Configuring your browser for best privacy and security – Firefox

Now that I’ve replaced Safari with Firefox, my new browser of choice, it’s time to cover it’s configuration for best privacy and performance. I’ve covered parts of this before in the article “Privacy Online” but that was focused on Safari. So this article will focus only on Firefox and how to configure it. This is for users that have already been using Firefox for a while and those new to it.

Get the latest version – It’s very important that you always stay up to date when it comes to your web browser. Existing users should go to the “Firefox” menu and click “About Firefox”. This window will let you know if your version is up to date or if a new one is available. New users can get the latest version from Mozilla’s website here.

Password management – Just like most browsers Firefox can remember passwords for you. A very convenient feature that creates a repository of your most important information, this is something you want to protect. This can be done by setting a master password, this password will be required every time you want to access your stored passwords. Go to the “Firefox” menu and select “Preferences”, once the preferences window is open click on the “Security” tab. At the bottom you’ll see the checkbox to enable a master password, click on it and a window will open asking you to set a password. In case your user account password is ever compromised it’s best to set a different password here.

In this same window at the top you’ll see a checkbox for “Warn me when sites try to install add-ons”, make sure this is checked. Blocking reported attack sites and web forgeries require Firefox to contact Google to collect safe browsing data every 30 minutes or so. Disabling this will get you one step closer to falling off of Google’s radar but may also put you at risk. This is not a choice I can advise on as this is completely up to you.

Tracking – Telling sites you don’t want to be tracked is nice but most sites don’t care. This is not something a website has to honor but those that play nice will do it. Of course Google, Facebook, Yahoo, Amazon and all others that make money by tracking you could care less about your request so they track you anyway. If you want to enable it in case you stumble upon a site that honors your request or just to make a statement then go to the Firefox Preferences and click the “Privacy” tab. Then select “Tell sites that I do not want to be tracked”. To learn more about Do Not Track, click here. Keep in mind that enabling this feature does nothing for you when it comes to blocking ads or Big Data collectors like the ones I mentioned.

Cookies – Opposed to the previously mentioned Tracking, the control Firefox gives you over cookies does allow you to severely limit the Big Data collectors from tracking you. This can be done by setting cookie exceptions, basically creating a block-list. Here’s a small section of the exceptions I have set:

This is just a small piece of my huge exception list. I got all of these domains by looking at the connection alerts Little Snitch shows me and by looking at the cookies and website data accumulated in Safari (which I used up to a week ago). My goal is to block any domain that is known to track me and use/sell the data they collect. To start setting your exceptions go to the Firefox Preferences and click the “Privacy” tab. Under tracking you’ll see settings related to History and Cookies.

Personally I do not care about my browsing history being saved but if you do, this is the place to disable it. Unchecking the “Accept cookies from sites” will ensure no tracking cookies are installed but it will also break the functionality of a lot of websites, so it’s best to keep it checked and set up your exceptions just the way you want it. Add google domains to be permanently blocked, add your bank domain to always be allowed for example. I can’t think of a scenario in which you’d want to accept third-party cookies so I set this to ‘Never’ and all cookies are deleted when I close Firefox. Cookie exceptions you have set that allow certain cookies to be saved will not be deleted. So random cookies you pick up while browsing the net will be deleted when you quit Firefox, cookies you have set to be blocked never make it to your hard drive and those you have set to be allowed are saved, even when you quit. Over time the exception list will grow and get better and the next time The Guardian reveals another leaked document with info on how the NSA or other Big Data collector is trying to screw us, you can add those to the block-list too.

Block pop-ups – Noone likes pop-ups and they are blocked by default in Firefox. If you want to check and make sure the setting can be found in the Firefox Preferences under the “Content” tab.

Data Choices – Firefox can collect some data on you and the browser itself to either improve the product and/or help you understand it’s performance. If you’d rather not have this happen you can disable this by going to the Firefox Preferences, clicking the “Advanced” tab and then the “Data Choices” button. Three options are provided and if you are not sure about any of these settings click the ‘Learn More’ links that are provided. Disabling all three is the best for privacy.

Since we’re in the Advanced settings we may as well cover the other important settings that can be found here.

Proxy – (This is in Advanced > Network > Settings) If you want to hide your IP and/or get to websites that are blocked by your government or ISP a proxy is a good way of doing this. My PIA account comes with a proxy I can use and I highly recommend this company if you are in the market for a good VPN but if you want just a proxy do your research carefully as there are a lot of fakes and frauds out there. Apart from the PIA proxy I can not give any recommendations as this is not a topic I have researched yet.

Auto Update – (This is in Advanced > Update) As mentioned, having the latest version of a browser is very important. Firefox can check for updates and install them automatically. Select this feature for best security and set Search Engines to automatically update too.

Certificates – (This is in Advanced > Certificates) I can not explain it any better than was already done by Mozilla on their website so here is the link. I have this set to “Ask me every time”. If you ever hear about a CA (Certificate Authority) being hacked or otherwise compromised and it may be handing out fake certificates you can go into these settings, click the “View Certificates” button, click the “Authorities” button and edit that specific CA or Delete/Distrust it completely.

Install the right add-ons – I’m sure there are many more than the ones I’m about to mention and if I forgot any that should be in this list then please let me know in the comments. First you want to block those pesky advertisements you see everywhere. They take up bandwith, are distracting and most of them track you. In comes AdBlock Plus Adblock Edge, a must have for any browser (AdBlock Plus now supports a list of “Allowed Ads” which must manually be disabled. So replaced by AdBlock Edge which is just as effective without the allowed ads). Second you probably want to stop as many companies and websites from tracking you as possible, this can be done with the help of DoNotTrackMe (and the cookie exceptions you can set as I mentioned earlier). HTTPS-Everywhere is a great add-on provided by the EFF and will secure websites with SSL if it’s available. This add-on in combination with Firefox’s latest feature called Mixed Content Blocking makes a great duo. For even greater control over who tracks you (though it could be used for parental control purposes as well) you can block domains completely with Block.it. Adding a domain like google.com to Block.it will just flat out block that site or any other site that ends with ‘google.com’. If you set the cookie exceptions to block google, use DoNotTrackMe and also add google domains to Block.it, I feel confident that google will not be able to track you anywhere. Accidentally clicking on a link that leads to a google / google owned website will just result in a blank screen courtesy of Block.it. A nice non-security related add-on is Reader which allows you to strip away all irrelevant webpage details and focus on just the text just like the reader feature in Safari.

Add-ons are created by other people, not by Mozilla. So make sure you check the feedback, update history and current list of blocked add-ons before installing them.

Geolocation [added December 26, 2013] – Firefox will ask you for permission every time a website wants access to the geolocation API. Even if you have disabled location services completely in OS X (System Preferences > Security & Privacy) Firefox will ask and even provide location data if you allow it to. If you want to disable the Firefox location API completely, follow these steps:
1. open a new tab or window and type “about:config” without the quotes. Firefox will display a warning which you should read carefully before proceeding. Once you proceed you’ll see a very long list of configurations and their settings.
2. On this page, do a search for the word “geo” without quotes. Only a few items should remain visible. Find these two in the list:
– geo.enabled
– geo.wifi.uri

Double-clicking on geo.enabled will change it’s value to ‘false’. This completely disables the geolocation API but if the link to Google makes you nervous you can change the geo.wifi.uri value to “http://127.0.0.1” without quotes, this is the localhost IP address (your Mac). So even if somehow the API is enabled, Firefox will not contact Google but will instead just loop back to itself.

I want to thank one of the readers zolar1 for pointing this out in another post. While I trust Mozilla’s geolocation API would not do anything without your permission it may make you more comfortable disabling this feature completely. I have provided feedback to Mozilla about this so maybe a future version will include am option in the preferences that allows you to enable/disable this without having to go to the config file.

Backup your settings – Once you have set up Firefox just the way you like it you want to make sure all these settings are safe. Firefox stores all your personal settings, such as bookmarks, passwords and extensions, in a profile folder which can be found in your user folder > /Library/Application Support/Firefox/Profiles. If you run proper backups of your computer then this folder is automatically included every time your backup is updated. If you do not backup your data then it’s about time you start!

That about covers it. Anything you feel I’ve missed or any feedback you have, just let me know in the comments!