Configuring Mozilla Firefox for increased privacy:
Privacy Settings


Table of contents:
Summary:
This article describes what private information Mozilla Firefox stores on your system and how to reconfigure it to reduce it's amount.

While using a proxy server will give you a certain level of protection aginst the detection of your IP address, the browser will store plenty of information about sites you visit. Although Firefox has built-in feature to clear history and temporary files, but that might not be enough to really clear it. The reason is that it's pretty hard to actually remove any files from the Windows file systems. There are a lot of forensic tools that can restore deleted files or even restore whole drive contents even after drive format. So the question is, what to do. The answer is a preventive measure are more effective than trying to remove data that's already written to the disk. One of preventive measures is to configure browser to not store any private data (history, passwords, cache, etc.) in the first place. Since if no data is actually stored it's not needed to delete it. While this maybe sometimes might be inconvenient it's usually not a big issue.

As a target browser we will be using Mozilla Firefox 3. There are following components that need the reconfiguration:

Privacy settings

Privacy settings

1.Browsing History

First thing that has to be corrected is Firefox browsing history settings. These settings are located in the Privacy tabsheet of the Tools->Options... menu. You need to uncheck boxes that enable logging of browsing history and user entered strings.

The obvious dangers of  the stored browsing history is that the address of  each and every web page you have visited is recorded. Of course there are plenty of forensic tools that will extract and trace all the sites you have visited.

2. Cookies

Cookies are used by websites to store little data snippets in your browser. Almost all the sites leave some kind of cookie in your browser. Luckily Firefox has an option to remove cookies when it's exited. Altho it's possible to not accept cookies at all, but that often can cause problems since some sites actually need to have cookies enabled to for navigation to work.

Private data clearing options The dangers of cookies are that each of them contains a record of the web site's address it was sent from. So it works as an evidence that a particular web site was visited. To see currently stored cookies you can click the "Show Cookies..." button. It's a very good idea to get rid of them as soon as possible. 

3. Private Data

Firefox has a built-in private data cleaning utility. It can clean up any remaining traces of data (which should small to non-existant). The best option is to enable it to clear data whenever you close the brower. This way you can be fairly certain not to forget to run it. Only problem is that if you crash or power down without proper shutdown this procedure won't be executed, so keep that in mind.

If you click the "Settings..." button you can see what private data can be removed. Also check that all the options in this window are enabled.

Saved passwords

Saved passwords configuration Saved passwords are a particularly dangerous feature. Only recently Firefox started use of encrypted saved passwords. The ramifications for the stolen saved passwords are immense. There have been numerous reports of passwords stolen from compromised machines (say good-bye to your Paypal account for example). The best way is not to save passwords in the browser. If you really need to save passwords, consider using some good 3rd-party utility designed exactly for a safe password storage.

N.B.  If you fill the login form on some website  by default Firefox will ask you - "Do you want to save password for this site?" - in case you answer "not for this site" - it's name will end up inside  Firefox's exception list which is readable to anyone. Same goes for all the exceptions lists in the browser! So you need to answer "No" in such cases.