Hardened Firefox
(Including The Best Firefox Addons in 2022)¶
Last updated: May 2022. For beginners & intermediate users. Some tech skills may be required.
How to install Firefox¶
Looking for a secure web browser? Firefox is the preferred browser when it comes to privacy, security and convenience. Firefox was first released back in 2004 by the Mozilla community. The browser is free and open source, although the Android version includes proprietary libraries, like Google Analytics. Firefox blocks cross-site tracking cookies by default, can be further hardened with customisable browser security settings or addons, and runs smoothly on virtually any device. Detailed installation instructions below.
Show me the step-by-step guide for Windows
Download and run the Firefox installer.
Show me the step-by-step guide for macOS
Download the Firefox disk image, open it and drag the Firefox icon on top of the Application folder. For easy access, open the Applications folder and drag the Firefox icon to your dock.
Show me the step-by-step guide for Linux (Ubuntu)
If you run a Linux distribution such as Ubuntu, open the terminal with the Ctrl+Alt+T
shortcut or click on the Applications
button on the top left and search for Terminal
. Then run the following command:
sudo apt install firefox
Show me the step-by-step guide for Android
Installing Firefox on Android is simple. Download Firefox from the App Store, or visit the Firefox download page from your Android device. There's also a way to download and update Firefox without using a Google account: Aurora Store! We'll explain how to use alternative app stores in a later chapter.
Show me the step-by-step guide for iOS
Download Firefox from the App Store.
Mozilla, the (not-so) white knight at the merci of Google
In a browser landscape dominated by Google, Firefox currently seems to be the only independent contender worth mentioning. That's why our browser recommendation is Firefox, a free and open source alternative to Chrome-based browsers. But we also share some of the criticism regarding Mozilla. This includes questionable technical choices, such as the integration of the partly closed-source Pocket or turning on sponsored content and telemetry by default. Gladly, those settings can be adjusted, as explained on this page.
There are also broader concerns regarding long-term funding. The Mozilla Corporation is the company behind the development, distribution and promotion of Firefox, Thunderbird as well as other applications. Further, the Mozilla Corporation is a commercial entity under the control of a non-profit organisation called the Mozilla Foundation. As it happens, the Mozilla Corporation earns most of its revenues through a deal with... Google, its main rival! Dating back to 2006, this odd partnership has been extended until 2023, and secures 450 million dollars in yearly revenues by assigning Google as Firefox's default search engine. While its legitimate for Mozilla to seek value streams which sustain development, some qualify this business relationship as a conflict of interest. One may indeed wonder if Google isn't paying Mozilla to keep competition in check and regulatory authorities at bay. A fox doesn't bite the hand that feeds it...
Firefox vs Chrome – What is the safest browser in 2022?
Many wonder which web browser is most secure when it comes to privacy. There are many private browsers, some of them are listed in the table below. Please mind that we don't recommend using Chrome or Chromium based browsers from a privacy point of view. Leah Elliott's comic Contra Chrome best sums up why Google’s browser has become a threat to user privacy:
- Chrome as well as Chromium-based browsers run on code ultimately controlled by Google, and fortify Google's browser monopoly
- Chrome, but also some other Chromium-based browsers are the gateway to Google's ecosystem, including GMail, YouTube, Google Photos, etc.
- Google's browser as well as its other services systematically collect private user information, most of the times without consent, to then sell them to the highest bidder
Tor | Librewolf | FOSS Browser | Mull | Fennec F-Droid | Ungoogled Chromium | Brave | Bromite | |
---|---|---|---|---|---|---|---|---|
FOSS | ✔1 | ✔ | ✔ | ✔ | ✔ | ✔ | ✔1 | ✔ |
Desktop Version | ✔ | ✔ | ✗ | ✗ | ✗ | ✔ | ✔ | ✗ |
Android Version | ✔ | ✗ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Data Isolation (Tracking Protection) | ✔ | ✔ | ✔2 | ✔ | ✔2 | ✔2 | ✔ | ✔ |
Process Isolation (Sandbox) | ✔3 | ✔ | ✗ | ✗ | ✗ | ✔ | ✔ | ✔ |
Fingerprinting Protection | ✔ | ✔ | ✔4 | ✔ | ✔4 | ✗ | ✔ | ✔4 |
Content Blocker | ✔5 | ✔5 | ✔6 | ✔5 | ✔5 | ✗ | ✔ | ✔6 |
Custom Search Engine | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Regular Security Updates | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Telemetry / Tracker Free | ✗7 | ✔ | ✔ | ✗8 | ✔9 | ✔ | ✗10 | ✔ |
-
Contains proprietary libraries.
-
Basic Tracking Protection only.
-
Available on Desktop only. Android version does not isolate websites to their own process to limit exposure to security vulnerabilities: neither per-site process isolation nor sandboxing are implemented.
-
Basic Fingerprinting Protection only.
-
Compatible with uBlock Origin.
-
Basic Content Blocker only.
-
Tor Browser for Android contains 3 trackers (Adjust, LeanPlum, Google Analytics)
-
Exodus Privacy reports 2 trackers (Adjust, Mozilla Telemetry) for Mull. However, according to the development team, this is a false positive: the tracker libraries were replaced with "stubs", meaning that they have been replaced with code that does nothing.
-
Exodus Privacy reports 2 trackers (Adjust, LeanPlum) for Fennec F-Droid. However, according to the development team, this is a false positive: the tracker libraries were replaced with "stubs", meaning that they have been replaced with code that does nothing.
-
Brave is maintained by a for profit, VC-backed company. It features an (opt-in) ad system, and faced criticism in the past for adding affiliate links that it profits from. Transmits telemetry data to an analytics service by default, this can be opted-out.
Best Firefox extensions¶
Add uBlock Origin to your fresh Firefox install. It's a free and open source content filter — and a good one at that! Head over to Mozilla's addon store, and click on the button Add to Firefox
. Various settings allow to increase your privacy, as detailed in the instructions below.
Show me the step-by-step guide for Windows, macOS & Linux (Ubuntu)
- Click on the uBlock Origin icon in Firefox's toolbar
- Make sure uBlock Origin is enabled, the large power button needs to be blue
- Click on the Dashboard button
- Open the tab
Filter lists
- Select the check boxes shown in the table below and click on
Apply changes
Section | Check box |
---|---|
Ads | ☑ AdGuard Base ☑ AdGuard Mobile Ads ☑ EasyList |
Privacy | ☑ AdGuard Tracking Protection ☑ EasyPrivacy ☑ Fanboy's Enhanced Tracking List |
Annoyances | ☑ AdGuard Annoyances ☑ AdGuard Social Media ☑ Anti-Facebook ☑ EasyList Cookie ☑ Fanboy's Annoyance ☑ Fanboy's Social ☑ uBlock filters - Annoyances |
Add HTTPS Everywhere to your fresh Firefox install. It's a privacy extension which enables Hypertext Transfer Protocol Secure (HTTPS) by default, a form of encryption to protect web traffic. While the desktop version of Firefox allows to enable this option in the settings, an extension for HTTPS Everywhere is still needed on Android. Navigate to Menu ‣ Add-ons
and click on the +
symbol next to HTTPS Everywhere.
Also add uBlock Origin, a free and open source content filter — and a good one at that! Navigate to Menu ‣ Add-ons
and click on the +
symbol next to uBlock Origin. Various settings allow to increase your privacy, as detailed in the instructions below.
Show me the step-by-step guide for Android
- Navigate to
Menu ‣ Add-ons ‣ uBlock Origin ‣ Settings
- Open the tab
Filter lists
- Select the check boxes shown in the table below and click on
Apply changes
Section | Check box |
---|---|
Ads | ☑ AdGuard Base ☑ AdGuard Mobile Ads ☑ EasyList |
Privacy | ☑ AdGuard Tracking Protection ☑ EasyPrivacy ☑ Fanboy's Enhanced Tracking List |
Annoyances | ☑ AdGuard Annoyances ☑ AdGuard Social Media ☑ Anti-Facebook ☑ EasyList Cookie ☑ Fanboy's Annoyance ☑ Fanboy's Social ☑ uBlock filters - Annoyances |
Show me the 2-minute summary video
What is a browser extension? Tell me more about privacy extensions!
Use extensions with parsimony. They facilitate fingerprinting, a practice used to collect information, track browsing habits and deliver targeted advertising. The more extensions, the more unique your fingerprint, and the larger the attack surface. Want to know how easy it is to identify and track your browser? Head over to EFF's Cover Your Tracks.
Use extensions with caution. Some might break websites. Add new extensions progressively and disable them in case of negative impacts. It can be challenging to strike the right balance between privacy and usability.
Finally, some advice for social network users. Don't check boxes in uBlock Origin's filter list section Annoyances
if you use social sharing buttons from Facebook, Twitter and the like.
Addons | Description |
---|---|
Clear URLs | Remove tracking elements from URLs. |
Cookie autodelete | Automatically delete unused cookies when closing tabs. |
I don't care about cookies | Get rid of cookie warnings. |
Miner block | Block cryptocurrency miners. |
Cloud firewall | Block connections to cloud services from Google, Amazon, Facebook, Microsoft, Apple and Cloudflare. |
CSS exfil protection | Guard your browser against data theft from web pages using CSS. |
Disconnect | Visualise and block web tracking. |
Noscript | Allow only trusted web sites to execute JavaScript, Java, Flash and other plugins. |
HTTPS everywhere | Encrypt web traffic, make browsing more secure. |
Privacy badger | Stop advertisers and other third-party trackers from secretly spying on you. |
Decentraleyes | Block tracking via content delivery networks operated by third parties. |
Terms of service; didn't read | Understand websites' terms & privacy policies, with ratings and summaries. |
Firefox privacy settings & browser security¶
Open a new tab in Firefox. Remove any clutter from the empty tab, such as Top Sites
or Highlights
. Next, type about:preferences
in the address bar to access Firefox's privacy and security settings. More detailed instructions below.
Show me the step-by-step guide for Windows, macOS & Linux (Ubuntu)
Warning: Apply these settings with caution, some might break web sites. Add new settings progressively and disable them in case of negative impacts.
Menu | Settings |
---|---|
General | In the section Language , uncheck the box Check your spelling as you type . |
General | In the section Browsing , uncheck the two boxes Recommend extensions as you browse and Recommend features as you browse . |
Home | In the section Firefox Home Content , uncheck the boxes Shortcuts , Recent activity and Snippets . |
Search | In the section Search Suggestions , uncheck the box Provide search suggestions . |
Search | In the section Search Shortcuts , remove Google, Bing, Amazon and Ebay. |
Search | Browse to Disroot Searx and add it to the default search engines by right clicking or clicking on the 3-dot actions menu in the address bar. Remark: You'll find more suggestions on privacy respecting search engines at the end of this section. |
Search | Go back to the section Default Search Engine in Firefox's settings and select Disroot SearX. |
Privacy & Security | The section Enhanced Tracking Protection contains settings to prevent third parties from tracking you across websites. Select between Standard and Strict settings. Stricter settings will block more trackers and ads, but are also more likely to break websites. |
Privacy & Security | In the section Tracking Protection , also select Always Send websites a Do Not Track signal . |
Privacy & Security | In the section Cookies and Site Data , select Delete cookies and site data when Firefox is closed . Then click on Clear Data and erase all cookies and site data stored by Firefox. |
Privacy & Security | In the section Logins and Passwords , unselect Ask to save logins and passwords for websites . |
Privacy & Security | In the section History , select Use custom settings for history . Uncheck the boxes Remember browsing and download history and Remember search and form history . Instead, check the box Clear history when Firefox closes . Then click on Clear History and erase all data stored by Firefox. Remark: this is a work-around, as for some obscure reason Never remember history breaks many add-ons. |
Privacy & Security | In the section Firefox Data Collection and Use , uncheck all entries. |
Privacy & Security | In the Security section, uncheck the entry Block dangerous and deceptive content . While this setting helps spotting phishing and malware, it does so by establishing a connection to Google's servers. |
Privacy & Security | In the section HTTPS-Only Mode , select Enable HTTPS-Only Mode in all windows . This enables the Hypertext Transfer Protocol Secure (HTTPS) by default, a form of encryption which protects web traffic. A (green) lock should show up in Firefox's address bar each time you navigate to a website. |
Privacy & Security | In the section Address Bar , unselect Contextual suggestions and Include occasional sponsored suggestions . |
General | (Optional) Check the box Always check if Firefox is your default browser and click on Make Default . |
Launch Firefox. On the welcome screen, scroll down and click on the button Start browsing
. Remove any clutter from the empty tab, such as Google
or Top Articles
. Next, navigate to Menu ‣ Settings
and adjust Firefox's privacy and security settings. More detailed instructions below.
Show me the step-by-step guide for Android
Warning: Apply these settings with caution, some might break web sites. Add new settings progressively and disable them in case of negative impacts.
Menu | Settings |
---|---|
Search | In the section Default search engine , remove Google, Bing, Amazon, Qwant and Ebay. |
Search | In the section Default search engine , click on + Add search engine . Under Other , fill in the following:• Name : Disroot SearX • Search string to use : https://search.disroot.org/search?q=%s Then click on 🗸 to apply all changes. Remark: You'll find more suggestions on privacy respecting search engines at the end of this section. |
Search | Back in the section Default search engine , select Disroot SearX . |
Search | In the section Address bar , disable the options Autocomplete URLs , Show clipboard suggestions , Search browsing history and Show search suggestions . |
Customise | In the section Home , disable Show most visited sites . |
Logins and passwords | Change the option Save logins and passwords to Never save . |
Logins and passwords | Disable Autofill . |
Enhanced Tracking Protection | Make sure the option Enhanced Tracking Protection is enabled to prevent third parties from tracking you across websites. Select between Standard and Strict settings. Stricter settings will block more trackers and ads, but are also more likely to break websites. |
Delete browsing data on quit | Enable the option Delete browsing data on quit . If you want open tabs to be restored after closing Firefox, unselect Open tabs . |
Data collection | Disable Usage and technical data , Marketing data as well as Studies . |
General | (Optional) Enable Set as default browser . |
Show me the 3-minute summary video
Tell me more about privacy-respecting search engines
Search engine | Description |
---|---|
Searx | Open source meta search engine. Aggregates anonymous search results from various engines. Various instances are accessible online, for example from Disroot. Can also be self-hosted. |
Duckduckgo | US-based meta search engine, mainly aggregates Bing/Yahoo results. |
Ecosia | German meta search engine, mainly provides Bing results and plants trees. |
Swisscows | Swiss meta search engine, mainly provides Bing results. |
Mojeek | UK based search engine. |
Metager | German open source meta search engine. |
Qwant | French meta search engine, VC-funded (large multimedia company Axel-Springer is an investor). |
Startpage | Dutch meta search engine, mainly provides Google results. System 1, an ad company, is shareholder since October 2019. |
Firefox User.js¶
Firefox offers a whole range of advanced privacy and security settings. On desktop devices, these can be accessed by typing about:config
in the address bar and confirming a security warning. Given the sheer amount of options, this can however quickly become tedious. An easier way is to install a user.js
file. This small JavaScript file contains a number of pre-configured settings and loads each time you launch Firefox. More details on how to install the user.js file below!
Show me a step-by-step guide for Windows, macOS & Linux (Ubuntu)
Warning: use user.js
files with caution. The stricter the privacy level, the more websites might break!
Back up your current configuration, which is stored in a file named pref.js
:
Instructions | Description |
---|---|
Step 1 | Type about:support in Firefox's address bar. |
Step 2 | Go to Application Basics . |
Step 3 | Click on Open Directory . |
Step 4 | Back up a copy of the pref.js file. |
Now download your preferred user.js
template. Find out more about available templates at the end of this section. Place the downloaded user.js
file in the same folder as the pref.js
file. Depending on your browser and operating system, this folder should be located here:
OS | Path |
---|---|
Windows | %APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name\user.js |
macOS | ~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name |
Linux (Ubuntu) | ~/.mozilla/firefox/XXXXXXXX.default-release/user.js |
If at any point you need to revert back to your initial settings, just restore the file pref.js
and delete the user.js
file.
Show me the 2-minute summary video
Where can I find user.js templates?
- Arkenfox user.js strikes a nice balance between privacy and usability. More information on the wiki page
- Pyllyukko
- Relaxed Pyllyukko
- Privacy Handbook minimal configuration (German)
- Privacy Handbook moderate configuration (German)
- Privacy Handbook strict configuration (German)
- A tool to make your own user.js file
- Explanation of common user.js settings
Support¶
For further details or questions, refer to:
-
Firefox's support documentation or ask the Firefox community for help.
-
uBlock's official documentation or one of the many online tutorials if you're interested in more advanced usage.