Skip to content

Hardened Firefox
(Including The Best Firefox Addons in 2022)

Last updated: May 2022. For beginners & intermediate users. Some tech skills may be required.

Firefox hardening

How to install Firefox

Looking for a secure web browser? Firefox is the preferred browser when it comes to privacy, security and convenience. Firefox was first released back in 2004 by the Mozilla community. The browser is free and open source, although the Android version includes proprietary libraries, like Google Analytics. Firefox blocks cross-site tracking cookies by default, can be further hardened with customisable browser security settings or addons, and runs smoothly on virtually any device. Detailed installation instructions below.

Show me the step-by-step guide for Windows

Download and run the Firefox installer.

Show me the step-by-step guide for macOS

Download the Firefox disk image, open it and drag the Firefox icon on top of the Application folder. For easy access, open the Applications folder and drag the Firefox icon to your dock.

Show me the step-by-step guide for Linux (Ubuntu)

If you run a Linux distribution such as Ubuntu, open the terminal with the Ctrl+Alt+T shortcut or click on the Applications button on the top left and search for Terminal. Then run the following command:

sudo apt install firefox
Show me the step-by-step guide for Android

Installing Firefox on Android is simple. Download Firefox from the App Store, or visit the Firefox download page from your Android device. There's also a way to download and update Firefox without using a Google account: Aurora Store! We'll explain how to use alternative app stores in a later chapter.

Show me the step-by-step guide for iOS

Download Firefox from the App Store.

Mozilla, the (not-so) white knight at the merci of Google

In a browser landscape dominated by Google, Firefox currently seems to be the only independent contender worth mentioning. That's why our browser recommendation is Firefox, a free and open source alternative to Chrome-based browsers. But we also share some of the criticism regarding Mozilla. This includes questionable technical choices, such as the integration of the partly closed-source Pocket or turning on sponsored content and telemetry by default. Gladly, those settings can be adjusted, as explained on this page.

There are also broader concerns regarding long-term funding. The Mozilla Corporation is the company behind the development, distribution and promotion of Firefox, Thunderbird as well as other applications. Further, the Mozilla Corporation is a commercial entity under the control of a non-profit organisation called the Mozilla Foundation. As it happens, the Mozilla Corporation earns most of its revenues through a deal with... Google, its main rival! Dating back to 2006, this odd partnership has been extended until 2023, and secures 450 million dollars in yearly revenues by assigning Google as Firefox's default search engine. While its legitimate for Mozilla to seek value streams which sustain development, some qualify this business relationship as a conflict of interest. One may indeed wonder if Google isn't paying Mozilla to keep competition in check and regulatory authorities at bay. A fox doesn't bite the hand that feeds it...

Firefox vs Chrome –⁠ What is the safest browser in 2022?

Many wonder which web browser is most secure when it comes to privacy. There are many private browsers, some of them are listed in the table below. Please mind that we don't recommend using Chrome or Chromium based browsers from a privacy point of view. Leah Elliott's comic Contra Chrome best sums up why Google’s browser has become a threat to user privacy:

  • Chrome as well as Chromium-based browsers run on code ultimately controlled by Google, and fortify Google's browser monopoly
  • Chrome, but also some other Chromium-based browsers are the gateway to Google's ecosystem, including GMail, YouTube, Google Photos, etc.
  • Google's browser as well as its other services systematically collect private user information, most of the times without consent, to then sell them to the highest bidder

Tor Librewolf FOSS Browser Mull Fennec F-Droid Ungoogled Chromium Brave Bromite
FOSS 1 1
Desktop Version
Android Version
Data Isolation (Tracking Protection) 2 2 2
Process Isolation (Sandbox) 3
Fingerprinting Protection 4 4 4
Content Blocker 5 5 6 5 5 6
Custom Search Engine
Regular Security Updates
Telemetry / Tracker Free 7 8 9 10

  1. Contains proprietary libraries.

  2. Basic Tracking Protection only.

  3. Available on Desktop only. Android version does not isolate websites to their own process to limit exposure to security vulnerabilities: neither per-site process isolation nor sandboxing are implemented.

  4. Basic Fingerprinting Protection only.

  5. Compatible with uBlock Origin.

  6. Basic Content Blocker only.

  7. Tor Browser for Android contains 3 trackers (Adjust, LeanPlum, Google Analytics)

  8. Exodus Privacy reports 2 trackers (Adjust, Mozilla Telemetry) for Mull. However, according to the development team, this is a false positive: the tracker libraries were replaced with "stubs", meaning that they have been replaced with code that does nothing.

  9. Exodus Privacy reports 2 trackers (Adjust, LeanPlum) for Fennec F-Droid. However, according to the development team, this is a false positive: the tracker libraries were replaced with "stubs", meaning that they have been replaced with code that does nothing.

  10. Brave is maintained by a for profit, VC-backed company. It features an (opt-in) ad system, and faced criticism in the past for adding affiliate links that it profits from. Transmits telemetry data to an analytics service by default, this can be opted-out.


Firefox vs chrome security

Best Firefox extensions

Add uBlock Origin to your fresh Firefox install. It's a free and open source content filter — and a good one at that! Head over to Mozilla's addon store, and click on the button Add to Firefox. Various settings allow to increase your privacy, as detailed in the instructions below.

Show me the step-by-step guide for Windows, macOS & Linux (Ubuntu)
  • Click on the uBlock Origin icon in Firefox's toolbar
  • Make sure uBlock Origin is enabled, the large power button needs to be blue
  • Click on the Dashboard button
  • Open the tab Filter lists
  • Select the check boxes shown in the table below and click on Apply changes

Section Check box
Ads ☑ AdGuard Base
☑ AdGuard Mobile Ads
☑ EasyList
Privacy ☑ AdGuard Tracking Protection
☑ EasyPrivacy
☑ Fanboy's Enhanced Tracking List
Annoyances ☑ AdGuard Annoyances
☑ AdGuard Social Media
☑ Anti-Facebook
☑ EasyList Cookie
☑ Fanboy's Annoyance
☑ Fanboy's Social
☑ uBlock filters - Annoyances

Add HTTPS Everywhere to your fresh Firefox install. It's a privacy extension which enables Hypertext Transfer Protocol Secure (HTTPS) by default, a form of encryption to protect web traffic. While the desktop version of Firefox allows to enable this option in the settings, an extension for HTTPS Everywhere is still needed on Android. Navigate to Menu ‣ Add-ons and click on the + symbol next to HTTPS Everywhere.

Also add uBlock Origin, a free and open source content filter — and a good one at that! Navigate to Menu ‣ Add-ons and click on the + symbol next to uBlock Origin. Various settings allow to increase your privacy, as detailed in the instructions below.

Show me the step-by-step guide for Android
  • Navigate to Menu ‣ Add-ons ‣ uBlock Origin ‣ Settings
  • Open the tab Filter lists
  • Select the check boxes shown in the table below and click on Apply changes

Section Check box
Ads ☑ AdGuard Base
☑ AdGuard Mobile Ads
☑ EasyList
Privacy ☑ AdGuard Tracking Protection
☑ EasyPrivacy
☑ Fanboy's Enhanced Tracking List
Annoyances ☑ AdGuard Annoyances
☑ AdGuard Social Media
☑ Anti-Facebook
☑ EasyList Cookie
☑ Fanboy's Annoyance
☑ Fanboy's Social
☑ uBlock filters - Annoyances

Show me the 2-minute summary video

What is a browser extension? Tell me more about privacy extensions!

Use extensions with parsimony. They facilitate fingerprinting, a practice used to collect information, track browsing habits and deliver targeted advertising. The more extensions, the more unique your fingerprint, and the larger the attack surface. Want to know how easy it is to identify and track your browser? Head over to EFF's Cover Your Tracks.

Use extensions with caution. Some might break websites. Add new extensions progressively and disable them in case of negative impacts. It can be challenging to strike the right balance between privacy and usability.

Finally, some advice for social network users. Don't check boxes in uBlock Origin's filter list section Annoyances if you use social sharing buttons from Facebook, Twitter and the like.

Addons Description
Clear URLs Remove tracking elements from URLs.
Cookie autodelete Automatically delete unused cookies when closing tabs.
I don't care about cookies Get rid of cookie warnings.
Miner block Block cryptocurrency miners.
Cloud firewall Block connections to cloud services from Google, Amazon, Facebook, Microsoft, Apple and Cloudflare.
CSS exfil protection Guard your browser against data theft from web pages using CSS.
Disconnect Visualise and block web tracking.
Noscript Allow only trusted web sites to execute JavaScript, Java, Flash and other plugins.
HTTPS everywhere Encrypt web traffic, make browsing more secure.
Privacy badger Stop advertisers and other third-party trackers from secretly spying on you.
Decentraleyes Block tracking via content delivery networks operated by third parties.
Terms of service; didn't read Understand websites' terms & privacy policies, with ratings and summaries.


Browser security model

Firefox privacy settings & browser security

Open a new tab in Firefox. Remove any clutter from the empty tab, such as Top Sites or Highlights. Next, type about:preferences in the address bar to access Firefox's privacy and security settings. More detailed instructions below.

Show me the step-by-step guide for Windows, macOS & Linux (Ubuntu)

Warning: Apply these settings with caution, some might break web sites. Add new settings progressively and disable them in case of negative impacts.

Menu Settings
General In the section Language, uncheck the box Check your spelling as you type.
General In the section Browsing, uncheck the two boxes Recommend extensions as you browse and Recommend features as you browse.
Home In the section Firefox Home Content, uncheck the boxes Shortcuts, Recent activity and Snippets.
Search In the section Search Suggestions, uncheck the box Provide search suggestions.
Search In the section Search Shortcuts, remove Google, Bing, Amazon and Ebay.
Search Browse to Disroot Searx and add it to the default search engines by right clicking or clicking on the 3-dot actions menu in the address bar.

Remark: You'll find more suggestions on privacy respecting search engines at the end of this section.
Search Go back to the section Default Search Engine in Firefox's settings and select Disroot SearX.
Privacy & Security The section Enhanced Tracking Protection contains settings to prevent third parties from tracking you across websites. Select between Standard and Strict settings. Stricter settings will block more trackers and ads, but are also more likely to break websites.
Privacy & Security In the section Tracking Protection, also select Always Send websites a Do Not Track signal.
Privacy & Security In the section Cookies and Site Data, select Delete cookies and site data when Firefox is closed. Then click on Clear Data and erase all cookies and site data stored by Firefox.
Privacy & Security In the section Logins and Passwords, unselect Ask to save logins and passwords for websites.
Privacy & Security In the section History, select Use custom settings for history.

Uncheck the boxes Remember browsing and download history and Remember search and form history.

Instead, check the box Clear history when Firefox closes. Then click on Clear History and erase all data stored by Firefox.

Remark: this is a work-around, as for some obscure reason Never remember history breaks many add-ons.
Privacy & Security In the section Firefox Data Collection and Use, uncheck all entries.
Privacy & Security In the Security section, uncheck the entry Block dangerous and deceptive content. While this setting helps spotting phishing and malware, it does so by establishing a connection to Google's servers.
Privacy & Security In the section HTTPS-Only Mode, select Enable HTTPS-Only Mode in all windows. This enables the Hypertext Transfer Protocol Secure (HTTPS) by default, a form of encryption which protects web traffic. A (green) lock should show up in Firefox's address bar each time you navigate to a website.
Privacy & Security In the section Address Bar, unselect Contextual suggestions and Include occasional sponsored suggestions.
General (Optional) Check the box Always check if Firefox is your default browser and click on Make Default.

Launch Firefox. On the welcome screen, scroll down and click on the button Start browsing. Remove any clutter from the empty tab, such as Google or Top Articles. Next, navigate to Menu ‣ Settings and adjust Firefox's privacy and security settings. More detailed instructions below.

Show me the step-by-step guide for Android

Warning: Apply these settings with caution, some might break web sites. Add new settings progressively and disable them in case of negative impacts.

Menu Settings
Search In the section Default search engine, remove Google, Bing, Amazon, Qwant and Ebay.
Search In the section Default search engine, click on + Add search engine. Under Other, fill in the following:

Name: Disroot SearX

Search string to use: https://search.disroot.org/search?q=%s

Then click on 🗸 to apply all changes.

Remark: You'll find more suggestions on privacy respecting search engines at the end of this section.
Search Back in the section Default search engine, select Disroot SearX.
Search In the section Address bar, disable the options Autocomplete URLs, Show clipboard suggestions, Search browsing history and Show search suggestions.
Customise In the section Home, disable Show most visited sites.
Logins and passwords Change the option Save logins and passwords to Never save.
Logins and passwords Disable Autofill.
Enhanced Tracking Protection Make sure the option Enhanced Tracking Protection is enabled to prevent third parties from tracking you across websites. Select between Standard and Strict settings. Stricter settings will block more trackers and ads, but are also more likely to break websites.
Delete browsing data on quit Enable the option Delete browsing data on quit. If you want open tabs to be restored after closing Firefox, unselect Open tabs.
Data collection Disable Usage and technical data, Marketing data as well as Studies.
General (Optional) Enable Set as default browser.

Show me the 3-minute summary video

Tell me more about privacy-respecting search engines

Search engine Description
Searx Open source meta search engine. Aggregates anonymous search results from various engines. Various instances are accessible online, for example from Disroot. Can also be self-hosted.
Duckduckgo US-based meta search engine, mainly aggregates Bing/Yahoo results.
Ecosia German meta search engine, mainly provides Bing results and plants trees.
Swisscows Swiss meta search engine, mainly provides Bing results.
Mojeek UK based search engine.
Metager German open source meta search engine.
Qwant French meta search engine, VC-funded (large multimedia company Axel-Springer is an investor).
Startpage Dutch meta search engine, mainly provides Google results. System 1, an ad company, is shareholder since October 2019.


Harden Firefox

Firefox User.js

Firefox offers a whole range of advanced privacy and security settings. On desktop devices, these can be accessed by typing about:config in the address bar and confirming a security warning. Given the sheer amount of options, this can however quickly become tedious. An easier way is to install a user.js file. This small JavaScript file contains a number of pre-configured settings and loads each time you launch Firefox. More details on how to install the user.js file below!

Show me a step-by-step guide for Windows, macOS & Linux (Ubuntu)

Warning: use user.js files with caution. The stricter the privacy level, the more websites might break!

Back up your current configuration, which is stored in a file named pref.js:

Instructions Description
Step 1 Type about:support in Firefox's address bar.
Step 2 Go to Application Basics.
Step 3 Click on Open Directory.
Step 4 Back up a copy of the pref.js file.

Now download your preferred user.js template. Find out more about available templates at the end of this section. Place the downloaded user.js file in the same folder as the pref.js file. Depending on your browser and operating system, this folder should be located here:

OS Path
Windows %APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name\user.js
macOS ~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name
Linux (Ubuntu) ~/.mozilla/firefox/XXXXXXXX.default-release/user.js

If at any point you need to revert back to your initial settings, just restore the file pref.js and delete the user.js file.

Show me the 2-minute summary video

Where can I find user.js templates?


Safest web browser

Support

For further details or questions, refer to:

Safest internet browser