Firefox Autocomplete Spy Risks: Privacy Issues and Simple Fixes

Stop Firefox Autocomplete from Revealing Sensitive Info — A Step-by-Step Guide

1. What the risk is

Autocomplete stores form entries (names, emails, addresses, credit-card-related fields) in the browser and suggests them later. Misconfigured sites, shared devices, or malicious scripts can expose those suggestions to others.

2. Quick precautions (one-line actions)

• Use a master browser profile per person on shared devices.
• Disable autocomplete for sensitive fields.
• Clear form history regularly.
• Use a password manager for credentials instead of Firefox’s autofill.
• Lock your profile with a strong OS account password.

3. Step-by-step: disable form autocomplete globally

1. Open Firefox.
2. In the address bar go to about:config and accept the risk.
3. Search for:
   • browser.formfill.enable — double-click to set to false (disables saved form data).
   • Signon.autofillForms — double-click to set to false (disables password autofill).
4. Restart Firefox.

4. Step-by-step: disable autocomplete on specific fields (site-side)

• As a site owner or developer, add autocomplete=“off” or a specific token (e.g., autocomplete=“new-password”) on sensitive input elements:

Note: Some browsers ignore autocomplete=“off” for login fields; prefer stronger UX patterns.

5. Clear existing saved form data

1. Menu → Settings → Privacy & Security.
2. Under History click Clear Recent History or Clear Data.
3. Choose Form & Search History and clear.

6. Use a password manager and secure autofill alternatives

• Use a dedicated password manager (1Password, Bitwarden, KeePassXC) to store credentials and payment info; these typically have more granular control and encryption.
• Disable Firefox’s built-in forms autofill if using an external manager.

7. Protect on shared devices

• Create separate OS accounts or separate Firefox profiles (Click menu → Profiles or run firefox -P).
• Use a temporary browsing mode (Private Window) for transactions you don’t want saved.

8. Advanced: encrypt profile or lock access

• On sensitive machines, encrypt the user profile folder or the entire disk (BitLocker, FileVault, LUKS).
• Use OS account passwords and automatic screen-lock policies.

9. Test that autocomplete is disabled

• Open a new profile or private window, visit a form, type part of a previously-saved value — suggestions should not appear.
• For developers: inspect page scripts to ensure no script reads autocomplete suggestions.

10. Maintenance best practices

• Periodically review saved form history and removed entries.
• Keep Firefox updated.
• Audit installed extensions; remove ones that request form or clipboard access unless necessary.