Configuring Firefox for the Privacy-Minded

Table of Contents:

Core Add-ons:

Your core add-ons are necessary to help prevent advertisement tracking and malicious scripts from exploiting your web browser.

Adblock-Plus. Adblock-Plus allows you to block advertisements. This add-on stops them from even loading. This sort of feature is not available in other web browsers such as Google's Chrome.

BetterPrivacy. This add-on will allow you to stop all flash cookies from being set in your computer. Little do people know how pervasive flash cookie tracking is. All those YouTube videos you have watched, all those porn videos you've seen haven't seen around the web, those flash games, etc are all tracked with flash cookies. So here are some tips for setting up BetterPrivacy:

• Set flash cookie deletion by timer. I recommend one seccond. Uncheck "Not if modified within time interval."
• Delete the Flashplayer default cookie because that can be used for tracking
• Disable Ping Tracking

Here is a screenshot to show you how I have set up BetterPrivacy on my computer:

Cookie Monster. Cookie Monster further improves Firefox's cookie-blocking abilities. This add-on, when you configure it to block 3rd party cookies, will block all sorts of advertizing and tracking cookies used to analyze your web usage. Configuring this add-on is relatively easy. Simply select the option of blocking all cookies and then select deleting cookies when you change access to deny. A tip: put the Cookie Monster icon next to your home icon in your browser so you can easily interact with it. A screen shot of my Firefox browser will give you an idea later down the web page.

HTTPS Everywhere. HTTPS everywhere is an add-on brought to you from the folks at the EFF. This is super simple. Simply install it and when you navigate the web, your browser will use a secure connection (HTTPS) instead of the standard HTTP if available. HTTPS is important because it can help prevent eavesdropping. Read more about HTTPS on Wikipedia.

NoScript. NoScript is the add-on for masochists. This is not for the faint of heart because it makes using the web harder. But, NoScript is probably the single most important add-on you can install if you're concerned about privacy and security.

Using NoScript can be quite a challenge for newcomers so I'll try to give some tips. First, make sure the NoScript icon is located somewhere near your address bar so you can quickly use it (the same suggestion for Cookie Monster). Right-click on your home button on Firefox and click Customize. A drop-down menu should appear so all you need to do is click and drag the NoScript icon next to your address bar. Feel free to get rid of the Search Bar, too.

Your next step is to delete the default whitelist in NoScript. NoScript, by default, comes with several scripts enabled such as Google, YouTube, Yahoo, among other things so it's up to you whether you keep them or delete them. I, delete all of the default scripts just so I can start fresh and manually add them myself. Right-click on the NoScript icon and click Options to find the Whitelist tab.

As you can see, I have consciously and manually enabled DuckDuckGo's web page to execute javascript. Like CookieMonster, I prefer this opt-in behavior when I browse the web. That way if I ever venture to a page that I'm not sure about, JavaScript and cookies stay blocked. You can trust Google and YouTube... I do. But I don't enable Google's analytics and tracking scripts. If you have questions about NoScript you can find my e-mail address at the bottom of the page.

Additional Add-ons:

These additional add-ons will further improve your web-browsing security.

RequestPolicy. This addon gives you control over cross-site requests.

RefControl. RefControl is a pretty lightweight add-on; this gives you control over the HTTP referer. To sum it up, when you click a link in a web browser the request usually includes what page you were last on.

about:config Tweaks:

Down the rabbit hole we go. There are a few about:config tweaks that you need to perform to tidy up your security. Simply click on your address bar and type in about:config. Don't worry we'll be careful =).

You will see a long list of things. Don't worry you will not have to scroll through everything. Just use the search box to type in the following items. The ---> arrow will show you what to change. Think of it as "change it to." So, you will first search for geo.enabled and then change it to "false."

• geo.enabled ---> false


• keyword.URL ---> https://duckduckgo.com/?q=
-- This will change your Firefox's search utility to DuckDuckGo. Feel free to use the default search engine (Google) but I suggest you use a search that respects your privacy like StartPage or DuckDuckGo. If you want to use Startpage simply type in the string https://startpage.com/do/search?language=english&cat=web&query= instead of duckduckgo.com/?q=.


• browser.search.selectedEngine ---> DuckDuckGo
-- Substitute with StartPage if you would like


• browser.search.defaultenginename ---> DuckDuckGo
-- Substitute with StartPage if you would like


• app.update.enable --> false
• browser.search.update --> false
• browser.search.suggest.enabled -->false
-- Probably important if you insist on keeping Google as your default search engine. Do you want to send Google your every keystroke? I certainly do not.


• browser.urlbar.trimURLs ---> false
-- I find being able to view the full URL to be extremely important.


• noscript.ABE.wanIpCheckURL ---> 0


• Search for "Google."
-- Remove all references to safe browsing and reporting. Should be the top couple of results.


• extensions.blocklist.enabled --> false
--This disables a blacklist check of your addons.


• browser.safebrowsing.enabled --> false


• browser.safebrowsing.malware.enabled --> false


• network.prefetch-next --> false
-- Preloading can be a giveaway of your web-browsing habbits. This disables that.


• browser.send_pings --> false
• browser.send_pings.require_same_host --> true
-- Why would you want Firefox sending pings and other data without your permission? All data being sent from your computer should be in your control; even if it's something as mundane as reachability.


• crashreporter --> change the Adobe Flash (if you have this installed) setting to false. It can report your flash videos.
  
• browser.ssl_override_behavior --> set it to 2
• network.proxy.socks_remote_dns --> true
• network.http.sendReferHeader --> set it to 0
• network.http.sendSecureXSiteReferrer --> false
-- Disables outbound calling/refering


• browser.fixup.alternate.enabled --> false
-- Stops Firefox from domain guessing.


• keyword.enabled --> false
-- This may boink the DuckDuckGo address bar search. It did on my system. Basically, this keyword.enabled boolean is the same as search suggestions. But, this uses the address bar instead of the search bar (that we got rid of if you followed the guide).

Final Notes:

• Be sure to use a master password in Firefox if you want to save your passwords. Without this, anyone can access your Firefox's list of saved passwords if they have physical access to your machine. Use a very strong password with symbols, numbers, and if possible: random characters.


• It's up to you to configure your privacy settings. How much history, if any, are you going to keep in Firefox? Are you going to have Firefox remember search and form history? Are you going to clear all the data when Firefox closes? How about simply using private browsing mode 100% of the time? Do what works best for you.

That wasn't painful. Right? Now that you have configured Firefox it's time to start fresh. Erase any cookies left in your browser by going to your Firefox Preferences and clicking on the Privacy tab. Click "Show Cookies..." and delete 'em. Now when you surf the web it's up to you to opt-in. Most sites do not need to set cookies and they definitely do not need to set tracking cookies. Your privacy is valuable--look how much Google is worth. They have built a multi-billion dollar empire based on your web surfing, your search history, everything. If you don't protect your privacy no one will. The reason I block most of this stuff is because I do not feel like donating my private internet life to major corporations who can, in turn, sell that data for money. I understand that this allows companies like Google to offer "free" services but at what cost? Make the conscious decision to opt-in. Make the conscious decision to use their services and understand what they do with your e-mail accounts and search queries. If you find that to be a fair trade then there's nothing more to say. At least I have given you some information to stay safe on the web.

Please e-mail me at jjcz75b@lavabit.com if you have some suggestions to improve this page, if you have complaints, or if you think I'm crazy (I'll consider it a compliment). I'd love to hear from you. Last updated on 07 July 2013.