Book Chapters 

About Config Settings:

Firefox allows the users to modify the configuration settings. Open Firefox and type “about:config” in the URL bar. You will see the following message:

“This might void your warranty! Changing these advanced settings can be harmful to the stability, security and performance of this application. You should only continue if you are sure of what you are doing”. 

Accept the risks. To change most of the settings, double click the setting to toggle the slider between “True” and “False”. For other parameters you need to provide a number. You should search the for desired parameter, in the search bar of “about:config” page, as shown below: 


Recommended Parameter Values:

  • privacy.trackingprotection.enabled: True

-as it blocks website’s tracking 

  • geo.enabled: False

-as it disables Firefox from sharing the user's location data

  • browser.safebrowsing.phishing.enabled: False 

-as it disables Google’s “Safe Browsing” and “Phishing” protection. Otherwise, Google scans and stores the sites for the presence of malwares.

  • browser.safebrowsing.malware.enabled: False 

-as it disables Google’s ability to scan and store sites for the presence of malwares. 

  • dom.event.clipboardevents.enabled: False 

-as many websites request a notification, if we copy an image or text. Setting the slider to “False” disables this ability of the websites. 

  • media.navigator.enabled: False 

-as it disables the website's ability to see webcam and micro-phone (On/Off) status

  • dom.battery.enabled: False 

-as it disables the website's ability to see the exact battery levels

WebRTC: (Web Real - Time Communications): 

WebRTC is a new communication protocol that relies on JavaScript. It can leak our actual IP address behind the VPN. Hence, consider the following settings:

  • media.peerconnection.enabled: False
  • media.peerconnection.turn.disable: True
  • media.peerconnection.use_document_iceservers: False
  • False
  • media.peerconnection.identity.timeout: 1

Unfortunately, WebRTC cannot be fully disabled in Google Chrome. 

Additional Recommended Changes:

For furtherance of privacy, you may apply following additional changes: 

  • privacy.firstparty.isolate: True

-Isolates all the browser identifiers (e.g. cookies) to prevent tracking across different domains

  • privacy.resistFingerprinting: True 

-Makes Firefox more resistant to browser finger-printing

  • browser.cache.offline.enable: False 

-Disables offline cache

  • browser.sessionstore.max_tabs_undo: 0 

-Even when Firefox is barred from remembering history, closed tabs are stored temporarily at Menu > History > Recently Closed Tabs.

  • browser.urlbar.speculativeConnect.enabled: False 

-Disables pre-loading of auto-complete URLs. Firefox preloads URLs that auto-complete when user types in the address bar. A concern if URLs suggested are not the intended ones. 

  • network.cookie.cookieBehavior: 1 

-Disables cookies
0 = Accepts all cookies by default
1 = Only accepts from the originating site (blocks third-party cookies)
2 = Blocks all cookies by default

  • network.cookie.lifetimePolicy: 2 

-Cookies are deleted at the end of the session
0 = Accepts cookies normally
1 = Prompts for each cookie
2 = Accepts for current session only
3 = Accepts for N days

  • network.http.referer.trimmingPolicy: 2 

-Sends only the scheme, host and port in the Referer header
0 = Sends the full URL in the Referer header
1 = Sends the URL without its query string in the Referer header
2 = Sends only the scheme, host and port in the Referer header

  • webgl.disabled: True 

-WebGL is a potential security risk.

  • browser.sessionstore.privacy_level: 2 

-This preference controls when to store extra information about a session: contents of forms, scroll-bar positions, cookies and POST data. 
0 = Stores extra session data for any site. 
1 = Stores extra session data for unencrypted (non-HTTPS) sites only. 
2 = Never stores extra session data.

  • extensions.blocklist.url: 

-Limits the amount of identifiable information sent when requesting the Mozilla’s harmful extension block-list. Optionally, the block-list can be disabled entirely by setting extensions.blocklist.enabled to false for increased privacy, but decreased security. 

These customised settings, provide greater degree of protection. Next, we shall discuss the biggest benefit of Firefox i.e, Firefox extensions also known as add-ons. 

Firefox Add-ons: 

They are the programs that change the browser's functionality i.e. add new features or modify the existing ones positively. While most add-ons are beneficial, some are not. E.g, FF Web Surety add-on injected “Monero” miner into Firefox. 

Procedure to Install:
Search for add-ons from within the Firefox page or visit the website and download the add-ons. 

  • Open Firefox. 
  • Tap on Menu button i.e. three horizontal lines in the upper right corner.
  • Click on “Add-ons” from the drop-down menu.
  • This presents a page with a search field in the upper right corner. 
  • Enter the name of the add-on and then install. 

The most useful and popular extensions have been listed below.

Media Add-ons:

Video Download Helper Add-on: 
This add-on extracts video and image files from the websites. Thus, users can download videos directly from YouTube, Periscope, Facebook and so on. Additionally, it also converts audio and video formats.

After installation “three grey circles” icon appears within the Firefox. When media is available, they turn to full colour. 

Bulk Media Downloader Add-on:
This add-on helps download multiple media files easily without missing them accidently. Users can select files individually or by categories. 


Screenshot Add-ons:

Fireshot Add-on:

This is the best add-on for capturing screen-shots. After installation, a blue square with letter “S” appears within the Firefox. Tapping the icon provides the following options:

  • Capture entire page
  • Capture visible part
  • Capture selection
  • Options

“Options” allow us to save file in either JPG or PNG format. However, better choice is “Capture entire page” and “Save to PDF”. An additional benefit is – “The title of the document is same as the title of the page and includes its URL”. 


Nimbus Add-on:
Fire-shot occasionally fails in screen captures of very large pages. Then, you should try Nimbus, especially for large Facebook pages. Nimbus can capture:

  • Entire page
  • Visible part of page
  • Selected area etc 


The results are saved as PNG files.  

Privacy Add-ons:

uBlock Origin Add-on:
This is the most famous “privacy enriching” add-on. It blocks malicious scripts and also allows flexible customisation to allow / block any or all of the scripts. Unlike AdBlock Plus add-on, it does not allow so called “acceptable ads”. 


HTTPS Everywhere Add-on:
This is another very popular “privacy enhancing” add-on. It enhances privacy by:

  • Forcing browsers to use HTTPS on supporting sites. 
  • Forcing sites to use SSL encryption if available. 

Thus, it encrypts communication with websites. It's signified by “HTTPS” at the front of website's URL and padlock icon in the browser address bar.

Some sites make it difficult to use HTTPS by having unencrypted HTTP as default or by filling encrypted pages with links that go back to unencrypted sites. HTTPS Everywhere extension fixes these problems automatically by forcing the use of HTTPS. 


Investigation Add-ons:

Exif Viewer Add-on:
This extension extracts and displays the Exif (Exchangeable Image File) metadata. After installation, the right click of mouse provides an option “Exif Viewer”.
Social networks like Facebook “scrub” the meta-data to protect the privacy of their users. However, Picassa, Drop-box, Flickr, blogs and personal websites images may have Exif data intact.  


MJSON Viewer Add-on:
Without this, API searches won’t function properly. 


Image Search Options Add-on:
After installation, the right click of mouse provides an option “Image Search Option”. This automates reverse image search on:

  • Google
  • Bing
  • TinEye
  • Yandex
  • Baidu
  • Others

Users can also add their own sites, customize existing ones and search multiple sites at the same time.


Resurrect Pages Add-on:
This add-on provides links to the archived versions of the web-site. After installation, right click of the mouse offers an option “Resurrect this page” with:

  • Google cache: A standard Google cache.
  • Google cache text: The text only view of standard Google cache.
  • The Way-back Machine: A link of target’s page from the Way-back Machine.
  • Any capture of the target’s page on
  • WebCite: A capture of the target’s page from WebCite.



Productivity Add-ons:

Grammarly Add-on: 
Grammarly add-on helps the users write without mistakes as it can detect:

  • Contextual errors
  • Commonly confused words
  • Subject-verb agreement issues

However, it requires users to set up a free account. 

Awesome Screenshot Plus Add-on: 
This is another screenshot capture add-on. Like other similar add-ons, it can capture an entire page or a portion of it. However, it can also:

  • Annotate an image with rectangle, circles, arrows, line and text 
  • Blur sensitive information 


User Agent Switcher Add-on:
Occasionally, a web-site may not co-operate with Firefox. Even when Firefox is entirely capable of displaying the information, the website can refuse the data. For example, old websites that require Microsoft’s Internet Explorer to view the content. Another example is mobile websites that display different content to phone and computer users. 

Browsers notify their identity to websites, and they in-turn can refuse content. This can be controlled and managed with this extension. 

After installation, we have a new menu in the browser. The menu allows us to choose between a mobile OS such as iOS or Android; desktop browser such as IE or Chrome or computer OS such as Windows or Mac. Whatever the user chooses, the data is sent and confirmed by the website. A non co-operating website then sends the desired information. 

Some useful user-agents are:

  • iOS: An Apple OS for iPhone/ iPad devices.
  • Android: A Google OS for various mobile devices including Nexus.
  • Windows Phone: A mobile OS from Microsoft for Windows-phone devices.
  • Tizen: A new mobile OS form Samsung.
  • Symbian: An old mobile OS from Nokia.
  • Chrome: A browser built by Google.
  • Opera: A browser built by Opera Software ASA.
  • Firefox: A browser built by Mozilla.
  • Safari: A browser built by Apple.
  • Internet Explorer, Edge: Two browsers built by Microsoft.


Privacy and Security Add-ons:

Duck-Duck-Go Privacy Essentials Add-on: 
We will read about Duck-Duck-Go in detail in the chapter “Alternatives to Google”.


LastPass Password Manager Add-on: 
This add-on is one of the best password managers available today.

  • Requires only one master password. 
  • Encrypts and backs up all the passwords and logins at one place. 
  • Automatically fills the login information.
  • Synchronizes across multiple devices. 


Ghostery Add-on: 
Ghostery add-on blocks third-party trackers. Trackers slow down the computer and sell sensitive personal information. 
This add-on provides on page reporting of trackers with the following details:

  • Data being collected by trackers
  • Purpose of data collection
  • Data retention practices of the trackers 

It can also block or trust each tracker by site or category. 


Mailvelope Add-on:
Mailvelope add-on explains the process to “encrypt sensitive messages” on Gmail, Outlook or any other webmail app. It is easy to use, and has been built on widely used and regarded PGP (Pretty Good Privacy) standards.  


Commercial Utility Add-ons:

Honey Add-on:
Honey is a shopping add-on. It automates the finding and application of the best coupons or codes, so that you can get the best price. 


InvisibleHand Add-on:
InvisibleHand is another shopping add-on. It searches automatically the rest of the internet to find and intimate the user of the lowest price of the product online. 


Social Utility Add-ons:

Social Fixer Add-on:
Social Fixer add-on enhances Facebook experience as it:

  • Removes obnoxious political posts.
  • Tracks people who unfriend us
  • Hides sponsored posts.


An alternative add-on is FB Purity.