How to enhance the security of Firefox

Firefox is a versatile browser and some of its less known settings can be adjusted to make your browsing more secure and private. If you type “about:config” into the search bar and press enter, you will be able to access the advanced configuration settings that Firefox offers. It is important to note that once you try to access the about:config option, you will be greeted with a warning stating that changing the advanced settings of Firefox may cause issues in the stability and performance of the browser. However, if you feel confident enough and want to unlock further security features, it is worth taking the chance and you can bypass the warning by simply clicking “I’ll be careful, I promise”.

After that, you will see the configuration screen, which by default includes Preference Name’s listed in alphabetical order. In order to help you understand what benefits can be obtained by adjusting these preferences, we will later discuss each one of them. In order to change a boolean entry (with a true/false) value, you just need to click twice anywhere on the entry line. In order to change an integer (numeric value), you can click twice the entry and then type the numeric value. A string value can be changed by clicking twice the entry and then entering the required text.

If you see an option marked in bold in the about:comfig panel, it means that its default value has been changed. You may also come across an entry marked with an asterisk. In these cases, it is advisable that you follow the information listed as below, in the sections also marked with an asterisk.

Before we start with the preferences that can be changed to improve your privacy, it is important to keep in mind that some websites need some of these features to work. If you disable them, your access to certain websites will be affected. Luckily, it is possible to re-enable the features to ensure that the impacted websites work correctly. If you are having problems to access some websites, you may need to try different settings until you find the right adjustment that offers security without impacting your browsing experience.

browser.privatebrowsing.autostart

The Private Browsing mode was designed to prevent your from leaving behind any trace of your activities in case other users use your browser at a later stage. An important function is that it can block the majority of cookies and doesn’t keep records of your browsing history or of the online forms you have filled in.

While Private Browsing protects your privacy from people who are using the same computer or device, it is not an effective solution to prevent your ISP or other external parties from getting access to your activities.

Even if you are not using a shared computer and only you have access to it, it is advisable to always use Private Browsing mode due to its cookie disabling capabilities. Setting Private Browsing to “true”, will automatically start Firefox in this mode so you won’t have to worry about enabling it whenever you use the browser.

browser.startup.homepage

Firefox is set to start on the Mozilla Firefox Start Page by default, which displays a Google search box. Like other commercial search engines, Google keeps a lot of information about you, including details of the searches performed. You can start on another page by entering the address of the website of your choice. Some of the recommended options are private search engines like startpage.com or duckduckgo.com.

browser.startup.page

You may also start Firefox on a blank page, changing the setting to “0”.

dom.event.clipboardevents.enabled*

When you copy, paste or cut an extract from a website, the owners can get a notification letting them exactly know which part of the website was used. They will be able to modify or keep records of the text, as well as preventing you from copying anything. They can also disallow the option of pasting text into web forms. Setting this preference to “false” will help you to stop websites from finding out when you copied text and will also be able to paste and cut.

browser.safebrowsing.enabled *

The Google Safe Browsing extension is included in Firefox and it is turned on by default. This extension aims to prevent phishing by comparing the websites you access to a blacklist ran by Google. The downside is that Google is always able to keep track of your browsing. The best thing is to disable it and to opt for Firefox security extensions like Better Privacy and Disconnect.

browser.safebrowsing.malware.enabled *

Now known as Phishing Protection, Safe Browsing is a Mozilla alternative to Google Safe Browsing. However, it also sends data to Google, which is why it is advisable to turn it off.

datareporting.healthreport.uploadEnabled

It is possible to see information about your Firefox’s stability and performance whenever needed. You just need to check the Firefox Health Report by going to Firefox tab and accessing the report from “Help”. By default, the report is regularly sent to Mozilla anonymously in order to allow it to get an overview of possible issues and work on future solutions. However, in order to maintain the security of your browsing, this setting should be disabled. While you will still be able to access the report, you will be able to prevent that it is sent to Mozilla.

dom.storage.enabled *

DOM storage is a method of keeping information within web browsers and it is one of the most dangerous techniques that online companies use to trace you. Since the risks that “normal” cookies represent are known for more people, DOM storage is becoming more widely used. The good news is that DOM storage can be turned off easily by setting this preference to “false”. One important thing to keep in mind is that disabling this option is known for causing issues on some websites.

toolkit.telemetry.enabled

Telemetry is in charge of all kinds of statistical data that relates to the performance of your browser, its usage and responsiveness. Anonymous reports including this data can be sent by Firefox to Mozilla. Although this can be useful for developers, if you want to improve the security of your browsing make sure that this option is set to “false”.

geo.enabled *

If you visit a “location aware” website, it will ask you if you wish to share your location. If your answer is yes, then Firefox will send information about wireless access points that are close to your location. Furthermore, your computer’s IP address will be shared with Google Location Service and the information will be passed on to the website. While a website should always ask you for your consent, it is possible to avoid giving this by accident. You can simply disable this feature by setting it to “false”.

geo.wifi.uri

This option determines the geolocation service that is used, which by default, is Google Location Service. When you disable the aforementioned geo.enabled, geo.wifi.uri shouldn’t be a main concern. Nevertheless, if you prefer it, you can change it to 127.0.0.1, which is known as localhost or the “loopback address”.

network.cookie.cookieBehavior

It is not necessary to adjust this preference if you already have an effective cookie managing tool such as Cookie Monster. Otherwise, you can set it to “1” so only cookies from the originating server will be accepted.

network.cookie.lifetimePolicy

Unless you don’t have a cookie managing extension like Cookie Monster, you won’t need to change this preference. If you don’t have the cookie managing add-on, you can set this setting to “2” in order to ensure that the cookie expires when the browser is closed.

network.dns.disablePrefetch

With Firefox, page load times are improved by resolving domain names “proactively” which means that the data is previously collected. While this can make browsing more efficient. the practice also represents risks to privacy. The most concerning aspect is the possibility of deducing the search terms issued by clients with the help of a given DNS resolver. It is possible to disable DNS prefetching by setting this value to “true”. In case you are not able to find this setting, you can add it manually by right-clicking on the about:config screen and selecting New, then Boolean and typing “network.dns.disablePrefetch” into the box.

network.http.sendRefererHeader

If you click on a hyperlink, the page you are directed to can request information about the page you were directed from when you followed the link. This data is included in the “referer header” and it could be used to trace you throughout a website. The referer header can be accessed by Javascript scripts, if this option is enabled. Although turning off this preference could lead to issues with some websites, it is advisable to set it to “0”, to ensure that the referer header is not sent.

network.http.sendSecureXSiteReferrer *

Similar to the previous referer setting, but in the case of this preference, you could be tracked across websites. It is possible to disable this option by setting the value to “false”.

network.prefetch-next *

In Firefox, the browsing process is accelerated by scanning links on a webpage and when idle, linked-to-webpages are pre-downloaded. While turning off this setting can slow down browsing, if privacy is your main concern, it should be disabled.

privacy.donottrackheader.enabled *

The majority of modern browsers (including Firefox) currently support a “Do not track” option, which can prevent websites from tracking you. Although this preference should be enabled by setting it to “true”, it is important to keep in mind that websites are not obliged to comply with the “Do not Track” request. As such, this feature doesn’t offer a high degree of protection.

privacy.donotrackheader.value *

As discussed, the previous setting is designed to determine if a “Do not track” request is sent to a website. In the case of the donotrackheader.value, what is determined is what the request says. It should be set to 1 to ensure that websites are asked not to track you. When privacy.donottrackheader.enabled is set to “true”, a header stating consent to being tracked would be sent to all websites.

privacy.trackingprotection.enabled

This is a useful option to prevent cross-site tracking as it enabled a blocklist that relies on Disconnect’s (a highly effective privacy extension for Firefox) blocklist. When Tracking Protection is enabled, a shield will be displayed in your address bar, every time Firefox is blocking tracking domains or mixed content. An additional advantage is that this setting increases the loading speed of webpages and data usage drops when you are connecting to popular websites. Furthermore, the number of HTTP cookies (the regular kind) stored by the browser decreases.

Conclusion

It is possible to enhance your online security by adjusting the above settings in Firefox as you can prevent third parties from tracking your activity. In order to further improve the protection to your privacy, it is advisable to use extensions like Disconnect and Cookie Monster. It is also important to keep in mind that thanks to an Add-on called Privacy Settings, you can easily control many of the advanced settings in Firefox with a single click.