Improve your Web Browser Security and Privacy: Hardening Firefox

What is Hardening:

Hardening a web browser refers to ways we can tweak the web browsers configuration with the end goal improving security and privacy. A good place to start is in the web browsers settings and making some adjustments there. Further configuration and hardening can be done by the use of plug-ins and changing the config page.



What This Guide Covers:

In this guide we will go over three levels of browser hardening, starting with the easy steps first and continuing onto the more moderate and advanced settings later on.

Easy ways to Harden your Browser:

Updates:

The Fist step is to make sure you are using the most current version. In Firefox this can be done by: Opening Firefox -> Open Application Menu -> Help -> About Firefox. This will display the version you are currently using and also check for updates. You can also enable automatic updates by: Open Application Menu -> scroll down to Firefox Updates -> select "Automatically install updates"

General Browser Settings:

The next simple task you can do to harden the browser is scroll down to the Browsing settings. Disable the "Recommended extensions as you browse" & "Recommend features as you browse"

General Network Settings:

Scroll down to the bottom of the first settings page, there you will see Network Settings. Click on the Settings button and lets make sure "Enable DNS over HTTPS" is checked and lets set a custom provider. Privacy guides DNS Resolvers has some good information on custom DNS servers to use. I have selected to use a DNS that has no logging and no ECS.

Content Settings:

In Firefox settings click on the home tab and scroll down to Firefox Home Content. In here make sure "Sponsored shortcuts", "Recommended by Pocket", "Recent Activity" and "Snippets" are disabled.


Search Engine:

To change your default search engine to a more privacy focused one go to the search settings in Firefox. If you scroll down you can switch which search engine is used by default, you can also disable "Search Suggestions". I would only recommend disabling this setting if you don't trust the search engine you are using as this does submit queries to the search engine.

Privacy & Security Settings:

In the Privacy & Security tab be sure to set Firefox to "Strict" and enable "Delete cookies and site data when Firefox is closed".


Verify the Address bar suggestion settings are disabled, "block pop-up windows" and "warn you when websites

try to install add-ons" is enabled.


Last but not lease make sure the Firefox Data collection and Use is disabled and "HTTPS-Only Mode" is enabled as this feature was added in Firefox 83.






Moderate ways to Harden your Browser:


Website Isolation by Fission:

The Fission feature, which offers the functionality to isolate third party sites and iframes in the web browser. In this way, it improves both the privacy and the security of the users. To enable this enter in about:config in the enter web adress box, accept the risks and hit show all. Search for fission.auto and set the value of fission.autostart to true. Keep in mind you will have to restart your browser after enabling this.

Browser Extensions:

Due to newer updates to Firefox and features being added, it is not necessary to have many of the older recommended extensions. If the DNS you chose before does not include ad-blocking / script protection it is recommended to install the uBlock Origin extension. There is another extension called Firefox Multi-Account Containers. This extension allows you run multiple instances of Firefox in containers which will separate items like browser cookies and allow you to be logged into multiple accounts on a singular website at the same time. This one is more of a personal preference but these two extensions are the most highly recommended for now.



Advanced Hardening:

Through a website called Privacy Tools you can create your own profile configuration for multiple browsers. Since we are using Firefox in this guide we will go through the configuration on ffprofile.com.

FFProfile Settings:

  • In Start set -> Private Browsing only

  • In Private Browsing Only:

  • Disable DOM storage

  • Disable Link Prefetching

  • Disable disk cache

  • Disable WebRTC

  • Enable Do-not-Track

  • Disable Browser Pings

  • Disable Beacons

  • Disable Battery API

  • Disable media device queries

  • Disable Video statistics

  • Disable malware scan

  • Install CanvasBlocker

  • Install HTTPS Everywhere

  • Install Privacy Badger

  • Install uBlock Origin

Installing the profile:

After selecting the "Save & Next" button you are taken to a download page where you can download a zip file of the profile you just created. Once downloaded follow the instructions on the site or listed here:

  • Optional: add a new profile to keep the old one

  • Run firefox -no-remote -ProfileManager

  • Create a new profile

  • Type about:support into the url bar.

  • Press the open profile folder button.

  • Quit Firefox.

  • Delete everything from the new profile (you will lose all existing data from the profile).

  • Unzip the profile.zip archive into the folder.

  • If Existent: Unzip the enterprise_policy.zip archive to Firefox installation directory.

  • Start Firefox again. If you made a new profile, you can use it with firefox -no-remote -P profilename.

  • Open the addon manager and update the extensions.

How to test your Web-Browser:

There are many websites that allow you to test the privacy and security of your web browser. The main one I like to use is Cover Your Tracks. This will test gathering information about your system and you based off your web browser and finger print. Information such as Browser plugins, Time Zone, Screen Resolution, System Fonts, OS, Cookies and much more.