Firefox and Security Add-Ons for Linux - Secure Web Browser

Updated 24 May 2021

Table of Contents

...Loading Table of Contents...

    If you get your internet through Facebook, Google, or Wikipedia (zero-rating)

    If you are in a country where Wikipedia, Google, or Facebook provides your free access to the internet (a service known as zero-rating), you may think of these organizations or companies as the internet. But the internet is a much larger, loose network of computers that your device connects to in order to access pages, videos, files, and other content. The internet includes Facebook, Google, and Wikipedia--not the other way around. The internet also includes computers owned by governments, military groups, and universities. The main app most people use to browse the internet is not owned by any of these companies.

    Change your device’s default browser to Firefox or Chrome

    WOJTEK: Do we really want to recommend a Chromium build, as SiaB currently does, if it is known to be buggy?

    Why? The main app most people use to browse the internet is called a web browser. Not all web browsers are created equal. Some protect your security more effectively than others.

    Do NOT use:

    • Safari
    • Edge
    • Internet Explorer
      • DO use
      • We strongly recommend the Firefox web browser, made by Mozilla. It has better built-in security than others. Firefox is free and open source software (FOSS).
      • Google Chrome also has high quality security, and would be another option. However, because it is a Google product, consider whether Chrome might send more data about you to Google than you are comfortable with. It will be able to connect your browser history with your email accounts and other personal information.
      • Learn how to set your default browser Use the drop-down menus under "Customize this article" to find the right instructions for your device. Or, try the links below.

    Delete browsing history

    Why? Your browsing history is a list of websites you have visited. The default option in Firefox is "Remember my browsing and download history", which means that Firefox will remember your browsing, download, form, and search histories. Firefox will also accept cookies (small pieces of code that track your online activity) from the websites you visit. These cookies allow websites to record information on your device that Firefox will send back to them and their advertising partners.

    Browser history can be helpful to you: your browser will suggest pages you have visited before, so you don't have to re-type addresses or get sent to sites that are malicious. But there are trade-offs. If someone had access to the history of what you viewed on the internet, there is a lot they could learn about you, the people you work with, and the things you have been reading about.



    Set default search engine

    Why? Search engines like Google and Bing build profiles of people who use them, track your device specifically, and share their users' personal information with third parties. Your browser uses one search engine by default when you type in what you want to search for.

    All browsers



    Set Do Not Track

    **Wojtek: Do Not Track has essentially become obsolete, and I suspect Firefox will make the setting go away before long. I'd like to cut this section. From Wikipedia: "The W3C disbanded its DNT working group in January 2019, citing insufficient support and adoption.[11] Apple discontinued support for DNT the following month.[12] In 2020, a coalition of US-based internet companies announced Global Privacy Control header that spiritually succeeds Do Not Track header. The creators hope that this new header will meet the definition of "user-enabled global privacy controls" defined by California law and European GDPR. In this case, the new header would be automatically strengthened by existing laws and companies would be required to honor it."

    Many websites collect information about you and allow third parties to gather data about the websites you visit. This is called tracking. Do Not Track is a system that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.

    To enable Do Not Track in Firefox, and minimise the tracking of your online activity, select the two options under the Tracking section. It is important to understand, however, that companies have the ability to ignore your choice and track you anyway. Here is a list of companies' commitments to honoring Do Not Track requests.

    Manage add-ons and pop-ups

    Why? Malicious people may try to trick you into installing malware in the form of add-ons to your browser. They may do this using a pop-up window. Make sure your browser is set to protect you from these tricks. Additionally, ensure add-ons you do want are up to date, and remove ones you are not using. Just as old food can spoil, old code can let in bugs and endanger you.

    Consider not showing what you last viewed on startup

    Why? _If you are worried that your device will be seized or searched, turn off the feature that shows the webpages you had open when you last closed your browser.

    Check Enhanced Tracking Protections settings

    Why? Cookies and other trackers gather details of who you are, where you are, and what you have looked at online. Consider what might happen if these fell into the hands of your adversary, and take these steps to limit tracking.

    Make sure your browser is up to date

    Connect over HTTPS

    Why? The S in HTTPS stands for "secure." This is the protocol you should use to access web pages in your browser. HTTPS encrypts and protects what you are looking at as it travels between your device and the server the website is on.

    Use private browsing

    Why? "Private browsing" is a mode where the browser does not track cookies or save your browser history. Using it is a quick way to hide some of your activity if you otherwise tell your browser it is ok to keep a record of the pages you have searched. It can be especially useful if there is someone you live with who is threatening you and who has access to your device.


    Review the camera, microphone, and other site permissions

    Why? Permissions can be like a door or window you left open in your house: if one website can get in, others may be able to as well. Make sure only websites you use and trust have permission to use sensitive features like your camera or microphone. Malware might use those permissions to let someone see or hear where you are.

    Disable in all browsers: Flash and Java

    Why? Flash and Java are older software packages that make it easy for someone to run malicious code on your device without your permission.

    Disable in your browsers (Firefox, Chrome, Internet Explorer, Safari):

    Use protective browser plugins

    Why? When you browse the internet, you come into contact with a great deal of code from unknown sources. This is one reason why the overwhelming majority of malware and spyware infections originate from web pages. Additionally, people who maintain and advertise on websites use "cookies," which are small pieces of code that track you while you browse. And more fundamentally, websites do not always encrypt what they send or receive from you; they do not all use HTTPS.

    _We recommend installing the browser plugins or add-ons below to protect against these security and privacy issues. _

    All devices

    Advanced: configure proxy settings

    Why? If you know the internet is being blocked in your country and know how to use a proxy, look here to set it up in Firefox.

    Frequently Asked Questions

    Q: Why would I want so many different add-ons to defend myself against malicious websites? If NoScript protects me from potentially dangerous scripts, for example, why do I also need other add-ons which function in a similar way?

    A: It is often a good idea to use more than one tool to address the same general security issue (anti-virus programs are an important exception to this rule, since they tend to conflict with one another). These Firefox add-ons use very different techniques to protect your browser from a variety of threats. NoScript, for example, blocks all scripts from unknown websites, but users tend to 'whitelist' the websites they visit frequently, which allows them to load potentially-malicious scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, if those scripts are necessary for the page to function properly.