Data Privacy Security Bloggers Network 
SBN

How to Set Up Firefox for Privacy

by Avoidthehack! RSS on August 28, 2022

Update/Revision of the post originally published on 17 FEB 2021.

This is a guide for tweaking the Firefox browser for enhanced online privacy. We explore the “normal” and the “advanced” tweaks here.

This guide is intended for desktop users across all platforms: Windows, macOS, and Linux.

This guide is based on Firefox Ver 135.0

Preface


mozilla firefox logo 2018

Across the online privacy community, you’ll find that Firefox is frequently recommended as a top contender for privacy-friendly browsers. It has been around for a long, is open-source, and has many privacy-friendly features.

However, not all of Firefox’s privacy features are enabled by default. Additionally, commonly recommended add-ons such as uBlock Origin are not installed by default.

If you do not have Firefox installed, then you should download and install it (this guide is solely based on “vanilla” Mozilla Firefox, though it may be applicable to some of its forks as well).

Download Firefox

Consider your threat model

Note: This guide is more “conservative” to avoid breakage that may occur with more aggressive tweaks. You can think of it as a baseline.

In short, your threat model when it comes to securing your online privacy is answering the question:

  1. “Who is your adversary (who you want to protect your data from)?”

and you’ll want to heavily consider:

  1. What resources are you willing to commit to doing so?

For example, are you…

  • Trying to limit the invasiveness of hyper-personalized marketing and highly targeted ads?
  • Looking for alternatives to Big Tech, such as Google, Microsoft, Apple, or Facebook?
  • Concealing online activity from the government (ditch the assumption that this is for “criminal activity only.”)
  • Trying to limit what information about you is easily found/searchable by the average Joe?

Of course it goes without saying that there are many other valid reasons for wanting to preserve one’s online privacy. Threat models differ between people.

This is definitely not saying you need a “valid reason for privacy” because the need for privacy is a fundamental human right. However, you should be aware of just who’s eyes you’re trying to protect your data from and the resources you’re consuming to do so.

“Resources” for most people frequently include…

  • Your time
  • Your effort
  • Your money
  • Your sanity

Above all else, you should be (1) aware of what genuinely does not work for your threat model and (2) realistic about your expectations and the resources you’re willing to commit.

Above all else, remember that not everything works for everybody.

A word on fingerprinting…

Be aware that, generally speaking, more add ons/privacy settings does not necessarily protect you from more tracking methods. “The more, the better” does not apply here. There tends to be a lot of needless overlap in running various tracker blocking add-ons in the browser.

The more add ons you have, then the more unique your browser fingerprint is; more add-ons in the browser also widens your attack surface. Additionally, installing add-ons that have too many overlapping functions can cause undue errors and is, quite frankly, efficient.

The trick is to strike a balance between blocking tracking methods (such as scripts and cookies) vs blending in with “other users'” browser signatures. This can be tricky and is much easier said than done.

To avoid standing out like a sore thumb generally includes not installing a ton of add ons and disabling Do Not Track (DNT) where appropriate.

In version 135, the “Do Not Track” checkbox has been removed from preferences.

It’s unrealistic to think you can prevent all fingerprinting there ever was or ever will be. Fingerprinting is a constantly evolving (and ever-invasive) practice. Nearly every aspect of your system can be used to fingerprint you, such as (but not limited to):

  • Set language preference (ex: en-US)
  • Operating System
  • Screen size
  • Bluetooth connections
  • IP address
  • Presence of a DNT header
  • System fonts

It’s possible to minimize what fingerprinting and tracking methods work on you – typically the first step is blocking ads and the trackers that can come with them.

Again, this comes back to threat modeling and understanding that for most people, attempting to stop any and all fingerprinting is simply not feasible; it can also backfire, causing you to be more unique amongst a sea of users.

These are the settings that we can adjust straight from Firefox’s standard menu, without going into more advanced settings living in the about:config section.

Custom search settings

Mozilla has an agreement with Google that the default search engine is set to Google Search.

Hopefully, you’re aware that Google Search is not at all privacy friendly. Many of the other search engines included with Firefox aren’t too privacy friendly either, except for DuckDuckGo (with associated caveats).

To access the search settings, go to Menu > Options > Search. You should be brought to a screen that looks like this:


firefox search settings

You’ll want to be sure to choose a private search engine as your default. You can add them to Firefox by clicking the Find more search engines link near the bottom of the page.

For a list of suggestions, you can visit the avoidthehack recommendations for private search engines.

Additionally, you may want to consider disabling Search suggestions as well. This comes enabled as a default.

A valid reasoning for disabling this setting is for the fact it sends real-time data to your default search engine about what you’re searching; that’s how you get your suggestions for what to search from the engine itself.

This shouldn’t be necessary if you’re using a private search engine, but you may want to consider disabling it.

Firefox DNS-over-HTTPS (DoH)

Firefox introduced DNS-over-HTTPS (DoH) inside the browser a while ago. DoH helps ensure that your DNS lookups – in this case, those only generated by Firefox itself) are encrypted from third-party snooping. Additionally, Firefox partners with some “privacy-friendly DNS providers,” in order to accomplish this.

(An easy way to access this setting is by typing “network settings” into the search bar of the settings/preferences page of Firefox.)

DoH within Firefox is enabled by default depending on a number of criteria that the browser itself assesses:

  • Locale
  • Presence of parental controls
  • Default DNS server’s filtering of malicious content
  • Enterprise policies for custom DNS settings

If the last 3 points aren’t “detected,” then Firefox will enable its DoH setting by default.

The goal of this is well and all, but this could prove exceedingly problematic for users who actually want Firefox to…

*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoidthehack! RSS. Read the original post at: https://avoidthehack.com/firefox-privacy-config

Avoidthehack! RSS ,