Hide plugins, visited links and WebRTC from websites in Firefox

Whenever you connect to a website using any browser, the site receives a variety of information automatically. While not all sites process the information or record them, some may very well use them for tracking and other purposes.

Web services such as the EFF's Panopticlick highlight the information that websites may retrieve while you are connecting to them.

This may include the operating system and web browser, screen size, system fonts or which plugins are available.

We already mentioned in the past that you can limit or change what is being made available to websites and services when you connect to them.

As far as plugins are concerned, websites can only identify plugins that are enabled in the browser (either directly or via click to play).

While you can -- and should -- disable plugins that you don't use, you cannot block information about plugins that you use from being leaked to websites you connect to.

This changes with the Firefox add-on Hide Plugin & Mimetype Identifiers which you can install in the browser for that purpose. Once done, no plugin information are made available to websites anymore which you can verify by reloading the Panopticlick website.

This means that websites won't get information about plugins and versions anymore when you connect.

How is that helpful?

It needs to be noted that this does not prevent plugin exploits as leaking the information and running the plugin are two different things. This means that plugin executions are not prevented by the add-on.

Still, if you set plugins to click to play, you prevent the automatic running of plugin contents to be safe in this regard.

Blocking the information prevents sites from using it to identify users. The more information sites can gather, the likelier it is that they can generate a unique user fingerprint to identify a user even without the use of local storage options such as cookies.

The add-on lacks options to whitelist sites or replace relevant information with fake information as the feature may break functionality on some websites.

Two additional add-ons

The author of the extension has created two additional add-ons that some users may find useful. Disable visited links prevents websites from probing which other websites and services you have visited in the past.

CSS history leaks was a issue up until 2010 when browser vendors plugged that hole, but it became an issue recently again. You can read about the methodology used here which offers all the explanations you need to understand how it is done nowadays.

The third add-on, Disable WebRTC, prevents the exposure of your network IP to services on the Internet. You can do the same thing manually by setting media.peerconnection.enabled in about:config to false.