How to block automatic connections that Firefox makes

Web browsers make two types of connections. First connections initiated by the user of the browser, for instance when an url is entered into the address bar of the browser or when a link is clicked on,  and then automatic connections for a variety of reasons.

Some power browser updates, other may retrieve certificates or verify if a page is malicious or not. While some browsers give you some control, it is Firefox that gives you more control over this automated behavior than any other popular web browser.

Mozilla has created a support page that lists all the connections that Firefox make without explicit permission of the user. As you can see, quite a few are listed there.

While some are enabled after user activity, for instance adding live bookmarks to the browser, others are enabled by default. This guide looks at the latter kind, explains what their use is, and how you can disable them if you do not require them.

List of automatic connections

The list is not sorted by severity or risks.

Update Checking

One core feature of Firefox is the update checking. The browser checks for core, theme and extension updates regularly and will either download and install those updates automatically, or prompt you instead.

Note: it is generally not suggested to disable the check for updates as security issues will get fixed regularly by browser updates.

1. Type about:preferences and hit enter. This opens the Firefox options page.
2. Switch to Advanced > Update to modify the update checking capabilities.
3. To block any communication, select never check for updates on the page.
4. While you are at it, you may also want to disable the automatic update of search engines on the same page.

For add-ons and themes do the following instead:

1. Load about:addons in the address bar and hit enter. This opens Firefox's Add-ons Manager.
2. Select Extensions if the option is not selected already.
3. Click on the settings icon next to search at the top right corner and uncheck the update add-ons automatically option here.
4. Once done, open the menu again and select reset all add-ons to update manually from the menu.

You can use about:config to make those changes as well:

1. Type about:config in the browser's address bar and hit enter.
2. Confirm you will be careful if a prompt is shown.
3. Search for app.update.enabled and double-click it to set it to false. This disables automatic Firefox updates. While you are at it, set app.update.auto to false as well.
4. Search for browser.search.update and double-click it to set it to false. This disables update checks for search engine updates.
5. Search for extensions.update.enabled and double-click it to set it to false. This disables automatic extension updates and checks.

Security features

The following requests are all made to power various security related features of Firefox.

Safebrowsing: Firefox downloads a Safebrowsing list regularly (it is not clear how often, I have seen values ranging from 30 minutes to once a day) and stores it locally. It will then compare any url you visit with the items on the list, and if it finds a match, connect Google to find out if the url is still on the blacklist or if it has been removed from it.

Phishing: This works in pretty much the same way as safebrowsing. Firefox downloads a phishing protection list regularly while it is running and uses it to determine if websites that you visit are marked as phishing sites. If the site is a hit, Firefox will check online to see if the site is still marked as a phishing site or not.

This means that there are two types of connections made. The first checks for updates and downloads them if available, the second checks a site you are about to visit online against the most recent database.

Mozilla notes that existing Google cookies may be sent in the second case.

To disable both features do the following:

1. Load about:preferences in the browser's address bar.
2. Switch to the security tab, and deselect block reported attack sites and block reported web forgeries.

You can disable the options on Firefox's about:config page as well.

1. Type about:config into the address bar and hit enter.
2. Confirm you will be careful.
3. Search for browser.safebrowsing.enabled
4. Double-click on browser.safebrowsing.enabled to set it to false. This disables the phishing protection.
5. Double-click on browser.safebrowsing.malware.enabled to set it to false. This disables the Safebrowsing protection.

This can be useful if you are using a different application, a local security software for example or another browser extension, as protection.

Firefox checks downloads against a local list and classifies them as safe or malware. If it cannot identify a file using the local list, it queries Google's Safe Browsing service by sending metadata to get a verdict on the download.

You may disable this feature on the about:config page by setting browser.safebrowsing.appRepURL to a blank value.

Extension blocklist: Mozilla maintains a blocklist that lists malicious extensions as well as extensions that cause issues in the browser, for instance by consuming a lot of memory or causing stability issues.

If you disable the check, blocked extensions may be run in Firefox which may put your system at risk.

To disable it, you need to use about:config which is explained below.

1. Search for extensions.blocklist.enabled on about:config and double-click the entry to set it to false.

Suggestions

Firefox makes automated connections to display suggestions in the browser.

Add-on suggestions: Whenever you open the add-ons manager, Firefox will retrieve a list of suggested add-ons.

1. While on about:config search for extensions.webservice.discoverURL, double-click the value and replace it with http://127.0.0.1.

Search suggestions: Firefox may display suggestions based on what you enter into the search bar. It uses the browser search engine for that which is Google by default.

1. While on about:config search for browser.search.suggest.enabled and double-click the preference to set it to false which disables it.

Misc connections

A list of connections that Firefox makes that don't fall into any of the other categories.

Link prefetching: Websites can provide Firefox with hints as to which page is likely the be accessed next so that it is downloaded right away even if you don't request that link.

1. On about:config, search for network.prefetch-next and double-click the preference to disable it.

DNS Prefetching: Firefox will perform domain name resolutions on links automatically. If you don't want that to happen, do the following:

1. Set the preference network.dns.disablePrefetch on the about:config page to true.

Seer: Seer is a component of Necko Predictive Network Actions. It keeps track of components that were loaded during the visit of a page on the Internet so that the browser knows next time which resources to request from the web server.

1. On about:config, search for network.seer.enabled and set the entry to false with a double-click.

Speculative Pre-connections: When you hover over links, connections are established to linked domains and servers automatically to speed up the loading process should you click on the link.

1. Set the preference network.http.speculative-parallel-limit to a value of 0.

Add-on metadata updating: Firefox displays information about each add-on that you have installed in the browser. You can click on the more link for instance in the add-on manager to display the author's description. This feature checks for updates to those information.

1. On about:config, search for extensions.getAddons.cache.enabled and double-click the entry to set it to false to disable it.

Firefox Health report and Telemetry data: Firefox may share information with Mozilla about the browser's performance, usage or customizations.

1. Type about:preferences in the browser's address bar and hit enter.
2. Switch to Advanced > Data choices and uncheck enable Telemetry and enable Health Report.

Crash Reporter: Whenever Firefox crashes, reports are send to Mozilla if the Crash Reporter is enabled. To check if it is, go to the data choices page again:

• Check if enable Crash Reporter is enabled here.

Mozilla Snippets: If you use the default homepage about:home, so-called snippets are displayed that show Mozilla related content. These snippets are updated once a day:

1. To disable the feature, set the preference browser.aboutHomeSnippets.updateUrl to a blank value.

What's New Page: This page highlights new features of the browser after updates and gets loaded automatically from Mozilla.

1. To disable it, set the value of the preference browser.startup.homepage_override.mstone to ignore.

WebRTC: Web Real-Time Communication is used by Firefox Hello and other extensions and web services. It can leak the local IP address even when it is not used actively.

1. To disable this, set the preference media.peerconnection.enabled to false.

Send Video to Device: Firefox sends Simple Service Discovery Protocol packages to discover casting devices such as Chromecast or Roku automatically to the local network.

1. Turn this off by setting browser.casting.enabled to false.

---