• Home
• Tools
• Linux

Firefox and Security Add-Ons for Linux - Secure Web Browser

Updated 24 May 2021

If you get your internet through Facebook, Google, or Wikipedia (zero-rating)

If you are in a country where Wikipedia, Google, or Facebook provides your free access to the internet (a service known as zero-rating), you may think of these organizations or companies as the internet. But the internet is a much larger, loose network of computers that your device connects to in order to access pages, videos, files, and other content. The internet includes Facebook, Google, and Wikipedia--not the other way around. The internet also includes computers owned by governments, military groups, and universities. The main app most people use to browse the internet is not owned by any of these companies.

Change your device’s default browser to Firefox or Chrome

Why? The main app most people use to browse the internet is called a web browser. Not all web browsers are created equal. Some protect your security more effectively than others.

• Do NOT use:

  • Safari
  • Edge
  • Internet Explorer

• DO use

  • We strongly recommend the Firefox web browser, made by Mozilla. It has better built-in security than others. Firefox is free and open source software (FOSS).
  • Google Chrome also has high quality security, and would be another option. However, because it is a Google product, consider whether Chrome might send more data about you to Google than you are comfortable with. It will be able to connect your browser history with your email accounts and other personal information.
  • Learn how to set your default browser https://support.mozilla.org/en-US/kb/make-firefox-your-default-browser Use the drop-down menus under "Customize this article" to find the right instructions for your device. Or, try the links below.

• Install Firefox https://support.mozilla.org/kb/install-firefox-linux

• Set it as your default browser https://help.ubuntu.com/stable/ubuntu-help/net-default-browser.html

Delete browsing history

Why? Your browsing history is a list of websites you have visited. The default option in Firefox is "Remember my browsing and download history", which means that Firefox will remember your browsing, download, form, and search histories. Firefox will also accept cookies (small pieces of code that track your online activity) from the websites you visit. These cookies allow websites to record information on your device that Firefox will send back to them and their advertising partners.

Browser history can be helpful to you: your browser will suggest pages you have visited before, so you don't have to re-type addresses or get sent to sites that are malicious. But there are trade-offs. If someone had access to the history of what you viewed on the internet, there is a lot they could learn about you, the people you work with, and the things you have been reading about.

Firefox

• Clear all cookies https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox
• Disable third-party cookies https://support.mozilla.org/kb/disable-third-party-cookies
• Set up a button that makes it easy to quickly delete cookies and the history of pages you visited https://support.mozilla.org/kb/forget-button-quickly-delete-your-browsing-history
• Use the drop-down menus under "Customize this article" to find the right instructions for your device on these pages:
  • Tell Firefox to "Never remember history" or "use custom history." https://support.mozilla.org/kb/delete-browsing-search-download-history-firefox#w_how-do-i-make-firefox-clear-my-history-automatically
  • You can also delete your browser history manually: "how to clear your history."" https://support.mozilla.org/kb/delete-browsing-search-download-history-firefox#w_how-do-i-clear-my-history
• Consider whether you want to change what browser suggests when you type in address bar. You can:
• Change your address bar settings so it does not suggest pages from your browsing history or other unwanted results https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_how-can-i-control-what-results-the-address-bar-shows-me
• Remove autocomplete results https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_removing-autocomplete-results

Chrome

• Select "Block all cookies" and "Clear cookies when you quit Chrome" https://support.google.com/chrome/answer/95647
• Delete the history of pages you visited https://support.google.com/chrome/answer/95589?hl=en&co=GENIE.Platform=Desktop

Set default search engine

Why? Search engines like Google and Bing build profiles of people who use them, track your device specifically, and share their users' personal information with third parties. Your browser uses one search engine by default when you type in what you want to search for.

All browsers

• Set your browser to a default search engine that does not track you:
  • DuckDuckGo (our top recommendation)
  • StartPage
  • Disconnect

Firefox

• Use the drop-down menus under "Customize this article" to find the right instructions for your device on these pages:
  • Set your default search engine: https://support.mozilla.org/kb/change-your-default-search-settings-firefox#w_default-search-engine
  • Add or remove search engines: https://support.mozilla.org/kb/change-your-default-search-settings-firefox#w_remove-or-add-search-engines

Chrome

• Set your default search engine https://support.google.com/chrome/answer/95426

Set Do Not Track

https://support.mozilla.org/kb/how-do-i-turn-do-not-track-feature

Many websites collect information about you and allow third parties to gather data about the websites you visit. This is called tracking. Do Not Track is a system that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.

To enable Do Not Track in Firefox, and minimise the tracking of your online activity, select the two options under the Tracking section. It is important to understand, however, that companies have the ability to ignore your choice and track you anyway. Here is a list of companies' commitments to honoring Do Not Track requests.

Manage add-ons and pop-ups

Why? Malicious people may try to trick you into installing malware in the form of add-ons to your browser. They may do this using a pop-up window. Make sure your browser is set to protect you from these tricks. Additionally, ensure add-ons you do want are up to date, and remove ones you are not using. Just as old food can spoil, old code can let in bugs and endanger you.

• Make sure Firefox is set to block pop-ups and warn you when it is about to install an add-on https://support.mozilla.org/kb/pop-blocker-settings-exceptions-troubleshooting#w_pop-up-blocker-settings
• Update add-ons automatically https://support.mozilla.org/kb/how-update-add-ons
• Remove unused add-ons https://support.mozilla.org/kb/disable-or-remove-add-ons

Consider not showing what you last viewed on startup

Why? If you are worried that your device will be seized or searched, turn off the feature that shows the webpages you had open when you last closed your browser._

• Turn off "restore previous session" https://support.mozilla.org/kb/restore-previous-session

Turn off the built-in password manager

Why? Firefox can save and encrypt passwords for you. However, we recommend turning this feature off and using a stand-alone password manager instead. Browser-based password managers put you at greater risk of an attacker tricking your browser into giving up your passwords.

• Use the drop-down menus under "Customize this article" to find the right instructions for your device on this page: https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins#w_disabling-the-password-manager

Check Enhanced Tracking Protections settings

Why? Cookies and other trackers gather details of who you are, where you are, and what you have looked at online. Consider what might happen if these fell into the hands of your adversary, and take these steps to limit tracking.

• Check your settings; at least set Enhanced Tracking Protection to Standard; consider whether you want to set it to Strict (more sites will break) https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_adjust-your-global-enhanced-tracking-protection-settings

Make sure your browser is up to date

• Firefox should update automatically, but you can check whether you have the latest version of the browser: https://support.mozilla.org/kb/update-firefox-latest-release

Connect over HTTPS

Why? The S in HTTPS stands for "secure." This is the protocol you should use to access web pages in your browser. HTTPS encrypts and protects what you are looking at as it travels between your device and the server the website is on.

• Set your preferences to HTTPS only: https://support.mozilla.org/kb/https-only-prefs

Use private browsing

Why? "Private browsing" is a mode where the browser does not track cookies or save your browser history. Using it is a quick way to hide some of your activity if you otherwise tell your browser it is ok to keep a record of the pages you have searched. It can be especially useful if there is someone you live with who is threatening you and who has access to your device.

• Understand more about what private browsing will NOT protect you from, including posts you make on social media, files you download, or malware someone has put on your device https://support.mozilla.org/kb/common-myths-about-private-browsing

Firefox

• Turn on private browsing for this session https://support.mozilla.org/kb/private-browsing-use-firefox-without-history
• Consider turning private browsing on at all times https://support.mozilla.org/kb/private-browsing-use-firefox-without-history#w_can-i-set-firefox-to-always-use-private-browsing

Review the camera, microphone, and other site permissions

Why? Permissions can be like a door or window you left open in your house: if one website can get in, others may be able to as well. Make sure only websites you use and trust have permission to use sensitive features like your camera or microphone. Malware might use those permissions to let someone see or hear where you are.

• Manage permissions you may have granted to different websites https://support.mozilla.org/kb/how-manage-your-camera-and-microphone-permissions

Disable in all browsers: Flash and Java

Why? Flash and Java are older software packages that make it easy for someone to run malicious code on your device without your permission.

Disable in your browsers (Firefox, Chrome, Internet Explorer, Safari):

• Java https://www.java.com/download/help/disable_browser.html
• Flash https://www.howtogeek.com/222275/how-to-uninstall-and-disable-flash-in-every-web-browser/

Disable in email

• Thunderbird:
  • Follow these instructions; look for Java or Flash add-ins and turn them off or set them to "ask to run" https://support.mozilla.org/kb/thunderbird-add-ons-frequently-asked-questions#w_how-do-i-disable-or-uninstall-an-add-on

Use protective browser plugins

Why? When you browse the internet, you come into contact with a great deal of code from unknown sources. This is one reason why the overwhelming majority of malware and spyware infections originate from web pages. Additionally, people who maintain and advertise on websites use "cookies," which are small pieces of code that track you while you browse. And more fundamentally, websites do not always encrypt what they send or receive from you; they do not all use HTTPS.

We recommend installing the browser plugins or add-ons below to protect against these security and privacy issues.

All devices

• You can choose which add-ons to install and decide how to configure them, depending on your circumstances.
• If you are using a computer that is managed by someone else (at an Internet cafe, for example, or in your place of work), you might have to make these adjustments repeatedly.
• Install and configure:
  • HTTPS Everywhere https://www.eff.org/https-everywhere/
    • Why? Makes it so someone snooping on the network cannot see as much of what you are viewing and posting online.
  • Privacy Badger https://privacybadger.org/
    • Why? Blocks trackers that gather data on where you have been online.
  • uBlock Origin https://ublockorigin.com/
    • Why? Blocks advertising and trackers, some of which might be malicious.
  • Cookie Autodelete for Firefox https://addons.mozilla.org/firefox/addon/cookie-autodelete/ and Chrome https://chrome.google.com/webstore/detail/cookie-autodelete/fhcgjolkccmbidfldomjliifgaodjagh/
    • Why? Deletes trackers that gather data on where you have been online.
  • Facebook Container, if you use Facebook (Firefox only) https://addons.mozilla.org/firefox/addon/facebook-container/
    • Why? Keeps Facebook from gathering data on where you have been online and associating it with your profile.
  • Zoom Redirector for Firefox https://addons.mozilla.org/firefox/addon/zoom-redirector/ and Chrome https://chrome.google.com/webstore/detail/zoom-redirector/fmaeeiocbalinknpdkjjfogehkdcbkcd
    • Why? By making Zoom links open in your browser, this add-on keeps the call within your browser's protections.
  • Optional, but recommended: NoScript https://noscript.net/
    • Note that NoScript will often make it appear that there is nothing on pages you visit, or that they are broken. Learn more about configuring it here https://noscript.net/features
    • Why? It is easy for an adversary to get to your machine using malicious code in Flash or Java. NoScript makes it possible to allow only the code you need to use a website.

Advanced: configure proxy settings

Why? If you know the internet is being blocked in your country and know how to use a proxy, look here to set it up in Firefox.

• Manage your proxy settings https://support.mozilla.org/kb/connection-settings-firefox

Frequently Asked Questions

Q: Why would I want so many different add-ons to defend myself against malicious websites? If NoScript protects me from potentially dangerous scripts, for example, why do I also need other add-ons which function in a similar way?

A: It is often a good idea to use more than one tool to address the same general security issue (anti-virus programs are an important exception to this rule, since they tend to conflict with one another). These Firefox add-ons use very different techniques to protect your browser from a variety of threats. NoScript, for example, blocks all scripts from unknown websites, but users tend to 'whitelist' the websites they visit frequently, which allows them to load potentially-malicious scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, if those scripts are necessary for the page to function properly.