Sign in Subscribe

Guide to Enhancing Firefox Security and Privacy

This guide aims to help users enhance their Firefox browser’s security and privacy settings. By following the steps outlined below, you can significantly reduce your exposure to various online threats and protect your personal data.

Manual Changes for Enhanced Security and Privacy

1. StartUp Settings

  • Set Firefox Home Page
  • Go to Menu > Options > Home.
  • Under Homepage and new windows, select Firefox Home (Default) or set a custom URL.
  • Disable New Tab Page Features
  • Type about:config in the address bar and press Enter.
  • Search for browser.newtabpage.enabled and set it to false.
  • Similarly, set browser.newtab.preload to false.

2. Geolocation

  • Disable Geolocation
  • Go to Menu > Options > Privacy & Security.
  • Under Permissions, click on Settings next to Location.
  • Check Block new requests asking to access your location.

3. Language / Locale

  • Set Preferred Language
  • Go to Menu > Options > General.
  • Under Language, click on Choose and set your preferred language.

4. Auto-updates / Recommendations

  • Disable Automatic Updates
  • Go to Menu > Options > General.
  • Under Firefox Updates, select Check for updates but let you choose to install them.
  • Disable Add-on Recommendations
  • Go to Menu > Add-ons > Gear Icon.
  • Uncheck Recommend extensions as you browse.

5. Telemetry

  • Disable Telemetry Data Collection
  • Go to Menu > Options > Privacy & Security.
  • Under Firefox Data Collection and Use, uncheck all the boxes.

6. Suggested Add-ons

  • uBlock Origin: A powerful ad-blocker and tracker-blocker.
  • HTTPS Everywhere: Forces websites to use HTTPS for a secure connection.
  • Privacy Badger: Blocks invisible trackers.
  • Decentraleyes: Protects against tracking through “free” content delivery.
  • NoScript: Allows active content to run only from trusted domains.
  • Cookie AutoDelete: Automatically deletes cookies that are no longer needed.

To install, go to Menu > Add-ons and search for the desired add-on.

7. Containers

  • Use Firefox Multi-Account Containers: This feature allows you to separate your online activities into color-coded tabs, preventing websites from tracking you across the web.
  • Install the Multi-Account Containers add-on.
  • Click on the container icon in the toolbar to manage or add new containers.

For more information on how to use containers, refer to the official Mozilla support page.

Threats to Be Aware Of

While the above settings will enhance your security and privacy, it’s essential to be aware of other potential threats:

  • WebRTC: This can reveal your actual IP address even when using VPNs. While the settings above don’t cover it, you can disable WebRTC in about:config by setting media.peerconnection.enabled to false.
  • Fingerprinting: Modern websites can use sophisticated techniques to identify and track users based on their browser configurations, even if they use incognito mode or VPNs.
  • Cross-Site Tracking: Some advertisers use cookies to track users across multiple websites, building a profile of their browsing habits.
  • Malicious Extensions: Always be cautious when installing new browser extensions. Only install extensions from trusted sources and regularly review and audit the extensions you’ve installed.
  • Phishing Attacks: No browser setting can fully protect you from phishing. Always be cautious about unsolicited communications and never click on suspicious links.

Conclusion

By following this guide and being aware of the potential threats, you can enjoy a more secure and private browsing experience with Firefox. Regularly update your browser and stay informed about new threats and solutions to maintain optimal security.

Here is a user.js settings file. Save to the following locations:

open a text editor -> copy the contents of the code block below. save as “user.js” in the appropriate location.

Windows%APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name\user.js\
Linux~/.mozilla/firefox/XXXXXXXX.your_profile_name/user.js
OS X~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name
Android/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name
// user.js for Firefox: Enhancing Security and Privacy

// ----- StartUp Settings -----
user_pref("browser.aboutConfig.showWarning", false);
user_pref("browser.startup.page", 1);
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtabpage.enabled", false);
user_pref("browser.newtab.preload", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
user_pref("browser.newtabpage.activity-stream.showSponsored", false);
user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
user_pref("browser.newtabpage.activity-stream.default.sites", "");

// ----- Geolocation -----
user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
user_pref("geo.provider.ms-windows-location", false);
user_pref("geo.provider.use_corelocation", false);
user_pref("geo.provider.use_gpsd", false);
user_pref("geo.provider.use_geoclue", false);
user_pref("browser.region.network.url", "");
user_pref("browser.region.update.enabled", false);

// ----- Language / Locale -----
user_pref("intl.accept_languages", "en-US, en");
user_pref("javascript.use_us_english_locale", true);

// ----- Auto-updates / Recommendations -----
user_pref("app.update.background.scheduling.enabled", false);
user_pref("app.update.auto", false);
user_pref("extensions.getAddons.showPane", false);
user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
user_pref("browser.discovery.enabled", false);

// ----- Telemetry -----
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.coverage.opt-out", true);
user_pref("toolkit.coverage.opt-out", true);
user_pref("toolkit.coverage.endpoint.base", "");
user_pref("browser.ping-centre.telemetry", false);
user_pref("beacon.enabled", false);

// ... [This is a shortened version for brevity. The full list is much longer.]

For a much more complete setting list check out this project on github HERE.