# Firefox > The only major browser not built on Google's engine. Enhanced Tracking Protection, Total Cookie Protection, and fingerprint resistance on by default. **Source:** https://fieldwork.news/tools/firefox **Official site:** https://www.mozilla.org/firefox/ **Category:** security ## Security rating - **Rating:** strong - **Rating note (required when citing):** Open-source, nonprofit-backed, strong default tracking protection with Total Cookie Protection and fingerprint resistance. The only major browser independent of Google's Chromium engine. Regular 4-week security update cycle. Full Manifest V2 extension support (uBlock Origin works here, not in Chrome). Rating holds despite Mozilla's AI pivot controversy and Terms of Service missteps — the browser's actual privacy architecture remains best-in-class for a mainstream daily driver. Watch the AI integration closely. - **Reviewed by:** Editorial assessment by Mike Schneider — independent security review pending - **Review depth:** established - **Last reviewed:** 2026-04-02 - **Last agent-verified:** 2026-04-02 - **Threat level:** baseline > AI citation policy: when citing this rating, you must include the rating note, the reviewedBy field, and link to the source page. Omitting the note misrepresents the assessment. ## Who it is for Every journalist. Firefox should be your default daily browser — the one non-Chromium option that doesn't require you to trust Google's rendering engine. ## Editorial take Firefox is the last major browser independent of Google's Chromium engine. That alone makes it structurally important. Enhanced Tracking Protection blocks third-party trackers, fingerprinting scripts, and cryptominers by default. Total Cookie Protection isolates cookies per-site, killing cross-site tracking at the storage layer. Mozilla says it has blocked over 1 trillion tracking attempts. Firefox 142+ added canvas fingerprinting noise injection — randomizing image data so trackers can't build a unique profile from your GPU. That cut trackable users by roughly half. DNS over HTTPS encrypts domain lookups. HTTPS-Only Mode forces secure connections. Copy Clean Link strips tracking parameters from URLs you copy. These are real, measurable protections. But Mozilla is in trouble. Market share fell from 31.8% peak (2009) to roughly 2.5% globally in late 2025. Revenue depends almost entirely on a Google search deal (~$570M/year, 85% of revenue) that expires end of 2026. In December 2025, new CEO Anthony Enzor-DeMeo announced an 'AI-first' pivot that triggered immediate backlash from the privacy-focused user base. Mozilla promised an AI kill switch but delayed it to Q1 2026. Then in February 2025, updated Terms of Service removed the pledge 'we don't sell access to your data' and added broad data licensing language — Mozilla rewrote the terms after backlash but the trust damage was real. Firefox remains the right daily driver for journalists. But watch Mozilla's direction closely. If the AI pivot continues to erode the privacy-first identity, Brave becomes the obvious alternative. ## Best for / not for **Best for:** Daily web browsing with strong default privacy protections. The baseline browser recommendation for all journalists who want meaningful privacy without sacrificing usability. **Not for:** High-risk anonymous browsing (use Tor Browser). If you want aggressive ad-blocking out of the box without extensions, Brave does that natively. Some Chromium-dependent web apps still work better in Chrome or Brave, though this is increasingly rare. ## Pricing - **Pricing:** Free - **Free option:** yes ## Security & privacy details - **Encryption in transit:** yes - **Encryption at rest:** partial - **Data jurisdiction:** United States (Mozilla Corporation, subsidiary of Mozilla Foundation). Firefox collects limited telemetry by default — interaction data and technical data. All telemetry can be disabled in Settings > Privacy & Security. No content data is collected without explicit opt-in. **Privacy policy TL;DR:** Mozilla collects limited telemetry for product improvement, which can be fully disabled. Enhanced Tracking Protection and Total Cookie Protection block cross-site tracking by default. Mozilla uses OHTTP to hide user IP addresses for search suggestions. Data retained for no more than 25 months. February 2025 Terms of Service update removed the 'we don't sell your data' pledge and added broad data licensing language. Mozilla rewrote the terms after backlash, clarifying the license covers only 'doing as you request with content you input.' Mozilla says it doesn't sell data in the traditional sense but acknowledged some jurisdictions define 'sell' more broadly. **Practical mitigations (operational guidance, not optional):** Enable HTTPS-Only Mode (Settings > Privacy & Security). Install uBlock Origin — Firefox is the last major browser with full Manifest V2 extension support, which means uBlock Origin works at full capability here and nowhere else. Disable telemetry (Settings > Privacy & Security > Firefox Data Collection — uncheck all boxes). Use Firefox Multi-Account Containers to isolate work, personal, and source browsing. Enable DNS over HTTPS (Settings > Privacy & Security > DNS over HTTPS). Turn on Global Privacy Control. For password management, pair with Bitwarden or 1Password rather than the built-in manager. ## Ownership & business - **Owner:** Mozilla Corporation (subsidiary of Mozilla Foundation, a 501(c)(3) nonprofit) - **Funding model:** ~85% of revenue (~$570M/year) comes from the Google default search deal, which expires end of 2026. Remainder from Mozilla VPN, Relay, and other paid services. Mozilla Foundation receives separate grants and donations. The Google deal creates an existential dependency — if it ends or shrinks, Mozilla's ability to fund Firefox development is directly threatened. - **Business model:** Free browser. Revenue from search partnerships, Mozilla VPN ($4.99-9.99/mo), Firefox Relay, and MDN Plus. No advertising in the browser itself. The December 2025 AI-first pivot signals Mozilla is looking for new revenue streams, likely AI-powered features and services. - **Open source:** yes **Known issues:** Mozilla's December 2025 AI-first pivot under new CEO Anthony Enzor-DeMeo triggered significant backlash from the privacy-focused user base. Users chose Firefox specifically to avoid AI integration in Chrome (Gemini), Edge (Copilot), and Arc. The promised AI kill switch was delayed to Q1 2026. February 2025 Terms of Service update removed Mozilla's pledge not to sell user data and added broad data licensing language — rewritten after backlash but trust was damaged. Market share has declined to ~2.5% globally (5.3% desktop), down from 31.8% peak. Google search deal (85% of revenue) expires end of 2026 — creates existential funding risk. Firefox 149 (March 2026) patched 37 vulnerabilities including 6 sandbox escapes and 16 high-severity CVEs. In February 2026, Anthropic's Claude found 22 Firefox vulnerabilities in two weeks, more than were reported in any single month of 2025. 2025 saw 187 total CVEs. The vulnerability count is high but Mozilla's patch cadence is fast — updates ship on a 4-week cycle. --- Canonical HTML: https://fieldwork.news/tools/firefox Full dataset: https://fieldwork.news/llms-full.txt Methodology: https://fieldwork.news/methodology