Mozilla Browser Privacy & Security Settings

This page presents a guided tour of the major privacy and security preferences within the Mozilla browser. You will learn how to:

If you need more information about the key privacy and security issues that we'll cover on this page (the browser cache, the URL history, active content, and cookies), then see THIS page, which provides a short introduction to these several topics.

Browser Versions Covered

The screenshots you'll see are from Mozilla 1.7, which was the latest version of Mozilla at the time of writing. Previous versions of Mozilla are quite similar to Mozilla 1.7, though some of the settings you see below may be slightly different. In some cases (esp. the cookie settings), earlier versions may not have the full range of options that Mozilla 1.7 does. 

Also, because the newer versions of Netscape are built from the Mozilla web browser, Netscape 6.0 and 7.0 also offer similar settings -- again, with minor differences here and there. See THIS page for a discussion of the privacy and security settings in Netscape 7.0. And for a discussion of the privacy & security settings in the Mozilla Foundation's other web browser, Firefox, see THIS page.

First Things First: What Version Do You Have?
  Before we get started, let's figure out what version of Mozilla you're running. You should know this information.
  To find your version of Mozilla, click Help >> About Mozilla on the Mozilla menu bar...
  Help >> About Mozilla
  A web page should open up with version information.
  About Mozilla 1.7
  Right there is big bold letters is your version of Mozilla -- Mozilla 1.7, in this case.
  When you have the information you need, close this version page to return to the web page you were on.
 Configuring Mozilla's Privacy & Security Preferences
Compared with Internet Explorer, Mozilla's privacy and security settings are simpler and easier to manage, though they're more limited and less powerful.
1. Open the Mozilla Preferences Box
  Open the Preferences box from w/in Mozilla (Edit >> Preferences). Mozilla lets you access most of its configuration options here.
  Edit >> Preferences...
  The first thing we'll do is clear the URL History to protect the confidentiality of what we've done on the Net. For more information on the privacy issues involved with the URL History see THIS page. 
2.  Clear History & Location Bar
  When you open the Preferences dialog box from w/in the Mozilla browser, you start on the Navigator menu option. We select categories from the tree menu on the left -- Mozilla displays the corresponding options on the right.

To clear the URL history, select the History menu item under Navigator.

  Preferences: Navigator: History
  From this page we can clear the History, set the History to be kept in number of days, and clear the Location Bar (URL dropdown list). Once you hit the Clear History or Clear Location Bar buttons, they will be greyed out, as the Clear Location Bar button is above.
3. Disable Java & JavaScript
  Even though we'll disable popups later in these instructions, we might still want to consider disabling Java and JavaScript -- the two forms of "active content" that Mozilla can use. For more information on the privacy and security issues involved with "active content," see THIS page.
  Mozilla's Java and JavaScript settings are both located under the Advanced menu.
  The Advanced options sub-menu also gives us the Java settings. (You won't find ActiveX settings here, unlike Internet Explorer, because Mozilla can't run ActiveX controls.) 

Uncheck the Enable Java checkbox to disable Java.

   Preferences: Advanced
  Note that with Java disabled, some web sites may not work properly. In those cases you can re-enable Java as needed.
  To get to the JavaScript settings, drop down to the Scripts & Plug-ins sub-menu. (You may have to click on the Advanced menu to expand it before you can see the Scripts & Plug-ins sub-menu.)

Under Enable JavaScript for, uncheck the Navigator box to disable JavaScript completely for the web browser.

  Preferences: Advanced: Scripts & Plug-ins
  Note that if we wanted to, we could leave JavaScript enabled and disable certain actions under Allow scripts to:, as we've done below. Doing so would let web pages still use JavaScript, while preventing them from doing some of the more obnoxious things that some web sites do with JavaScript.
  Preferences: Advanced: Scripts & Plug-ins (boxes unchecked)
  So which strategy is better -- disabling JavaScript altogether or enabling/disabling specific actions for JavaScript? It all depends on the user and what that user's tolerance level is for broken web pages -- some web sites require JavaScript in order to function.
  Potential Problems with Java & JavaScript Disabled
  All of the Java and JavaScript options presented here are global, meaning that they apply to every web site visited. There is nothing in Mozilla comparable to the Security zones used by Internet Explorer 4, 5, and 6, or the Privacy tab options seen in Internet Explorer 6
  This limitation can present problems when you encounter a web site that requires JavaScript to be enabled in order to function properly. If you disable JavaScript and then encounter a web site that requires JavaScript to function,  your only option is to re-enable JavaScript. Once you re-enable JavaScript, however, every web site that you visit will be able to make use of JavaScript.
  JavaScript & Popups
  One of the primary reasons that users might want to disable JavaScript is to prevent popups, which can be annoying and which are usually created with JavaScript. If you're primarily interested in disabling JavaScript in order to stop annoying popups, then you might consider simply disabling popups from the Popup Window Controls menu, which we discuss below. This option allows you to keep JavaScript enabled while still blocking popups. 
4.  Clear the Cache
  The next thing we'll do is clear the Cache -- again to protect the confidentiality of what we've done on the Net. For more information on the privacy issues involved with the Cache see THIS page. 
  Still further down on the Advanced menu is the Cache sub-menu, which allows us to clear the Cache and set the Cache size in KB. (You may have to click on the Advanced menu to expand it before you can see the Cache sub-menu.)
  Preferences: Advanced: Cache
  Click the Clear Cache button to clean your Cache
  Where is the Cache Really Stored?
  Note that the Cache page of the Preferences box tells us where the Cache is located on our hard drive -- see the Cache Folder: box above. (If the entry is too long to read, put your cursor inside the box and highlight the entire text, which you can then copy to the clipboard by right-clicking and selecting Copy from the context menu.) 

If you're using Windows 95, Windows 98, or Windows Me, the location on the hard drive is probably:

        C:\Program Files\Mozilla\Profiles\<user>\<num>\Cache
  ...where <user> is the username of the person currently using Mozilla and <num> is a randomly generated directory name (these can look a bit strange). Doublecheck the Cache Folder: box to be sure.
  If you're using Windows 2000 or Windows XP, the disk cache will be located here:
         C:\Documents and Settings\<user>\Application Data\Mozilla\Profiles\<user>\<num>\Cache
  ...where <user> is the username of the person logged on to Windows and <num> is a randomly generated directory name (again, a bit strange-looking).
  Browser cache files can be viewed and manually deleted from this location, just as they can be viewed and manually deleted in Internet Explorer's \Windows\Temporary Internet Files. Keep in mind, though, that the \Temporary Internet Files folder that you see in your \Windows or \WINNT directory is for Internet Explorer only, not Mozilla.
5. Disable Automatic Software Installation
  Mozilla can install software automatically from web pages, however, this can be a dangerous option to leave enabled, esp. given that web sites are now starting to tailor their spyware and adware packages to be installed through the Mozilla, Netscape, and Firefox browsers (previously spyware and adware were automatically installed primarily through Microsoft's Internet Explorer browser).
   Drop down on the tree menu to the Advanced sub-menu. The Advanced options sub-menu gives us the Software Installation settings. Uncheck the Enable software installation setting to disable automatic software installation.
   Once you've disabled this setting, you should keep a few things in mind:
  • You can re-enable this setting on a site-by-site basis to allow software to be installed from web sites that you know and trust. 
  • Moreover, even with this setting disabled, you will still be notified that the site wants to automatically install software. The difference is that you will see a download box instead of an installation box. The download box will let you download the file -- which will have the extension .XPI -- to your hard drive instead of installing it automatically. You can also Cancel the download entirely. If you do download the .XPI file, you can install it by opening it off your hard drive from within Mozilla (File >> Open File... ).
  • Finally, disabling this setting will not prevent you from downloading and installing software the "old fashioned" way -- that is, clicking a link to download a setup file, and then running the setup file once it's downloaded. This setting pertains only to automatic software installations that are performed online.

One other related setting that you might consider disabling to reduce annoying intrusions on your online work is the Plug-in Finder Service, which you can find back up on the Navigator sub-menu under the Helper Applications settings.

   Again, you can re-enable this setting on a site-by-site basis.
6. Disable Popups
  The Mozilla browser allows us to turn off or disable popups, those annoying, obnoxious mini-windows that many web sites use to bombard you with advertising.
  To access Mozilla's popup controls, expand the Privacy & Security menu tree in Preferences, then select the Popup Windows menu option.
  Preferences: Prrivacy & Security: Popup Windows
  Mozilla gives us two basic approaches to popups:
  • allow popups
  • block popups (but specify exceptions)

The easiest and most effective approach to popups is to select Block unrequested popup windows and then specify exceptions.

  There may be web sites that you frequently visit that use popups for legitimate reasons -- to display additional information about an item, for example. To allow those web sites to use popups, you can add them to the Allowed Web Sites list. 

Click the Allow Sites... button to open that list.

  Allowed Web Sites
  To add a web site, type the domain name (e.g., or and then click the Add button.
  The ability to suppress popups is a wonderful feature of the Mozilla browser (Opera also has this ability), one that you'll appreciate almost immediately.
  Popups & JavaScript
  If you choose to suppress popups, there are fewer reasons to disable JavaScript, as we did above. The primary reason that people disable JavaScript is to suppress popups (most popups are created with JavaScript). Some web sites do use JavaScript for things other than popups, however. Some web sites may even require that JavaScript be enabled in order to function properly. Once we've chosen to suppress popups, however, we can leave JavaScript enabled (if we choose) without fear of being inundated with popups.
 Working with Cookies
  Cookies are small "data tags" that allow web sites to recognize us when we return to those web sites. While cookies can be useful -- say, for being recognized at a web site with which we've registered -- they can also be used by advertisers to track our movements and behavior across the Net. To protect our privacy, we need to configure Mozilla's cookie settings so that the browser stores only cookies that we find useful. For more information on the privacy issues involved with cookies, see THIS page.
  Mozilla provides us with a rich set of options for dealing with cookies. We have two initial, main choices, each of which offers us range of options. We can:
  • choose one of the basic cookie configuation settings to Enable or Disable cookies;
  • use the Privacy Settings to filter cookies based on web sites' privacy policies.

Additionally, we can use the Cookie Manager to manage, delete, and block cookies selectively on a case-by-case basis.

Let's look at each of these main choices or strategies for dealing with cookies in Mozilla and detail what options they present us.

1. Basic Cookie Configuration Options
  To get to Mozilla's cookie options, double-click on the Privacy & Security menu item to expand it, and then select the Cookies sub-menu.
  Preferences: Privacy & Security: Cookies
  On this menu Mozilla gives us a basic set of options for handling cookies: 
  • We can disable cookies, as we have in the screenshot above, by selecting the Disable cookies option. 
  • We can allow all cookies to be accepted by selecting the Enable all cookies option. Once we allow or enable cookies, we can also specify a maximum lifetime for those cookies and opt to be prompted when Mozilla is about to accept a cookie (Ask me before storing a cookie).
  • We can also choose the Enable cookies for originating web site only option. Note that this setting allows us to filter out "third-party" cookies that often used by advertisers and marketers (who place banner ads on web sites), while accepting truly useful cookies from the web sites we often visit.
  While these three basic options can be useful tools, those tools are a bit blunt. We may want more control over how Mozilla handles cookies from web sites.
2. Using the Cookie Manager to Manage, Delete, & Block Cookies
  If we simply disable Cookies, some web sites may not work properly. One solution to this problem is to leave Cookies enabled, but selectively manage and delete cookies after they're accepted. That way, we keep only the cookies we find useful.

We can easily manage and delete cookies in Mozilla by hitting the Manage Stored Cookies button, which brings up the Cookie Manager:

  Cookie Manager (Stored Cookies)
  The Cookie Manager allows us to view and delete the cookies which have been stored on our system. 

If we check the Don't allow removed cookies to be reaccepted later box at the bottom before removing cookies, the web sites which placed those cookies will be added to a "block list" (a list of sites blocked from placing cookies on our system). This block list can be viewed and edited on the Cookie Sites tab of the Cookie Manager box:

  Cookie Manager (Cookie Sites)
  This block list gives us the power to leave cookies enabled on the main cookies page (see above) while still blocking cookies from web sites that we'd prefer not to deal with. 
3. Using the Privacy Settings to Filter Cookies
  If we don't want to disable cookies outright, we have still other choices. Instead of enabling or disabling cookies, we can use Mozilla's Privacy Settings to filter cookies based on the privacy policies of the web sites that attempt to place those cookies on our system.
  To access the Privacy Settings, select the Enable cookies based on privacy settings option.
  Preferences: Privacy & Security (Enable cookies based on privacy settings)
  Once this setting is selected, we can hit the View button (which is now enabled) and work with a rich menu of Privacy Settings in the dialog box that pops up.
  Privacy Settings
  Privacy Levels & Cookie Acceptance Policies
   In this Privacy Settings box, we can select a predefined Level of Privacy at the top. Each of three predefined levels of privacy (low, medium, high) corresponds to a different Cookie Acceptance Policy, which is displayed in the bottom of the Privacy Settings box. You can see the Cookie Acceptance Policy settings change as you select different predefined levels of privacy

The Cookie Acceptance Policy consists of rules for handling cookies from web sites. These cookie acceptance rules based on two main criteria:

  • First-Party vs. Third-Party: Mozilla distinguishes the web site you are currently visiting (which is known the first-party) from other third-party web sites which may place content on that first-party web site. Third-party web sites that place content on first-party web sites are almost always advertisers and marketers of some sort.
  • Privacy Policy: Mozilla can read and analyze privacy policies that web sites post. A privacy policy details the kinds of personal information a web site collects about you, as well as what it intends to do with that information. Keep in mind that not all web sites will have privacy policies (and not all privacy policies provide strong privacy protections).

The Mozilla help files (click the Help button) summarize the three predefined levels of privacy and the Cookie Acceptance Policy each uses as follows:

Select this if you want to accept all first-party cookies without regard to a site's privacy policy.

When this setting is selected, the browser accepts all third-party cookies, but flags third-party cookies from sites that indicate they may collect personally identifiable information without your consent. Flagged cookies are listed as "flagged" in the status column of the Cookie Manager's Stored Cookies tab.

When a cookie is first flagged, the Cookie Manager displays the cookie notification icon (cookie notification icon) near the lower-right corner of the browser window (if it's not already present). You can click the cookie notification icon to see more detailed information about the flagged cookies.
Select this if you want to accept and flag both first-party and third-party cookies set by sites that may be collecting personally identifiable information without your consent. This is the default setting.
Select this if you want the same settings as medium, with the following differences:
  • Reject third-party cookies set by sites that may be collecting information without your consent that can be used to identify you.
  • Accept, for the current session only, third-party cookies that may be collecting information without your consent that can be used to identify you, but also provide a web page or some other mechanism that allows you to withhold your consent.
  Again, what you see above is merely a summary of the Cookie Acceptance Policies for each of the three predefined levels of privacy (low, medium, high). Let's look a bit more closely at the Cookie Acceptance Policies, what they consist of, and what they mean.

As we just noted, each of the predefined privacy levels corresponds to a different combination of settings for the Cookie Acceptance Policy. These settings incorporate of several important criteria, which we discussed briefly above.

First, Mozilla distinguishes between first-party and third-party cookies (which we defined above).

Second, Mozilla also classifies the web sites that attempt to place those cookies into four categories, based on their privacy policies (which we also defined above). Those four categories are: 

Site has no privacy policy: Site does not publish any kind of privacy policy. There is no way of knowing what kinds of information such sites collect or what they do with it.
Site collects personally identifiable information without your consent: Site publishes a privacy policy, but does not ask your permission when it collects personally identifiable information.
Site collects personally identifiable information with only your implicit consent: Site collects information about you unless you go to a web page (or use some other designated mechanism) to explicitly withhold your consent (opt-out).
Site does not collect personally identifiable information without your explicit consent: Sites will not collect personally identifiable information unless you have explicitly agreed (opt-in).
  These four categories (which are, again, taken from the Mozilla help files) employ a few terms and concepts that may be unfamiliar to you. Before we move on, let's define some of those key terms: 
  • Personally Identifiable Information is information that is unique to you (e.g., your name, address, SSN#, credit card, etc.). By contrast, non-personally identifiable information consists of information that cannot be uniquely tied to you (e.g., your Internet IP address, the pages you visit on a web site, the number of times you visit, etc.).
  • Implicit vs. Explicit Consent distinguishes sites with "opt-out" privacy policies from those with "opt-in" privacy policies. An "opt-out" privacy policy means that the site is free to collect, use, and exchange information it gathers from and about you unless and until you tell them to stop -- that's implicit consent, because you have to "opt-out" of the web site's data collection before it will stop. Your consent is implicitly assumed. 
    An "opt-in" privacy policy, by contrast, means that the web site cannot collect, use, and exchange information that it gathers from and about you unless and until you give your permission for them to do so -- that's explicit consent, because you must "opt-in" to a web site's data collection before it can start. Your consent must be explicitly given.
  While you should understand these concepts, you don't have to analyze and classify web sites' privacy policies yourself, a process which would be time-consuming. Mozilla analyzes the privacy policies of web sites for you and quickly classifies those privacy policies.
  Mozilla then takes one of the following actions, based on that information (type of web site & privacy policy of web site):
  Accept Accept all cookies in the category.
  Session Accept all cookies in the category for the current session onlythat is, until you exit the browser.
  Reject Reject all cookies in the category.
  Flag Lists the cookie's status as "flagged" in the status column of the Cookie Manager's Stored Cookies tab and display the cookie notification icon.
  To summarize briefly: Mozilla classifies the web sites that attempt to place cookies on your system as first-party or third-party and then analyzes the privacy policies (if any) of those web sites. Based on what it finds in those privacy policies and whether the web sites are first-party or third-party sites, it then takes the appropriate action specified by the Cookie Acceptance Policy.
  We can use predefined combinations of settings for the Cookie Acceptance Policy by selecting one of the predefined levels of privacy (low, medium, high). As we noted earlier: if you switch between the three predefined privacy levels, you can see the Cookie Acceptance Policy settings change (even though they're grayed out) accordingly. 
  Custom Cookie Acceptance Policies
  There's a fourth level of privacy that we can select, though: the custom level. If you select the custom level, you'll notice that you can change the individual Cookie Acceptance Policy settings, instead of relying on predefined combinations of settings (which correspond to the low, medium, high privacy levels).
  Privacy Settings - Cookie Acceptance Policy
  The custom level gives you more control over the actions that Mozilla takes with cookies in response to web sites' privacy policies, but not every user will want to spend the time tinkering with these individual settings. Most users will probably find that the three predefined privacy levels (low, medium, high) provide an adequate amount of control over cookies. For those who demand the utmost control, however, the custom level Cookie Acceptance Policy settings will be most welcome.
Mozilla Add-ons
To further enhance Mozilla's protection of your privacy and security, you might also consider installing and using one of the several add-on or plug-in applications that are available from other Mozilla users. These optional applications can block banner ads and handle other annoyances that you frequently encounter on the web.

There are even utilities to allow you to control Flash, a popular technology with advertisers.

I hope you've found this short tour of Mozilla's privacy and security features interesting and helpful. If you need more assistance or still have questions, check the following web pages for links to information about web browser privacy and security:


2002-2004 Eric L. Howes

Home [frames]        Home [no frames]