Firefox Privacy – The Complete How-To Guide

restoreprivacy.com/firefox-privacy

Sven Taylor April 13, 2018

Mozilla Firefox is arguably the best browser available that combines strong privacy
protection features, good security, active development, and regular updates. The newest
version of Firefox is fast, light-weight, and packed full of great settings to protect your
privacy.

It is for this reason that I consider Firefox to be the best all-around browser for privacy and
security. It remains a solid alternative to some of the other options, such as Google
Chrome, Microsoft Edge, and Safari.

Another great aspect of Firefox is that it is highly customizable, which is the point of this
guide. Below we will go over how you can customize Firefox to give you the security and
privacy you desire, while still working well for day-to-day browsing.

But before we jump in, let’s cover some important details.

Important considerations
There are many factors to consider when configuring Firefox to meet your needs, including
your threat model and browsing preferences. In other words, there is no “one-size-fits-all”
configuration that will work for everyone. This guide is a basic overview covering some of
the different configurations options.

Before you start configuring Firefox and installing a bunch of add-ons, it’s important to
consider browser fingerprinting.

Browser fingerprinting

1/11
The issue of browser fingerprinting (or device fingerprinting) is a big topic that covers all
the different ways you can be tracked and identified by your system and various settings.
All of the different add-ons you install and preference modifications you make to Firefox
are inputs that can potentially be used to identify and track you.

Herein lies the catch-22 : the more browser add-ons you install and settings you modify,
the more unique you will be and thereby easier to track and identify. I discuss this problem
in-depth – and also provide a solution – in the browser fingerprinting guide.

And that leads us to the second point that…

More is not always better

When it comes to browser add-ons and modifications, you don’t want to be like that kid
who puts every topping imaginable on his ice cream. More is not better with ice cream
toppings or with Firefox browser add-ons.

Aside from the issue of browser fingerprinting, having too many add-ons may also slow
down performance. Many of the popular Firefox add-ons also fulfill the same functions and
are redundant when used together.

Therefore it is best to strike a balanced approach. Install and modify only what you think
will be useful and necessary for your specific situation, and nothing more.

Proceed with caution

Modifying some of these settings may interfere with your browsing and break some
websites (the website won’t load properly). Therefore taking an incremental approach may
be the best way to proceed. You can continue to install add-ons and adjust your settings as
you see what works with the websites you regularly visit.

This allows you to modify the settings, create exceptions, or add sites to a whitelist.

Firefox privacy settings

Before you get going with Firefox you may want to adjust the following settings for better
privacy.

Note: if you are a Mac OS user, you will see the word “Preferences” in your menu rather
than “Options” as it is listed below.

Disable telemetry
With the latest version of Firefox, it is configured to share “ technical and interaction data ”
with Mozilla. This includes the ability to “install and run studies” on your computer. You
can learn more about these studies and data collection practices if you want, but I’d
recommend disabling these settings.

2/11
To disable go to Open Menu (three bars at the top right corner of the browser) > Options >
Privacy & Security > Firefox Data Collection and Use and then uncheck the boxes as you
see below:

You can also disable data sharing with Firefox for Android by going to Menu > Settings >
Privacy > Data Choices and then uncheck all three categories for Telemetry, Crash
Reporter, and Mozilla Location Service.

Note: You can also disable this in the About:Config settings with toolkit.telemetry.enabled
set to false.

Change default search engine

Firefox now uses Google as the default search engine. Since Google is recording your
search queries to hit you with targeted ads, it’s a good idea to use an alternative to Google
in the interest of privacy.

To do this, go to Menu > Search > Default Search Engine. Unfortunately, Firefox does not
provide you with too many alternatives directly in the settings area. However, you can view
more options by going down to One-Click Search Engines and then click Find more search
engines to see the other alternatives.

Startpage seems to be a pretty good option that gives you good results and still respects
your privacy (additional setup instructions here).

And finally, you may want to ensure that Firefox keeps your default search engine to be
what you selected (rather than reverting back to Google). To do that, go to Menu > Options
> General > Allow Firefox to and then uncheck ‘Automatically update search engines’.

3/11
Firefox also has a guide on modifying your search engine settings.

Enable tracking protection

With the newer versions of Firefox, you can now enable tracking protection to always be
active, rather than only in private browsing mode. To do this, go to Menu > Options >
Privacy and Security > Tracking Protection and then click Always.

You can also enable tracking protection in Firefox for Android by going to Menu > Settings
> Privacy > Tracking Protection and then click the box to enable.

This may also improve browser performance.

Do Not Track (request)

Firefox also has an option to request that websites “do not track” you online. This is simply
an HTTP header field that you can easily enable. However, the key word here is request,
because this is not actually blocking anything. We have also learned that many websites
simply ignore these requests.

On a positive note, there are some websites respecting do not track requests (including
Restore Privacy, which uses Matomo instead of Google Analytics). To enable Do Not Track
simply go to Menu > Options > Privacy & Security > Tracking Protection and then under
‘Send websites a “Do Not Track” signal…’ select Always.

You can enable this in Firefox Android by going to Menu > Settings > Privacy > Do not
track.

Now we will move onto the about:config settings.

Firefox About:Config settings

Aside from the general Menu settings we used above, you can also make a number of
different modifications using about:config.

4/11
Note: If you made all of the changes above, you may noticed that some of these settings
are already updated in about:config. We will cover the different about:config since some
people prefer to modify settings in this area, rather than through the general Menu.

To access these configuration settings, simply enter about:config into the URL bar and hit
enter. You will then be prompted with a warning screen stating “This might void your
warranty”. Just click “I accept the risk” to continue.

After proceeding, you will see a large list of preferences, which each include a status, type,
and value.

These preferences will be listed in alphabetical order and easily searchable from the
search bar near the top.

Modifying preferences – You can modify any of these Firefox preferences by simply
double clicking the preference name. If the preference is a “boolean” type, then double
clicking will change the value to true or false. If the preference is an “integer” or “string”
type, double clicking will open a box to change the value.
5/11
media.peerconnection.enabled (WebRTC)
WebRTC stands for “Web Real-Time Communication” and it allows for voice, video chat,
and P2P sharing through your browser. Unfortunately, this capability can also expose your
real IP address through browser STUN requests, even if you are using a VPN service.

To disable WebRTC in Firefox simply enter media.peerconnection.enabled into the search

bar and then double click the value to change it to false.

Note – Aside from Firefox, the WebRTC vulnerability also affects Chrome and Opera
browser. Check out the WebRTC leaks guide for steps to block or disable WebRTC in all
browsers.

privacy.resistFingerprinting
Changing this preference to true will help to make Firefox more resistant to browser
fingerprinting.

Note: There are many factors that go into browser fingerprinting and the ability of an
adversary to identify you. Another option is to use the Tor browser, discussed further here.

privacy.firstparty.isolate
Changing this to true will isolate cookies to the first party domain, which prevents tracking
across multiple domains. First party isolation also does much more than isolating cookies,
it affects: cookies, cache, HTTP Authentication, DOM Storage, Flash cookies, SSL and TLS
session resumption, Shared Workers, blob URIs, SPDY and HTTP/2, automated cross-origin
redirects, window.name, auto-form fill, HSTS and HPKP supercookies, broadcast channels,
OCSP, favicons, mediasource URIs and Mediastream, speculative and prefetched
connections.

This preference was added in late 2017 as part of the Tor Uplift Project.

geo.enabled
Setting this to false will disable geolocation tracking, which may be requested by a site you
are visiting. As explained by Mozilla, this preference is enabled by default and utilizes
Google Location Services to pinpoint your location. In order to do that, Firefox sends
Google:

1. your computer’s IP address

6/11
 2. information about “nearby wireless access points”
3. a random client identifier, which is assigned by Google

Before this data is sent to Google, you would first get a request by the site you are visiting.
Therefore you do have control over this, even if geo remains enabled.

media.navigator.enabled
Setting this preference to false will block websites from being able to track the microphone
and camera status of your device.

network.cookie.cookieBehavior
This is an integer type preference that you should set to a value of 1. This preference
disables cookies and has the following values:

0 = Accept all cookies by default

1 = Only accept from the originating site (block third-party cookies)
2 = Block all cookies by default

You can get more information on this preference from the Mozilla knowledge base.

network.cookie.lifetimePolicy
This is another integer type preference that you should set to a value of 2. This preference
determines when cookies are deleted. Here are the different options:

0 = Accept cookies normally

1 = Prompt for each cookie
2 = Accept for current session only
3 = Accept for N days

With a value of 2, websites you visit should work without any problems, and all cookies will
be automatically deleted at the end of the session. You can get more information on this
preference from the Mozilla knowledge base.

network.dns.disablePrefetch
Setting this preference to true will disable Firefox from “prefetching” DNS requests. While
advanced domain name resolution may slightly improve page load speeds, this also opens
you up to privacy and security threats, as described in this paper.

You can get more information on this preference here.

network.prefetch-next
Similar to prefetching DNS requests above, setting this preference to false will prevent
pages from being prefetched by Firefox. Mozilla has deployed this feature to speed up web
pages that you might visit. However, it will use up resources and poses a risk to privacy.
This is another example of performance at the price of privacy.

7/11
You can get more information on network.prefetch here.

webgl.disabled
WebGL is a potential security risk, which is why it is best disabled by setting webgl.disabled
to true. Another issue with WebGL is that it can be used to fingerprint your device.

You can get more information on the WebGL issue here and here.

A note on “safe browsing” preferences

There are many recommendations to disable the Safe Browsing feature in Firefox due to
privacy concerns and potential Google tracking. However, these concerns are based on an
older version of the Safe Browsing feature, which would utilize “real-time lookup” of
website URLs. This method has not been in use since 2011 – explained further here.

If a URL is needed, Firefox takes the following precautions to protect user privacy, as
explained by François Marier, a security engineer for Mozilla:

Query string parameters are stripped from URLs we check as part of the download
protection feature.
Cookies set by the Safe Browsing servers to protect the service from abuse are
stored in a separate cookie jar so that they are not mixed with regular
browsing/session cookies.
When requesting complete hashes for a 32-bit prefix, Firefox throws in a number of
extra “noise” entries to obfuscate the original URL further.

Therefore I would conclude that disabling Safe Browsing would give you no tangible
privacy benefits, while also being a security risk. That being said, if you still want to disable
this feature, here’s how:

browser.safebrowsing.phishing.enabled = false
browser.safebrowsing.malware.enabled = false

Firefox privacy and security add-ons

There are some great Firefox browser add-ons that will give you more privacy and security.

Note: When looking for Firefox add-ons, be sure to consider what you need in relation to the
preferences you modified above. Some add-ons will be redundant and not necessary
depending on your Firefox preferences and the other add-ons you are using.

In combination with the preference changes above, my top three recommendations for
privacy add-ons would be:

uBlock Origin
HTTPS Everywhere
Decentraleyes

8/11
All three of these add-ons compliment the preferences listed above, are easy to use, and
will probably not break websites you visit.

Another great add-on is Cookie AutoDelete. However, if you have already modified your
cookie preferences in about:config as described above, then this add-on is not necessary.

uBlock Origin
uBlock Origin is an efficient, light-weight blocker that filters both
ads and tracking. It has risen to popularity as a powerful
alternative to Adblock Plus, which allows “acceptable ads” that
many users disdain. One added benefit of uBlock Origin is that it
can significantly improve performance and page load speed.

Another great feature with uBlock Origin is the ability to whitelist

certain websites. Given that many sites will block access if they
detect an ad-blocker, the ability to whitelist will come in handy.
uBlock Origin is free and entirely open source.

HTTPS Everywhere
HTTPS Everywhere is a good Firefox add-on that basically forces
an HTTPS connection with the websites you visit – provided
HTTPS is available for the site. This gives you more security and
privacy, due to encryption.

Fortunately, more and more websites are implementing HTTPS,

so this is becoming less of an issue. Nonetheless, HTTPS
Everywhere is still a good add-on to use with Firefox.

You can get more information on HTTPS from Electronic Frontier Foundation, which is
behind the creation of this add-on.

Decentraleyes
Decentraleyes is an interesting Firefox add-on that protects you
against tracking via content delivery networks that are operated
by third parties. While CDN’s do help improve website load time
and performance, they are usually offered for free by third-parties
that will use the CDN to track your browsing. These third parties
include Google, Microsoft, Facebook, Cloudflare, Yandex, Baidu,
MaxCDN, and others.

Decentraleyes solves this problem by hosting CDN resources

locally. As described on their Github page, Decentraleyes “intercepts traffic, finds
supported resources locally, and injects them into the environment” thereby preventing
CDNs from tracking users.

9/11
Cookie AutoDelete
This browser add-on may not be necessary with Firefox if you have made the changes
above to preferences, which will automatically erase cookies that are no longer needed for
the website you are viewing.

However, if you’d rather use an add-on instead of making these about:config changes, then
Cookie AutoDelete is the way to go. It erases cookies that are no longer needed, thereby
protecting you from tracking.

Privacy Badger
Privacy Badger is another add-on from Electronic Frontier Foundation that blocks spying
ads and trackers. One drawback with Privacy Badger is that it only blocks third-party sites.
Because it considers Google Analytics first-party site, it will not be blocked. Another
drawback is that it does not actually use a filter list. Instead, it basically learns as you use it.

On a positive note, Privacy badger is very easy to use and will go a long way to giving you
more privacy with general browsing. It can be used in combination with uBlock Origin,
although there will be some overlap in terms of functionality.

uMatrix
uMatrix is an advanced add-on that gives you control over requests that may be tracking
you on the websites you visit. It is made by the same people behind uBlock Origin. One
advantage with uMatrix is that it is very customizable.

One drawback with uMatrix is that it can be difficult and time-consuming to get it
configured for regular, day-to-day browsing. However, if you want a very powerful blocker,
and you don’t mind having to tinker with this plugin, then give uMatrix a shot.

NoScript
NoScript is a script-blocker that allows you to determine exactly which scripts run on
specific websites. While it does give you control, NoScript can be a real pain to get
configured properly. It breaks many websites, which requires you to tweak and configure
the options. If you are already using uBlock Origin, or uMatrix, then you probably don’t need
to be using NoScript.

This is definitely not an add-on for the casual user or those who don’t have the patience to
devote some time into configuration.

Additional resources
Below are some additional resources for configuring Firefox to give you more privacy and
security:

user.js Firefox hardening – As explained on their GitHub page, this is a “configuration

10/11
 file that can control hundreds of Firefox settings. For a more technical breakdown and
explanation, you can read more on the overview wiki page.” Their Wiki page is also full
of great information.
Privacy Settings – This is a Firefox add-on to give you easy access and control of the
built-in privacy settings in your browser.
Firefox Profilemaker – FFprofile helps you to create your own Firefox profile with the
default privacy and security settings to fit your needs.

Firefox privacy conclusion

Firefox remains the best all-around, mainstream browser on the market for privacy.

While many of the configurations and add-ons we discussed in this article will go a long
way to giving you more privacy, there is one issue that remains: concealing your IP address
and location. To do this a good VPN is necessary. The Tor network also achieves this end,
but it comes with the drawbacks of slow speeds and other risks.

Also keep in mind that a secure, privacy-focused browser is just one of many tools to keep
you safe online. Check out the privacy tools page for additional tips and recommendations
to restore your privacy.

Tweet
Share
Share
Vote
Pin
Email

11/11