites. It is nearly impossible to detect malicious domains and block them manually. Fortunately, Firefox has a built-in protection layer that can be handy. However, by default this protection layer is not active. To activate this layer, you need to manually enable it from “about:config” page. If you are not familiar with “about:config” page, don’t worry at all. This page contains all the preferences the browser and its extension use. Normally, there is no need to visit and alter a preference from this page as most extensions offer user interface for altering the settings. However, in this case, there is no built-in UI element. So head to “about:config” page. In the top left side of the page, there is a search-box. Paste privacy.tracking protection.enabled in the search-box. You will see the preference by default is set to false meaning it is not active. Double click on the preference should change the value to true. By enabling this option, Firefox prevents most known tracking scripts from being executed by any website. So potentially there is a possibility that a website stops working. If so you need to reverse back the preference to the false value. Since you need to change this preference time to time, it is better to equip your Firefox with a UI element for easy access. This is where Privacy Settings comes handy. The extension provides access to many internal settings Firefox has but there is no UI for them.

Privacy Settings allows you to alter many preferences. Most likely you haven’t heard of many of them, but the good news is, if you hover your mouse over a preference, the extension displays a tooltip text explaining what the preference does. This way you can decide whether you want this feature enabled or not. But what if you have messed up the preferences and have no idea what was the default values? No worries! there are three handy buttons at the bottom of the extension panel which basically let you configure your Firefox ranging from maximum protection to the default security level the browser offered upon installation.

I personally recommend you to go for “Protect Privacy & Security” level. In this level, your privacy is protected up until the security is concerned. Meaning most trackers are banned, but still your downloads are monitored for viruses and so forth.

Although relying on the built-in protection layer, might seem enough to many users, still there are many ways your browser could leak data out. The major leakage source is third-party plugins such as Flash player. If you are willing to improve your privacy more, I would recommend to take a look at Policy Control extension. With this extension you have full control over what type of content your browser is allowed to load and execute. For instance you may want to prevent any external object being used by websites. The toolbar panel lets you simply turn resource access on and off. Lets take a look at a single resource to clarify this.

Media (audio and video) on all       on

This line means turn access to all media resources “off” on all websites! or in the extensions language, turn the media policy on for all websites. Although it looks very useful, but you cannot watch any videos from now on! Damn! To prevent this there are two options. You can either decrease the security level from on all to on third-party or add a custom filtering rule to allow access to one particular resource. If you are not a power user, I would say go with the first option. It is less annoying. Just turn the filter on for third-party domains.

Media (audio and video) on third-party       on

This line basically means prevent access to all third-party media sources from being executed on all pages. Policy Control offers a very powerful filtering page to help power users adjust the level of blocking. So take a look at the filtering page to get familiar with it.

Let me raise a question for you. Do I really need to activate Firefox’s built-in tracking protection if I have configured Policy Control extension to block all the third-party scripts? Well, the answer is no! Almost all the tracking scripts belong to third-party domains and hence the Policy Control will block them for you. But still there is no harm on keep both options!

Now that you are protected by these settings are there still other things you need to be concerned about? well, the answer to this question is always yes! I am going to cover two more protection layers here, but there are more out there!

The first one is your public IP address. Whenever you visit a website, your IP address is seen by the server. But why is that important? The answer is obvious; by knowing your IP basically the server knows where you came from (at least approximately). This may not be your preference. If so Firefox allows you to change your proxy setting. For that you need to have access to a proxy server. There are many companies out there offering secure proxy servers. Beside these services, take a look at free Tor Project as well. Anyhow, when you got one server ready, setup Firefox to always tunnel your traffic from the proxy server. After doing this, whenever you visit a website, the proxy server’s IP is being recorded instead of yours. To change proxy settings in Firefox, click on the tools menu, then select “preferences”. Go to the “Advanced -> Network” tab and select “Settings…”. A window opens up allowing you to configure your proxy settings. During the configuration don’t forget to mark “Remote DNS” on. By having this option on, domain to IP resolution happens in the server side which is another layer of protection.

Okay, if you have been following all these recommendations, you are pretty much protected by now! Is there anything else you can do? Well, not really in the browser layer. However, you might want to double check your downloads before downloading them to make sure you are not downloading anything flagged. For this, I recommend Security Plus extension. The extension adds a single context menu to your right click menu over links only which allows you to check the link with up to 64 different anti-virus products. When the check is over, the results can be reviewed and then you can decide whether the file is safe or not.

That’s pretty much it. Please let me know if you have any other protection method of yours in the comments section.

References:

  1. http://firefox.add0n.com/privacy-settings.html
  2. http://add0n.com/security-plus.html
  3. https://addons.mozilla.org/en-US/firefox/addon/policy-control/