In their latest testing releases, Mozilla has launched two ambitious efforts to improve upon two areas where Firefox seeks to set itself apart: privacy and security.
To address privacy, they have changed the way their "private browsing mode," which is akin to incognito on Chrome, protects users. Rather than keep your info away from other people using your computer, which is more or less the intent of the feature, new versions of Firefox will also try to keep you more anonymous to web-based trackers.
In addition to not saving history, the previously-hidden Tracking Protection feature is enabled by default when private browsing. This works similar to Disconnect by blocking known tracking domains and content. Since this will break some webpages, you can easily turn it off for a specific site by tapping on the shield icon on that page's address bar as you can see below (arrow and square added).
Once tapped, you will get a dialog with security info and the current status of Tracking Protection on the page. At the bottom, you can disable it.
Private browsing sessions will delete all cookies and cached content once closed. Firefox will keep any bookmarks you set and won't touch anything you've downloaded.
For now, the new and improved private browsing is only available on v42 of Firefox, which is currently in the Aurora release channel, which is just a step above nightly builds in terms of stability. You can download Firefox Aurora for Android here and they will work with devices that have ARMv7 or newer processors.
You can also manually enable tracking protection, both within and outside of private browsing. Go to about:config (put that in the URL bar) and then find the preferences named "privacy.trackingprotection.enabled" and "privacy.trackingprotection.pbmode.enabled."
If you want tracking protection enabled during regular browsing sessions, change the value to the first preference to "true." If you only want it during private browsing, change the second one to "true." If both, do both.
The new security enhancement coming to a Firefox near you is Mozilla's new signing system for add-ons. For a long time, a cryptographic signature is packaged with add-ons from the official Mozilla repository where most of them come from. This verifies with the browser that it's a genuine version of the extension.
Beginning with the current beta, v41, Mozilla will by default block unsigned extensions. They have created a new mechanism for generating signatures that only requires an automated review (except under certain circumstances), doesn't require listing it on Mozilla's website, and only takes a few minutes to do. Why bother, you say?
When every add-on has a signature, they can act to block a malicious one that beat the other precautions very easily. Mozilla will hear about a malware-infected extension, note its signature, and block that key across all of their browsers instantly.
For now, the Android version of the browser seems to make it very easy for end users to disable the feature; the long-term plan and current function on desktop is to only make that possible on developer and nightly releases.
Several prominent add-on developers, like the EFF, are scrambling to get the signatures working. Their extensions deal with so many aspects of the browser that the automated system flags them as in need of human review. While it is yet to be seen how smoothly this will go once the feature goes to the stable release, this speaks to the implementation issues that can plague an otherwise good idea.