Tweaks for protecting your privacy when surfing with the Firefox browser
Spy Patrol
The Firefox browser is not so private under its default settings, but several add-ons and configuration settings will help you keep the spies in the dark.
Product advertising already existed in ancient Greece, but it really got rolling in the 19th century with the rise of newspapers, magazines, and other print media. Now in the Internet age, advertising is spreading with an unprecedented intensity, and corporations are trying to track consumer habits and preferences as accurately as possible to assist with their advertising campaigns.
The Mozilla Foundation has strong roots in the open source movement, but through the years, it has derived a big share of its revenue from its affiliation with search engine companies that depend on tracking and analytics. As a result, the default settings for Mozilla's Firefox browser are not particularly private, but if you want to keep the spies away, Firefox offers add-ons and advanced configuration settings that will help you privatize your browser experience.
Mozilla Under Suspicion
Due to its wide distribution, Firefox has numerous plugins that put a stop to spying. Nevertheless, cautious users will want to check the Firefox browser itself and, if necessary, control it manually, because the Mozilla project has also been under suspicion several times.
In July 2017, it was revealed that Mozilla used Google Analytics [1] to spy on users calling about:addons
in Firefox. Since anti-tracking tools such as Ghostery do not scan locally accessed pages, this contact to Google Analytics from Firefox remained unnoticed for a long time. Mozilla admitted the tracking, but explained that no data would be passed on to third parties and that there were contracts between Google and the Mozilla Foundation.
In the heated discussion about this privacy violation, Mozilla refused to remove the tracker. The developers of the Tor browser, which is based on Firefox, were also surprised by this development, and they have now disabled tracking [2].
Just a few months later, in October 2017, the Foundation was again caught out, this time by the Cliqz add-on, which was automatically added to some Firefox systems without the user's knowledge [3]. The software makes suggestions to the user when entering search terms in the address line, and the manufacturer evaluates the data entered on its servers. Cliqz is a startup that belongs to the Hubert Burda Media group, which is closely linked to commercial data collector emetriq GmbH. Cliqz acquired the US anti-tracking service Ghostery in February 2017.
Disabling the Cliqz add-on does not completely remove the software from Firefox: All recent versions of the browser offer various settings that obviously serve the purpose of using Cliqz services when surfing the web. These are settings that affect the Test Pilot add-on, which developers use to test new experimental features in Firefox. Cliqz is presumably involved in the evaluation of the results.
Plugins
Armed with just a couple of extensions, you can easily block many attempts to spy on your privacy. The most important privacy plugin for Firefox is uBlock Origin, which additionally contains an anti-tracking engine that blocks web bugs, annoying advertising banners, and social sharing buttons. The plugin also saves resources and lets users adjust the filter lists (Figure 1).
uBlock Origin maintains extensive and frequently updated lists that reduce the risk of malware entering the system through manipulated advertising. You can also add your own filters with just a few mouse clicks. For example, you can eliminate unwanted ads in forums that do not reference the preset lists.
One strongly recommended uBlock Origin setting is to restrict loading of JavaScript code to ensure that it only comes from the originally visited page. (See the box entitled "JavaScript.") Open the My Rules tab in the plugin's dashboard and enter a line reading * * 3p-script block
on the right of the Temporary Rules window. After saving, transfer this new rule to the Permanent Rules window on the left by clicking on the arrow to enable it permanently (Figure 2).
JavaScript
JavaScript has been one of the core technologies on the Internet for many years. The JavaScript language was developed by Netscape in the mid-1990s was originally intended primarily to add flexibility to HTML content.
Over time, JavaScript has become a serious security risk when used on the Internet – and a formidable tool for commercial data collectors. Many website operators integrate external JavaScript code into the HTML of their pages in order to analyze user behavior and optimize their web presence. The high penetration of such services enables providers to track user behavior across different pages based on specific technical attributes.
If pages deliver advertising via externally integrated JavaScript, as offered by Google services such as DoubleClick, there is the risk of manipulated scripts causing malware to reach the system. Attackers can use modified libraries to steal data or reload code from other domains. So far, only the Subresource Integrity standard [4] offers protection against attacks of this kind, but as of now, hardly anyone has implemented it.
In Firefox, targeted espionage can be limited through some manual work using JavaScript and cookies. It does not matter where the companies gunning for your data reside. However, it is not possible to eliminate all trackers in all cases: Some trackers act through a combination of other spying methods, and a complete deactivation of all possible tracking technologies can block essential functions or interfere with how the pages display.
General blocking of all JavaScript libraries using uBlock Origin can cause problems when displaying some web pages. A small plugin named YesScript2 helps you switch the JavaScript filter on and off as necessary: If you install the YesScript2 plugin, an icon appears in the browser toolbar. When you visit a website for which you would like to disable JavaScript for the first time, click on the icon. The plugin will now blacklist the URL and disable all JavaScript elements associated with it.
Another useful add-on that stops content delivery networks (CDN) from loading content on the system is Decentraleyes. CDNs, which are often used to integrate JavaScript libraries into websites, transmit data such as the IP address, screen resolution, browser type, color depth, and operating system version to the server. Decentraleyes intercepts the queries and intervenes to obfuscate the data.
Decentraleyes integrates numerous libraries from Google, Microsoft, Cloudflare, Yandex, Baidu, and others. After downloading from the Mozilla Add-ons page and installing in Firefox, the plugin is ready to use. If the software is installed correctly, you will find a green icon with an eye symbol in the browser toolbar. Since Decentraleyes performs a similar function to uBlock Origin with an individually activated JavaScript blocker, it is not necessary to use the two tools simultaneously.
Cookies
First Party Isolation is a useful plugin that prevents the random storage and reading of cookies, flash cookies, and HPKP supercookies.
First Party Isolation, which was originally developed by the Tor project and is now available at the Mozilla site, uses a container to isolate all data stored locally by a web page, First Party Isolation thus prevents software from reading cookies with a unique ID across several pages. This makes it difficult to identify and track a user on the Internet. The First Party Isolation plugin complements blockers such as uBlock Origin and is suitable for parallel operation.
However, the plugin only works with Firefox browser 58 and later. In older versions, you can achieve the same effect by setting privacy.firstparty.isolate
to true
in the configuration (about:configin
in the URL line) (Figure 3).
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs