Configuration
Firefox was designed to be a extremely customizable web browser. It will allow you to tune nearly every aspect of your browsing experience. We shall start with the configuration inside of Firefox itself. Type about:config into the address bar and push enter. You will see this:
First we will focus on a preference called network.http.sendRefererHeader. The value by default is 2, this is bad for privacy because it will show where you are coming from because it stores habits. This is mainly used by advertisers to generate better focused ads. To disable this setting you will need to navigate to network.http.sendRefererHeader by copying and pasting it into your search bar. Double click the integer and set the number to 0 like so:
The next thing we will focus on is the privacy options built in. Go to the options menu, then go to privacy and follow these settings to ensure you are not tracked.
Web Browsers
Now we will focus on search engines now that your browser won't be tracking you. Search engines will track what you do as well.
StartPage - A is a search engine that was launched in 2009 by Ixquick and is the worlds most private search engine. They provide results from Google without giving up your identity or habits, keep no logs and are based offshore in The Netherlands. They support these methods of encryption:
- TLS
- SSLv3
- TLS1.1
- TLS1.2
StartPage uses POST requests instead of GET requests to give your your results by default which even if you have referrer headers enabled, it would prevent sites from knowing your search queries. StartPage also allows you to connect and search from servers outside of your country to separate yourself from the Government.
DuckDuckGo - Another alternative to Google and is similar in policies as StartPage as their privacy policy states they never keep logs. The difference between StartPage and DuckDuckGo is this search engine provides results from other places besides Google such as Wikipedia, Wolfram Alpha, Bing, Yahoo, Yandex, and Yelp.
Add-Ons
Add-ons can help you lock down on the above settings, and really fine tune your privacy. Here is a list of recommended Add-ons.
- NoScript
- Self-Destructing Cookies
- Better Privacy
- HTTPS Everywhere
- Disconnect
- Adblock Edge
- Last Pass
- Ghostery
1. NoScript is one of the most recommended security addons for Firefox. It prevents Javascript, Flash, Silverlight, and many others from running. This protects you from malicious scripts or any plug-ins can reveal your IP address. We advise that you Forbid Scripts Globally after installation and then whitelist the sites you frequently browse.
2. Self-Destructing Cookies detects and deleted cookies when they are no longer in use. When you install it the addon will automtaically delete all of your cokkies, but you can undelete them as needed as well as whitelist cookies you know you will need. Basically this addon will ensure that you only have the cookies you want, and not the ones that you do not wish to have.
3. Better Privacy is an addon that will clear your cache when idle and will elimitate the threat of Supercookies or Evercookies which are hard to get rid of and detect such as Flash cookies.
4. HTTPS Everywhere basically forces HHTPS on every site that has it, preventing MitM attacks.
5. Disconnect is a add-on that blocks over 2,000 sites from tracking you around the internet, helping increase bandwidth loss and load times, as well as remaining more private.
6. Adblock Edge is a fork of Adblock Plus that blocks ads that Adblock Plus allows by default.
7. LastPass is a password manager that help you remain secure online, you only need to remember your master password and the rest can be generated. Lastpass also has 2 factor authentication, and can preform security audits of all of your accounts to tell you if the site you were registered with has been hacked, and it can help recommend a course of action.
8. Ghostery detects trackers, bugs and more on many websites and will show you what is going on under the hood. While you will not need this if you have noscripts enabled for every site, it is good for detecting what is on your whitelisted websites so you know what they are tracking.