Thread: Firefox - Additional Privacy and Security

Are you paranoid about your privacy and security while browsing the internets with Firefox? Well, I'd like to attempt to ease some of your paranoia.



This guide will include instructions on how to secure Firefox at least a bit better. It will also include details of different security add-ons with "PITA" (pain in the ass) ratings. PITA rating is how annoying or difficult to use a particular security extension is. The higher the PITA rating, the more annoying the extension is.


about:config - Password manager safety

How does one find the mysterious about:config? Well, the answer is that about:config finds YOU.

Ok not really.

Type about:config in your address bar and then press enter (or return).
If you have not gone into about:config before, you will be presented with an ominous message warning you about it. For now, we will be reckless rebels and ignore this warning.

Preventing dumb password stealing

If you store your passwords using the Firefox password manager, there's a possibility that your passwords can be stolen using what I call "the dumb password stealing method for serious losers who have nothing better to do than take people's personal information with malicious intent."
Here are details on the exploit: Firefox Password Manager Information Disclosure - Secunia Advisories - Vulnerability Information - Secunia.com

The fix is very easy, and should only take...

In the about:config search bar enter signon.autofillForms. Double click on signon.autofillForms to set it to false.

...that was it?

Add-ons

These are add-ons I have used extensively that improve privacy and security in Firefox. I'm not saying you should install them all (or any of them). I hope you find something in this list that would be useful to you.
Included are PITA ratings that show how annoying and/or difficult I have found each add-on.

1. Adblock Plus
The name is descriptive enough, no?
By the way, Adblock Plus's functionality can be extended by installing the element hiding helper. The element hiding helper allows you to select element on a page to hide. It's extremely useful and I recommend it to anyone who finds that not all ads or other annoyances are being blocked.

PITA rating: 1/5

2. CS Lite
CS lite allows you to easily control cookie permissions across different websites. You control it from an icon in the bottom status bar.

PITA rating: 1/5

3. CustomizeGoogle
Firstly, it removes ads and click tracking from Google search results. The features and configuration options of this add-on are amazing. It can also add links to Yahoo, Ask, and others to help one's searching.
The reason I included it here is because it improves privacy while using Google.

PITA rating: 1/5

4. Flashblock
Replaces flash objects with a button that can be clicked to show the object. This extension is useful in protecting against flash exploits. The biggest problem with it is that the play button becomes increasingly more annoying as time goes on. I'm not sure how much it would annoy you.

PITA rating: 2/5

5. FoxyProxy
You probably do not want to use proxies on torrent trackers. Many will ban you for using them.

Anyway, FoxyProxy allows you to use a different proxy on different sites. So basically you can switch easily between different proxies. It also works extremely well with TOR.
The worst part about it is the overcomplicated configuration options and how it nags you the first time you use it.

PITA rating: 3/5

6. NoScript
By default, NoScript blocks javascript, flash, Silverlight, java, and other scripts and objects on all websites that aren't marked as trusted. One is able to use a blacklist configuration rather than the default whitelist.
It also helps to protect against XSS attacks, which is the primary reason I still use this add-on.
The thing about NoScript is that by default it's so unbearably annoying. You have to use it to see how annoying it actually is. Example: Sometimes even though scripts are enabled for a certain site, the scripts still won't work.

This one is definitely for the more paranoid among us.

PITA rating: 5/5

7. RefControl
RefControl simply prevents referrer headers from being sent from your browser to a website. This means that it prevents your browser from telling a website what page "referred" you. So if you were searching for cheeseburgers on Google and clicked onto a burger fansite, the fansite would not know that a search result referred you to the site.

There are many sites you must have the referrer sent on. eBay and Paypal are two that come to mind instantly.

PITA rating: 3/5

8. RefreshBlocker
RefreshBlocker simply prevents some websites from redirecting you to other pages. It won't prevent redirections on sites that use javascript to redirect, which is where NoScript would come in.

PITA rating: 1/5

9. Stealther
Allows you to leave little traces on your computer after browsing the internet.
Note: this can interfere with RefControl. If you have both installed, uncheck the "Referrer Header" box in Stealther.

PITA rating: 3/5

10. WOT
WOT (Web of Trust) protects you from potentially dangerous websites by warning you about them. Users rate websites using different criteria such as trustworthiness and privacy.
If you have an older computer it may slow down browsing quite a bit.

PITA rating: 4/5


If you have any tips or add-ons that can be added to this guide, please post them here. I will add relevant information and of course credit you for your help.

Why don't you add lastpass to the list.
It's a password manager which stores your password away and you can use it on almost any browser. It has a IE and firefox extension.
It can fill forms, create new password and you even can store secure notes.
It also has a master password so you won't be afraid if someone has access to your PC, he or she also can access all your passwords.