I list few tips to have more privacy and reduce various annoyances during web browsing, using your standard Firefox updated browser.
Tor Browser or OS like Tails are probably better choices if you are really looking for advanced anonymisation or privacy.
- Cookie control: Self Destructing Cookies extension. Verify that Google cookies are fully removed. They are as sticky as chewing gum under a shoe, I had to create a new profile to get rid of their cookies, and explicitaly reject cookies from google.com (and the google of your country). Keep cookies for web site you visit frequently and trust
- Advertisements removal: Ghostery extension. Disable most trackers and cookies. In advanced settings, tick "Delete Flash and Silverlight cookies on exit". Review Ghostery settings regularly
- Referer removal: In "about:config" settings, set network.http.sendRefererHeader to 0. Many add-ons are available, such as Toggle Referer
- Plugin enumeration removal: to reduce browser finger printing abuse, set in "about:config" the preference name "plugins.enumerable_names" to an empty value. The add-on "Hide Plugin & Mimetype Identifiers" seems to do the same. Some web sites may complain
- JAVA and Flash Plugin control: in Add-ons menu, Plugins tab, set drop-down to 'Ask to Active' for JAVA, Shockwave Flash (any Shockwave plugin actually), Silverlight plugin, etc. This helps reduce attacks on plugins vulnerabilities and reduces browser finger printing abuse. To check URLs you have allowed plugins 'Allow and Remember', check data in the 'permissions.sqlite' file in your Firefox profile, and execute the query bellow. 'permission' of 1 (or 3 for vulnerable plugins) means it has been allowed.
select * from moz_hosts where type like 'plugin%'
- User-Agent control: via User Agent Overrider add-on, adding a new setting "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0", or any other Firefox version
- Canvas API control: to reduce browser finger printing abuse via the CanvasBlocker add-on
- Standard Tracking: in Firefox Options, Privacy tab, tracking area, tick "Tell sites that I do not want to be tracked"
- HTTPS Everywhere to force using SSL when available
- NoScript is a classic, but unfortunately breaks a lot of visited sites
To evaluate your browser finger print uniqueness, check the brilliant web site Panopticlick.
I recommend the HTTP Request Logger add-on that logs on a local file all URLs accessed by the browser, for example:
(none) GET https://duckduckgo.com/?q=test
HttpFox add-on provides more extensive debugging capability via GUI.