The top Firefox security and privacy add-ons

Becky waring By Becky Waring

Stay safe and protect your privacy when you’re on the Web by using these top-notch browser extensions.

Block malicious Web sites, stop annoying ads, control your cookies, cover your tracks, and manage your passwords securely with this collection of free Firefox add-ons.

It’s time to update your Firefox extensions

When you upgrade to Firefox 3, you also have to update or reinstall the browser’s add-ons. The most popular extensions — including the ones I recommended here — now work with Firefox 3 and can easily be installed right within Firefox using the browser’s Add-ons manager (on the Tools menu).

Subscribe to our Windows Secrets Newsletter - It's Free!

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

PC Drive Maintenance (Excerpt)

Subscribe and get our monthly bonuses - free!

Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!



In this column, I review the best Firefox security and privacy add-ons. In the coming weeks, I’ll tackle bookmark and tab managers, Google enhancements, user-agent switchers, and other organizational tools designed specifically for Firefox.

If there’s a particular category of Firefox extension that you’d like me to cover, drop me a line via the contact page.

Three must-have add-ons for safe surfing

If you’re concerned about phishing sites, spyware, viruses, fraudulent online stores, or child safety, you need WOT (Web of Trust). This unobtrusive yet amazingly useful extension shows a rating icon next to each site in search results from Google, Yahoo, Wikipedia, and other popular Web services. The rating is easy to interpret, so you can see instantly which links in the results are safe to click.

WOT also places an icon next to the address bar, so you can check the rating of your current page in case you didn’t get there via a search engine.

The add-on’s site ratings are derived from other people’s browsing experiences and databases of malicious sites. The four categories of ratings are Trustworthiness, Vendor Reliability, Privacy, and Child Safety.

WOT uses a five-color scale that goes from red to green for each item. If you click a link with a red icon, you’ll see a warning before you can navigate to the page. This can save you from accidentally surfing to malicious sites that install viruses or spyware.

The extension is amazingly accurate and complete. In a week of testing, I found very few search results that were not rated and only a handful of ratings I would question, especially compared to the ratings provided by McAfee’s SiteAdvisor, a similar free extension.

WOT’s accuracy is probably due to its incorporation of community input, which also makes possible the “vendor reliability” score for online stores.

You can register with WOT to get some additional features such as custom settings and the ability to add your own site ratings, but the unregistered version of the program provides all the features I need.

The second essential add-on for safe Firefox surfing is Sxipper. This password-management tool goes far beyond the one built into Firefox itself.

Sxipper is ideal for families and other users who might have multiple IDs registered at a given site by letting them create up to four different “personas.” Each persona can register its own form-filling information and passwords.

Sxipper is also amazingly intuitive to use, unlike other password managers I’ve tried. When you first install the program, it gathers information already stored in Firefox and then builds from there.

When you navigate to a site with a form, Sxipper automatically populates the fields or shows options for filling in any items that have more than one possible entry. Having all these options at hand makes it easy to maintain different IDs for various Web purposes.

Bonus tip: No matter which password manager you use, be sure to turn on Firefox’s master password option in the Security preference pane. This will require that you to enter a password when first opening Firefox, which then unlocks all other passwords on file.

Finally, everyone needs a good cookie manager, and CookieSafe is my choice as the best Firefox cookie handler. The program places an icon in the bottom-right corner of the browser window. Click it to block or allow cookies temporarily or permanently on the current site.

Your cookies will still be stored in the Firefox cookie list, so you can view and edit them as normal within the Firefox Privacy options pane. All CookieSafe does is make control of cookies quick and easy without having to open the Options window. The program is simple and unobtrusive, and it just plain works.

Stop dangerous scripts, ads, and animations

Most Internet dangers come from malicious ads and scripts on rogue Web pages. Simply blocking Java, Flash, and advertisements goes a long way toward preventing spyware, Trojans, and viruses from getting on your computer. In the process, you’ll also benefit by speeding up your surfing and eliminating a lot of those distracting ads and animations.

However, blocking scripts or ads entirely also disables many functions you may want to use on various sites, so good ad-, Flash-, and script-management utilities are needed. That’s where Adblock Plus, Flashblock, and NoScript come in.

Adblock Plus is my favorite Firefox ad blocker. The program turns ads on and off for particular sites and features customizable blocking filters. On the New York Times home page, for example, Adblock Plus removes all ads while leaving just the articles and photos.

Some sites — such as Cycling News — don’t distinguish ads from content properly. Also, not all ads can be blocked, but Adblock Plus is the best tool for minimizing the impact of annoying (and possibly malicious) ads.

For blocking Flash animations (which are a frequent source of intrusion, judging by the constant stream of Flash Player security patches), I use Flashblock. This add-on replaces Flash animations with a playback button you can press if you want to view them, which is a good compromise for people who don’t want to disable Flash entirely.

You can create a whitelist of sites where you always want Flashblock to be off, such as YouTube, but Javascript must be enabled for Flashblock to work.

For full control of Javascript, Flash, Silverlight, QuickTime, and other plug-ins, look no further than NoScript, an extremely powerful and customizable Firefox extension that can block pretty much every kind of script.

When you navigate to a page such as the Apple iPhone 3G QuickTime demo, NoScript blocks the demo initially. Just click the NoScript icon at bottom right of the browser window to unblock scripts on that site temporarily or permanently.

NoScript script-blocking options
Figure 1. The NoScript script-blocking extension for Firefox lets you decide which sites to trust.

NoScript maintains a customizable whitelist of sites you have unblocked. You can also decide exactly which plug-ins you want to block: Javascript but not Flash, for example. It takes a little effort to teach NoScript about your frequently visited sites, but once that’s done, you’ll really appreciate the control and safety the program provides.

Two plug-ins to keep your Web tracks covered

Sure, you can set Firefox’s privacy options to always “Clear private data” when you close the browser. Or remove private data manually at any time via the Clear Private Data option on the Tools menu.

Unfortunately, this all-or-nothing approach nukes all your data — not just the things you want to keep from prying eyes. I like having a long surfing history that tells me where I’ve been and makes it easy to get there again. That’s why I want to keep around the cookies that remember my settings on frequently visited Web sites.

I don’t want to give up that convenience, so I manage my cookies and passwords carefully by using the add-ons I described above. I also use two additional extensions when needed: Stealther and Panic.

Stealther temporarily turns off tracked elements such as your browser history, cookies, and cache. The program can be accessed via a shortcut that it places at the top of your Tools menu during installation. You can also toggle Stealther on and off by using a configurable hot-key combination.

Before you navigate to sites you want to keep private, simply invoke Stealther, surf, and then turn the applet off again when you’re ready to go back on record. Your history before and after the Stealther session is maintained.

One gotcha is that turning off cookies may cause some sites not to work properly. Still, you can configure Stealther to keep cookies on and then delete them later in the Firefox Privacy options pane. Also, be sure to turn Stealther on BEFORE you navigate to the page you want to keep out of your history.

Stealther worked as advertised for me, with one exception: The Recently Closed Tabs list (at the bottom of the History menu) was not cleared until I closed the Firefox window.

Since I would normally close the window anyway on finishing a browsing session, this wasn’t too much of a problem. However, if you leave Firefox open while you’re away from your computer, take note.

You might also want to check out Distrust, an add-on that has essentially the same functions as Stealther. However, Distrust has not yet been fully updated for Firefox 3, although it should be available for that version soon.

Finally, if you’re at work or in a public place where you might not want people to see what you’re doing online, try Panic. This utility places a button in the bottom-right corner of your browser window that instantly closes all tabs and opens a predetermined page of your choice instead. The Panic “button” can also be invoked from the keyboard.

Unfortunately, Panic doesn’t have a restore feature, which would make it far more useful. However, this might add a crucial second or two to the process.

Of course, you could just quit Firefox instead, but that may bring up a warning message about closing multiple tabs and give your boss — or whomever — enough time to glimpse the YouTube video you were watching or your latest fantasy-baseball standings.

Becky Waring has worked as a writer and editor for PC World, NewMedia Magazine, CNET, The San Francisco Chronicle, Technology Review, Upside Magazine, and many other news sources. She alternates the Best Software column with Windows Secrets contributing editor Scott Spanbauer.
Becky Waring

About Becky Waring

Becky Waring has worked as a writer and editor for CNET, ZDNET, Technology Review, Upside Magazine, and many other news sources. She alternates the Best Software column with Windows Secrets contributing editor Scott Spanbauer.