Firefox tweaks to enhance security and privacy
When it comes to privacy and security, Firefox is probably the best browser to use due to its flexibility in changing/tweaking settings. These are some recommended settings and add-ons to make Firefox more secure and privacy-oriented.
To change the following settings, open the URL about:config
and acknowledge by clicking on I'll be careful, I promise!
Then search for the setting name and double-click on it to enable/disable it.
Disable WebRTC:
media.peerconnection.enabled - false
media.peerconnection.use_document_iceservers - false
Note: Disabling WebRTC is a must, as it would otherwise leak your real IP address when you are connected to a VPN. Search for the parameter names and double click to enable/disable them (true for enabled and false for disabled).
Disable IPv6 for DNS lookups.
network.dns.disableIPv6 - true
Disable sending pings (more info)
browser.send_pings - false
browser.send_pings.require_same_host - true
Enable Do Not Track:
privacy.donottrackheader.enabled - true
privacy.donottrackheader.value - 1
privacy.trackingprotection.enabled - true
Disable geolocation:
geo.enabled - false
geo.wifi.uri - (blank)
Disable geotargeting:
browser.search.geoSpecificDefaults - false
browser.search.geoSpecificDefaults.url - (blank)
browser.search.geoip.url - (blank)
Disable telemetry:
toolkit.telemetry.enabled - false
toolkit.telemetry.server - (blank)
Disable 'safe browsing' aka. Google tracking/logging:
browser.safebrowsing.downloads.enabled - false
browser.safebrowsing.downloads.remote.enabled - false
browser.safebrowsing.enabled - false
browser.safebrowsing.maleware.enabled - false
Disable DNS prefetch (don't make DNS lookups to speed-up loading of resources in a page):
network.dns.disablePrefetch - true
Disable prefetching of pages that are likely to be visited:
network.prefetch-next - false
Disable WebGL (more info):
webgl.disabled - true
Disable the internal PDF reader:
pdfjs.disabled - true
Note: PDF files will open using your reader software. For security reasons, we do not recommend to use Adobe Reader but some of its alternatives.
Recommended add-ons:
Flashblock: blocks Flash and allows it on-demand. We recommend to disable Flash completely but if you need it on some websites (e.g. streaming services that aren't using HTML5 yet), this is a must - mainly for security purposes.
EFF's privacy Badger: blocks tracking and spying ads.
EFF's HTTPS Everywhere: forces HTTPS connections when available (you might need to add manual filters for non-popular websites that you visit).
uBlock Origin: lightweight ad-blocker.
RefControl: allows you to control what gets sent as HTTP Referer (source of visit). In default state, without this addon, sites can see where you "come from" (e.g. link via other website).
NoScript: blocks pretty much everything that might be a risk to security/privacy, but it will also break functionality on many websites by default. Use it if you're the kind of paranoid user or if you have some spare time to whitelist trusted sites one by one.
Credits: some of the settings are taken from here (however, tested beforehand and used by our staff on the long-term)
Additional remarks:
Keep in mind that all browsers have their own flaws and they usually represent the weakest link in using a VPN service. Cookies, addons, fingerprinting, design flaws and vulnerabilities - they come with all browsers. The settings and addons recommended above will only reduce the attack surfaces, but they are not a silver-bullet solution.
This list is dynamic, and we will add more settings/add-ons as we find them.