As I just set up my phone’s browser, I thought it might be nice to make some notes and share them with the world. This article aims at people who currently just use their default browser on Android. If you are using the Tor browser or have your own browser best practices, feel free to write and own guide and link it to me on social media.
Fennec - The browser of choice
Currently Fennec from F-Droid1 is my browser of choice. For those unaware, F-Droid is an alternative “app store” on Android that provides apps that fulfil high privacy standards as well as being free software and very transparent about so-called anti-features2.
To get Fennec download the F-Droid app from their website3. Once done, open the app, swipe down to update the repositories and then search for “Fennec”. “Fennec F-droid” with a blue Firefox symbol should show up. Select the entry and press the “Install” button.
Hint: You might be asked if you want to allow F-Droid to install apps as well as being ask to confirm the installation of Fennec. Obviously you want to allow both things.
Once installed, you should open Fennec. In the upper right corner you can open the menu and then go to “Settings”. Here you an configure Firefox sync integration, which is quite convenient if you want to integrate with your Firefox-desktop. But more importantly, we want to modify some settings here:
- Set up the search engine of your choice as default search engine
- Remove search engines you won’t you anyway
- Disable “Show search suggestions” to prevent sending all your input to the URL bar, to the search engine of your choice
- Enable “Show history suggestions” to keep the convenience of re-visiting websites conveniently
- Enable “Do not track” if you prefer that websites shouldn’t track you4
- Set “Tracking Protection” to “Enabled” instead of “Enabled in Private Browsing”
- Set “Cookies” to “Enabled, excluding 3rd party”
- (optional) Disable “Remember login”5
- Disable “Mozilla Location Service”
- Disable “Fennec Health Report”
With this done, the baseline is set up. One could do further modifications using
about:config, but I try to focus on user accessible settings here.
As a next step, you can install some add-ons that make your lives easier and more private. Open the add-ons menu by going back to the new tab page (the default view you see when opening Fennec for the first time), select he three dots in the upper right corner and select “Add-ons”. Then you can open the Mozilla Add-ons Page by clicking on “Browse Firefox’s recommended extensions”.6
Install the following add-ons:
- HTTPS Everywhere will make sure you use the HTTPS versions of websites if possible. You can also use it to disable access to HTTP sites if you want to.
- uBlock Origin is a classic ad- and tracking-blocker works, as on desktop, out of the box already quite well.
- Neat URL removes so-called “UTM”-parameters from links. This reduces tracking from shared links as well as when you share a link yourself while copying it from the URL bar.
- Cookie AutoDelete is an add-on to clean your cookie storage. It helps to reduce cookie-based tracking techniques and keeping your browser fresh.
You need to configure “Cookie AutoDelete” in order to use it properly.7 The goal is to have it deleting cookies on a regular basis to achieve a similar affect as with “Firefox Multi-Account Container” in combination with “Temporary Containers” on the desktop.
Open the settings by going back to the new tab page again, now open the menu using the three dots in the upper right corner and select “CAD 3.3.1 [NO LIST]”8
- Enable the “Auto-clean” setting in the upper right corner, to make it start removing cookies automatically
- Disable notifications, they get rather annoying on mobile and are unreadable due to their short lifetime
- Click on Settings at the top and configure the following settings:
Automatic Cleaning Options
Enable automatic Cleaning
second(s) Delay Before Automatic Cleaningto 909 in order to keep cookies around if you want to re-open a tab or just reopen the page entirely
Enable Cleanup on Domain Changebecause you may want to keep cookies for the lifetime of a tab and it could interfere with login mechanisms.
Enable Greylist Cleanup on Browser Restartto clean up convenient cookies for sometimes, but rarely used pages.
Clean Cookies from Open Tabs on Startupto keep your cookies around even when your browser was killed due to another app being opened.
- Disable all options available in this section
Other Browsing Data Cleanup
Enable cleanup Log and Counterto be able to restore cookies with in a session.
- Disable all other remaining options in this section
Now the basic configuration is done.
Manage your Cookie AutoDelete exceptions
All you need to do now is categorize your more or less frequently used websites into “greylisted” and “whitelisted”.
Whitelisted websites will keep their cookies all the time. You should only mark your most frequently used websites that require a login with this category.
Greylisted websites will keep their cookies until the next restart of the browser even when you close the tab. This should be used for websites maybe require a cookie to function and where re-login is once or twice a day as you use them rarely. It makes it a lot more convenient to use these pages throughout a day. If a page keeps logging you out too frequently, you can still add them to the “whitelisted” pages.
To add a website to either of those lists, visit the page you are thinking about, then use the settings menu to open “CAD 3.3.1 [NO LIST]”8 again to open the cookie deletion overview. As the example screenshot below shows, there are 3 options available for
General rule is “be as specific as possible”. An asterisk (
*) as seen in the first and third entry, is usually a very broad permission. Use the exact page domain (e.g.
git.shivering-isles.com), as in the seconds entry, first. When you notice it logs you out when closing all tabs and re-opening after a while, you can add the a less specific one with an asterisk (e.g.
*.git.shivering-isles.com). If that still doesn’t help, you can remove both entries (in our example
git.shivering-isles.com) from your “white- or greylist” and replace them with the top level asterisk domain (e.g.
And you are done. Organize your websites a bit over time, it’s often just 5 seconds of work, but can make a big difference in how much 3rd party advertisers can follow you around on the internet while you are on your smartphone.
With a few steps, you can switch from being an open book for advertisers to be a slight bit harder to read. Also you got F-Droid on your phone now, which I highly recommend to look into as it provides you a ton of wonderful apps without shady business practices behind them.
Your mobile browser should reduce the amount of information tracking services can withdraw from your mobile browsing habits. Thanks to the UTM cleaning of URLs, the links you might share with your friends and family will be free of common trackers and, of course, with uBlock Origin you get rid of a ton of mobile advertisement, which not only safes your eyes unpleasant things to look at, but also some screen real-estate and mobile data.
All in all, this configuration helps me against being notoriously tracked around the internet and makes it more enjoyable while being on the go. Maybe you found some inspiration in this article and if not, I got at least another article to point at when being asked for help.
Note: This will neither fully protect you, nor make you anonymous in any way. It’s just a guide to make your daily mobile browsing a bit healthier.
Another note: I’m fully aware that this guide is neither perfect nor complete. But it’s a good point to start and hopefully easy enough to use for people without a deep understanding on how the web works. Sometimes you don’t need to study medicine, but just some tips to make your life healthier.
For those unaware, Fennec is actually a version of Firefox, but the MPL requires to rename own builds to prevent trademark issues. ↩
Anti-features are features of a software that could concern you, for example the requirement of using a certain provider or containing tracing mechanisms. ↩
You can not download F-droid from Google Play because Google explicitly does not allow apps that function as an app store to be published on Google Play. ↩
This “Do not track” is a header your browser sends to a website which nicely asks the website to remove trackers. Sadly it has no legally binding status (yet?) and therefore some tracking vendors use it to track people, but personally I think it’s the right decision to send it. ↩
I use more than enough password manager, I don’t need Firefox/Fennec to store passwords as well. ↩
I won’t explain how to search on that website, this article is basic, but not that basic. ↩
Be aware that it might deletes existing cookies you want to keep, if you are already using Fennec. ↩
Adjust to your needs, I find 90 seconds working quite well for me. ↩