June 10, 2011, 4:01 p.m.
posted by redcraft
Stop Once-Only Dialogs Safely
Don't like to be bothered? Here's how to shut Firefox up and how to deal with the consequences.
After first installation, Firefox intermittently throws up a series of dialog boxes. For a first-time user, these can be confusing. Here's how to shut them up if you don't like them. Also here's how to make them appear, so that you can shut them up if you're installing Firefox for someone else.
Figure shows the first dialog presented.
Import Settings startup dialog box
By the time you read this, Firefox will be able to import from a number of other browsers, so the Import Wizard might look a bit more detailed than it is shown here, especially if it detects other browsers on your computer. You can cancel this import process safely. It can be repeated at any time after installation from the FileImport... menu.
Importing is a safe process unless you have sophisticated favelets or bookmarklets stored in your other browsers. Web developers are the main users of these small diagnostic helpers. In general, if you choose to import, there are two consequences. First, the bookmarks toolbar might be loaded with old stuff that might confuse Granny. Second, the surfing you did last week with that other browser might be copied into Firefox. That could be awkward if Granny isn't aware of your personal style and spots it.
Once Firefox starts, it confronts you with the dialog shown in Figure.
Default Browser selection dialog box
On Windows, this makes small changes to the Registry. It's harmless to make Firefox the default browser. If you have accidental viruses, spyware, or other nasties on your computer, it might improve security to make Firefox the default. Don't click Yes or leave the checkbox ticked if temporary product evaluation is your goal. If you want Firefox to be the default, but you still want Internet Explorer to work, see [Hack #40] . Whether Firefox checks at startup time that it's the default browser can be configured with this preference:
browser.shell.checkDefaultBrowser /* true or false */
The first time you surf to a web site over a secure connection, you get a warning. Then, when you leave that web site, you get warned again. Figure shows the two warnings.
First warnings for Secure HTTP border crossings
These messages are border security warnings. When interacting with a web site over plain HTTP (that's the normal case), content sent both ways can possibly be viewed by a spy. If the HTTP connection is performed over Secure Sockets Layer (SSL), then no spying is possible. These warnings tell you that you're either entering or leaving spy-safe territory. If you fail to click the checkboxes, you'll never be warned again. You'll never know if you are surfing "out in the open" or not. But you also won't be driven crazy by dialog boxes. These alerts can be set with these preferences:
security.warn_entering_secure /* true or false */ security.warn_leaving_secure /* true or false */ security.warn_entering_secure.show_once /* true or false */ security.warn_leaving_secure.show_once /* true or false */
The kind of spying that SSL prevents is fairly obscure. It requires that someone either wrap equipment around your physical telephone line or cable line, or else get access to one of the computers between yours and the remote web site. An ISP staff member is unlikely to spy like this unless they're assisting some security agency. Your privacy might be an issue if you are surfing from inside a corporate intranet. There, a corporate web server proxy could log any out-in-the-open activities.
If you are out in the open, web page forms you fill in have the same problem. The first time you attempt to submit a form, you'll be greeted with the dialog shown in Figure.
First warning for unencrypted form submission
If you click Continue or Cancel, you'll never see this warning again, just like the previous examples. Here are the matching preferences:
security.warn_submit_insecure /* true or false */ security.warn_submit_insecure.show_once /* true or false */
Finally, if the web page form is a login form, Firefox will detect this and ask if you want your login details remembered locally. Figure shows the permission request.
Password Manager permission request dialog
If you choose Yes, that password will be held insecurely on your PC. You must have some other password protecting your PC if you don't want that password exposed to office theft. The options are a boot password, a Firefox master password (ToolsOptions, Privacy, Saved Passwords, Set Master Password), or a decent operating system login password. Set this preference for the equivalent effect:
security.ask_for_password /* 0 = once, 1 = every time, 2 = only on expiry */
A password normally expires in 30 days, at which point the user must enter it again. Here is the preference for the expiry horizon:
security.password_lifetime /* An integer, default = 30 (days) */
Chapter 2 has a lot more to say about security issues in Firefox, but here's a summary of this hack: if you always hit Enter or Return when one of these dialogs comes up, you won't be annoyed by them any more. Your privacy will be only moderately protected afterward, but your online safety will remain high.