Firefox and Security Add-Ons for Mac OS X - Secure Web Browser

Updated 24 May 2021

Table of Contents

...Loading Table of Contents...

    If you get your internet through Facebook, Google, or Wikipedia (zero-rating)

    If you are in a country where Wikipedia, Google, or Facebook provides your free access to the internet (a service known as zero-rating), you may think of these organizations or companies as the internet. But the internet is a much larger, loose network of computers that your device connects to in order to access pages, videos, files, and other content. The internet includes Facebook, Google, and Wikipedia--not the other way around. The internet also includes computers owned by governments, military groups, and universities. The main app most people use to browse the internet is not owned by any of these companies.

    Change your device’s default browser to Firefox or Chrome

    Why? The main app most people use to browse the internet is called a web browser. Not all web browsers are created equal. Some protect your security more effectively than others.

    Delete browsing history

    Why? Your browsing history is a list of websites you have visited. The default option in Firefox is "Remember my browsing and download history", which means that Firefox will remember your browsing, download, form, and search histories. Firefox will also accept cookies (small pieces of code that track your online activity) from the websites you visit. These cookies allow websites to record information on your device that Firefox will send back to them and their advertising partners.

    Browser history can be helpful to you: your browser will suggest pages you have visited before, so you don't have to re-type addresses or get sent to sites that are malicious. But there are trade-offs. If someone had access to the history of what you viewed on the internet, there is a lot they could learn about you, the people you work with, and the things you have been reading about.

    Firefox

    Chrome

    Set default search engine

    Why? Search engines like Google and Bing build profiles of people who use them, track your device specifically, and share their users' personal information with third parties. Your browser uses one search engine by default when you type in what you want to search for.

    All browsers

    Firefox

    Chrome

    Set Do Not Track

    https://support.mozilla.org/kb/how-do-i-turn-do-not-track-feature

    Many websites collect information about you and allow third parties to gather data about the websites you visit. This is called tracking. Do Not Track is a system that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.

    To enable Do Not Track in Firefox, and minimise the tracking of your online activity, select the two options under the Tracking section. It is important to understand, however, that companies have the ability to ignore your choice and track you anyway. Here is a list of companies' commitments to honoring Do Not Track requests.

    Manage add-ons and pop-ups

    Why? Malicious people may try to trick you into installing malware in the form of add-ons to your browser. They may do this using a pop-up window. Make sure your browser is set to protect you from these tricks. Additionally, ensure add-ons you do want are up to date, and remove ones you are not using. Just as old food can spoil, old code can let in bugs and endanger you.

    Consider not showing what you last viewed on startup

    Why? _If you are worried that your device will be seized or searched, turn off the feature that shows the webpages you had open when you last closed your browser.

    Turn off the built-in password manager

    Why? Firefox can save and encrypt passwords for you. However, we recommend turning this feature off and using a stand-alone password manager instead. Browser-based password managers put you at greater risk of an attacker tricking your browser into giving up your passwords.

    Check Enhanced Tracking Protections settings

    Why? Cookies and other trackers gather details of who you are, where you are, and what you have looked at online. Consider what might happen if these fell into the hands of your adversary, and take these steps to limit tracking.

    Make sure your browser is up to date

    Connect over HTTPS

    Why? The S in HTTPS stands for "secure." This is the protocol you should use to access web pages in your browser. HTTPS encrypts and protects what you are looking at as it travels between your device and the server the website is on.

    Use private browsing

    Why? "Private browsing" is a mode where the browser does not track cookies or save your browser history. Using it is a quick way to hide some of your activity if you otherwise tell your browser it is ok to keep a record of the pages you have searched. It can be especially useful if there is someone you live with who is threatening you and who has access to your device.

    Firefox

    Review the camera, microphone, and other site permissions

    Why? Permissions can be like a door or window you left open in your house: if one website can get in, others may be able to as well. Make sure only websites you use and trust have permission to use sensitive features like your camera or microphone. Malware might use those permissions to let someone see or hear where you are.

    Disable in all browsers: Flash and Java

    Why? Flash and Java are older software packages that make it easy for someone to run malicious code on your device without your permission.

    Disable in your browsers (Firefox, Chrome, Internet Explorer, Safari):

    Disable in email

    Use protective browser plugins

    Why? When you browse the internet, you come into contact with a great deal of code from unknown sources. This is one reason why the overwhelming majority of malware and spyware infections originate from web pages. Additionally, people who maintain and advertise on websites use "cookies," which are small pieces of code that track you while you browse. And more fundamentally, websites do not always encrypt what they send or receive from you; they do not all use HTTPS.

    We recommend installing the browser plugins or add-ons below to protect against these security and privacy issues.

    All devices

    Advanced: configure proxy settings

    Why? If you know the internet is being blocked in your country and know how to use a proxy, look here to set it up in Firefox.

    Frequently Asked Questions

    Q: Why would I want so many different add-ons to defend myself against malicious websites? If NoScript protects me from potentially dangerous scripts, for example, why do I also need other add-ons which function in a similar way?

    A: It is often a good idea to use more than one tool to address the same general security issue (anti-virus programs are an important exception to this rule, since they tend to conflict with one another). These Firefox add-ons use very different techniques to protect your browser from a variety of threats. NoScript, for example, blocks all scripts from unknown websites, but users tend to 'whitelist' the websites they visit frequently, which allows them to load potentially-malicious scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, if those scripts are necessary for the page to function properly.