Firefox has proprietary spyware and a lot of other no-no's. Let's check the configuration parameters and walk through some fixes.
I'm sorry, Firefox
I love Firefox. Firefox is great. In fact, it is one of the best browsers out there that actually cares about transparency and user privacy. But I have to say - They've been f**king up a lot lately. More and more spyware, unnecessary little scripts, data collectors and other nonsense has found it's way into Firefox.
The user Haasn has contributed a list of hacks you can apply in order to fix Firefox i.e. make it secure.
To access this settings page you have to type the following in your Firefox address bar:
about:configAnd then click "I accept the risk!".
Let's fix this baby
I will walk you through some of the settings and which parameters you should change in order to restore a Firefox that actually keeps your personal data private.
1. WebRTC
Definetely Nr.1 on my list. This is an inner-browser communication standard which is used for chat systems (facebook messenger, skype etc). The problem is it also uncovers you real IP when you are using a VPN which is referred to as "RTC leak". If you are using a VPN you should set variables to false. It will hide your IP but disable all video call functions. Set it back to true if you want to make a call.
media.peerconnection.enabled=false
loop.enabled=false2. Pocket
Seems like a cool bookmark feature. But it's actually proprietary tie-in trash. Delete.
- Drag the “pocket” icon off your toolbar (!)
- Change parameter:
browser.pocket.enabled=false3. Geolocation
Well the title says it all, this privacy violation can be used for tracking and fingerprinting services on the web.
browser.beacen.enabled=false
geo.enabled=false
geo.wifi.logging.enabled=false
geo.wifi.uri=""4. Safe Browsing
So Firefox has to communicate with a third party for Safe Browsing which is Google by default. Also it sends metadata about your downloads.
browser.safebrowsing.enabled=false
browser.safebrowsing.downloads.enabled=false
browser.safebrowsing.malware.enabled=false
Wait, are you telling me that the privacy feature of Firefox is actually sending data to Google?
5. Statistics tracking
Yeah, the usual statistics for "improving customer experience" and what not. I don't like it.
datareporting.healthreport.service.enabled=false
datareporting.healthreport.uploadEnabled=false
toolkit.telemetry.enabled=false
6. Device tracking/statistics
Just reading these parameters makes me uneasy. These can be used to fingerprint your system and track you.
device.sensors.enabled=false
camera.control.face_detection.enabled=false
camera.control.autofocus_moving_callback.enabled=false
You can find a complete list of Firefox hacks (optimizations) here: https://gist.github.com/haasn
EDIT: @finde contributed pointing out that you can easily do the above steps by replacing the user.js file in your Firefox folder: https://github.com/pyllyukko/user.js
Before you start:
- You should know what you are doing.
- If you apply all steps, many features of Firefox will become unusable.
- Some apps may stop working altogether.
- You will have a optimized Firefox in terms of security - not in terms of functionality.
- Every step is reversible by changing the parameters in
to their previous value.about:config - It might take you a while to figure out which parameter caused some feature to break.
As always, I'm here to help if you get stuck!
information sources:
More Articles like this:
Do you want learn how to build ultre secure passwords? (Read article)
Do you want to learn about zero-day exploits? (Read article)
- Nick ( @cryptonik ) -
Just use brave and support it, once developement is finished it'll be the best browser, super secure fast and cryptofriendly!
You are right ;)
brave is a great alternative
You are right, Firefox is getting more and more bullshit. It's no longer my favourite browser.
The other browsers are not much better, qupzilla doesn't force https, midori has a slow javascript engine. I may give Brave a try.
Great article!
Thanks!
I used to really like firefox but lately I don't really trust them. Seems they are moving in the wrong direction.
I am learning a lot from your posts Nick thanks! You are like my 10 minutes a day tech tutor!
Haha that's perfect :) Yes, I am also dissapointed lately...
Such a useful post man! What do you think about Chrome as a browser?
Long ago (before M$ Edge) I was a happy Firefox user who has discovered that it was better than Internet Explorer and that it had far superior web development tools. 🦊
I was one who resisted Chrome until the very end but started using it because of the special way that Chrome handles ports that it was preferred to use in some scenarios.🔍
I believe everyone who works at Microsoft used to have Firefox installed as an 'alternative browser' at some point but then I discovered something important:
Try logging on to MSN with Chrome or GMail with Internet Explorer?! There is a huge level of browser performance difference that can be observed using Microsoft & Google browsers logging in to their respective services with each others browsers.😃
So I'm suggesting that you need the best tool for the job - if you're consuming google services use Chrome, if your using Microsoft stuff stick with Edge and for me when I'm doing web development I use Firefox because if their superior web development tooling.
Each browser does have its particular strengths (chrome with ports, Firefoxwith cross-browser testing and Edge with some security features) but for me, being an infosec dude likes to use Tor on my Ubuntu 17.10 Server for best web browsing results.
Super interesting post thanks @cryptonik with excellent tips and article.
Yay! I feel Chrome has the superior web dev tools (for work)...but I do try resisting it :P
Chrome is the most sophisticated piece of Spyware Google ever came up with. It is the very definition of garbage and I would never ever use it.
Well, I admit I have 0 knowledge about, but I find it lighter than firefox, which I always used. I've never considered these aspects though, maybe I should read sth more about and restart using it.
Yep. Also it is definetely not lighter that Firefox. Just compare the RAM stats in the Task manager. Chrome is a real RAM killer ;)
That's true, in these days I'll try out again firefox...laziness, go away!!! =)
Great advice as usual Nik. I was a big fan of Firefox, shame they are doing such things. Is it about money you think?
I am still a fan. They are still a great team with the right mindset. This is peanuts in comparison to what Google Chrome or Safari do on a daily basis.
But...t's a shame that even the holy grail of free software - Ubunty is no longer proprietary free. And now Mozilla.
I don't think it's money - Mozilla is ("Free") Open Source software. I think it's rather functionality and comfort: We add more features to the browser and they become new points of exploit.
Let's look at Pocket. It is a really great tool for bookmarking links, and sorting them and having them available across devices. I used to love it! It turns out that this this comfort comes at the price of privacy.
What about WebRTC? I'm not sure if and how other browsers are able to solve this better, but it is necessary for making video calls with apps BUT it destroys the invisibility of VPNs.
But then the Safe Browsing... that's just a fail.
The thing is, with all security features enabled your browser will turn into a very very limited and boring experience because you won't be able too use many links, click pictures, watch videos, animations and so on. Perhaps they wanted to retain the user base, who would leave because they would not be able to use their favorite apps if the security features were enabled by default.
I see, it makes sense what you say. It is a fine balance it seems between privacy and user experience. And it all comes down to two factors - a lack of respect for privacy and fear of hackers.
Sad concerning times we live in. Roll on the quantum internet, I hope I live long enough to see it.
Useful and resteemed :-)
Thanks!
Great and valuable information.
Thanks for sharing this post.☺
My pleasure :)
Thx dude! I lrearned new stuff! +100% Upvote for you!
Cheers :)