- slide 1 of 4
Mozilla Firefox and Tools
Some users may ask "Is Mozilla spyware?" or "Does Mozilla contain spyware?" Mozilla Firefox is not spyware software and it does not contain any spyware related files, but it concerns privacy and security conscious users. What people actually find is that the Firefox browser by Mozilla has a very old bug that makes it look like spyware. The bug was confirmed but Mozilla team decided not to fix it. Also, there are some reporting tools in Firefox browsers that are useful but not all of them.
- slide 2 of 4
Reporting Tools in Firefox
Before we begin discussing about the confirmed bug that concerns people in using the Firefox browser, let's take a look at the reporting tools that may require Internet connection in using Firefox, even if you are not browsing yet.
- Live Bookmarks and Live Title updating - Firefox lets you subscribe to feeds by websites. If you subscribe or have a bookmark that is updating, you may see Firefox try to connect to the internet even if you're not browsing yet. If you don't use or don't want the said reporting tool in Firefox, you can't use it as an RSS reader. To disable Live Title Updating, type about:config in the URL address of Firefox, enter browser.microsummary.enabled, and then double-click the entry to disable Live Title Updating tool.
- Auto-update checking, Anti-phishing and Anti-malware lists updating - As you all know, the browser by Mozilla has built-in updater so when you're using Firefox, you are informed of any new updates. If you have the updating turned-off, Firefox should not make an Internet connection. Firefox can block spoofed websites and pages that contains malware that can infect Windows or Mac OS. The database is updated by connecting to Google.com or other database providers, even if you are not using the browser to browse the Internet. You can see in the screenshot below where the browser is not in use to browse but Firefox has established a connection to Google servers and actually receiving and sending some data. If you have Google.com cookies or other providers by their malware and phishing database cookies, it can be sent.
- Home page loading and Extension blocklist updating - Obviously, if you setup Firefox to start with a home page, it will make an Internet connection. Firefox usually checks bad add-ons for Firefox and if they found unsafe add-ons (due to security or privacy issue), they can disable it. If you would rather disable that great feature, open the about:config again, then type extensions.blocklist.enabled. Double-click extensions.blocklist.enabled to disable the Extension blocklist updating in Firefox.
- Add-on list prefetching and Extensions - Firefox may connect to Internet even if you are not browsing, if you open the add-on manager in Firefox. This also applies if you have installed an add-on that requires internet connection, even if you are not browsing yet. You can also use a free add-on to block sites in Firefox.
- slide 3 of 4
The Bugs and Unwanted Features in Firefox Browser
The main reasons why some people ask "Is Mozilla spyware?" or "Does Mozilla contain spyware?" is because of the other two functions or reporting tools in Firefox browser - unwanted loopback connection and the Link prefetching.
- Link prefetching - The developers of Mozilla say "Link prefetching is a browser mechanism, which utilizes browser idle time to download or prefetch documents that the user might visit in the near future. A web page provides a set of prefetching hints to the browser, and after the browser is finished loading the page, it begins silently prefetching specified documents and stores them in its cache. When the user visits one of the prefetched documents, it can be served up quickly out of the browser's cache." Having end-users' visited websites and cookies accessed or sent without their knowledge is a concern. The good news is that Firefox users may disable Link prefetching. Simply type about:config in the URL address bar in Firefox, enter network.prefetch-next in the filter box, and then double-click network.prefetch-next to disable Link prefecthing tool.
- The unwanted Loopback connection - Internet Explorer and Opera does not require a loopback connection but Firefox does. It's a very old and confirmed bug in Firefox browser that the Mozilla team decided not to fix. The problem is when you open Firefox, there'll be 4 firefox.exe instances that connect to the local host. If you are using an advanced firewall that prompts for any Internet communication, you will see something like this alert:
Firefox will not open until you respond to the connection requests, if you are using a good firewall program. Mozilla has advised users to not to block because it communicates to the browser itself or to your computer only (local host). While it’s true that it is only communicating to a local host, it does not make sense to see Firefox acts that way, if other browsers don't. Also, since they confirmed it's a bug in Firefox, it should be fixed. There should not be too many established connections using Firefox even when you're not browsing, even if you've configured Firefox to disable other reporting tools, and if you are not depending on add-ons or malware or phishing protections in the browser. I tested this by disabling all the reporting tools in Firefox but the browser continues in establishing a connection.
- slide 4 of 4
Mozilla reporting tools is the same as most software products but not exactly the same. Other browsers do not require a loopback connection (see image to the left where 3 browsers are open but only Firefox is using an unwanted loopback connection, which is really odd) and possibly not implementing a non-standardized feature such as link prefetching. Firefox is a very neat browser and it is not and does not contain spyware, but privacy and security conscious users have valid concerns.
To prevent Firefox from connecting to the local host, you may use an advanced firewall to block the unwanted loopback connection. An example below is what I have in Agnitum Outpost Firewall Pro:
Image credit: Screenshot taken by the author.