Boost your privacy and security in Firefox with these “advanced settings”

This article about enhanced privacy and security in Firefox was initially written back in April 2017. Now in October 2018, we gave it a new look and updated the list of add-ons to keep this post up to date.

My last article was about using add-ons for improving your privacy and security in Firefox. You can find this article here.

Add-ons can widely increase the functionality of Firefox and can help you increase your privacy in many different ways. There are a large number of great and free add-ons available. However, as already stated in the article about add-ons, there’s also a downside of using add-ons. The problem is that add-ons can be used to fingerprint your browser.

Additionally to add-ons, Firefox has many “advanced settings” that are not accessible in the standard settings section. Changing some of these settings can be very beneficial to your privacy and security. In this article, I’m going to tell you which settings you should change and how you can do this.

Changing “advanced settings” in Firefox

Changing the “hidden” settings of Firefox can be done easily by typing “about:config” in the URL bar. Once you type in “about:config” and press enter the following message will be displayed:

Now, there are certainly a few things you can mess up when changing some of the “advanced settings”, but in order to get where we want, we need to “accept the risk”. Once you press “I accept the risk” you will be shown an extensive list of settings that you can change. The settings are displayed in alphabetical order. Luckily you can simply use the search bar at the top of the page for finding the specific setting you would like to change. To change the value of a Boolean setting, you simply need to double click on the setting you want to change. If you change a setting, it will be displayed in bold letters and the “status” column will change from “default” to “user set”. This is very useful if something is not working as expected.

Another possibility is to install the add-on “Privacy Settings” which lets you easily toggle some of the security or privacy related advanced settings without having to do it over “about:config”. The add-on basically is just a user interface to change the settings in “about:config”. This add-on is quite handy as it tells you which settings concern your security (the ones with the lock) and which concern your privacy (the ones with the eye). Additionally, the signs are shown in green, the lock is closed vs. open and the eye is crossed out if the current setting benefits your privacy or security. Also, if you hover a preference, “Privacy Settings” shows you a short tooltip. If you need further information on any of the settings offered in this add-on, you can visit this website, where you can find additional information on any of settings offered in “Privacy Settings”.

This is what the interface looks like:

Unfortunately, with Firefox 57 the updated add-on only offers a small fraction of the settings it used to offer. Below you I put together a list of settings that can be changed in the about:config environment, that the add-on does not offer but are beneficial to your privacy and/or security.

Additional settings not available in “Privacy Settings” you should change

In this section I will present to you some additional settings that you can change to further improve your privacy and security in Firefox. Beware that some of these settings might break websites. Figuring out which settings work for you might require some trial and error.

1. network.prefetch-next*, change to false
When active, Firefox will, when idle, already preload linked-to content from links on the webpage. This makes surfing faster and is, therefore, by default activated. However, I suggest you turn this of for privacy reasons.

2. browser.formfill.enable, change to false
When changing this setting to false you prevent Firefox from remembering what information you entered in forms.

3. media.peerconnection.enabled, change to false
This setting disables the webRTC service. This service can unfortunately be used to get your real IP address even when you’re using a VPN. This issue is called DNS leakage and you can check here whether your browser is affected. Disabling webRTC service will protect from a DNS leakage. However, disabling webRTC can lead to issues with some functionality on certain websites. For example, you wouldn’t be able to use the camera or microphone on a website anymore.

4. browser.cache.disk.enable, browser.cache.offline.enable and browser.cache.disk_cache_ssl, change all three to false
If you change browser.cache.disk.enable to false, you will prevent Firefox from saving the cache on your computer’s hard disk. This makes sure that no shadow copies of your browsing history exist on your hard disk. In order to prevent Firefox from saving cache for offline use, we need to additionally change the browser.cache.offline.enable to false, too. For the cache Firefox distinguishes between encrypted and unencrypted websites. To also block caching of encrypted websites, you will need to also change browser.cache.disk_cache_ssl to false.

5. browser.startup.homepage
Most people would like to have a search engine as their homepage. As Google and other search engines are known for collecting any data they can get, I highly suggest choosing a more privacy concerned search engine as your homepage. Known search engines to protect your privacy are for example, Startpage, DuckDuckGo and Swisscows. I personally use Startpage because it doesn’t only protect my privacy but also delivers highly relevant search results, since it’s enhanced by google.

6. network.cookie.cookieBehavior, change from 3 to 1
This setting lets you choose which kinds of cookies you would like to accept. By default Firefox will accept cookies from third parties if that site has stored cookies from previous visits (setting is set to 3). I suggest changing this setting to only allow cookies from the originating server (setting is set to 1). This prevents third party websites from storing cookies and therefore tracking you across websites. If you browse in the private browsing mode, all the cookies will be deleted after each session. However, it’s still worth changing this setting, as Firefox will still accept cookies during a session. Other options are 0 (accept all cookies) and 2 (No cookies allowed).

7. network.http.sendRefererHeader, change to 0
A HTTP Referer is a line of text that your browser sends to every website you are visiting. With this “Referer”, your browser tells the website, which website you just came from. This reveals a lot of information about you and can be used to track you across a website. Options 2 and 1 send the referrer to the site when clicking on a link or images. If you change this setting to 0 Firefox will stop sending the HTTP Referer header and therefore improve your privacy.

8. privacy.trackingprotection.enabled, change to true
This setting is a must if you are not using NoScript or some tracking script blocker. This setting is Firefox’s built in protection against tracking. Once you turn this setting on, you will see a shield in your address bar whenever Firefox is blocking either tracking domains or mixed content. Currently, the blocking list Firefox uses is based on Disconnect’s list. Unfortunately, this setting is turned off by default although it is extremely powerful for anybody that doesn’t have add-ons for this purpose.

9. browser.privatebrowsing.autostart, change to true
This setting makes Firefox start in the “private browsing” mode automatically. This is highly suggested as, when active, cookies, cache and history are deleted after each session. This is essential for your privacy.

Conclusion

Firefox’s “advanced settings” that can be found when typing in “about:config” offer you a wide range of possibilities to increase both your privacy and security. While it is possible to fingerprint a browser with the add-ons installed, it’s not possible to do so with settings. It’s, therefore, advisable to do as much as you can in the settings. On top, by directly adjusting “about:config” settings you don’t have to rely as much on third party software.
It is advisable to install the add-on “Privacy Settings” that helps you find many of the “advanced settings” that concern privacy or security. They also offer some presets that you can play with and see what best fits your needs. In addition to the settings covered by this add-on, there are a few more settings that you can change to further improve your privacy. I still highly recommend that you be very careful when making changes in the “about:config” environment. However, all the settings that deviate from the default value are displayed in bold letters. This makes it easier to find them if something does not work as expected.

Originally written on April 10th, 2017
Revision November 1st, 2018

About the Author

Jan

Co-Founder of Illotros GmbH, which created SnowHaze