Hardening Firefox to Protect Privacy
Disable Third-Party Cookies
Normally, a cookie’s domain name will match the domain name that is shown in the web browser’s address bar. This is called a first-party cookie. Third-party cookies, however, belong to domains different from the one shown in the address bar. These sorts of cookies typically appear when web pages feature content, such as banner advertisements, from external websites. This opens up the potential for tracking the user’s browsing history, and is often used by advertisers in an effort to serve relevant advertisements to each user. You can read more about cookies on Wikipedia.
Third-party cookie settings are available in the Options window’s Privacy panel:
- Click the menu button and choose Options.
- Select the Privacy panel.
- Set Firefox will: to Use custom settings for history.
- Set Accept third-party cookies to Never.
- Close the about:preferences page. Any changes you’ve made will automatically be saved.
You can read more about disabling third-party cookies at the Firefox Help website.
Enable Tracking Protection
Firefox has a built-in tracking protection feature which actively blocks domains which are known to track users. You can read more about Tracking Protection at the Firefox Help website.
How to turn on Tracking Protection:
- In the Location bar, type about:config and press Enter.
- The about:config “This might void your warranty!” warning page may appear. Click I’ll be careful, I promise! to continue to the about:config page.
- Search for privacy.trackingprotection.enabled.
- Double-click privacy.trackingprotection.enabled to toggle its value to true.
Alternatively, use Privacy Settings extension.
Troubleshooting Tracking Protection
Sometimes Tracking Protection can cause issues with websites. Personally I’ve seen it interfere with third-party login systems and shopping carts. You may choose to disable Tracking Protection for a particular site by clicking on the shield icon and selecting “Disable protection for this site.” Once Tracking Protection is disabled for a site, you will see a shield with a red strike-through. You may choose to re-enable Tracking Protection for the site by clicking the shield icon again and selecting “Enable protection”.
Install uBlock Origin to Block Advertising
You may have heard of AdBlock or it’s kin (AdBlock Edge and AdBlock Plus), but uBlock Origin is currently the best advertising blocker out there. It is designed with performance in mind so that blocking advertising does not make your web browser run slower. In fact, on average uBlock actually makes your browser run better! You can install uBlock Origin from the Firefox Add-ons website.
Enable Additional uBlock Filters
By default uBlock uses a fairly minimal filtering list which is focused on blocking advertisements. In the uBlock Origin settings you can enable some extra filters to resist tracking.
- Click the uBlock Origin icon in Firefox window.
- Click the uBlock Origin banner in the menu that appears.
- Go to the 3rd-party filters tab.
- Enable (check) the additional filter lists, provided below.
- Once you are done, click Apply changes.
GIF - Enable Additional uBlock Filters
These filters help you to evade tracking across websites.
Basic tracking list by Disconnect Fanboy’s Enhanced Tracking List
The social filters listed below block social buttons and scripts which are frequently used to track you across websites.
Anti-ThirdpartySocial Fanboy’s Annoyance List Fanboy’s Social Blocking List
Troubleshooting uBlock Origin
Sometimes uBlock will break sites which depend heavily on third-party content. I’ve seen several “log on with Facebook” type services broken by uBlock. When you suspect uBlock may be causing issues you can click the uBlock icon and then click the blue power button to disable uBlock on the site you’re visiting. A reload button will appear that allows you to quickly refresh the page with uBlock disabled.
Install the HTTPS Everywhere Add-on
HTTPS Everywhere is an extension that encrypts your communications with many major websites, making your browsing more secure. Encryption prevents third-parties from listening to your web traffic. After installation you’ll be prompted to restart Firefox.
When Firefox restarts, HTTPS Everywhere will ask you if you want to use the SSL Observatory. Personally, I respond Yes to this prompt as I don’t mind helping the EFF to monitor SSL certificates used on the web. It’s your choice.
Enforce Click-to-Play and Disable Unnecessary Plug-ins
These days it seems like just about every software package out there tries to install a browser plug-in. From a security standpoint, browser plug-ins are the biggest window for malicious software to gain entry to your system. That is why it is a good idea to make sure that only pages which you explictly allow can run plug-ins. This is accomplished by telling Firefox to ask you before activating plug-ins.
In going through plug-ins, I usually set all of them to Never Activate, except the following:
Shockwave Flash: Ask to Activate OpenH264 Video Codec provided by Cisco: Always Activate Primetime Content Decryption Module provided by Adobe: Always Activate
Whenever you visit a page which requires a plugin, Firefox will display a notification along the top prompting you to allow the plug-in to run. If you trust the site, and want to run plugins all the time, click Allow…. From there you can choose to allow the plug-in this one time or allow it always. In most cases I’d recommend allowing the plug-in only once, however for some sites I’ll tell it to Allow and remember (such as YouTube).
Other recommended extensions to protect your privacy:
- Security Plus: Security Plus is a browser extension that provides free checking of urls for viruses. It uses up to 64 different antivirus products and scan engines to check for viruses that the user’s own antivirus solution may have missed.
- Privacy Settings: Alter Firefox’s built-in privacy settings easily with a toolbar panel.