You need a web browser to view webpages online.
This webpage explains the choices available among web browsers and provides tips for
optimizing and customizing Mozilla-based browsers (Firefox and K-Meleon).
A Brief Description of the Browser Landscape
The Heyday of Internet Explorer
In the late 90's Microsoft managed to convert nearly all Windows users to Internet Explorer(IE)
through the clever scheme of embedding Internet Explorer into Windows.
Microsoft made it appear that Internet Explorer was a part of Windows and attempted to blur the line
between the Windows Desktop and the Internet, so that the average person never even knew
they had a choice about whether to use Internet Explorer. As a result, up until about 2004, over
95% of Windows users were using Internet Explorer and Microsoft was widely regarded
as "owning" the browser. The so-called "browser wars" were said to be over.
The End of Internet Explorer
But there were problems with that situation:
Security problems: Internet Explorer has become
a virtually unsolvable security problem due to Microsoft's insistence on tying their browser so closely into the
Windows operating system. And that problem is not helped by the fact that Microsoft typically
takes weeks, or even months, to fix security bugs in IE.
Outdated webpage rendering: Microsoft has not released any notable update to Internet Explorer
since about 2000, when IE 5 was released, so IE support for current webpage code is lacking.
User-control limitations: Internet Explorer configuration is a mess.
With hundreds of obscure and often conflicting settings, spread across a dozen different locations,
even an expert would be hard-pressed to control basic privacy and security options in Internet Explorer.
With the release of Internet Explorer 7, Microsoft
no longer even publishes a true browser program. IE7 is just a minor patch update that can
only run on Windows XP with Service Pack 2. (And even then it will only install onto systems where people have been
duped or pressured into installing Microsoft's "Windows Genuine Advantage" spyware).
For all practical purposes, Internet Explorer
has been abandoned in its dilapidated, circa-2000 state, unable to handle the modern
webpage code that all other browsers recognize (Mozilla, Opera, Safari for Mac, and Konqueror for Linux),
and now, as of IE7, it is unable to run at all on most operating systems.
Back to Index
Browser Options
Fortunately, other browsers have improved while Internet Explorer was
being neglected.
If the use of Internet Explorer online could be eliminated entirely,
that would also eliminate most problems with webpage display and functionality,
because all other browsers have been designed to conform to a basic
set of standards in web design.
For Windows users there are 2 basic browsers available, aside from Internet Explorer: Mozilla and Opera.
All other browsers are actually just a modified version of either Mozilla or Internet Explorer.
Opera
Opera, which was formerly adware, is now free. (It comes with no help file or support. Support is
$29 per year.) Opera has a good reputation as a solidly built program,
but it is also known for being inflexible in the way it renders HTML, causing poor display on
many websites. Also note,
Opera is spyware. When starting up, Opera attempts to contact
xml.opera.com (213.236.208.95), for no apparent reason and without notification. To use Opera without being tracked,
the 213.236.208.x range must be blocked.
Mozilla (Firefox, K-Meleon and Netscape)
Mozilla is the basic browser program made by the non-profit corporation
Mozilla.org. The different versions of that browser (Firefox, K-Meleon, Netscape) are mainly different only in
their appearance and settings options. Netscape, rarely in use any longer, is nothing more than
AOL's commercial version of the Mozilla browser.
Firefox is the version of the Mozilla browser
published by Mozilla.org.
K-Meleon is a slightly
different version of the same thing.
Given the problems with Internet Explorer and the
spyware aspect of Opera, the choices for a good browser on Windows arguably come
down to just Firefox and K-Meleon. (Recent versions of Internet Explorer and Firefox are also spyware
if the "phishing filter" is set to default configuration. See the
Privacy Information page for a explanation of that.)
Firefox is slightly more polished than K-Meleon. It has a better source code
viewer and has some options that are absent in K-Meleon (like the option to view a website without
styles applied). On the other hand, K-Meleon seems to be lighter and faster than Firefox. Both
the startup time and the page-loading time are noticeably faster in K-Meleon. Firefox and
K-Meleon share most of the same features and settings options, but there are a few notable differences,
which are detailed below.
Firefox/K-Meleon vs Opera
Opera requires some effort in order to get the full benefit of its advantages.
There are a large number of useful configuration options. For instance, unlike Firefox, Opera provides the
option (in the Advanced -- Style Options) to block "inline frames" or IFRAMES in the Settings window. In
Firefox the same setting requires downright "esoteric" knowledge to make use of it. (
See below.)
Yet blocking IFRAMES is required to
really block 3rd-party
cookies. Inline frames are actually separate webpages embedded within webpages. Advertising companies
like Doubleclick use IFRAMES in order to bypass privacy features so that they can follow you
around the Internet and watch your activity (in order to "target" ads at you). But if you don't know all
of that then you are unlikely to use or understand Opera's setting to block inline frames.
So neither the Mozilla browser (Firefox, K-Meleon) nor Opera is
really an adequate product for the average person who wants to use the Internet
safely, and with a reasonable degree of privacy. Both browsers still require far too
much technical expertise in order to accomplish the most basic necessities, like
stopping intrusive Flash cartoons and animations or protecting one's privacy
from sleazy operations like Doubleclick. Nevertheless, Firefox, K-Meleon and Opera all have numerous advantages
over Internet Explorer.
Back to Index
Getting Firefox, K-Meleon, or Opera
If you want access to superior privacy/security options and you are not comfortable fiddling with various
esoteric settings, avoid Firefox 2 and download
the last version of Firefox 1.5. Firefox 1.5.0.12 is available (as are earlier Firefox versions)
from Mozilla.org. The URL for English/US is:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/1.5.0.12/win32/en-US/.
Once there click on the link for "Firefox Setup 1.5.0.12.exe". Go "up one level" for other language versions.
If you know about the Firefox configuration options (user.js, about:config, etc.) then the problems with Firefox 2
can be circumvented and you may prefer that over v. 1.5.
The newer Firefox v. 3 is a similar case: It only supports Windows XP and Vista, and it's bigger
than v. 2 with new "bloat creep", but for people who are handy and willing to research the details of new settings
it may be of interest. (Example: The auto-complete options in the Location Bar now include History and Bookmark
links. Some people may like that. Some people may not. If you don't know how to use about:config then you
had better like it, because you can't turn it off!)
If you prefer K-Meleon, you can download the latest version here:
http://kmeleon.sourceforge.net/
For Opera, go to
www.opera.com.
Warnings About Firefox and K-Meleon
Third-party cookie settings don't work:
Unfortunately, with version 2 of Firefox, the Mozilla group seems to have headed
in the direction of bloat and commercialism. Firefox has never been very good about providing
extra options in the settings, beyond the basics. For example, simply disabling animated GIFs, which is easy to do in
Internet Explorer, is not an option in Firefox. With Firefox version 2, more functionality was removed while the installer
size grew by 15%. Important options were removed while silly functions (like
turning bookmarks into active headlines) were added.
Prior to v. 2, Firefox had two progressive
and user-friendly features: the ability to block 3rd-party images and the ability to enable cookies
while blocking 3rd-party cookies. A 3rd-party cookie is one that is saved on
your PC by a website that you are not directly visiting. In other words, if an ad image on a webpage
comes from Doubleclick then you may be vulnerable to receiving a Doubleclick cookie when that ad
is loaded, despite the fact that you did not actually choose to visit Doubleclick's website. That means that a company like Google/Doubleclick can potentially follow your every movement
online, since their ads are on the vast majority of webpages.
There is no
excuse for allowing "3rd-party cookies" from websites that you are not visiting. Cookies were orginally
designed to prevent that sort of privacy intrusion.
Was the option to block 3rd-party cookies removed to placate Doubleclick (now owned by Google) and
other advertising companies that want to record peoples' movements online? That's a somewhat ominous
possibility, given the
increasing
financial tie-in between Google and Mozilla.org.
As though the problems with Firefox 2 were not bad enough,
it turns out that 3rd-party cookie blocking never worked in the first place!
If you visit
this test page
using Firefox 1.5 or 2, or using any version of K-Meleon, you will find that the option to block
3rd-party cookies does not work. Likewise, adding the custom setting
network.cookie.cookieBehavior
to the prefs.js or user.js file has no effect.
If you really want to control 3rd-party cookies
in Firefox/K-Meleon you must disable all cookies. You must also disable IFRAMEs because anything
in an IFRAME, despite being loaded from a 3rd-party website, is not treated as 3rd-party, due to the fact that the
IFRAME is technically a webpage in its own right.
If you really care about privacy and security online, you should
also consider using
a HOSTS file, which is an easy way
to block any contact at all with selected domains like Doubleclick.net, google-analytics.com,
and other advertising/tracking servers that attempt to follow you around the Internet.
Beware the Phishing Filter:
If you are concerned about privacy you will probably want to disable the ridiculous
phishing filter that was added to Firefox starting with v. 2.
In addition to being essentially spyware, the phishing filter depends on information that is likely to be
outdated. The way the filter works is to check the website URLs you visit against a blacklist
of known scam websites. The list is hosted by Google. At full functionality the filter
reports to Google
every site you visit, in real time. Google is also using (3rd-party) tracking cookies in these communications. So
with the phishing filter enabled you will be inviting Google to watch you (
and presumably customize
the ads you see ...
and presumably sell your "consumer profile" to advertising companies... ) as you travel around the Internet. Meanwhile, phishing websites can easily relocate
once their URL has been added to the blacklist. If you want to avoid being caught by an online scam,
a bit of caution and common sense is
far more useful, and far less intrusive, than the Firefox2 (and IE7) phishing filters.
Back to Index
Google Chrome - Cloud Computing Darkens the Horizon
"Cloud Computing" mania
"Cloud computing", for anyone unfamiliar with the term, is the main tech. fad of 2008. It refers to the idea
of running software from online, "in the cloud". This all started in about 1999. Around that time,
PC hardware and software were both reaching a point of mature stability. PCs were finally fast enough and software
was finally good enough and cheap enough, in general. But the prospect of people no
longer needing to be on a constant diet of upgrades meant that software companies would be seeing smaller profits. So before long the "buzz" was all about "thin clients", "web services", "internet keyboards"
that provided one-click access to important online activities, etc. Web services
were going to be the way of the future.
The tech. media in general was only too happy to herald the impending death of the desktop PC
in favor of thin clients (stripped down, cheap, miniature PCs with little upgradeability) and web services.
But of course the desktop PC didn't disappear.
Nine years later, cloud computing is just the latest name for the online services gimmick. And many large companies
are still hoping to turn that gimmick into a profitable trend.
Microsoft has been talking about "Software and Services" - continuing to sell Windows while also renting
software to run on Windows). Others talk about "Software as a Service" - renting software functionality.
Google has been developing such things as an online office suite. Large tech. companies have been jockeying for years, trying to
find a way to make a fortune by selling software
usage rather than just software licenses.
Part of that effort involves telling the general public, over and over again, that now that their PCs are finally cheap
and fast... and now that the software they use is finally cheap and adequate to their needs... it's time
to throw them out in order to rent the same software online. Even more ludicrous, the story goes that
we'd all be better off letting companies like Microsoft and Google take charge of our personal files.
And once again the tech. media is only too happy to keep talking up this new cutting edge "cloud computing". It's an
easy headline, after all, to just publish press releases issued by the marketing departments of tech. companies.
The Face of the Cloud
In September, 2008 Google released
Google Chrome (GC),
which they describe as a browser. However, GC is not a browser. It has a browser window that can display webpages, but the similarity
stops there. GC is not really designed for web browsing. It's optimized
for running those famous "cloud apps", like Google Docs and GMail. One of the few features in
GC is the ability to create desktop shortcuts to online services that will then open in a stripped-down GC window, so that your
GMail can appear and act almost like a Windows
software program. GC is a big step in the effort to herd the public into online services by redefining the Internet as
services, like a sort of interactive TV where the viewers use various ad-supported online services.
GC is a radically intrusive piece of
software that is deliberately designed with no respect for the privacy and property of a personal PC. After all, if all of your stuff -- both your
software and your files --
is hosted online then your PC is just hardware, so who needs privacy? GC has no settings to disable javascript or Java. The single text input is both the address bar and the search bar.
Whatever you type is sent to your selected search engine (probably Google), whether it's a search phrase or just the URL
of a page that you want to visit. In addition to spying on your online activities, each copy of GC is also rigged with
a uniquqe ID number to
help identify you online. And that's not to mention the basic online tracking that Google already does via cookies, script and
tracking beacons on the vast majority of commercial websites. Settings and privacy control are nearly non-existent in GC.
Does GC even respect settings in the HOSTS file? Since it's not really a browser, maybe it doesn't.
In addition to the limited settings options in GC itself,
the GC Terms of Service goes further. It states that you have no choice but to allow Google to update GC in any way they wish, at any time.
(Section 12.1). In other words,
Google claims the right to change your installed software without notice or permission. The GC ToS
also states that Google may
or may not show advertising in GC, and may alter the way they show ads without notice.
(Section 17.) Then, of course,
there is the usual "Mickey Mouse" disclaimer that renders this and similar "legal" agreements absurd: Section 19 claims that
Google might change their terms at any time and you have
pre-agreed to whatever those changes might be!
All of the above explanation is to say that the arrival
of Google Chrome
has done nothing to expand the list of usable browsers. Google Chrome
is arguably neither usable nor a browser.
Further reading links:
Is Google Turning Into Big Brother?
EFF: We're concerned about Google's Omnibox
Back to Index
Adapting to a New Browser
In general, the Mozilla browser (Firefox or K-Meleon) is
much easier to use than Internet Explorer. The standard settings are simple, clear and accessible.
But Firefox only comes with the most rudimentary help file and K-Meleon comes with no help
file at all. Since most people are not familiar with browser settings to begin with, that might
be a problem.
You may have trouble with some webpages not displaying correctly in Firefox or K-Meleon...
The original instigation for this page was a complaint from a friend who was trying to use Firefox
to get airline reservations online, and who did not find a functional travel website until the 4th attempt.
(Orbitz was the one that worked without problems.) The biggest reason for that kind of problem is
that many websites, until recently, have been designed for Internet Explorer, and Internet Explorer
is quirky. As Mozilla browsers have become more popular, most website authors have begun testing to
ensure that their site works properly in Firefox/K-Meleon.
In addition to display problems based on browser differences, there can be problems
related to browser settings...
There is an awkward balance, in browsers, between functionality and security/privacy.
Browsers were originally intended to just display pictures and text, but they've been pushed to provide
far more functionality, including interaction between the website and the visitor. The current fad over "AJAX" and "Web 2.0" is
trying to push even further, using obscure browser functionality along with javascript to create online webpages that respond
like software. (Example: Google maps.) The Web 2.0 craze has "entrepreneurs" and business people everywhere
excited by the possibility of turning the Internet into a sort of interactive TV
and providing something...anything...that people will pay for on that TV. But there is always a tradeoff with that kind of functionality.
The more a browser can do, the more it becomes vulnerable. So-called "Web 2.0" promises to open up an entirely new can of worms
in terms of browser security.
The vast majority of security problems require javascript enabled. The vast majority of privacy problems
require javascript and/or cookies. So it makes sense to disable script and cookies for most websites. But doing that can often conflict with
website display and/or functionality. Part of the reason for that is incompetence on the part of webmasters who write pages that
unnecessarily require javascript to function. But a bigger reason is because commercial websites (and their advertisers)
are often intent upon unnecessary privacy intrusions. They
depend on the security problems with script and cookies.
If you look at
the source code of a typical corporate webpage you'll see a great deal of tracking code, attempting
to link you to all of the website advertisers so that they can track your movements in order to "target" the ads you see. Corporate webpages are
often designed to require script and/or cookies in order to enable this tracking.
So there are two aspects to the problem of javascript and cookies: Script (and to some extent cookies) is often required
to produce interactive webpages. And interactive webpages introduce privacy/security issues. There's
no way around that. But that dilemma is made much worse by commercial exploitation online, making it difficult
for people to turn off script and still see readable webpages. The ideal browser
security would have people enabling script only for functionalty such as online banking and purchasing.
Part of the reason for the success of Internet Explorer - and also part of the reason for its security problems -
is that the IE security and privacy settings are very difficult to adjust, even for experts. As a result, nearly
everyone using Internet Explorer has script, ActiveX and cookies fully enabled, all of the time. That makes many commercial
webmasters happy, but it also means that Internet Explorer users are usually "sitting ducks" in terms of security and privacy risks.
Controls for script and cookies should really be on the main toolbar,
where they can be easily toggled. While no browser has that feature, with Firefox and K-Meleon
the settings are at least fairly easy to access and change.
Back to Index
Page Display Issues in Firefox/K-Meleon
The display, or "rendering", of a webpage is dictated by the HTML and CSS code of that page.
HTML tells the browser what to put on the page and how to set it up. CSS adds more
"style" information that tells the browser more specific details about how the page
should appear in terms of layout and graphical style. Problems with rendering can come from
several sources. Often the cause is just poorly made webpages. Another problem for
non-Internet Explorer users is that IE has been so universally used until recently that some website authors have just not bothered
to test their website functionality to make sure that it works in all browsers.
Some of the more common webpage display problems, and possible solutions, are listed here.
Browser-based incompatibility
Symptoms: Symptoms may range from minor display irregularities up to failure of the page to load at all.
This problem can range from distorted page display to
total rejection with a message that tells you your browser is outdated and the page cannot be viewed.
Many webpages have been unwittingly designed to accomodate the
quirks of Internet Explorer, and many webmasters are ignorant of the
fact that their pages may not display properly in all browsers. Hopefully, the increasing number of Firefox users will
result in curing that problem soon.
Microsoft is one of the biggest problems in this regard. They have
refused for years to put their browser in compliance with common web standards, acting as though their software
is the only software used and determined to "rule the Internet" with their browser.
In addition to Internet Explorer, Microsoft's other software compounds the problem. People who create webpages
with Microsoft's Front Page program (or worse, MS Word) end up (for the most part unwittingly) writing webpage code
containing nonsense HTML tags and attributes that Microsoft made up, and that no one else recognizes.
(If you look at the code of a Front Page or MS Word production by clicking View -> Source in your browser, you
will probably see numerous
code elements that begin with "MSO". There is no such thing as a webpage code element that begins with "MSO", except in
the strange, parochial world of Microsoft.)
Microsoft even blatantly refuses to work with other browsers in some cases. They require
the use of Internet Explorer at the Windows Update website and many other
Microsoft websites.
Indeed, it could be argued that incompatiblity is the "secret sauce"
in popular Microsoft software such as Internet Explorer, Front Page, MS Office, etc. If
Microsoft made their software conform to common standards they would have to compete solely on
the merits of their products, accepting that they are just one company making tools for use in
a mature, wide-ranging world of computing that is far bigger than them. But there is
no reason to expect that Microsoft will change on that score. In a Sept. 26, 2005
interview with BusinessWeek magazine, Microsoft CEO Steve Ballmer said,
"We will win the Web.
We will move fast, we will get there. We will win the Web." "Win the Web"?. Mr.
Ballmer sounds more like a crazed, panting warlord going into battle than a businessman overseeing
software production. So it appears that bringing compatibility and ease-of-use to
the Internet will require no less than the elimination of Internet Explorer.
Back to Index
Style Sheet problems
Symptoms: Page elements jumbled or piled onto each other. Page layout nonsensical. Multiple, separate blocks of text displaying in
one and the same space
on the page, rendering them all unreadable.
Some websites, even some large, well-travelled sites, have been designed with faulty "style sheets".
That is, faulty CSS style code that may cause problems. Often the problem only involves
small amounts of jumbled text that are still, at least, readable. Other times the entire webpage
is a jumbled pile of confusion, as though all the parts "fell off the page" into a heap. In Firefox there is a simple cure for that: On the Firefox menu, go to
View ->
Style ->
Page Style and select
No Style . That will cause Firefox to ignore all
style settings for the page and display only the HTML layout. The result is usually less attractive
but will render the page clearly readable. K-Meleon (as of v. 1.02) does not have an option to display
pages with no style.
Back to Index
Image display problems
Symptoms: Missing images on page. Websites that use dynamic images malfunctioning. Buttons such as "Search" or "Next" missing from the page.
Firefox(pre-v. 2) and K-Meleon have a very clever and useful setting for images
that is not found in Internet Explorer. If you go
to
Tools ->
Options ->
Web Features
in Firefox, or
Edit ->
Preferences ->
Privacy
in K-Meleon, you will
see that in addition to the choice of whether to load pictures, you can also choose to load them
"for the originating website only". That means that only images on the same website that you are
visiting will be loaded. (In K-Meleon select the option "Accept site images".)
In the vast majority of cases, an image coming from somewhere else ("3rd-party") will be either
an ad or a "tracking beacon" (usually both), from an advertising company such as Doubleclick, that allows you to be tracked between websites.
So this setting works as an ad blocker and privacy aid. (See the
Privacy Special Note section below for further explanation
about that.) However, a few sites will not function properly if you block the loading
of 3rd-party images. Mapquest, for example, will not display maps. And some sites, oddly,
are created to reside on more than one server. For example, CNet news is at news.cnet.com, but
their stylesheets and images load from an entirlely diferent domain - com.com. So anyone who
blocks unsolicited 3rd-party files in their browser sees the CNet site as a bland combination of
black text and blue links, like a typical webpage from the mid 1990s. The new search engine cuil.com
makes the same mistake. Their website is at cuil.com but most of the content is coming from cuilimg.com.
With 3rd-party blocking the cuil.com homepage is little more than a black field!
If you want to maintain your privacy, reduce the clutter of webpage ads, and reduce
risks of cross-site security problems by blocking 3rd-party images, then you'll just have
to put up with the minor problems caused by poorly designed sites.
Back to Index
Script and cookies problems
Symptoms: Links or buttons do not respond (script). Information entered into forms is lost (cookies).
Some sites do not work properly without script and/or cookies enabled,
which is unfortunate because script and cookies are security and privacy risks that
are usually not actually necessary to the functionality of a given site. Adding to the problem,
many sites will not inform the visitor that script or cookies must be enabled. Instead, the site simply won't work and you are
left to figure out why.
A common symptom of script problems is buttons or links that do nothing
when clicked. But having script disabled can also sometimes cause a page to load wrong, resulting in
a partial or blank page. Some website authors even design their site to malfunction without
script because they want you to see their cute animation effects.
Firefox has javascript adjustment options. When you enable javascript,
the
Advanced button will be enabled. Click the button
to show 6 specific functions that can be enabled or disabled. To some extent you can use these options to
make script both safer and more functional.
You must enable
Change images for
the Google maps website to work. The other options should probably not be enabled. There is no reason
to let any website block you from seeing the status text (at bottom left) that tells you where you are. And there is
no reason to let any site disable your right-click context menu.
Note that K-Meleon does not have most of
the javascript options in the settings, and in Firefox 1.5 the "change Images" option is missing.
Any javascript adjustments not available through the settings window must be made through about:config or by editing user.js.
A common symptom of cookie problems is when you fill out
a form on one page and the information is all lost on the next page. Or you enter a password
on one page, click "Next", and end up back at the same password prompt again with no explanation.
The reason for that is because cookies are often used to carry information from one
page to the next.
To enable cookies go to
Tools ->
Options ->
Privacy
in Firefox, or
Edit ->
Preferences ->
Privacy
in K-Meleon, to change the setting.
Then reload the page. (Click the reload button, the double, circular blue arrow icon on the toolbar.)
Back to Index
Standard Settings Options
Firefox and K-Meleon settings are straightforward for the most part (unless you want to access
settings that are not made available in the menu), and they are far easier to manage than the
multitude of confusing and obscure settings in Internet Explorer. With its 5 "zones" and
extensive security settings, IE probably has more than 200 individual settings related to privacy
or security, in about a dozen different places. Yet IE provides less choices for customizing how
the browser actually works.
All of the standard Firefox settings can be found in the
Tools ->
Options menu. In K-Meleon that would be the
Edit ->
Preferences menu. The following is a listing of some of the more important
or unusual settings.
Privacy
UPDATE WARNING: This topic formerly described cookie options in Firefox
and K-Meleon. Those settings do not work properly. See details above.
Back to Index
Web Features
Block Popup Windows can be activated while still enabling script. That option will block many popup ads but
may occasionally need to be disabled for interactive websites that use popup windows for legitimate purposes.
Allow websites to install software is a Firefox-only setting that enables the quick online installation
of Firefox plug-ins. That's a rather dubious design idea, however, and there have already been security
problems linked with the enabling of that feature. It might be best to enable this only if, and when, you
want to install a Firefox plug-in.
Load images...for the originating website only provides the option to block images
coming from websites other than the one that you are visiting. This feature is described above in the
"Image Display Problems" section. In general it is an easy way to block the majority of ads and tracking
beacon "web bugs", but a few sites will not function properly with this option selected. (This option
is in the
Privacy section in the K-Meleon settings and
has been removed from Firefox in v. 2. See the Firefox 2 warning section about that.)
Enable Java: Java is rarely needed and constitutes a security risk. There is no reason
to enable it unless for a particular interactive website that requires it. (This is in the
General section in the K-Meleon settings.)
Enable JavaScript: It is safer to disable this. The majority of browser security problems
are connected with javascript. On the other hand, many sites use script and script is not as risky
in Firefox as it is in IE. Since the Firefox/K-Meleon settings are easy to access, this option can be
switched on and off as needed.
(The javascript option is in the
General section in the K-Meleon settings.)
Back to Index
Advanced
Tabbed Browsing provides the option to load new pages into tabs in the same window, or to have each new webpage open
in its own window. (In K-Meleon tabs are referred to as "layering". To enable layers go to
Edit ->
Preferences ->
Plugins
and enable the "Layered Windows Plugin".)
Software Update (Firefox only) will cause Firefox to search for updates by default if
not unchecked.
Back to Index
Custom Settings Options
Firefox and K-Meleon have a number of features that do not show in the standard settings window but which are adjustable.
Most of these features are not available in Internet Explorer at all, even though several of them (such as the ability to control
the referrer header) should be
available in any properly made browser.
Unfortunately, the documentation for these settings is limited, while the format
and system for the naming of settings is excessively "geeky". The system for adjusting these settings dates back to
the early days of Netscape and it seems that no one has thought to modernize it since then. In fact,
it's only getting worse! For example, the setting to block 3rd-party images, and even the meaning of the possible values
used in that setting, have changed for no apparent reason in Firefox 1.5.
Many of the settings
are the same as settings documented for Netscape 4, so Netscape documentation may provide some
help if you want to research further. But neither Netscape nor Mozilla.org seems to have published a
fully comprehensive documentation.
Back to Index
There are two ways to make the custom adjustments:
1) Enter "about:config" (without quotes) in the address bar and then press the Enter key.
A long list of settings options will appear. (Some are the same settings available through the standard settings window.)
You can switch True/False settings by just double-clicking on them. Double-clicking on numeric
or text settings will open a text input window to enter the new setting.
2) Create a file named user.js in the user folder. The path in Firefox is
Application Data\Mozilla\Firefox\Profiles\[username].xxx\user.js. The parent folder name can vary.
The Application Data folder is in the Windows folder on Windows 95/98/ME. It's in the
Documents and Settings\[UserName] folder on Windows 2000/XP. In K-Meleon the path is
Program Files\K-Meleon\Profiles\[profile name]\xxxxxxxx.xxx\user.js
The user.js file has a specific format. Example:
user_pref("autoupdate.enabled", false);
"user_pref" is always the first part. Then the name of the setting,
in quotes, appears within parentheses, followed by the setting value as shown here.
Setting values do not appear in quotes except when they are string data, such as:
user_pref("image.animation_mode", "once");
A semi-colon ends each line, and each setting must be on its own line. A setting can be temporarily deactivated by "commenting" it
with 2 slashes, like so:
//user_pref("autoupdate.enabled", false);
Back to Index
Some useful settings
The following are settings that have not been made available in the Firefox
settings window. These settings can also be used in Netscape.
Block 3rd-party cookies
// cookie behavior: 0-accept all cookies. 2-no cookies. 1-no 3rd-party cookies.
user_pref("network.cookie.cookieBehavior", 1);
UPDATE WARNING: This setting does not work! The 3rd-party image
blocking may also not work. See detailed explanation above.
Block 3rd-party images
One of the most useful and insightful new features in Mozilla browsers
is the ability to block the loading of 3rd-party images. The option is not in the settings menu with
Firefox 2 or Netscape, but is still available (presumably) through user.js.
The original setting was changed as of Firefox v. 1.5, so it's best to enter both the old
and new setting:
// Image behavior: 0-accept all images. 2-no images. 1-no 3rd-party images.
user_pref("network.image.imageBehavior", 1);
user_pref("permissions.default.image", 3);
Block IFRAMEs
There is also another, less accessible setting that can improve your results
when you block 3rd-party images: Blocking IFRAMEs. IFRAMEs have always been a security risk
in connection with "cross-site scripting". More recently, advertisers have been putting their 3rd-party
ads inside IFRAMEs (a type of HTML code) in order to bypass the 3rd-party image blocking. An ad
inside an IFRAME does not look any different, but an IFRAME is a separate webpage within the webpage that
you are viewing. So an image inside an IFRAME is not a 3rd-party image, no matter where it is coming from!
Fortunately, IFRAMES are rarely used (aside from this new advertising trick) and are not necessary. (The same
effect can be accomplished with:
DIV {overflow: scroll;})
IFRAME was not even supported in
Netscape browsers until fairly recently. So you can block IFRAMES altogether and run little risk of
missing anything.
To block IFRAMEs, you cannot use the about:config or user.js file methods detailed above.
Instead, you must create a file named
userContent.css. Put userContent.css in the
Chrome folder,
which is inside the user profile folder, if the file does not already exist. (The path of the user profile folder is explained above. It's the folder that contains
the prefs.js file and possibly a user.js file.) Inside the userContent.css file, on its own line, put the following:
IFRAME {display: none !important;}
If you use the 3rd-party image block and the IFRAMEs block, combined with
a HOSTS file that blocks advertisers like doubleclick (see the
Privacy Special Note section below) you'll find that
most webpages you see will be nearly ad-free. That's because almost all ads these days
are also web bugs and are loaded from 3rd-party advertising company websites.
Back to Index
Image animation
This will prevent animated GIFs from repeating:
// Image animation mode: normal, once, none.
user_pref("image.animation_mode", "once");
Prevent blinking text
user_pref("browser.blink_allowed", false);
Turn off "What's related?"
user_pref("browser.related.enabled", false);
// Load WR? 0 = Always, 1 = After first use, 2 = Never
user_pref("browser.related.autoload", 2);
Stop Firefox/K-Meleon from sending referrer header
This blocks sending of the referrer header, which tells a website
where you are coming from if you click a link. That information is used by websites
to find out what other sites are linking to them. That's not especially problematic,
but if you would prefer to maintain your privacy you can turn the function off.
The Firefox settings have
two versions, so probably both should be set:
user_pref("network.sendRefererHeader", false);
user_pref("network.http.sendRefererHeader", 0);
user_pref("network.http.sendSecureXSiteReferrer", false);
Control UserAgent
The UserAgent string is a string of text that the browser sends to websites
in order to identify the operating system and browser. That is normally harmless,
but in some cases a webpage may render better if you pretend to be
using a different browser. K-Meleon has userAgent options in
the main menu, but Firefox does not.
Firefox will normally send the relevant UserAgent string for your operating system and browser. You can change that
with the setting "general.useragent.override". Below are examples of typical
UserAgent strings for various operating system/browser combinations.
(Use only one of these settings at a time.) The format is:
user_pref("general.useragent.override", "xxx");
where "xxx" is the UserAgent string in quotes. The following samples
can be used to mask your system as a different operating system and/or browser.
Replace xxx with one of the lines below. (The lines that begin with "//" are comments
to include in a user.js file for clarification. They are not part of the UserAgent string.):
// Firefox 1.0.3 on Windows 2000, Language: English US:
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
// Mozilla on Windows 98:
Mozilla/5.0 (compatible; Windows 98; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
// Internet Explorer 6 on Windows XP:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
// Netscape 4 on Mac:
Mozilla/4.76 (Macintosh; I; PPC)
//Netscape 4 on Linux:
Mozilla/4.61 [en] (X11; I; Linux 2.2.13-33cmc1 i686)
// IE 6 on Windows XP with SP2 and the .Net runtime v. 1.1:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
As you can see from the sample UserAgent strings, they can contain
various types of information. Most of it is not critical. When websites are checking
to determine what the browser is, the presence of "MSIE" is typically assumed to
indicate Internet Explorer. Mozilla browsers (Mozilla, Firefox, Netscape 6+) are the only ones that use "Mozilla/5.0",
but most sites seem to skip that detail and check for "Gecko" instead. If
"MSIE", "Gecko" and "Opera" are all absent then the browser will probably be treated
as Netscape 4.
Note that while masquerading as a different
browser can sometimes help to render problem webpages,
it can also sometimes cause problems. For example, this website provides
special code to Internet Explorer because IE is too old to understand the normal
code for the main menu. If you visit jsware.net using IE, but with a UserAgent
that says it's Firefox, then the main menu will not work.
Back to Index
Stop Prefetching
Prefetching is an idea of questionable value that is nevertheless part of
the HTML specification. The idea with prefetching is to allow a website to take advantage
of the time when your browser is not busy. For example, if your browser has finished loading
Page 1 of an article, a special prefetch link on that page could force the download
of, say, a large image that
might be needed later if you decide to go on to Page 2
of the article.
The problem with prefetching is that it's rarely likely to be useful,
it takes control away from the visitor, and it can allow unrequested and undesired
files to be stored in your browser cache. For instance, there is nothing to prevent
a webpage prefetching ads, undesired webpages, and possible cookies that go with them.
Unfortunately, prefetching is one of several relevant settings
that the "Mozilla team" seems to think are too complex for the browsing public to understand.
From the Mozilla.org explanation of why prefetching is not included in the Options window:
"...our theory is that if link prefetching
needs to be disabled then there must be something wrong with the implementation.
We would rather improve the implementation if it does not work correctly,
than simply expect users to locate some obscure preference in the preferences UI."
That sort of arrogance is why Firefox, despite all of its good features,
is badly lacking in options for people to easily control settings. The prefetching setting must
be adjusted through about:config or by adding a line to the user.js file. If you are using
a user.js file, add the following line:
user_pref("network.prefetch-next", false);
If adjusting the setting in about:config, find the value
network.prefetch-next and set it to False.
The setting is the same in both Firefox and K-Meleon.
Back to Index
Settings Specific to K-Meleon
Firefox is made with the open-source Mozilla browser.
K-Meleon is a very similar product,
also open-source and also based on Mozilla. K-Meleon may be a desirable alternative to Firefox v. 2.
It is so similar to Firefox that the transition is effortless, but K-Meleon provides superior access to
important settings. In particular, K-Meleon provides all the privacy options in Firefox 1.5 and
then some, while Firefox v. 2 sees the removal of important privacy options. K-Meleon even
includes an optional ad-blocker plug-in.
K-Meleon Settings
K-Meleon is very similar to Firefox, but there are a few notable
differences. This section explains some of those. One important difference to note
is that the profile folder is kept in the K-Meleon program folder. When Firefox is uninstalled
it leaves all settings behind, in a subfolder of Application Data. If you upgrade K-Meleon
you should first back up your custom settings by copying the settings files from \Program Files\K-Meleon\Profiles\default\xxxxxxxx.xxx,
where "default" is either literally "default" or a user name, and "xxxxxxxx.xxx" is a random, nonsense
folder name. In the following notes the randomly-named folder will be referred to as
the
Profile folder.
K-Meleon Bookmarks
The Bookmark plugin that installs with K-Meleon by default enables
the use of Netscape/Firefox-style bookmarks. With that plugin enabled
(
Edit ->
Preferences ->
Plugins )
just copy your Firefox bookmark file (bookmarks.html) from the Firefox Profile folder, into the K-Meleon Profile folder. (The Firefox profile
folder is Documents\Settings\[username]\Application Data\Mozilla\Firefox\Profiles\[username].xxx
or Windows\Application Data\Mozilla\Firefox\Profiles\[username].xxx.)
Back to Index
K-Meleon Privacy
UPDATE WARNING: K-Meleon cookie settings do not work as expected.
See detailed explanation above.
K-Meleon Appearance
K-Meleon is not quite so polished as Firefox in terms of toolbars, etc. The default icon,
notably goofy, seems to be a smiling dinosaur cartoon. But K-Meleon is adaptable. In
Edit ->
Preferences ->
Display ,
choose a skin. "Phoenity" is the up-to-date skin. Once a skin is selected, go to the program folder and find the
corresponding subfolder in Skins. In other words: \Program files\K-Meleon\Skins\[skin name]\.
Toobar background image:
Place a BMP file in the Skins subfolder. Then open K-Meleon, type
about:config into the address bar
and press Enter. Set the value of
kmeleon.display.backgroundImage to the full path of the BMP file.
Set the value of
kmeleon.display.backgroundImageEnabled to True.
Program icon:
In the Skins subfolder, replace
main.ico with an icon of your choice. It should be
a 256-color icon with both a 16-pixel and 32-pixel size contained in it.
Toolbar buttons:
Toolbar buttons can be removed by editing the file
toolbars.cfg in the
Skins subfolder. It is fairly self-explanatory. Just use a hash mark to comment out any buttons
that you do not want to be visible.
Note that the graphic options above only apply to the current skin.
Back to Index
K-Meleon - Fixing Multiple Window Problem
One odd default setting in K-Meleon is that it opens bookmarks in
new windows. That behavior is unconventional and may not be desired. To make
bookmarks open in the same window, open K-Meleon, type
about:config into the address bar
and press Enter. Find the setting
kmeleon.plugins.bookmarks.openurl. If the value
is
ID_OPEN_LINK_IN_NEW_WINDOW then change that to
ID_OPEN_LINK.
K-Meleon - Stop PDF Files Loading
Adobe has been downright obnoxious in their tireless effort to make
PDF files a web standard. By installing browser plugins without asking, Adobe has fooled
many people into thinking that PDFs are like webpages - in hopes of selling more
copies of Adobe Acrobat. The problem with Adobe's behavior is that in most cases
it makes more sense to save PDF files to disk rather than to load them in the browser. A PDF is
good for flexible printing and very little else. PDF files are not especially convenient for reading
text onscreen. Yet it can sometimes be difficult to just save a PDF to disk because
Adobe's plugin jumps in and takes over.
In Firefox, the treatment of mime types can be adjusted in
Options ->
Downloads ->
View and Edit Actions There one can choose whether
to open or save PDF files.
K-Meleon, by contrast, has no options to control plugins, and the user-pref settings may be
ignored. To stop K-Meleon from loading PDFs in the browser, find the Adobe Acrobat Reader plugin folder. The path should
be something like ..Program Files\Adobe\Acrobat x.0\Reader\Browser. Or find the path by doing a search for the file
nppdf32.dll. (That file is the Netscape PDF plugin.) Once the path is found, rename the file or rename
the parent folder, to something like "noBrowser", so that K-Meleon cannot find it. Or just delete the DLL file
if you know you don't want Acrobat Reader opening PDF files in your browser. Also check to make sure another
copy of that file is not in the Program files\K-Meleon\Plugins folder. That should stop Acrobat,
but K-Meleon is especially badly behaved when it comes to plugins. Not only are plugin settings hidden - if
the Acrobat plugin is not found K-Meleon may even try to hunt down the Acrobat Reader program on your
system and force that to open PDF files! If you have that trouble, it may help to also add this line
to your user.js file:
user_pref("browser.helperApps.neverAsk.openFile", "application/pdf");
K-Meleon - Other Settings
Unlike Firefox, K-Meleon does not seem to recognize a UserChrome.css
file, which prevents some of the the GUI customizing possible in Firefox. K-Meleon
does recognize
UserContent.css, in the
[Profile]\Chrome folder. That file can
be used to block IFRAMES, as explained above for Firefox. It also seems to be
where the settings are set to include the ad blocker and flash blocker, if those are
used. Unfortunately, after initial setup those options seem to disappear from K-Meleon's
available settings options. If you did not choose to use the ad blocker during setup
you can still do it later. The ad blocker is just a long list of CSS settings. (And actually there are a number of versions
available online.) It works by blocking out various IFRAME and IMG tags with specific dimensions
that are likely to be ads. If
adblock.css
is in the
chrome folder just add this line to
UserContent.css:
@import url(adblock.css);
Back to Index
The SurfSet Utility
SurfSet is a small utility program that is being made available free of charge. It is for people
who want to take advantage of custom Firefox settings, but who may not feel comfortable writing their own
configuration files. SurfSet provides easy access to a number of the settings, including the ones
listed here. It also provides access to a number of hidden and/or little-known settings in Internet Explorer -
many of which are security risks.
For more details and download see the
SurfSet page.
(Note: As of this writing SurfSet does not recognize K-Meleon.)
Back to Index
Special Note: Privacy and Ad Blocking with Firefox and K-Meleon
With a bit of work, nearly all ads and "tracking beacons" can be removed
from webpages viewed in Firefox and K-Meleon. The method involves using a combination of browser settings
and a HOSTS file. Some people may feel that it's somehow dishonest to block ads, but
no honest ads are blocked by this method. That is to say, any ads that are actually
on the webpage you visit will not be blocked by browser settings and HOSTS files.
Unfortunately,
most ads are
not actually on the webpage you visit. Most commercial sites link to ads coming
from Doubleclick or other advertising companies. You are being sent to the advertising
site secretly. You never chose to visit their website. Worse, these links to advertising websites
allow your activity to be tracked in great detail. The advertising website is able to
record your movement from one website to another. Some webpages contain links to
two or more advertising or data mining sites, loading ads or invisible "tracking beacon" GIFs to record your
visit. Tracking is possible because if you load anything at all from the advertising website then they have
your IP address. That address will show up in their records for each website where their ads
are linked.
By combining that record with data
collected at each individual site that you visit (such as what you clicked on while you were there)
advertising companies can create extensive dossiers about who you are, what websites you visit,
and what you do when you're there.
For very effective ad blocking and greatly improved privacy,
use the following method:
1) Block cookies except where absolutely necessary to the functionality of a webpage.
2) Block IFRAMES. (Also explained in the
"Block 3rd-party Images" section above.)
3) Use a HOSTS file to prevent loading any data at all from advertising
and tracking URLs such as Doubleclick. Directions and a sample HOSTS file are
available on the
Privacy Tips page.
Back to Index
