Configuring Mozilla
Firefox for increased privacy:
Privacy Settings
Summary:
This article
describes what private information Mozilla Firefox stores on your
system and how to reconfigure it to reduce it's amount.
Table of contents:
While using a proxy server will give you a certain level of
protection aginst the detection of your IP address, the browser will
store plenty of information about sites you visit. Although
Firefox has built-in feature to clear history and temporary files, but
that
might not be enough
to really clear it. The reason is that it's pretty hard to
actually remove
any files from the Windows file systems. There are a lot of
forensic tools that can restore deleted files or even restore whole
drive
contents after drive format. So the question is, what to do. The answer
is preventive measure are more effective than trying to remove data
that's already written to the disk. One of preventive
measures is to configure browser to not store any private data
(history, passwords, cache, etc.) in the first place. Since if no data
is actually stored it's not needed to delete it. While this maybe
sometimes might be inconvenient it's usually not a big issue.
As a target browser we will be using Mozilla Firefox 3. There are
following components that need the reconfiguration:
Privacy
settings
1.
Browsing History
First thing that has to be corrected is Firefox browsing history
settings. These settings are located in the Privacy tabsheet of the
Tools->Options... menu. You need to uncheck boxes that enable
logging of browsing history and user entered strings.
The obvious dangers of the stored browsing history is that
the
address
of each and every web page you have visited is recorded. Of
course there are
plenty of forensic tools that will extract and trace all the sites you
have visited.
2.
Cookies
Cookies
are used by websites to store little data snippets in your browser.
Almost all the sites leave some kind of cookie in your browser. Luckily
Firefox has an option to remove
cookies when it's exited. Altho it's possible to not accept cookies at
all, but that often can cause problems since some sites actually need
to have cookies
enabled to for navigation to work.
The dangers of cookies are that
each
of them contains a record of the web site's address it was sent from.
So it works
as an evidence that a particular web site was visited. To see currently
stored cookies you can click the
"Show Cookies..." button. It's a very good idea to get rid of them as
soon as possible.
|
 |
3.
Private Data
Firefox has a built-in private data cleaning
utility. It can clean up any remaining traces of data (which should
small to non-existant). The best option
is to enable it to clear data whenever you close the brower. This way
you can be fairly certain not to forget to run it. Only problem is that
if you crash or power down without proper shutdown this procedure won't
be executed, so keep that in mind.
If you click the "Settings..." button you can see what private data can
be removed. Also check
that all the options in this window are enabled.
|
Saved
passwords
| Saved
passwords are a particularly dangerous feature. Only recently Firefox
started use of encrypted saved passwords. The ramifications for the
stolen saved passwords are immense. There have been numerous reports of passwords
stolen
from compromised machines (say good-bye to Paypal account
etc.). The best way
is not to save passwords in the browser. If you really need to save
passwords,
consider using some good utility designed exactly for safe password
storage. |
 |
| N.B. If
you fill the login form on some website by default Firefox
will ask you - "Do you
want to save password
for this site?" -
in case you answer "not
for this site" - it's name will end up in Firefox
saving site's
address in the browser's exception list. Same goes for all the exceptions lists
in the
browser! So you need to answer "No"
in such cases. |
|
