A Firefox profile stores all personal information such as bookmarks and passwords in it. Everyone who is starting up Firefox with that profile is able to use your saved passwords and cookies as well which is a security risk if you ask me. While you can add a master password to the browser to protect its password database, it does not prevent users from opening the profile on the system itself to look around.
One way to overcome this is to protect the Firefox profile folder by moving it to a location that is not accessible to anyone except you.
I did this by moving the profile to my encrypted hard drive. The hard drive is encrypted using True Crypt and the profile can only be accessed if I provide the security key to decrypt it. Other means are theoretically possible as well, use a portable device that has to be plugged in before you can use the profile.
Moving a profile to another location is not difficulty at all. Close all instances of Firefox and locate your profile folder. This is usually in Document and Settings under Application Date, Mozilla, Firefox, Profiles of the user who is logged into windows currently.
Tip: Enter about:support in the address bar and click on the show folder button that opens up when the page has loaded. This brings you directly to the profile folder on the local system.
Move the complete folder to a different location. Open up profiles.ini afterwards (located in Firefox in Document and Settings). Change the path= parameter to the new location of your profile and change the parameter IsRelative=1 to 0.
Now move the entire profile folder, but not the root folder containing the profile.ini file, to the new location you want it to store in.
Restart Firefox to see if the changes have been made. If all your bookmarks for instance load fine the changes have been successful. If that is not the case double-check the path parameter in profiles.ini.
Note: Someone with access can analyze the profile.ini file to find out where the profile is located on the system. That's why it is important to protect it with encryption or by other means.
Check out how to secure your PC with the free True Crypt software to get started.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.