These steps apply to the Firefox browser. They will help prevent your surfing activities from being reported to the web sites you visit.
Under Tools/Options/Privacy: (In Linux under Edit/Preferences)
Do not check the ‘private browsing mode’ box (this is false security).
The following boxes need to be checked in order to properly clear your cookies/history:
Accept cookies from sites
Accept third party cookies (drop down box should say ‘Until I close Firefox’) Or you can set this to ask me each time.
Clear history when Firefox closes
Click on the Settings tab in the Privacy window.
Check all of the boxes so that it clears everything when you close the browser.
Set “When using location bar” to Nothing
Additional settings.
Search Tab:
Delete all search engines except DuckDuckGO.
Uncheck Provide Search Engine Suggestions.
Security Tab:
Enable “Warn me when sites try to install add-ons”
Disable “Block reported attack sites” and “Block reported web forgeries”
(Note: This prevents your browsing habits from being sent to outside servers in order to determine if the site you are trying to access is dangerous. However, it also requires vigilance on your part to not be taken in by scam sites.)
Under Passwords, disable “Remember passwords for sites” and “Use a master password”
Sync Tab:
Do not set anything here. Do not create and account or sign in.
Advanced Tab:
Certificates:
Under “When a server requests my personal certificate” set to Ask me every time
Update:
Uncheck everything.
Network
Under General System Defaults
Check “Override automatic cache management and limit cache to 0MB space”.
Check “Tell me when a website asks to store data for offline storage use”
Data Choices:
Uncheck Everything
This will prevent server-side scripts from running in your browser without your permission. This plug-in blocks all java scripts from running on web pages. This is both a privacy and security plug-in. By preventing the applications from running the instant you visit a page, there is little risk of malware affecting you in the background if you go to a compromised site.
Modern web sites have hidden links to a multitude of other web sites. Many of these scripts that load have nothing to do with the function of the site you are visiting. They are scripts that connect you to other sites like FaceBook, Google, Double Click, Twitter, etc. This allows these outside sites to track your activity across the Internet even though you never went to their site. By only allowing the essential java scripts that make the desired web site function, while preventing the others, you increase your privacy significantly.
After installing this plug-in most sites will not operate properly. You have to train the browser for each site you visit as to what to allow and not allow. No Script will give you a nice drop down menu telling you what sites are attempting to run scripts and then you can pick the ones that apply to the site you are on while rejecting the trackers.
By default No Script allows well known sites to operate freely. We suggest you change the default setting to restrict everything and then set all permissions manually. For example, If you go to a website that uses Google Analytics to track their visitors then Google will try to load google-analytics.com and run the java script to track you. If you have this disabled in No Script then you are less trackable without any functionality loss. All the search engines, tracking sites and social networking sites operate the same way. All of them are out to get every last bit of information on you in order to make money.
Set preferences for regular mode (non admin) to “Start BleachBit with computer” and “Overwrite files to hide contents.
In the main menu: (depending on your operating system these options may vary slightly)
Check all the boxes under Chrome (If you insist on using it).
Check the temporary files and thumbs.db under Deep Scan
Check all the Boxes under Firefox.
Check all boxes under Flash.
Check Temporary Files and Trash under System.
Check all boxes under Thumbnails Cache.
Depending on what other software you have installed on your computer other options may also appear such as office suite files, video or music players. Be sure to wipe these clean as well.
The admin version of BleachBit allows for clearing of various logs and restricted settings. This should also be set up and run often as well as wiping the drive free space.
In the browser address bar type about:config and press enter.
Accept the warning about harming your system and be careful what changes you make.
Firefox has a feature called Prefetching that downloads pages (in the background) that it thinks you are going to click on in the future. This is a serious security flaw since in order to make this guess it’s saving lots of information of your previously visited sites.
Type:
network.prefetch-next
into the search bar
Right click on the option and select Toggle to change the setting to False.
Referer logging is used to allow websites and web servers to identify what sites you previously visited.
Type:
Network.http.sendRefererHeader
into the search bar and set the entry to 0.
With Geo-location Firefox will try and tell websites where you’re located.
Type
geo.enabled
into the search bar
Right click on the option and select Toggle to change the setting to False.
Mozilla has a feature called ‘DOM storage’ in recent versions of Firefox which can be used to track you.
Type
dom.storage.enabled
into the search bar
Right click on the option and select Toggle to change the setting to False.
Browser Session History – number of entries increases tracking ability.
Type:
browser.sessionhistory.max_entries
into the search bar and set the entry to 2 or 3. Note that this will limit how many pages the back button in FireFox will allow you to go.
Browser Display Fonts – Reduces the uniqueness of your browser making it more difficult to identify you.
Type:
browser.display.use_document_fonts
into the search bar and set the entry to 0. Note that this will limit your browser fonts and change the look of some pages.
media.peerconnection.enabled – Prevents WebTRC connections from revealing your true IP.
Type:
media.peerconnection.enabled
into the search bar
Right click on the option and select Toggle to change the setting to False.
Disable weak encryption.
Type security*rc4
Toggle all results to false
Type security*des
Toggle all results to false
Type security.ssl.require_safe_negotiation
Toggle to True
Type security.ssl.treat_unsafe_negotiation_as_broken
Toggle to True
h) Prevent FireFox from remembering information
Type browser.formfill.enable
Toggle to False
Type browser.cache.disk.enable
Toggle to False
Type browser.cache.disk_cache_ssl
Toggle to False
Type browser.cache.offline.enable
Toggle to False
Prevent FireFox from reading the data in the clipboard.
Type dom.event.clipboardevents.enabled
Toggle to False
Plug in scan (Windows Only).
Prevent FireFox from telling websites what plugins you have installed.
Type plugin.scan.plid.all
Toggle to False
Prevent FireFox from storing web pages for crash recovery. This will also extend the life of your solid state drives by reducing writes to them.
Type sessionstore
Modify browser.sessionstore.interval by adding 2 zeros’s to the existing number
Toggle browser.sessionstore.restore_on_demand to False
Toggle browser.sessionstore.resume_from_crash to False
Toggle services.sync.prefs.sync.browser.sessionstore.restore_on_demand to False
The above setting should be considered the minimum required to a secure and private browser. We recommend the following plugins as additional defense methods. These can be installed via the FireFox plug-ins menu or from the links.
HTTPS Everywhere, Privacy Badger, UAControl , User-Agent JS Fixer, Disconnect