Firefox Browser Settings, Configuration, and Add-Ons/Extensions for Privacy, Security, and OSINT Research

How I secure, privatize, and customize my Firefox browser to protect personal privacy and gather open source intelligence

Introduction:

The Firefox web browser can be, in my opinion, the most private, secure, and productive way to browse the internet… but only when it’s configured properly.

This is my personal Firefox configuration. Much of the inspiration came from “Open Source Intelligence Techniques — 7th Edition” by Michael Bazzell (of IntelTechniques) and PrivacyTools.io.

For those of you willing to take the time to properly configure Firefox, and learn to use browser extensions, I believe this is the best way.

For those of you not willing to take the time, I highly recommend Brave Browser over Chrome, Safari, etc. as the best “out-of-the-box” alternative.

Preferences

General:

  • Uncheck “Recommend extensions as you browse” and “Recommend features as you browse”
  • Inside “Network Settings” click “Settings”
  • Check “Enable DNS over HTTPS” (near the bottom)
  • In “Use Provider” select “Cloudflare”
  • Click “OK”

Home:

  • Change “Homepage and new windows” and “New tabs” to “Blank page”

Search:

  • Change “Default Search Engine” to DuckDuckGo
  • Uncheck “Provide Search Suggestions” (which should uncheck all options below it)

Privacy & Security:

  • Select “Strict” under “Content Blocking”
  • Check “Delete cookies and site data when Firefox is closed”
  • Under “Logins and Passwords” uncheck all options under “Ask to save Logins and pass
  • Change “History” to “Firefox will use custom settings for history”
  • Uncheck “Remember browsing and download history” and Remember search and form history”
  • Check “Clear history when Firefox closes”
  • Uncheck “Browsing history” from “Address Bar” menu
  • Under “Permissions” click settings, then “Block new requests…” for Location, Camera, Microphone, and Notifications
  • Under “Firefox Data Collection and Use” uncheck all options
  • Under “Deceptive Content and Dangerous Software Protection” uncheck all options

Configuration:

In address/search bar type “about:config” minus quotes.
Use the search feature to change the following;

  • geo.enabled = FALSE
  • browser.safebrowsing.phishing.enabled = FALSE
  • browser.safebrowsing.malware.enabled = FALSE
  • media.navigator.enabled = FALSE
  • dom.battery.enabled = FALSE
  • extensions.pocket.enabled = FALSE
  • privacy.firstparty.isolate = TRUE
  • privacy.resistFingerprinting = TRUE
  • privacy.trackingprotection.fingerprinting.enabled = TRUE
  • browser.send_pings = FALSE
  • browser.sessionstore.max_tabs_undo = 0
  • browser.urlbar.speculativeConnect.enabled = FALSE
  • dom.event.clipboardevents.enabled = FALSE
  • media.navigator.enabled = FALSE
  • network.cookie.cookieBehavior = 1
  • browser.sessionstore.privacy_level = 2

Extensions (Privacy and Security):

Password Manager

Firefox Multi-Account Containers

  • I create a container for any individual “ecosystem” I like to keep contained within itself.
  • e.g. One for Google, one for Microsoft, Facebook, Twitter, Amazon, etc.

HTTPS Everywhere

  • Ensures encrypted HTTPS connections (rather than HTTP) when available

uBlock Origin

  • Your first line of defense against trackers, malicious scripts, etc.
    Not quite as thorough, but more user friendly, than NoScript
  • Open settings (called Dashboard)
  • Check “I am an advanced user”
  • Click “Filter lists” tab
  • Expand each category (e.g. Ads) and add/select additional lists (e.g. AdGuard Mobile Ads, EasyList, etc.)

Decentraleyes

  • Catches some trackers that sneak past uBlock Origin

Privacy Badger

  • Catches some trackers that sneak past uBlock Origin and Decentraleyes

CanvasBlocker

  • Helps prevent some browser fingerprinting

Cookie AutoDelete

  • Automatically deletes cookies 15 seconds after an individual tab is closed
  • “Greylist” individual sites to keep their cookies until the entire browser is closed
  • “Whitelist” individual sites to keep their cookies indefinitely

Disable WebRTC

  • Since disabling WebRTC “breaks” many video sites, this is a handy toggle to block/unblock it quickly and easily

Extensions (General Productivity Tools):

OneTab

  • Stores all currently open tabs as hyperlinks on a single page
  • Reducing open tabs speeds up the browser while keeping track of the open tabs for easy reference without bookmarking

Dark Reader

  • Automatically enables “Dark Mode” (i.e. black/grey colors displayed instead of retina-burning white) on all available sites

Extensions (OSINT — Media Downloading Tools)

Full Web Page Screenshots (formerly FireShot)

  • Screen capture entire page, or just a selection, in .png or .pdf format

Nimbus Screen Capture

  • Screen capture alternative when FireShot doesn’t capture properly

SingleFile

  • Save a single, complete page in HTML (as opposed to just a screenshot)

DownThemAll

  • Bulk download all of a particular file type (e.g. all images) on a page

Bulk Media Downloader

  • Alternative to DownThemAll

Video DownloadHelper

  • Download videos embedded on a page
  • Does not work with YouTube (check out youtube-dl for that)

Instagram Downloader (Photo/ Video/ Story/ Bulk)

  • Open-source extension to bulk download media from Instagram

Extensions (OSINT — Investigation Tools)

Image Search Options

  • Right-click any image to search for it on Google, Tineye, Yandex, etc.

Exif Viewer

  • Right-click any image to view it’s metadata

User-Agent Switcher

  • See how a page is displayed as if you were using a different browser or device
  • e.g. view the mobile, rather than desktop, version or vice-versa

Resurrect Pages

  • View archived versions of a website

MJSON Viewer

  • View XML and JSON details accurately in the browser

Copy Selected Links

  • Highlight text then right-click to select all hyperlinks the selection contains

Desktop mode for Instagram

  • View/post/interact with Instagram with almost all options available in the mobile app

Privacy | Security | OSINT

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store