"Harderning" the Firefox Browser
Harden - to make hardy, robust, or capable of endurance; to strengthen or confirm; reinforce; toughen.
Many people highly regard our online privacy (and security, for that matter). It means a lot to us and, as one of the fundamental human rights, we viciously guard it.
In previous articles, I have mentioned that Firefox is my recommendation for private and secure browsing. Now, in this guide, I'll show you how to "harden" it.
Browser Fingerprint
When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using cookies. EFF created a tool called Panopticlick to test your browser to see how unique it is.
To prevent this, you can install anti-tracking addons such as Privacy Badger or uMatrix and also a random user agent spoofer.
Internal Firefox Settings
Now this is where it gets a bit more gritty. Be careful whenever changing any internal settings in Firefox, and be sure to follow this guide to the finest detail. However, there is this nifty addon which might do just as well (I just haven't tried it out yet).
WebRTC is a new communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN. Here's how to disable it:
- Enter "about:config" in the firefox address bar and press enter.
- Press the button "I'll be careful, I promise!"
- Search for "media.peerconnection.enabled"
- Double click the entry, the column "Value" should now be "false"
- Search for "media.peerconnection.turn.disable"
- Double click the entry, the column "Value" should now be "true"
- Search for "media.peerconnection.use_document_iceservers"
- Double click the entry, the column "Value" should now be "false"
- Search for "media.peerconnection.video.enabled"
- Double click the entry, the column "Value" should now be "false"
- Search for "media.peerconnection.identity.timeout"
- Double click the entry, the column "Value" should now be "1"
- Done.
Now, for more other miscellaneous (yet important) settings:
- privacy.trackingprotection.enabled = true
This is Mozilla’s new built in tracking protection.
- geo.enabled = false
Disables geolocation.
- browser.safebrowsing.enabled = false
Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
- browser.safebrowsing.malware.enabled = false
Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
- dom.event.clipboardevents.enabled = false
Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
- network.cookie.cookieBehavior = 1
Disables cookies
0 = Accept all cookies by default
1 = Only accept from the originating site (block third party cookies)
2 = Block all cookies by default
- network.cookie.lifetimePolicy = 2
Cookies are deleted at the end of the session
0 = Accept cookies normally
1 = Prompt for each cookie
2 = Accept for current session only
3 = Accept for N days
- browser.cache.offline.enable = false
Disables offline cache.
- browser.send_pings = false
The attribute would be useful for letting websites track visitors’ clicks.
- webgl.disabled = true
WebGL is a potential security risk.
- dom.battery.enabled = false
Website owners can track the battery status of your device.
- browser.sessionstore.max_tabs_undo = 0
Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.
Extra Stuff
And if you're really want to harden it even further, then you can install this configuration file. Note that it probably will overwrite whatever settings you changed earlier.
You can also check out this big list of even more settings you can change.
You can also create your own Firefox profile here.
And that's it!