Web browsers make two types of connections. First connections initiated by the user of the browser, for instance when an url is entered into the address bar of the browser or when a link is clicked on, and then automatic connections for a variety of reasons.
Some power browser updates, other may retrieve certificates or verify if a page is malicious or not. While some browsers give you some control, it is Firefox that gives you more control over this automated behavior than any other popular web browser.
Mozilla has created a support page that lists all the connections that Firefox make without explicit permission of the user. As you can see, quite a few are listed there.
While some are enabled after user activity, for instance adding live bookmarks to the browser, others are enabled by default. This guide looks at the latter kind, explains what their use is, and how you can disable them if you do not require them.
The list is not sorted by severity or risks.
Update Checking
One core feature of Firefox is the update checking. The browser checks for core, theme and extension updates regularly and will either download and install those updates automatically, or prompt you instead.
Note: it is generally not suggested to disable the check for updates as security issues will get fixed regularly by browser updates.
For add-ons and themes do the following instead:
You can use about:config to make those changes as well:
Security features
The following requests are all made to power various security related features of Firefox.
Safebrowsing: Firefox downloads a Safebrowsing list regularly (it is not clear how often, I have seen values ranging from 30 minutes to once a day) and stores it locally. It will then compare any url you visit with the items on the list, and if it finds a match, connect Google to find out if the url is still on the blacklist or if it has been removed from it.
Phishing: This works in pretty much the same way as safebrowsing. Firefox downloads a phishing protection list regularly while it is running and uses it to determine if websites that you visit are marked as phishing sites. If the site is a hit, Firefox will check online to see if the site is still marked as a phishing site or not.
This means that there are two types of connections made. The first checks for updates and downloads them if available, the second checks a site you are about to visit online against the most recent database.
Mozilla notes that existing Google cookies may be sent in the second case.
To disable both features do the following:
You can disable the options on Firefox's about:config page as well.
This can be useful if you are using a different application, a local security software for example or another browser extension, as protection.
Firefox checks downloads against a local list and classifies them as safe or malware. If it cannot identify a file using the local list, it queries Google's Safe Browsing service by sending metadata to get a verdict on the download.
You may disable this feature on the about:config page by setting browser.safebrowsing.appRepURL to a blank value.
Extension blocklist: Mozilla maintains a blocklist that lists malicious extensions as well as extensions that cause issues in the browser, for instance by consuming a lot of memory or causing stability issues.
If you disable the check, blocked extensions may be run in Firefox which may put your system at risk.
To disable it, you need to use about:config which is explained below.
Suggestions
Firefox makes automated connections to display suggestions in the browser.
Add-on suggestions: Whenever you open the add-ons manager, Firefox will retrieve a list of suggested add-ons.
Search suggestions: Firefox may display suggestions based on what you enter into the search bar. It uses the browser search engine for that which is Google by default.
Misc connections
A list of connections that Firefox makes that don't fall into any of the other categories.
Link prefetching: Websites can provide Firefox with hints as to which page is likely the be accessed next so that it is downloaded right away even if you don't request that link.
DNS Prefetching: Firefox will perform domain name resolutions on links automatically. If you don't want that to happen, do the following:
Seer: Seer is a component of Necko Predictive Network Actions. It keeps track of components that were loaded during the visit of a page on the Internet so that the browser knows next time which resources to request from the web server.
Speculative Pre-connections: When you hover over links, connections are established to linked domains and servers automatically to speed up the loading process should you click on the link.
Add-on metadata updating: Firefox displays information about each add-on that you have installed in the browser. You can click on the more link for instance in the add-on manager to display the author's description. This feature checks for updates to those information.
Firefox Health report and Telemetry data: Firefox may share information with Mozilla about the browser's performance, usage or customizations.
Crash Reporter: Whenever Firefox crashes, reports are send to Mozilla if the Crash Reporter is enabled. To check if it is, go to the data choices page again:
Mozilla Snippets: If you use the default homepage about:home, so-called snippets are displayed that show Mozilla related content. These snippets are updated once a day:
What's New Page: This page highlights new features of the browser after updates and gets loaded automatically from Mozilla.
WebRTC: Web Real-Time Communication is used by Firefox Hello and other extensions and web services. It can leak the local IP address even when it is not used actively.
Send Video to Device: Firefox sends Simple Service Discovery Protocol packages to discover casting devices such as Chromecast or Roku automatically to the local network.
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
As always a good article about Firefox and some “hidden” settings. Keep up your fantastic work!
Excellent! Very timely, extremely helpful. Thank you!
P.S. Anyone know if the Avira Browser Safety add-on also connects to Google?
This is an absolutely wonderful article! You got to the details man and those details are absolutely critical. Like when does stuff execute, IE: When you click on the live bookmarks or hover over thumbnails and especially the 30min to 1 day period of checks for safelist AND especially when you go to a blacklisted site it double checks by downloainding safelist or part of it again to see if the url is still blacklisted. Extremely well done man you need to be paid for this article.
Calomel SSL Validation add on will disable a good chunk of those connections for you if you wish: https://addons.mozilla.org/en-US/firefox/addon/calomel-ssl-validation/
“While on about:config search for extensions.webservice.discoverURL, double-click the value and replace it with http://127.0.0.1.”
However: “A loopback connection (to IP address 127.0.0.1) can be made by Firefox on non-Unix machines. In this case the browser is communicating with itself as expected, and it is not recommended that this communication be blocked. See bug 100154 for more information.” Source: https://support.mozilla.org/en-US/kb/how-stop-firefox-automatically-making-connections
Then how does one block add-on suggestions on Linux using Firefox?
FF 29.0.1: Set “browser.search.suggest.enabled” to false but it just will not stick and continually changes itself back to true. Any thoughts on why this would be, and more importantly, on how to correct this? Thanks.
You probably have an add-on that is reverting it back. Check your add-on settings.
Excellent write-up, thanks for helping keep the users informed & empowered.
Thanks for the suggestion! It was worth a shot, I thought, but I found nothing in any of them even remotely connected to the problem. Then I searched online harder than I had done before, and found this link: https://support.mozilla.org/en-US/questions/980227
So far, the chosen solution there is working for me, too!
Alas! The search suggestion setting has reverted back to “enabled” again today. It just will not stick! If anyone has any thoughts on why this is happening and/or how to correct it, please post. Thanks!
How about listing which add-ons you use? I’ll give it a look. Sometimes another pair of eyes can help.
“While on about:config search for extensions.webservice.discoverURL, double-click the value and replace it with http://127.0.0.1.”
why ? – just delete url is not enough ?
and I mean in all similiar cases ….
Yes, you can also remove the url completely.
Weird problem: I’m on os 10.8, FF28, noscript, blank page on launch, cookies, only from visited, time warner (but use opendns), no live bookmarks I am aware of, auto-update off–but, sometimes when I launch FF, I get a tcp connection (according to terminal netstat -an) to Akamai followed by “google- like” (74.125.xxx.xxx) ad sites, none of them actually appearing in the browser. Close, FF, connections cease. Don’t have the same behavior on Safari (but, I hate Safari and prefer not to use it).
Using the about:config does NOT WORK !
Use this tutorial:
http://blog.danielburrowes.com/2013/06/mozilla-firefox-disable-auto-update.html
This is not spam or anything, just so happy I’ve stopped firefox from downloading a new version everytime.
Also set browser.selfsupport.url to “”
https://wiki.mozilla.org/Firefox/Shield/Heartbeat
“Heartbeat is User Voice in Firefox. Heartbeat provides real-time understanding of our existing Desktop user population, allowing us to pivot more quickly based on the needs and desires of our users. Heartbeat ties user perception to technical information so we can take your feedback and feed that into future Firefox releases.”
^ Seriously, what the fuck is this? It reads like a parody of upper management double-speak for spyware. With it enabled, there is a persistent connection to mozilla’s servers that consumes 1-2 kB/s