Image: James Martin/CNET

Mozilla’s Firefox offers a built-in feature through which you can combat website and ad trackers. But using the feature isn’t as simple as just turning it on. The browser gives you a choice of three different tracking plans—Standard, Strict and Custom. The trick is to combat trackers while still being able to fully use the websites you need. Here’s how to control Firefox’s tracking protection to make sure it strikes the right balance.

First, make sure you’re running the latest version of Firefox. Click the hamburger icon in the upper right, select Help, and then click About Firefox. The browser will check for the latest update and install if necessary.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

To view and control the browser’s tracking protection, click the hamburger icon again and select Settings. At the Settings screen, select the category for Privacy & Security. Notice the three different plans for tracking protection.

Standard protection

The Standard plan is probably the easiest as there’s nothing to configure and it will block the most common types of tracking and still allow you to fully use any website. Click the button for Standard to enable this plan (Figure A).

Figure A

The Standard plan blocks the following types of content:

  • Social media trackers
  • Cross-site tracking cookies
  • Cross-site cookies in Private Windows
  • Tracking content in Private Windows
  • Cryptominers
  • Fingerprinters

Strict protection

If you’re concerned about any tracking not blocked in the Standard plan, you may want to try the Strict plan. Click the button for Strict. This one is more stringent than the Standard plan because it also blocks cross-site cookies in all windows (including tracking cookies) and tracking content in all windows. The downside is that this level of protection can cause problems with websites that require certain cookies and a certain level of tracking to fully function (Figure B).

Figure B

After choosing the Strict plan, use the web as you normally would. If you do encounter a site that doesn’t behave under the Strict protection plan, a notice will appear about requiring cookies or certain functionality on the site simply won’t work. Typically, any problems will likely occur if you’re trying to interact with the site, meaning logging in, filling out forms, leaving a comment or making a purchase.

If you need to use the problematic site and you know that it’s safe and reliable and you want to keep Strict protection enabled, click the shield icon in front the URL in the address bar. Click each of the items under Blocked to see which types of trackers were blocked. Then turn off the switch for Enhanced Tracking Protection. The site will reload with trackers no longer blocked. Try to replicate the behavior that triggered an error to see if the site now works properly (Figure C).

Figure C

Custom protection

A third option is the Custom plan. This one gives you the greatest control but also requires the most effort to configure. Depending on how you customize this one, you may also run into some websites that don’t behave properly. To try this plan, click the button for Custom (Figure D).

Figure D

The challenge now is to enable or disable each type of protection depending on what you want to block. With cookies enabled, click the dropdown box next to that item. You can now choose which types of cookies to block: cross-site tracking cookies; cross-site tracking cookies and isolate other cross-site cookies; cookies from unvisited websites; all third-party cookies; or all cookies.

Disabling all cookies will definitely cause websites to break, so that’s not a viable option. Disabling all third-party cookies may cause many sites to misbehave, similar to choosing the Strict plan. Your best bet is to choose one of the first three settings (Figure E).

Figure E

Next, you’ll likely want to block Tracking content. Click the dropdown box next to it and choose whether to block it only in private windows or in all windows. You may want to try all windows first and see how the websites you use react (Figure F).

Figure F

Make sure that cryptominers and fingerprinters are blocked. If you’re intentionally trying to use a cryptomining site, you can always disable tracking protection just for that site.

Finally, if you’ve chosen the Strict or Custom plan and have added websites as exceptions, you can view and manage those sites. At the Privacy & Security screen, click the button at the top for Manage Exceptions. To remove an individual site and allow its tracking to be blocked, select it and click the button for Remove Website. To delete all the sites from the list, click the button for Remove All Websites. When done, click Save Changes (Figure G).

Figure G


Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday