Mozilla Firefox Privacy & Security Settings

This page presents a guided tour of the major privacy and security preferences within the Mozilla Firefox browser. You will learn how to:

If you need more information about the key privacy and security issues that we'll cover on this page (the browser cache, the URL history, active content, and cookies), then see THIS page, which provides a short introduction to these several topics.

Browser Versions Covered

The screenshots you'll see are from Firefox 1.0, which was the latest version of Firefox at the time of writing. Previous versions of Firefox are quite similar to Firefox 1.0, though some of the settings you see below may be slightly different. In some earlier versions of Firefox -- esp. the very early versions known as Phoenix and Firebird -- you may not see the full range of options available in Firefox 1.0

Firefox is only one of the wbe browsers available from the Mozilla Foundation. For a discussion of the privacy & security settings in the Mozilla Foundation's other web browser, the original Mozilla browser, see THIS page. And see THIS page for a discussion of the privacy and security settings in Netscape 7.0, which is also based on the Mozilla browser.

First Things First: What Version Do You Have?
   
  Before we get started, let's figure out what version of Firefox you're running. You should know this information.
   
  To find your version of Firefox, click Help >> About Mozilla Firefox on the Firefox menu bar...
   
  Help >> About Mozilla Firefox...
   
  A dialog box should open up with version information.
   
  About Mozilla Firefox
   
  Right there is big bold letters is your version of Firefox -- Firefox 1.0, in this case.
   
  When you have the information you need, close this version box to return to the web page you were on.
   
 Configuring the Privacy & Security Options
   
Compared with Internet Explorer, Firefox's privacy and security settings are simpler and easier to manage, though they're more limited and less powerful in some ways.
   
1. Open the Firefox Options Box
   
  Open the Options box from w/in Firefox (Tools >> Options). 
   
  Tools >> Options...
   
  Once the Options box opens, you'll see a number of menus and sub-menus from which Firefox lets you access most of its configuration options.
   
  Options : General
   
  When you open the Options box in Firefox, you start with the General menu option. We select menu item categories from the tree menu on the left -- Firefox displays the corresponding options on the right. Our first major destination is the Privacy sub-menu. 
   
  The first thing we'll do is clear the URL History and Cache to protect the confidentiality of what we've done on the Net. For more information on the privacy issues involved with the URL History and Cache see THIS page. 
   
2.  Clear URL History
   
  To access the URL History settings, click on the Privacy sub-menu on the left, then click the History option to expand the full range of settings.
   
  Options : Privacy : History
   
  From this page we can Clear the History and set the History to be kept in number of days. Once you hit the Clear button, it will be greyed out.
   
3.  Clear the Cache
   
  Still further down on the Privacy sub-menu are the Cache settings, which allow us to clear the Cache and set the Cache size in KB. Click on the Cache option to expand all the settings.
   
  Options : Privacy : Cache
   
  Click the Clear button to clean your Cache
 
  Where is the Cache Really Stored?
 
  Note that the Cache settings in the Options box do not tell us where the Cache is located on our hard drive, unlike many other browsers (including the Mozilla browser).

If you're using Windows 95, Windows 98, or Windows Me, the location on the hard drive is probably:

 
        C:\Program Files\Firefox\Profiles\<user>\<num>\Cache
   
  ...where <user> is the username of the person currently using Firefox and <num> is a randomly generated directory name (these can look a bit strange).
 
  If you're using Windows 2000 or Windows XP, the disk cache will be located here:
 
         C:\Documents and Settings\<user>\Application Data\Firefox\Profiles\<user>\<num>\Cache
   
  ...where <user> is the username of the person logged on to Windows and <num> is a randomly generated directory name (again, a bit strange-looking).
   
  Browser cache files can be viewed and manually deleted from this location, just as they can be viewed and manually deleted in Internet Explorer's \Temporary Internet Files folder. Keep in mind, though, that the \Temporary Internet Files folder that you see in your \Documents and Settings, \Windows , or \WINNT directory is for Internet Explorer only, not Firefox.
   
4. Disable Popups
   
  The Firefox browser allows us to turn off or disable popups -- those annoying, obnoxious mini-windows that many web sites use to bombard you with advertising.
   
  To access Firefox's popup controls, click the Web Features menu option on the left of the Options box.
   
  Options : Web Features
   
  Firefox gives us two basic approaches to popups:
  • allow popups
  • block popups (but specify exceptions)

The easiest and most effective approach to popups is to select Block Popup Windows (such as you see in the screenshot above) and then specify exceptions.

 
  There may be web sites that you frequently visit that use popups for legitimate reasons -- to display additional information about an item, for example. To allow those web sites to use popups, you can add them to the allowed sites list (shown in the screenshot above). 

Click the Add Site... button to open a dialog box that allows you to add sites to the list:

   
  Unblock Site
   
  To add a web site, type the domain name (e.g., uiuc.edu or cnn.com) and then click the OK button. Firefox will add the site to the list of allowed or unblocked sites.
   
  The ability to suppress popups is a wonderful feature of the Firefox browser (Opera also has this ability), one that you'll appreciate almost immediately.
   
  Popups & JavaScript
   
  If you choose to suppress popups, there are fewer reasons to disable JavaScript, which we discuss below. The primary reason that people disable JavaScript is to suppress popups (most popups are created with JavaScript). Some web sites do use JavaScript for things other than popups, however. Some web sites may even require that JavaScript be enabled in order to function properly. Once we've chosen to suppress popups with Firefox's popup controls, however, we can leave JavaScript enabled (if we choose) without fear of being inundated with popups.
     
5. Disable Java & JavaScript
   
  Even though we've disabled popups already, we might still want to consider disabling Java and JavaScript -- the two forms of "active content" that Firefox can use. For more information on the privacy and security issues involved with "active content," see THIS page.
   
  Firefox's Java and JavaScript settings are also located on the Web Features menu just below the popup settings.
   
  Options : Web Features
   
  Java
   
 

To disable Java, uncheck the Enable Java checkbox. Note that with Java disabled, some web sites may not work properly. In those cases you can re-enable Java as needed on a site-by-site basis.

   
  JavaScript
   
 

To disable JavaScript, uncheck the Enable JavaScript box. Note that with JavaScript disabled, some web sites may not work properly. 

If we wanted to, we could leave JavaScript enabled and disable certain actions in the Advanced JavaScript Options. To access those Advanced options, click the Advanced... button.

 
  Advanced JavaScript Options
 
  Leaving JavaScript enabled but placing limitations on the use of JavaScript allows web pages to use JavaScript, while preventing them from doing some of the more obnoxious things that some web sites do with JavaScript. Also, as we noted above, we can disable popups separately, giving us even fewer reasons to disable JavaScript.
   
  So which strategy is better -- disabling JavaScript altogether or enabling/disabling specific actions for JavaScript? It all depends on the user and what that user's tolerance level is for broken web pages -- some web sites require JavaScript in order to function properly.
   
  Potential Problems with Java & JavaScript Disabled
   
  All of the Java and JavaScript options presented above are global, meaning that they apply to every web site visited. There is nothing in Firefox comparable to the Security zones used by Internet Explorer 4, 5, and 6, or the Privacy tab options seen in Internet Explorer 6
   
  This limitation can present problems when you encounter a web site that requires Java or JavaScript to be enabled in order to function properly. If you disable Java and JavaScript and then encounter a web site that requires either one to function properly,  your only option is to re-enable Java or JavaScript. Once you re-enable Java or JavaScript, however, every web site that you visit will be able to make use of JavaScript.
   
  JavaScript & Popups
   
  One of the primary reasons that users might want to disable JavaScript is to prevent popups, which can be annoying and which are usually created with JavaScript. If you're primarily interested in disabling JavaScript to stop annoying popups, then you might consider simply disabling popups from the Web Features menu, as we did above. That option allows you to keep JavaScript enabled while still blocking popups. 
     
6. Disable Automatic Software Installation
   
  Firefox can install software automatically from web pages, however, this can be a dangerous option to leave enabled, esp. given that web sites are now starting to tailor their spyware and adware packages to be installed through the Mozilla, Netscape, and Firefox browsers (previously spyware and adware were automatically installed primarily through Microsoft's Internet Explorer browser).
   
  Firefox's automatic software installation settings are also located on the Web Features menu just below the popup settings. Uncheck the Allow web sites to install software setting to disable automatic software installation.
   
   Options : Advanced
   
   Once you've disabled this setting, you should keep a few things in mind:
  • You can re-enable this setting on a site-by-site basis to allow software to be installed from web sites that you know and trust. 
     
  • Moreover, even with this setting disabled, you will still be notified that the site wants to automatically install software. The difference is that you will see a download box instead of an installation box. The download box will let you download the file -- which will have the extension .XPI -- to your hard drive instead of installing it automatically. You can also Cancel the download entirely. If you do download the .XPI file, you can install it by opening it off your hard drive from within Firefox (File >> Open File... ).
     
  • Finally, disabling this setting will not prevent you from downloading and installing software the "old fashioned" way -- that is, clicking a link to download a setup file, and then running the setup file once it's downloaded. This setting pertains only to automatic software installations that are performed online.
   
 Working with Cookies
   
  Cookies are small "data tags" that allow web sites to recognize us when we return to those web sites. While cookies can be useful -- say, for being recognized at a web site with which we've registered -- they can also be used by advertisers to track our movements and behavior across the Net. To protect our privacy, we need to configure Firefox's cookie settings so that the browser stores only cookies that we find useful. For more information on the privacy issues involved with cookies, see THIS page.
   
  Firefox provides us with a rich set of options for dealing with cookies. We have two initial, main choices, each of which offers us range of options. We can:
  • choose one of the basic cookie configuation settings to Enable or Disable cookies;
  • use the Exceptions list to specify exceptions to our primary cookie option.
  • specify other restrictions on the use of cookies

Additionally, we can use the Stored Cookies box to manage, delete, and block cookies selectively on a case-by-case basis.

Let's look at each of these options for dealing with cookies in Firefox and detail what they present us.

   
1. Basic Cookie Configuration Options
   
  To get to Firefox's cookie options, click on the Privacy menu option on the left of the Options box, and then click the Cookies item to expand the Cookies settings.
   
  Options : Privacy : Cookies
   
  On this menu Firefox gives us a basic set of options for handling cookies: 
  • We can disable cookies, as we have in the screenshot above, by unchecking the Allow sites to set cookies option.
     
  • We can enable all cookies to be accepted by selecting the Allow sites to set cookies option.

While these two basic options can be useful tools, those tools are a bit blunt. We may want more control over how Firefox handles cookies from web sites. In fact, our options do go beyond simply enabling and disabling cookies.

  • Once we enable or disable cookies, we can specify Exceptions to our main cookie policy on a site-by-site basis.
     
  • We can also choose the Enable cookies for originating web site only option. Note that this setting allows us to filter out "third-party" cookies that often used by advertisers and marketers (who place banner ads on web sites), while accepting truly useful cookies from the web sites we often visit.
     
  • Using the Keep Cookies drop-down menu, we can also specify other restrictions on the use of cookies, such as until I close Firefox (which clears cookies automatically when you close Firefox) or ask me every time (which causes Firefox to prompt you to accept each cookie before it is accepted). The default for Keep Cookies setting is until they expire.
   
2. Using the Exceptions List to Filter Cookies
   
  If we don't want to enable or disable cookies outright, we have still other choices. Instead of enabling or disabling cookies, we can use Firefox's Exceptions list to filter cookies on a site-by-site basis.
   
  To access the Exceptions list, select the Exceptions... button.
   
  Exceptions
   
  In this Exceptions box we can Block and Allow sites on a site-by-site basis. Note that this is a list of Exceptions to whatever the primary cookie policy happens to be (enable or disable). To add a site to the list, type in the domain name (e.g., cnn.com or uiuc.edu) and hit the Block or Allow button.
   
  This Exceptions list gives us the power to leave cookies enabled on the main cookies page (see above) while still blocking cookies from web sites that we'd prefer not to deal with. By turns, we could also disable cookies by default, but specify a small number of web sites that we trust and which we will allow to set cookies.
   
3. Using the Stored Cookies Box to Manage, Delete, & Block Cookies
   
  If we simply disable Cookies, some web sites may not work properly. One solution to this problem is to leave Cookies enabled, but selectively manage and delete cookies after they're accepted. That way, we keep only the cookies we find useful.

We can easily manage and delete cookies in Firefox by hitting the Stored Cookies.. button, which brings up the Stored Cookies dialog box:

   
  Stored Cookies
   
  The Stored Cookies box allows us to view and delete the cookies which have been stored on our system. 

If we check the Don't allow sites that set removed cookies to set future cookies at the bottom before removing cookies, the web sites which placed those cookies will be added to the Exceptions list (discussed above) and blocked permanently:

     
Conclusion
   
I hope you've found this short tour of Firefox's privacy and security features interesting and helpful. If you need more assistance or still have questions, check the following web pages for links to information about web browser privacy and security:
   
 

 

2002-2004 Eric L. Howes

Home [frames]        Home [no frames]