Setting up Firefox for privacy
Here’s how to setup Firefox on your desktop on or Android to better guard your privacy while browsing the web.
Update (1st October 2019), there was an article on Ars Technica called “Why big ISPs aren’t happy about Google’s plans for encrypted DNS” posted to Hacker News. As has been called out in the discussion, the idea that ISPs have a view on this demonstrates to me that protecting DNS queries is worthwhile.
Update (27th October 2019), Mozilla have posted a new blog post titled “A cartoon intro to DNS over HTTPS”, well worth a read.
Firefox on the desktop
To get Pretty Good Protection™️ using Firefox, you can use a combination of custom Tracking Protection settings and a number of
I’ve been using this configuration on my work and personal laptops and haven’t really experienced any noteworthy issues with browsing the internet.
⚠️ Word of warning, making these changes appears to clear your cookies, so expect to sign in to everything again.
Once you’ve configured everything use CloudFlare’s Browser Experience Security Check tool to validate it’s all configured correctly.
Configuring Firefox Tracking Protection
Under the content blocking section select the custom option and check everything. In the trackers drop-down select “In all windows”, and in the cookies drop-down select “All third-party cookies”.
Then under trackers you’ll also want to click the change block list link and select the “Level 2 block list”.
Open up the advanced preferences page in Firefox by visiting
about:config, and promise to be careful!
Then find and update the values for each of the following preferences.
Restart your browser to get all of these settings to take effect. Then check it’s all working at https://www.cloudflare.com/ssl/encrypted-sni/.
The source for all these tweaks comes from https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks, which also contains more information about what each preference does.
Configuring DNS over HTTPS
Firefox can be configured to use DNS over HTTPS (DoH). This will protect you from ISPs that log the DNS queries you make.
TTR stands for Trusted Recursive Resolver.
about:config again, set
network.trr.mode to 3 and update
22.214.171.124 (used to do the initial lookup for the IP address of the host defined in
The default DoH provider is CloudFlare. If you would like to change this you can update the value of
network.trr.uri. The curl project are maintaining a list of DoH providers at https://github.com/curl/curl/wiki/DNS-over-HTTPS.
It’s worth noting that this doesn’t stop software running on the rest of your computer from making unencrypted DNS lookups, it only protects lookups in the browser.
Firefox have also published a guide at https://support.mozilla.org/en-US/kb/firefox-dns-over-https which uses the GUI to configure everything.
Install uBlock Origin
An efficient blocker: easy on memory and CPU footprint, and yet can load and enforce thousands more filters than other popular blockers out there.
This is an effective extension to block online advertising that supplements the built in Firefox content blocking.
Firefox on Android
Use the Firefox Preview for Android. This edition of Firefox on Android includes the same content blocking features that are available on the desktop.
Configure Private DNS in the Android network and internet settings (also know as DNS over TLS).
- Go to Settings → Network & internet → Advanced → Private DNS
- Select the “Private DNS provider hostname” option
- Then enter either
dns.googleand hit Save
This setup won’t be as good as the desktop setup, but it’s a good compromise and only uses built-in features.