Firefox tweaks that will enhance your privacy on internet


Internet has become privacy sensitive place, specially now NSA and other US authorities are lurking on every corner, mining data from the web.
This is a collection of privacy related about:config tweaks. I’ve show you how to enhance the privacy of your Firefox browser.
firefox-secure-privacy-featured

Preparation:

  • Enter “about:config” in the firefox address bar and press enter.
  • Press the button “I’ll be careful, I promise!”
  • Follow the instructions below…

Getting started:

  1. network.http.sendRefererHeader = 0
    • Disable referrer headers.
  2. network.http.sendSecureXSiteReferrer = false
    • Disable referrer headers between https websites.
  3. privacy.trackingprotection.enabled = true
    • This is Mozilla’s new built in tracking protection.
  4. geo.enabled = false
    • Disables geolocation.
  5. browser.safebrowsing.enabled = false
    • Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
  6. browser.safebrowsing.malware.enabled = false
    • Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
  7. dom.event.clipboardevents.enabled = false
    • Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  8. dom.event.contextmenu.enabled = false
    • Disables website control over rightclick context menu.
  9. geo.wifi.logging.enabled = false
    • Disables firefox logging geolocation requests.
  10. network.cookie.alwaysAcceptSessionCookies = false
    • Disables acceptance of session cookies.
  11. network.cookie.cookieBehavior = 2
    • Disable cookies
    • 0 = accept all cookies by default
    • 1 = only accept from the originating site (block third party cookies)
    • 2 = block all cookies by default
  12. network.cookie.lifetimePolicy = 2
    • cookies are deleted at the end of the session
    • 0 = Accept cookies normally
    • 1 = Prompt for each cookie
    • 2 = Accept for current session only
    • 3 = Accept for N days
  13. network.dnsCacheEntries = 100
    • Number of cached DNS entries. Lower number = More requests but less data stored.
  14. network.dnsCacheExpiration = 60
    • Time DNS entries are cached in seconds.
  15. places.history.enabled = false
    • Disables recording of visited websites.
  16. browser.formfill.enable = false
    • Disables saving of formdata.
  17. browser.cache.disk.enable = false
    • Disables caching on hardrive.
  18. browser.cache.disk_cache_ssl = false
    • Disables caching for ssl connections.
  19. browser.cache.memory.enable = false
    • Disables caching in memory.
  20. browser.cache.offline.enable = false
    • Disables offline cache.
  21. browser.send_pings = false
    • The attribute would be useful for letting websites track visitors’ clicks.
  22. network.dns.disableIPv6 = true
    • If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
  23. network.dns.disablePrefetch = true
    • To disable DNS prefetching you will need to add network.dns.disablePrefetch as a new boolean preference and set the value to true.
  24. network.prefetch-next = false
    • Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it. This preference controls whether link prefetching is enabled.
  25. network.websocket.enabled = false
    • WebSockets is a technology that makes it possible to open an interactive communication session between the user’s browser and a server.
  26. webgl.disabled = true
    • WebGL is a potential security risk. Source

Important for VPN users!

WebRTC is a new communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN.

While software like NoScript prevents this, it’s probably a good idea to block this protocol directly as well, just to be safe! Todo:

  1. Search for “media.peerconnection.enabled”
  2. Double click the entry, the column “Value” should now be “false”
  3. Done. Do the WebRTC leak test again.

If you want to make sure every single WebRTC related setting is really disabled change these settings:

  1. media.peerconnection.turn.disable = true
  2. media.peerconnection.use_document_iceservers = false
  3. media.peerconnection.video.enabled = false
  4. media.peerconnection.identity.timeout = 1

Now you can be 100% sure WebRTC is disabled. Voilà!!

Suggested Add-on’s:

Encryption with “HTTPS Everywhere”

HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. A collaboration between The Tor Project and the Electronic Frontier Foundation. https://www.eff.org/https-everywhere

Block Ads with uBlock

uBlock is an lightweight and efficient blocker: easy on memory and CPU footprint. The extension has no monetization strategy and development is volunteered. Available for: Firefox, Safari, Opera, Chromium. https://addons.mozilla.org/en-US/firefox/addon/ublock/

Automatically Delete Cookies with “Self-Destructing Cookies”

Self-Destructing Cookies automatically removes cookies when they are no longer used by open browser tabs. With the cookies, lingering sessions, as well as information used to spy on you, will be expunged. https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/

Be in total control with “NoScript Security Suite”

Highly customizable plugin to selectively allow Javascript, Java, and Flash to run only on websites you trust. Not for casual users, it requires technical knowledge to configure. https://addons.mozilla.org/en-US/firefox/addon/noscript/

I hope this guide will help your on the journey on the web!
Advertisements

5 thoughts on “Firefox tweaks that will enhance your privacy on internet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s