Tweaks for protecting your privacy when surfing with the Firefox browser
Spy Patrol

The Firefox browser is not so private under its default settings, but several add-ons and configuration settings will help you keep the spies in the dark.
Product advertising already existed in ancient Greece, but it really got rolling in the 19th century with the rise of newspapers, magazines, and other print media. Now in the Internet age, advertising is spreading with an unprecedented intensity, and corporations are trying to track consumer habits and preferences as accurately as possible to assist with their advertising campaigns.
The Mozilla Foundation has strong roots in the open source movement, but through the years, it has derived a big share of its revenue from its affiliation with search engine companies that depend on tracking and analytics. As a result, the default settings for Mozilla's Firefox browser are not particularly private, but if you want to keep the spies away, Firefox offers add-ons and advanced configuration settings that will help you privatize your browser experience.
Mozilla Under Suspicion
Due to its wide distribution, Firefox has numerous plugins that put a stop to spying. Nevertheless, cautious users will want to check the Firefox browser itself and, if necessary, control it manually, because the Mozilla project has also been under suspicion several times.
In July 2017, it was revealed that Mozilla used Google Analytics [1] to spy on users calling about:addons
in Firefox. Since anti-tracking tools such as Ghostery do not scan locally accessed pages, this contact to Google Analytics from Firefox remained unnoticed for a long time. Mozilla admitted the tracking, but explained that no data would be passed on to third parties and that there were contracts between Google and the Mozilla Foundation.
In the heated discussion about this privacy violation, Mozilla refused to remove the tracker. The developers of the Tor browser, which is based on Firefox, were also surprised by this development, and they have now disabled tracking [2].
Just a few months later, in October 2017, the Foundation was again caught out, this time by the Cliqz add-on, which was automatically added to some Firefox systems without the user's knowledge [3]. The software makes suggestions to the user when entering search terms in the address line, and the manufacturer evaluates the data entered on its servers. Cliqz is a startup that belongs to the Hubert Burda Media group, which is closely linked to commercial data collector emetriq GmbH. Cliqz acquired the US anti-tracking service Ghostery in February 2017.
Disabling the Cliqz add-on does not completely remove the software from Firefox: All recent versions of the browser offer various settings that obviously serve the purpose of using Cliqz services when surfing the web. These are settings that affect the Test Pilot add-on, which developers use to test new experimental features in Firefox. Cliqz is presumably involved in the evaluation of the results.
Plugins
Armed with just a couple of extensions, you can easily block many attempts to spy on your privacy. The most important privacy plugin for Firefox is uBlock Origin, which additionally contains an anti-tracking engine that blocks web bugs, annoying advertising banners, and social sharing buttons. The plugin also saves resources and lets users adjust the filter lists (Figure 1).
uBlock Origin maintains extensive and frequently updated lists that reduce the risk of malware entering the system through manipulated advertising. You can also add your own filters with just a few mouse clicks. For example, you can eliminate unwanted ads in forums that do not reference the preset lists.
One strongly recommended uBlock Origin setting is to restrict loading of JavaScript code to ensure that it only comes from the originally visited page. (See the box entitled "JavaScript.") Open the My Rules tab in the plugin's dashboard and enter a line reading * * 3p-script block
on the right of the Temporary Rules window. After saving, transfer this new rule to the Permanent Rules window on the left by clicking on the arrow to enable it permanently (Figure 2).
JavaScript
JavaScript has been one of the core technologies on the Internet for many years. The JavaScript language was developed by Netscape in the mid-1990s was originally intended primarily to add flexibility to HTML content.
Over time, JavaScript has become a serious security risk when used on the Internet – and a formidable tool for commercial data collectors. Many website operators integrate external JavaScript code into the HTML of their pages in order to analyze user behavior and optimize their web presence. The high penetration of such services enables providers to track user behavior across different pages based on specific technical attributes.
If pages deliver advertising via externally integrated JavaScript, as offered by Google services such as DoubleClick, there is the risk of manipulated scripts causing malware to reach the system. Attackers can use modified libraries to steal data or reload code from other domains. So far, only the Subresource Integrity standard [4] offers protection against attacks of this kind, but as of now, hardly anyone has implemented it.
In Firefox, targeted espionage can be limited through some manual work using JavaScript and cookies. It does not matter where the companies gunning for your data reside. However, it is not possible to eliminate all trackers in all cases: Some trackers act through a combination of other spying methods, and a complete deactivation of all possible tracking technologies can block essential functions or interfere with how the pages display.

General blocking of all JavaScript libraries using uBlock Origin can cause problems when displaying some web pages. A small plugin named YesScript2 helps you switch the JavaScript filter on and off as necessary: If you install the YesScript2 plugin, an icon appears in the browser toolbar. When you visit a website for which you would like to disable JavaScript for the first time, click on the icon. The plugin will now blacklist the URL and disable all JavaScript elements associated with it.
Another useful add-on that stops content delivery networks (CDN) from loading content on the system is Decentraleyes. CDNs, which are often used to integrate JavaScript libraries into websites, transmit data such as the IP address, screen resolution, browser type, color depth, and operating system version to the server. Decentraleyes intercepts the queries and intervenes to obfuscate the data.
Decentraleyes integrates numerous libraries from Google, Microsoft, Cloudflare, Yandex, Baidu, and others. After downloading from the Mozilla Add-ons page and installing in Firefox, the plugin is ready to use. If the software is installed correctly, you will find a green icon with an eye symbol in the browser toolbar. Since Decentraleyes performs a similar function to uBlock Origin with an individually activated JavaScript blocker, it is not necessary to use the two tools simultaneously.
Cookies
First Party Isolation is a useful plugin that prevents the random storage and reading of cookies, flash cookies, and HPKP supercookies.
First Party Isolation, which was originally developed by the Tor project and is now available at the Mozilla site, uses a container to isolate all data stored locally by a web page, First Party Isolation thus prevents software from reading cookies with a unique ID across several pages. This makes it difficult to identify and track a user on the Internet. The First Party Isolation plugin complements blockers such as uBlock Origin and is suitable for parallel operation.
However, the plugin only works with Firefox browser 58 and later. In older versions, you can achieve the same effect by setting privacy.firstparty.isolate
to true
in the configuration (about:configin
in the URL line) (Figure 3).
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
Fedora 39 Beta is Now Available for Testing
For fans and users of Fedora Linux, the first beta of release 39 is now available, which is a minor upgrade but does include GNOME 45.
-
Fedora Linux 40 to Drop X11 for KDE Plasma
When Fedora 40 arrives in 2024, there will be a few big changes coming, especially for the KDE Plasma option.
-
Real-Time Ubuntu Available in AWS Marketplace
Anyone looking for a Linux distribution for real-time processing could do a whole lot worse than Real-Time Ubuntu.
-
KSMBD Finally Reaches a Stable State
For those who've been looking forward to the first release of KSMBD, after two years it's no longer considered experimental.
-
Nitrux 3.0.0 Has Been Released
The latest version of Nitrux brings plenty of innovation and fresh apps to the table.
-
Linux From Scratch 12.0 Now Available
If you're looking to roll your own Linux distribution, the latest version of Linux From Scratch is now available with plenty of updates.
-
Linux Kernel 6.5 Has Been Released
The newest Linux kernel, version 6.5, now includes initial support for two very exciting features.
-
UbuntuDDE 23.04 Now Available
A new version of the UbuntuDDE remix has finally arrived with all the updates from the Deepin desktop and everything that comes with the Ubuntu 23.04 base.
-
Star Labs Reveals a New Surface-Like Linux Tablet
If you've ever wanted a tablet that rivals the MS Surface, you're in luck as Star Labs has created such a device.
-
SUSE Going Private (Again)
The company behind SUSE Linux Enterprise, Rancher, and NeuVector recently announced that Marcel LUX III SARL (Marcel), its majority shareholder, intends to delist it from the Frankfurt Stock Exchange by way of a merger.