Improve Firefox’s Privacy Settings With These Security Buffs

Can changing Firefox's privacy settings improve your security? There's a trade off!

Firefox’s privacy and security settings make it one of the best mainstream browsers. Despite this, there are some elements of the Firefox browser that can leak some of your private data. But you can plug these security holes with a few tweaks.

Unfortunately, much of the internet is built around tracking and data collection. Disabling those settings breaks some websites and apps.

But if you are comfortable with the risks, the configuration changes in this article can help you better protect yourself against invasions of privacy.

Table of Contents

Why You Should Use Firefox

This is an image of the Firefox banner

Firefox is one of the leading alternatives to Google Chrome. There are a lot of browsers available, but many of them are based on Chromium, the open-source edition of Chrome. Because of its reliance on Google services, Chromium-based browsers are not recommended.

Mozilla’s Firefox web browser has long been favored by privacy advocates and those who believe in the open foundations of the internet. Mozilla’s browser is open-source and takes a hard-line approach to security and privacy. Unlike the Chrome Web Store, where anyone can upload extensions, applications featured in the Firefox Add-ons library must be signed by Mozilla.

The browser also blocks third-party cookies by default, enables you to choose whether to share your browser fingerprint with a specific site and gives you granular control over your browser’s privacy settings. On top of this, Mozilla supports internet freedoms, your right to privacy, and appropriate internet regulation.

While these are all commendable features and policies, Firefox isn’t entirely private by default. As the internet has evolved, some web technologies need data from the browser to function correctly. Which means these sites don’t work if those technologies are blocked. In the interests of creating a user-friendly experience, there have to be compromises.

You can use some of the following tweaks to make Firefox even more secure and private.

Change Your Firefox Settings

Screenshot of Firefox's Privacy & Security Settings

For the privacy-minded, your first port of call should be the browser’s main settings menu. This can be accessed by opening the hamburger menu on the top right of the browser and selecting Preferences.

There’s a good chance that you would rather Google wasn’t your default search engine on Firefox. On the left-hand panel, select Search. Under Default Search Engine, you can then decide on your preferred search provider. One of the most common choices is privacy-focused DuckDuckGo.

The most critical area of Preferences is Privacy & Security. The first section is to set your level of Enhanced Tracking Protection. As previously mentioned, Firefox blocks some elements of tracking by default, but you can strengthen this. You can opt into blocking some or all cookies, tracking content, cryptominers, and browser fingerprinters.

A warning, though: adjusting these settings may cause websites to break. If this does happen when visiting a site, navigate to the left of the address bar, and click the shield logo. You can then disable tracking protection for the site.

Adjust Firefox Permissions

Firefox's Permissions Settings

It’s also possible to instruct Firefox to send a Do Not Track signal to every website you visit. This is worth enabling, but most sites ignore Do Not Track requests. There’s also the tried-and-tested history, cookie, site data, and saved passwords settings. As you browse the internet, your private data accumulates on your device. Modifying these settings allows you to prevent this and clear any existing data.

Websites may also request access to your device’s sensors and information. There are five permission categories; Location, Camera, Microphone, Notifications, and Auto-play. You can adjust all of these permissions to your desired level. When you visit a website that requires one or more, a small pop-up will appear, asking you to approve this use temporarily, permanently, or deny the request.

Modify Firefox Security Settings

Firefox's Security Settings

By default, Firefox collects data about you and your browsing activity. The majority of this information is used to improve the browser and to bolster your online security. However, some data is sent to third-party services. Fortunately, you can switch off all data sharing.

Navigate to Preferences > Privacy & Security > Firefox Data Collection and Use. This is where you can opt-in or out of Firefox’s data gathering. You can choose whether to send technical and interaction data to Mozilla, opt-in to Firefox Studies, and allow the browser to send logged crash reports.

Under Security > Deceptive Content and Dangerous Software Protection, there is an option to block dangerous and deceptive content. Although there to protect you, these are among the browser’s most privacy-invading features. Websites you visit are checked against a known blacklist of malicious sites. On top of that, Firefox uses Google’s Safe Browsing service to compare all of your downloaded files are compared against a similar list.

While disabling these services may improve your privacy, they will decrease your online security. If you choose to disable them, then it is a good idea to strengthen your other digital security techniques, especially on your local device.

Strengthen Firefox Privacy Settings

Firefox's about:config Settings Page

Although the Firefox settings menu gives you a range of features to adjust, there are far more powerful options to be found on the about:config page. To access this hidden list, you’ll need to type about:config into the web address bar of your browser. A warning will appear with the heading “Here Be Dragons”.

This warning is a signal to those who are curious that changing these settings can have unexpected consequences on your browsing experience. It’s important to note this, as any changes made here could result in errors, data loss, and browser crashes.

However, if you are willing to accept the risk, there are plenty of ways to customize your Firefox installation.

  • browser.send_pings: Set this preference to “false” to prevent websites from tracking your clicks on a page.
  • browser.sessionstore.max_tabs_undo: You can disable the tracking of your browsing history, but Firefox still captures some browsing data. This is used to provide the Undo Close Tab function. Set this preference to “0” to prevent data collection.
  • browser.sessionstore.privacy_level: During your browsing session, Firefox stores some data temporarily, like form content, scrollbar location, and some cookies. Set to “0” to store all data, ‘1‘ to store data for non-HTTPS sites, and ‘2‘ to never store this data.
  • browser.urlbar.speculativeConnect.enabled: Firefox can autocomplete URLs to make web navigation quicker and easier. However, this means sending some data to third-parties. Change this preference to ‘false‘ to disable autocomplete.
  • dom.event.clipboardevents.enabled: This preference can be used to tell websites when and what you have copied and pasted from a site. Set this to ‘false‘ to disable this function, but note that some sites, like the WordPress editor, won’t work correctly.
  • media.navigator.enabled: Set this preference to ‘false‘ to prevent websites tracking the status of your camera and microphone.
  • plugin.scan.plid.all: Set this preference to ‘false‘ to prevent plugins from viewing a list of your installed plugins and extensions.

During your session, Firefox will download data from around the internet and sites you visit and temporarily store it in the cache. If you want Firefox to disable cache, ensure the value is set to “false” for the following preferences:

  • browser.cache.disk.enable
  • browser.cache.disk_cache_ssl
  • browser.cache.memory.enable
  • browser.cache.offline.enable
  • browser.cache.insecure.enable

Additionally, several preferences are used to store and send telemetry data to Mozilla. Use the search bar in about:config to locate all preferences that include the word “telemetry.” Each of these performs a different function, so check their utility using MozillaZine’s About:Config Entries directory.

Install Privacy-Focused Add-Ons

While there are a lot of opportunities to customize the browser, sometimes the best solution is to install a privacy-focused add-on.

  • CanvasBlocker: Firefox is now able to block browser fingerprinting, but this add-on had been providing the service for many years before Mozilla enabled the feature. There have been over 700,000 installs of CanvasBlocker to date. To put your mind at ease, their privacy policy states, “CanvasBlocker does not collect any data.”
  • Privacy Badger for Firefox: This add-on is developed by the EFF, one of the internet’s leading privacy advocacy groups. Privacy Badger doesn’t operate a blocklist, instead choosing to analyze traffic in real-time. The extension looks for any third-party site that requests tracking information after it has received your Do Not Track request. Privacy Badger will then block sites participating in this behavior.
  • uBlock Origin: There are many blocklists and filters available to download. To make the most of these lists, you should install uBlock Origin. The add-on allows you to import these lists and makes it easy to manage them, too. uBlock Origin is open-source and collects no data. (Search for this Add-on from within the Firefox Add-ons website.)

Disable WebRTC in Firefox

Many of us now use VPNs to protect our privacy and hide our browsing from prying eyes. However, your real IP address may still be leaking due to a protocol called WebRTC. This protocol enables real-time communications across the web. While it is a useful feature, the implementation of it causes privacy issues.

Even with tracking protection turned on alongside your VPN, websites may still be able to view your real IP address. This leak massively compromises your privacy and undermines much of the effort you’ve already put in to strengthen your privacy. However, it is possible to disable WebRTC.

To disable WebRTC in Firefox, navigate to about:config, search for media.peerconnection.enabled, and set this attribute to “false.” To verify if your IP address still leaks, use a site like IPLeak.net. If this service returns anything other than your VPN provider’s IP address, then WebRTC may still leak your data.

In this case, head back to about:config and ensure these attributes are set as follows:

  • media.peerconnection.turn.disable = true
  • media.peerconnection.use_document_iceservers = false
  • media.peerconnection.video.enabled = false
  • media.peerconnection.identity.timeout = 1

By the way, if you do not use a VPN, for most users, we recommend Mullvad VPN (our review of Mullvad), ExpressVPN, or Windscribe VPN (our Windscribe VPN review).

Is Firefox Safe?

Mozilla’s Firefox web browser is one of the most privacy-friendly and secure web browsers available today. Unlike some of its competitors, Firefox is not based on Google’s Chromium project and renders content with the Gecko engine instead. Mozilla is well known for its principled stand on user privacy, too.

The tweaks we’ve discussed here help strengthen the browser’s privacy credentials, so long as you don’t mind some trade-offs. Although we mentioned switching to DuckDuckGo for your searches, you may want an alternative. In which case, consider one of these private search engines that respect your data.

We earn commission if you purchase items using an affiliate link. We only recommend products we trust. See our affiliate disclosure.