From a9c5474a444fc9de0f4dd4af7022cd42c9ecc1e8 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 23 Apr 2021 02:35:59 +0200 Subject: [PATCH 01/37] Changed up to 'Extensions Manager' --- Changelog.md | 184 +++++++++++++++++++++++++++++++ librewolf.cfg | 292 +++++++++++++++++++++----------------------------- 2 files changed, 308 insertions(+), 168 deletions(-) create mode 100644 Changelog.md diff --git a/Changelog.md b/Changelog.md new file mode 100644 index 0000000..d429a95 --- /dev/null +++ b/Changelog.md @@ -0,0 +1,184 @@ +## Changelog +Reminder that we need better categorization in the file. +#### Added +Previously missing, now added +``` +lockPref("browser.contentblocking.category", "custom"); +lockPref("browser.contentblocking.cfr-milestone.enabled", false); +lockPref("browser.contentblocking.database.enabled", false); +lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); +lockPref("browser.contentblocking.report.hide_vpn_banner", true); +lockPref("browser.contentblocking.report.monitor.home_page_url", ""); +lockPref("browser.contentblocking.report.show_mobile_app", false); +defaultPref("privacy.clearOnShutdown.offlineApps", false); // For consistency with new cookie behavior +defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cookie behavior +defaultPref("extensions.formautofill.creditCards.available", false); +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); +lockPref("network.trr.send_empty_accept-encoding_headers", false); +lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); +lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); +lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); +defaultPref("intl.accept_languages", "en-US, en"); +``` + +#### Modified +Edited some present prefs to better one +``` +defaultPref("network.http.referer.defaultPolicy", 2); // Previously set to 3 +lockPref("browser.cache.offline.storage.enable", false); // Previously browser.cache.offline.insecure.enable +lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // Previously set to 0 +lockPref("network.http.referer.XOriginPolicy", 2); // Previously set to 1 +``` + +#### Removed +Lines that were commented and are now removed +``` +// Librefox Compatibility Fix +// commented out, we're setting it differently later on +// defaultPref("extensions.autoDisableScopes", 0); + +// Removing https-everywhere adding 2 librefox addons +// keep it commented out for now, until we have more recent, properly pre-installed addons +// defaultPref("extensions.enabledAddons", ...); + +//lockPref("browser.contentblocking.global-toggle.enabled", false); +//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); +//lockPref("browser.contentblocking.fastblock.ui.enabled", false); +//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); +//lockPref("browser.contentblocking.allowlist.storage.enabled", false); +//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); +//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.ui.enabled", false); +//lockPref("browser.contentblocking.enabled", false); + +//lockPref("security.ask_for_password", 2); +//lockPref("security.password_lifetime", 5); + +//defaultPref("privacy.cpd.openWindows", true); // Clear session data +//defaultPref("privacy.clearOnShutdown.openWindows", true); +//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); +//lockPref("permissions.memory_only", true); // (hidden pref) +//lockPref("browser.formfill.expire_days", 0); + +//lockPref("browser.urlbar.autoFill", false); +//lockPref("browser.urlbar.autoFill.typed", false); + +//lockPref("media.peerconnection.video.h264", true); + +//lockPref("network.proxy.autoconfig_url.include_path", false); +//lockPref("network.proxy.socks_remote_dns", true); + +//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); +//lockPref("browser.devedition.theme.enabled", true); +//lockPref("devtools.theme", "dark"); +//lockPref("browser.devedition.theme.showCustomizeButton", true); + +//defaultPref("extensions.ui.dictionary.hidden", false); +//defaultPref("extensions.ui.locale.hidden", false); + +//lockPref("dom.indexedDB.logging.details", false); //default true +//lockPref("dom.indexedDB.logging.enabled", false); //default true +//lockPref("network.http.spdy.enabled", false); +//lockPref("network.http.spdy.enabled.deps", false); +//lockPref("network.http.spdy.enabled.http2", false); +//lockPref("network.http.spdy.websockets", false); + +// lockPref("dom.IntersectionObserver.enabled", false); +``` +Active prefs that were removed +``` +lockPref("network.cookie.same-site.enabled", true); // Deprecated +lockPref("network.cookie.leave-secure-alone", true); // Deprecated +lockPref("privacy.trackingprotection.annotate_channels", false); // Deprecated +lockPref("privacy.trackingprotection.lower_network_priority", false); // Useless as tracking protection is disabled +pref("signon.management.page.mobileAndroidURL", ""); // Deprecated +pref("signon.management.page.mobileAppleURL", ""); // Deprecated +lockPref("browser.urlbar.openViewOnFocus", false); // Handled through patch +lockPref("browser.urlbar.update1", false); // Handled through patch +lockPref("browser.urlbar.update1.interventions", false); // Handled through patch +lockPref("browser.urlbar.update1.searchTips", false); // Handled through patch +defaultPref("places.history.expiration.max_pages", 2147483647); // Useless +defaultPref("media.gmp-manager.url", "data:text/plain,"); // To easily enable DRM +defaultPref("media.gmp-manager.url.override", "data:text/plain,"); // To easily enable DRM +defaultPref("media.gmp-manager.updateEnabled", false); // Deprecated +defaultPref("media.gmp-widevinecdm.autoupdate", false); // Deprecated +defaultPref("media.gmp-eme-adobe.enabled", false); // Deprecated +defaultPref("media.gmp-manager.certs.2.commonName", ""); // To easily enable DRM +defaultPref("media.gmp-manager.certs.1.commonName", ""); // To easily enable DRM +lockPref("dom.indexedDB.enabled", true); // Deprecated +lockPref("dom.w3c_pointer_events.enabled", false); // Deprecated +lockPref("offline-apps.allow_by_default", false); // Deprecated +lockPref("ui.use_standins_for_native_colors", true); // Interferes with RFP +lockPref("dom.event.highrestimestamp.enabled", true); // Deprecated +lockPref("browser.urlbar.usepreloadedtopurls.enabled", false); // Deprecated +lockPref("browser.urlbar.oneOffSearches", false); // Deprecated +lockPref("dom.disable_window_open_feature.close", true); // Deprecated +lockPref("dom.disable_window_open_feature.location", true); // Deprecated +lockPref("dom.disable_window_open_feature.menubar", true); // Deprecated +lockPref("dom.disable_window_open_feature.minimizable", true); // Deprecated +lockPref("dom.disable_window_open_feature.personalbar", true); // Deprecated +lockPref("dom.disable_window_open_feature.resizable", true); // Deprecated +lockPref("dom.disable_window_open_feature.status", true); // Deprecated +lockPref("dom.disable_window_open_feature.titlebar", true); // Deprecated +lockPref("dom.disable_window_open_feature.toolbar", true); // Deprecated +``` + +#### Commented +Active prefs that were commented +``` +// this one should be deprecated and redudant since telemetry is disabled +// lockPref("telemetry.origin_telemetry_test_mode.enabled", false); + +// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant +// when 3rd party cookies are disabled +// lockPref("privacy.storagePrincipal.enabledForTrackers", false); + +// Lickely deprecated as it is now default behavior +//lockPref("privacy.donottrackheader.value", 1); + +// redudant and probably even conflicting with privacy.resistFingerprinting +// defaultPref("privacy.spoof_english", 2); + +// Deprecated +// lockPref("dom.indexedDB.enabled", true); + +// Is there any reason to change the default value? +// lockPref("extensions.autoDisableScopes", 11); +``` + +#### Unlocked +Locked prefs that were unlocked, more should be unlocked probably +``` +lockPref("general.config.filename", "librewolf.cfg"); + +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("privacy.donottrackheader.enabled", true); + +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("permissions.default.geo", 2); +``` + +#### Made default +Prefs that were user set and are now default +``` +defaultPref("signon.management.page.breach-alerts.enabled", false); +defaultPref("signon.management.page.breachAlertUrl", ""); +``` +#### To discuss +Prefs that need to be addressed +``` +// This should be discussed +defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); +defaultPref("general.appname.override", "Netscape"); +defaultPref("general.appversion.override", "5.0 (Windows)"); +defaultPref("general.platform.override", "Win32"); +defaultPref("general.oscpu.override", "Windows NT 6.1"); + +// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI +defaultPref("network.cookie.cookieBehavior", 1); +``` \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index 645c6e0..f97fa12 100644 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -30,7 +30,7 @@ // ============================== // // Pref : Locking librewolf.cfg itself -lockPref("general.config.filename", "librewolf.cfg"); +defaultPref("general.config.filename", "librewolf.cfg"); // // ===================================================================================== // Index librewolf.cfg .......... : @@ -83,22 +83,14 @@ lockPref("general.config.filename", "librewolf.cfg"); // Bench Diff : +0/5000 // >>>>>>>>>>>>>>>>>>>>>>> -// Librefox Compatibility Fix -// commented out, we're setting it differently later on -// defaultPref("extensions.autoDisableScopes", 0); - -// Removing https-everywhere adding 2 librefox addons -// keep it commented out for now, until we have more recent, properly pre-installed addons -// defaultPref("extensions.enabledAddons", "librefox.http.watcher.tor%40intika.be:2.8,%7Befd1ce61-97d1-4b4f-a378-67d0d41d858d%7D:1.2,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,tor-launcher%40torproject.org:0.1.1pre-alpha,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5"); - // -------------------------------- // User Settings : Cookies settings // -------------------------------- +// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI defaultPref("network.cookie.cookieBehavior", 1); + defaultPref("network.cookie.lifetimePolicy", 2); -lockPref("network.cookie.same-site.enabled", true); -lockPref("network.cookie.leave-secure-alone", true); defaultPref("network.cookie.thirdparty.sessionOnly", true); lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); @@ -106,14 +98,30 @@ lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); // User Settings : Tracking protection // ----------------------------------- +// Disabling tracking protection and its UI elements in about:protections lockPref("privacy.trackingprotection.enabled", false); -lockPref("privacy.trackingprotection.annotate_channels", false); -lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); -lockPref("privacy.trackingprotection.lower_network_priority", false); + lockPref("privacy.trackingprotection.pbmode.enabled", false); -lockPref("telemetry.origin_telemetry_test_mode.enabled", false); +lockPref("privacy.trackingprotection.socialtracking.enabled", false); +lockPref("privacy.trackingprotection.cryptomining.enabled", false); +lockPref("privacy.trackingprotection.fingerprinting.enabled", false); +lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); + +// this one should be outdated and redudant since telemetry is disabled +//lockPref("telemetry.origin_telemetry_test_mode.enabled", false); + lockPref("urlclassifier.trackingTable", ""); lockPref("pref.privacy.disable_button.change_blocklist", true); +lockPref("browser.contentblocking.category", "custom"); +lockPref("browser.contentblocking.cfr-milestone.enabled", false); +lockPref("browser.contentblocking.database.enabled", false); +lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); +lockPref("browser.contentblocking.report.hide_vpn_banner", true); +lockPref("browser.contentblocking.report.monitor.home_page_url", ""); +lockPref("browser.contentblocking.report.show_mobile_app", false); + +// From og .cfg lockPref("browser.contentblocking.reportBreakage.enabled", false); lockPref("browser.contentblocking.reportBreakage.url", ""); lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false); @@ -137,17 +145,8 @@ lockPref("browser.contentblocking.report.proxy.enabled", false); lockPref("browser.contentblocking.report.proxy_extension.url", ""); lockPref("browser.contentblocking.report.social.url", ""); lockPref("browser.contentblocking.report.tracker.url", ""); -//lockPref("browser.contentblocking.global-toggle.enabled", false); -//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); -//lockPref("browser.contentblocking.fastblock.ui.enabled", false); -//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); -//lockPref("browser.contentblocking.allowlist.storage.enabled", false); -//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); -//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.ui.enabled", false); -//lockPref("browser.contentblocking.enabled", false); +// Windows only lockPref("default-browser-agent.enabled", false); // ---------------------------------- @@ -165,50 +164,35 @@ lockPref("signon.storeSignons", false); lockPref("signon.rememberSignons", false); lockPref("services.sync.prefs.sync.signon.rememberSignons", false); lockPref("signon.storeWhenAutocompleteOff", false); -//lockPref("security.ask_for_password", 2); -//lockPref("security.password_lifetime", 5); - -pref("signon.management.page.breach-alerts.enabled", false); -pref("signon.management.page.breachAlertUrl", ""); -pref("signon.management.page.mobileAndroidURL", ""); -pref("signon.management.page.mobileAppleURL", ""); +defaultPref("signon.management.page.breach-alerts.enabled", false); +defaultPref("signon.management.page.breachAlertUrl", ""); // -------------------------------- // User Settings : History settings // -------------------------------- +// Out of place, cosmetic change +defaultPref("browser.tabs.drawInTitlebar", true); + lockPref("browser.sessionhistory.max_entries", 20); lockPref("browser.urlbar.filter.javascript", true); - -// Disables the “megabar” -// NOTE: probably deprecated / no-ops by now, can probably be removed -// handled by a patch instead. -lockPref("browser.urlbar.openViewOnFocus", false); -lockPref("browser.urlbar.update1", false); -lockPref("browser.urlbar.update1.interventions", false); -lockPref("browser.urlbar.update1.searchTips", false); - -defaultPref("browser.tabs.drawInTitlebar", true); pref("startup.homepage_override_url", "about:blank"); pref("startup.homepage_welcome_url", "about:blank"); pref("startup.homepage_welcome_url.additional", ""); -defaultPref("privacy.clearOnShutdown.offlineApps", true); -defaultPref("privacy.cpd.offlineApps", true); // Offline Website Data + +// For consistency with new cookie behavior +defaultPref("privacy.clearOnShutdown.offlineApps", false); +defaultPref("privacy.cpd.offlineApps", false); // Offline Website Data + defaultPref("privacy.sanitize.timeSpan", 0); defaultPref("browser.formfill.enable", false); defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("places.history.enabled", false); -// the following can be safely set here, as it should not have any effect, -// the above defaultPref("places.history.enabled", false); is set to true -defaultPref("places.history.expiration.max_pages", 2147483647); defaultPref("privacy.history.custom", true); -//defaultPref("privacy.cpd.openWindows", true); // Clear session data -//defaultPref("privacy.clearOnShutdown.openWindows", true); -//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); -//lockPref("permissions.memory_only", true); // (hidden pref) -//lockPref("browser.formfill.expire_days", 0); -lockPref("privacy.storagePrincipal.enabledForTrackers", false); +// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant +// when 3rd party cookies are disabled +// lockPref("privacy.storagePrincipal.enabledForTrackers", false); // -------------------------------------------------------------------- // User Settings : Session : Other session settings on disabled section @@ -224,12 +208,10 @@ lockPref("browser.sessionstore.interval", 60000); defaultPref("extensions.formautofill.addresses.enabled", false); defaultPref("extensions.formautofill.available", "off"); defaultPref("extensions.formautofill.creditCards.enabled", false); +defaultPref("extensions.formautofill.creditCards.available", false); defaultPref("extensions.formautofill.heuristics.enabled", false); - lockPref("signon.autofillForms", false); lockPref("signon.autofillForms.http", false); -//lockPref("browser.urlbar.autoFill", false); -//lockPref("browser.urlbar.autoFill.typed", false); // ---------------------------------------------- // User Settings : Check default browser Settings @@ -241,24 +223,19 @@ lockPref("browser.shell.checkDefaultBrowser", false); // User Settings : DRM/CDM // ----------------------- +// Includes new DRM implementation for easily re-enabling it +// following four prefs must be set to true to play DRM content defaultPref("media.eme.enabled", false); -defaultPref("media.gmp-provider.enabled", false); -defaultPref("media.gmp-manager.url", "data:text/plain,"); -defaultPref("media.gmp-manager.url.override", "data:text/plain,"); -defaultPref("media.gmp-manager.updateEnabled", false); -defaultPref("media.gmp.trial-create.enabled", false); - defaultPref("media.gmp-widevinecdm.visible", false); defaultPref("media.gmp-widevinecdm.enabled", false); -defaultPref("media.gmp-widevinecdm.autoupdate", false); +defaultPref("media.gmp-provider.enabled", false); +defaultPref("media.gmp.trial-create.enabled", false); +defaultPref("media.gmp-widevinecdm.visible", false); +defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-gmpopenh264.enabled", false); defaultPref("media.gmp-gmpopenh264.autoupdate", false); defaultPref("media.peerconnection.video.enabled", false); -//lockPref("media.peerconnection.video.h264", true); -defaultPref("media.gmp-eme-adobe.enabled", false); -defaultPref("media.gmp-manager.certs.2.commonName", ""); -defaultPref("media.gmp-manager.certs.1.commonName", ""); // ---------------------- // User Settings : WebRTC @@ -277,13 +254,7 @@ defaultPref("media.peerconnection.turn.disable", true); defaultPref("media.peerconnection.ice.tcp", false); defaultPref("media.peerconnection.ice.default_address_only", true); defaultPref("media.peerconnection.ice.no_host", true); - -// ------------------------------ -// User Settings : Proxy settings -// ------------------------------ - -//lockPref("network.proxy.autoconfig_url.include_path", false); -//lockPref("network.proxy.socks_remote_dns", true); +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // ---------------------------- // User Settings : DNS settings @@ -293,50 +264,70 @@ lockPref("network.trr.mode", 5); lockPref("network.trr.bootstrapAddress", ""); lockPref("network.trr.uri", ""); lockPref("network.trr.send_user-agent_headers", false); +lockPref("network.trr.send_empty_accept-encoding_headers", false); defaultPref("network.dns.disableIPv6", true); lockPref("network.dns.disablePrefetch", true); lockPref("network.dns.disablePrefetchFromHTTPS", true); // ------------------------------------ -// User Settings : Start page highlight +// User Settings : new tab page // ------------------------------------ lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); +lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); lockPref("browser.newtabpage.activity-stream.prerender", false); +lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); +lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); +lockPref("browser.newtabpage.activity-stream.showSponsored", false); +lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); +lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); +lockPref("browser.newtabpage.activity-stream.asrouter.messageProviders", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.devtoolsEnableds", true); +lockPref("browser.newtabpage.activity-stream.telemetry", false); +lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); +lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); +lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); +lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); +lockPref("browser.newtabpage.activity-stream.disableSnippets", true); +lockPref("browser.newtabpage.activity-stream.default.sites", ""); +lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false); +lockPref("browser.newtabpage.activity-stream.discoverystream.config", "{\"collapsible\":true,\"enabled\":false,\"personalized\":false,\"layout_endpoint\":\"\"}"); +lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); +lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnabled", false); +lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); +lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); +lockPref("browser.newtabpage.activity-stream.feeds.newtabinit", false); +lockPref("browser.newtabpage.activity-stream.feeds.places", false); +lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); +lockPref("browser.newtab.preload", false); // ------------------------------------------- // Defaulting Settings : Do not track settings // ------------------------------------------- -lockPref("privacy.donottrackheader.enabled", true); -lockPref("privacy.donottrackheader.value", 1); +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("privacy.donottrackheader.enabled", true); -// -------------------------------------- -// User Settings : Other theming settings -// -------------------------------------- - -//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); -//lockPref("browser.devedition.theme.enabled", true); -//lockPref("devtools.theme", "dark"); -//lockPref("browser.devedition.theme.showCustomizeButton", true); +// Lickely deprecated as it is now default behavior +//lockPref("privacy.donottrackheader.value", 1); // -------------------------------------- // User Settings : Miscellaneous settings // -------------------------------------- lockPref("dom.disable_beforeunload", true); -lockPref("permissions.default.geo", 2); - -// disable permissions delegation [FF73+] -// Currently applies to cross-origin geolocation, camera, mic and screen-sharing -// permissions, and fullscreen requests. Disabling delegation means any prompts -// for these will show/use their correct 3rd party origin -// [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion lockPref("permissions.delegation.enabled", false); +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("permissions.default.geo", 2); + // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Defaulting Settings // Those settings are not locked this section purpose is to change default setting... @@ -348,10 +339,14 @@ lockPref("permissions.delegation.enabled", false); // Defaulting Settings : Other Defaulting // -------------------------------------- -defaultPref("privacy.spoof_english", 2); -//defaultPref("intl.accept_languages", "en-US, en"); //This make lang windows unusable -defaultPref("network.http.referer.defaultPolicy", 3); // (FF59+) default: 3 +// redudant and probably even conflicting with privacy.resistFingerprinting +// defaultPref("privacy.spoof_english", 2); + +// Referer +defaultPref("network.http.referer.defaultPolicy", 2); defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 + +// Mixed stuff, many of these are already set by default in the same way as here but I left them for reference defaultPref("privacy.userContext.ui.enabled", true); defaultPref("privacy.userContext.enabled", true); defaultPref("privacy.userContext.longPressBehavior", 2); @@ -373,26 +368,11 @@ defaultPref("network.proxy.autoconfig_url.include_path", false); defaultPref("network.proxy.socks_remote_dns", true); defaultPref("network.proxy.socks_version", 5); defaultPref("browser.tabs.loadBookmarksInTabs", true); + defaultPref("devtools.debugger.remote-enabled", false); defaultPref("devtools.chrome.enabled", false); + defaultPref("extensions.ui.experiment.hidden", false); -//defaultPref("extensions.ui.dictionary.hidden", false); -//defaultPref("extensions.ui.locale.hidden", false); - - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Controversial -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -lockPref("dom.indexedDB.enabled", true); //default true -//lockPref("dom.indexedDB.logging.details", false); //default true -//lockPref("dom.indexedDB.logging.enabled", false); //default true -lockPref("dom.w3c_pointer_events.enabled", false); -//lockPref("network.http.spdy.enabled", false); -//lockPref("network.http.spdy.enabled.deps", false); -//lockPref("network.http.spdy.enabled.http2", false); -//lockPref("network.http.spdy.websockets", false); // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Firefox Fingerprint @@ -414,6 +394,9 @@ lockPref("dom.forms.datetime", false); lockPref("javascript.use_us_english_locale", true); lockPref("intl.regional_prefs.use_os_locales", false); defaultPref("intl.locale.requested", "en-US"); +defaultPref("intl.accept_languages", "en-US, en"); + +// This should be discussed defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); defaultPref("general.appname.override", "Netscape"); defaultPref("general.appversion.override", "5.0 (Windows)"); @@ -426,67 +409,72 @@ defaultPref("general.oscpu.override", "Windows NT 6.1"); // >>>>>>>>>>>>>>>>>>>>>> lockPref("toolkit.coverage.endpoint.base", ""); -lockPref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] -lockPref("browser.download.manager.addToRecentDocs", false); //do not disable -lockPref("browser.download.hide_plugins_without_extensions", false); //do not disable +lockPref("toolkit.coverage.opt-out", true); +lockPref("browser.download.manager.addToRecentDocs", false); +lockPref("browser.download.hide_plugins_without_extensions", false); lockPref("webchannel.allowObject.urlWhitelist", ""); -lockPref("browser.cache.offline.insecure.enable", false); // default: false in FF62+ +lockPref("browser.cache.offline.storage.enable", false); lockPref("network.http.redirection-limit", 10); -lockPref("offline-apps.allow_by_default", false); -lockPref("extensions.enabledScopes", 5); // (hidden pref) -lockPref("extensions.autoDisableScopes", 11); //Tor value must be 0 +lockPref("extensions.enabledScopes", 5); + +// Is there any reason to change the default value? +// lockPref("extensions.autoDisableScopes", 11); + lockPref("xpinstall.whitelist.required", true); // default: true + lockPref("dom.push.enabled", false); lockPref("dom.push.connection.enabled", false); lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" lockPref("dom.push.userAgentID", ""); + lockPref("dom.targetBlankNoOpener.enabled", true); lockPref("dom.reporting.crash.enabled", false); + lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default: true in FF59+ -lockPref("ui.use_standins_for_native_colors", true); -lockPref("services.blocklist.onecrl.collection", ""); // revoked certificates + +lockPref("services.blocklist.onecrl.collection", ""); lockPref("services.blocklist.addons.collection", ""); lockPref("services.blocklist.plugins.collection", ""); lockPref("services.blocklist.gfx.collection", ""); lockPref("browser.startup.blankWindow", false); -lockPref("dom.event.highrestimestamp.enabled", true); // default: true lockPref("privacy.trackingprotection.introURL", ""); + lockPref("network.http.altsvc.enabled", false); lockPref("network.http.altsvc.oe", false); + lockPref("network.file.disable_unc_paths", true); // (hidden pref) lockPref("network.gio.supported-protocols", ""); // (hidden pref) -lockPref("browser.urlbar.usepreloadedtopurls.enabled", false); + lockPref("browser.urlbar.speculativeConnect.enabled", false); -lockPref("browser.urlbar.oneOffSearches", false); -lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); //Deprecated Active + +lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); + lockPref("browser.shell.shortcutFavicons", false); lockPref("alerts.showFavicons", false); // default: false + defaultPref("security.ssl.require_safe_negotiation", true); lockPref("security.tls.enable_0rtt_data", false); // (FF55+ default true) lockPref("browser.xul.error_pages.expert_bad_cert", true); + lockPref("font.blacklist.underline_offset", ""); lockPref("gfx.font_rendering.graphite.enabled", false); -lockPref("network.http.referer.XOriginTrimmingPolicy", 0); + +lockPref("network.http.referer.XOriginTrimmingPolicy", 2); +lockPref("network.http.referer.XOriginPolicy", 2); lockPref("network.http.referer.spoofSource", false); lockPref("plugin.default.state", 1); lockPref("plugin.defaultXpi.state", 1); + lockPref("canvas.capturestream.enabled", false); lockPref("dom.imagecapture.enabled", false); // default: false lockPref("gfx.offscreencanvas.enabled", false); // default: false -lockPref("dom.disable_window_open_feature.close", true); -lockPref("dom.disable_window_open_feature.location", true); // default: true -lockPref("dom.disable_window_open_feature.menubar", true); -lockPref("dom.disable_window_open_feature.minimizable", true); -lockPref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar -lockPref("dom.disable_window_open_feature.resizable", true); // default: true -lockPref("dom.disable_window_open_feature.status", true); // status bar - default: true -lockPref("dom.disable_window_open_feature.titlebar", true); -lockPref("dom.disable_window_open_feature.toolbar", true); + lockPref("dom.disable_window_move_resize", true); -// lockPref("dom.IntersectionObserver.enabled", false); + lockPref("accessibility.force_disabled", 1); lockPref("browser.uitour.enabled", false); lockPref("browser.uitour.url", ""); + lockPref("middlemouse.contentLoadURL", false); lockPref("permissions.manager.defaultsUrl", ""); @@ -2057,38 +2045,6 @@ lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 lockPref("app.shield.optoutstudies.enabled", false); -// Pref : Disable new tab tile ads, preload, and Activity Stream -// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox -// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331 -// https://wiki.mozilla.org/Firefox/Activity_Stream -// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping -// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source -// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping -lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); -lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); -lockPref("browser.newtabpage.activity-stream.showSponsored", false); -lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); -lockPref("browser.newtabpage.activity-stream.asrouter.messageProviders", ""); -lockPref("browser.newtabpage.activity-stream.asrouter.devtoolsEnableds", true); -lockPref("browser.newtabpage.activity-stream.telemetry", false); -lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); -lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); -lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); -lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); -lockPref("browser.newtabpage.activity-stream.disableSnippets", true); -lockPref("browser.newtabpage.activity-stream.default.sites", ""); -lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false); -lockPref("browser.newtabpage.activity-stream.discoverystream.config", "{\"collapsible\":true,\"enabled\":false,\"personalized\":false,\"layout_endpoint\":\"\"}"); -lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); -lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnabled", false); -lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); -lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); -lockPref("browser.newtabpage.activity-stream.feeds.newtabinit", false); -lockPref("browser.newtabpage.activity-stream.feeds.places", false); -lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false); -lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); -lockPref("browser.newtab.preload", false); - // Pref : Disable "Show search suggestions in location bar results" lockPref("browser.urlbar.suggest.searches", false); lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); From 9fb2ec897110e4d64badcbb8c30f880083b69081 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 23 Apr 2021 16:28:04 +0200 Subject: [PATCH 02/37] second set of changes up to lang packs addons --- Changelog.md | 681 ++++++++++-- README.md | 27 +- librewolf.cfg | 2935 ++++++++----------------------------------------- 3 files changed, 1053 insertions(+), 2590 deletions(-) mode change 100644 => 100755 Changelog.md mode change 100644 => 100755 README.md mode change 100644 => 100755 librewolf.cfg diff --git a/Changelog.md b/Changelog.md old mode 100644 new mode 100755 index d429a95..4febc8f --- a/Changelog.md +++ b/Changelog.md @@ -1,101 +1,65 @@ ## Changelog -Reminder that we need better categorization in the file. #### Added Previously missing, now added ``` -lockPref("browser.contentblocking.category", "custom"); +defaultPref("pdfjs.enableScripting", false); +lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway lockPref("browser.contentblocking.cfr-milestone.enabled", false); lockPref("browser.contentblocking.database.enabled", false); lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); lockPref("browser.contentblocking.report.hide_vpn_banner", true); -lockPref("browser.contentblocking.report.monitor.home_page_url", ""); lockPref("browser.contentblocking.report.show_mobile_app", false); -defaultPref("privacy.clearOnShutdown.offlineApps", false); // For consistency with new cookie behavior -defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cookie behavior defaultPref("extensions.formautofill.creditCards.available", false); +defaultPref("extensions.formautofill.addresses.capture.enabled", false); +defaultPref("extensions.formautofill.section.enabled", false); // hide formautofill section in settings, which is useless and buggy atm defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); lockPref("network.trr.send_empty_accept-encoding_headers", false); lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); -defaultPref("intl.accept_languages", "en-US, en"); +lockPref("app.normandy.dev_mode", false); +lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); +defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); +defaultPref("dom.security.https_only_mode_pbm", true); +lockPref("browser.ping-centre.telemetry", false); +lockPref("browser.region.network.url", ""); +lockPref("browser.region.update.enabled", false); +defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +defaultPref("extensions.postDownloadThirdPartyPrompt", false); +defaultPref("general.warnOnAboutConfig", false); +defaultPref("network.auth.subresource-http-auth-allow", 1); +defaultPref("browser.display.use_system_colors", false); ``` #### Modified -Edited some present prefs to better one +Updated some present prefs to better one ``` -defaultPref("network.http.referer.defaultPolicy", 2); // Previously set to 3 +defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 lockPref("browser.cache.offline.storage.enable", false); // Previously browser.cache.offline.insecure.enable lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // Previously set to 0 -lockPref("network.http.referer.XOriginPolicy", 2); // Previously set to 1 +lockPref("network.http.referer.XOriginPolicy", 0); // Previously set to 1 +defaultPref("privacy.clearOnShutdown.offlineApps", false); // For consistency with new cookie behavior +defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cookie behavior +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 +defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed +defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384); ``` #### Removed -Lines that were commented and are now removed -``` -// Librefox Compatibility Fix -// commented out, we're setting it differently later on -// defaultPref("extensions.autoDisableScopes", 0); - -// Removing https-everywhere adding 2 librefox addons -// keep it commented out for now, until we have more recent, properly pre-installed addons -// defaultPref("extensions.enabledAddons", ...); - -//lockPref("browser.contentblocking.global-toggle.enabled", false); -//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); -//lockPref("browser.contentblocking.fastblock.ui.enabled", false); -//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); -//lockPref("browser.contentblocking.allowlist.storage.enabled", false); -//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); -//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.ui.enabled", false); -//lockPref("browser.contentblocking.enabled", false); - -//lockPref("security.ask_for_password", 2); -//lockPref("security.password_lifetime", 5); - -//defaultPref("privacy.cpd.openWindows", true); // Clear session data -//defaultPref("privacy.clearOnShutdown.openWindows", true); -//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); -//lockPref("permissions.memory_only", true); // (hidden pref) -//lockPref("browser.formfill.expire_days", 0); - -//lockPref("browser.urlbar.autoFill", false); -//lockPref("browser.urlbar.autoFill.typed", false); - -//lockPref("media.peerconnection.video.h264", true); - -//lockPref("network.proxy.autoconfig_url.include_path", false); -//lockPref("network.proxy.socks_remote_dns", true); - -//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); -//lockPref("browser.devedition.theme.enabled", true); -//lockPref("devtools.theme", "dark"); -//lockPref("browser.devedition.theme.showCustomizeButton", true); - -//defaultPref("extensions.ui.dictionary.hidden", false); -//defaultPref("extensions.ui.locale.hidden", false); - -//lockPref("dom.indexedDB.logging.details", false); //default true -//lockPref("dom.indexedDB.logging.enabled", false); //default true -//lockPref("network.http.spdy.enabled", false); -//lockPref("network.http.spdy.enabled.deps", false); -//lockPref("network.http.spdy.enabled.http2", false); -//lockPref("network.http.spdy.websockets", false); - -// lockPref("dom.IntersectionObserver.enabled", false); -``` Active prefs that were removed ``` lockPref("network.cookie.same-site.enabled", true); // Deprecated lockPref("network.cookie.leave-secure-alone", true); // Deprecated -lockPref("privacy.trackingprotection.annotate_channels", false); // Deprecated -lockPref("privacy.trackingprotection.lower_network_priority", false); // Useless as tracking protection is disabled +lockPref("browser.contentblocking.reportBreakage.enabled", false); // Deprecated +lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false); // Deprecated +lockPref("browser.contentblocking.rejecttrackers.ui.enabled", false); // Deprecated +lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); // Deprecated +lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); // Deprecated pref("signon.management.page.mobileAndroidURL", ""); // Deprecated pref("signon.management.page.mobileAppleURL", ""); // Deprecated lockPref("browser.urlbar.openViewOnFocus", false); // Handled through patch @@ -103,13 +67,13 @@ lockPref("browser.urlbar.update1", false); // Handled through patch lockPref("browser.urlbar.update1.interventions", false); // Handled through patch lockPref("browser.urlbar.update1.searchTips", false); // Handled through patch defaultPref("places.history.expiration.max_pages", 2147483647); // Useless -defaultPref("media.gmp-manager.url", "data:text/plain,"); // To easily enable DRM defaultPref("media.gmp-manager.url.override", "data:text/plain,"); // To easily enable DRM defaultPref("media.gmp-manager.updateEnabled", false); // Deprecated defaultPref("media.gmp-widevinecdm.autoupdate", false); // Deprecated defaultPref("media.gmp-eme-adobe.enabled", false); // Deprecated defaultPref("media.gmp-manager.certs.2.commonName", ""); // To easily enable DRM defaultPref("media.gmp-manager.certs.1.commonName", ""); // To easily enable DRM +defaultPref("media.gmp.trial-create.enabled", false); // To easily enable DRM lockPref("dom.indexedDB.enabled", true); // Deprecated lockPref("dom.w3c_pointer_events.enabled", false); // Deprecated lockPref("offline-apps.allow_by_default", false); // Deprecated @@ -126,59 +90,558 @@ lockPref("dom.disable_window_open_feature.resizable", true); // Deprecated lockPref("dom.disable_window_open_feature.status", true); // Deprecated lockPref("dom.disable_window_open_feature.titlebar", true); // Deprecated lockPref("dom.disable_window_open_feature.toolbar", true); // Deprecated -``` +lockPref("security.csp.experimentalEnabled", true); // Deprecated +lockPref("security.csp.enable_violation_events", false); // Deprecated +lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); // Duplicated in the file +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // Deprecated +lockPref("extensions.htmlaboutaddons.discover.enabled", false); // Deprecated +lockPref("browser.messaging-system.fxatoolbarbadge.enabled", false); // Deprecated +lockPref("browser.onboarding.notification.tour-ids-queue", ""); // Deprecated +lockPref("devtools.gcli.lodashSrc", ""); // Deprecated +lockPref("devtools.webide.templatesURL", ""); // Deprecated +lockPref("browser.ping-centre.production.endpoint", ""); // Deprecated +lockPref("gecko.handlerService.schemes.ircs.0.name", ""); // Duplicated in the file +lockPref("services.sync.fxa.privacyURL", ""); // Deprecated +lockPref("services.settings.default_signer", ""); // Deprecated +lockPref("app.productInfo.baseURL", ""); // Deprecated +lockPref("devtools.webide.adbAddonURL", ""); // Deprecated +lockPref("lightweightThemes.recommendedThemes", ""); // Deprecated +defaultPref("media.gmp-gmpopenh264.autoupdate", false); // Adroid FF only +lockPref("browser.newtabpage.activity-stream.prerender", false); // Deprecated +lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // Deprecated +lockPref("browser.newtabpage.activity-stream.disableSnippets", true); // Deprecated +lockPref("privacy.donottrackheader.value", 1); // Deprecated +defaultPref("privacy.userContext.longPressBehavior", 2); // Deprecated +defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default +lockPref("dom.forms.datetime", false); // Deprecated +lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated +lockPref("services.sync.clients.lastSync", "0"); // Deprecated +lockPref("services.sync.clients.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.enabled", false); // Deprecated +lockPref("services.sync.jpake.serverURL", ""); // Deprecated +lockPref("services.sync.migrated", true); // Deprecated +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.password", false); // Deprecated +lockPref("services.sync.serverURL", ""); // Deprecated +lockPref("services.sync.tabs.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.engine.bookmarks.buffer", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.extensions.personas.current", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.require", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.max", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.min", false); // Deprecated +lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); // Deprecated +lockPref("prio.publicKeyB", ""); // Deprecated +lockPref("prio.publicKeyA", ""); // Deprecated +lockPref("browser.chrome.errorReporter.publicKey", ""); // Deprecated +lockPref("security.insecure_password.ui.enabled", true); // Deprecated +defaultPref("network.dns.localDomains", "librefox.com"); // Doesn't make sense at all +lockPref("security.ssl.errorReporting.automatic", false); // Deprecated +lockPref("security.ssl.errorReporting.url", ""); // Deprecated +lockPref("security.ssl.errorReporting.enabled", false); // Deprecated +defaultPref("layout.frame_rate.precise", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.enabled", true); // Deprecated +defaultPref("layers.async-video.enabled", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.async-animations", true); // Default true and not important to set +defaultPref("html5.offmainthread", true); // Default true and not important to set +defaultPref("browser.tabs.animate", false); // Deprecated +lockPref("webgl.disable-extensions", true); // Deprecated +lockPref("browser.onboarding.notification.finished", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // Deprecated +lockPref("devtools.onboarding.telemetry.logged", false); // Deprecated +lockPref("pref.general.disable_button.default_browser", false); // Deprecated +lockPref("pref.privacy.disable_button.view_passwords", false); // Deprecated +lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // Deprecated +lockPref("browser.urlbar.searchSuggestionsChoice", false); // Deprecated +lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // Deprecated +lockPref("app.update.silent", false); // Deprecated +lockPref("app.vendorURL", ""); // Deprecated +lockPref("browser.chrome.errorReporter.submitUrl", ""); // Deprecated +lockPref("browser.chrome.errorReporter.enabled", false); // Deprecated +lockPref("browser.ping-centre.staging.endpoint", ""); // Deprecated +lockPref("devtools.devedition.promo.url", ""); // Deprecated +lockPref("devtools.gcli.imgurUploadURL", ""); // Deprecated +lockPref("devtools.gcli.jquerySrc", ""); // Deprecated +lockPref("devtools.gcli.underscoreSrc", ""); // Deprecated +lockPref("devtools.telemetry.supported_performance_marks", ""); // Deprecated +lockPref("dom.permissions.enabled", false); // Deprecated +lockPref("extensions.blocklist.url", ""); // Deprecated +lockPref("geo.wifi.uri", ""); // Deprecated +lockPref("geo.provider-country.network.scan", false); // Deprecated +lockPref("geo.provider-country.network.url", ""); // Deprecated +lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated +lockPref("lpbmode.enabled", true); // Deprecated +lockPref("mailnews.messageid_browser.url", ""); // Deprecated +lockPref("mailnews.mx_service_url", ""); // Deprecated +lockPref("network.predictor.cleaned-up", true); // Deprecated +lockPref("plugins.crash.supportUrl", ""); // Deprecated +lockPref("sync.enabled", false); // Deprecated +lockPref("sync.jpake.serverURL", ""); // Deprecated +lockPref("sync.serverURL", ""); // Deprecated +lockPref("toolkit.telemetry.hybridContent.enabled", false); // Deprecated +lockPref("toolkit.telemetry.infoURL", ""); // Deprecated +lockPref("toolkit.telemetry.prompted", 2); // Deprecated +lockPref("toolkit.telemetry.rejected", true); // Deprecated +lockPref("toolkit.telemetry.coverage.opt-out", true); // Deprecated +lockPref("browser.aboutHomeSnippets.updateUrl", ""); // Deprecated +lockPref("dom.enable_user_timing", false); // Deprecated +lockPref("geo.wifi.logging.enabled", false); // Deprecated +lockPref("browser.search.geoSpecificDefaults.url", ""); // Deprecated +lockPref("browser.search.geoSpecificDefaults", false); // Deprecated +lockPref("browser.fixup.hide_user_pass", true); // Deprecated +lockPref("privacy.storagePrincipal.enabledForTrackers", false); // redundant with dFPI +defaultPref("layout.css.visited_links_enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1632765 +defaultPref("layout.css.always-repaint-on-unvisited", false); // no benefit with RFP enabled -> https://github.com/arkenfox/user.js/issues/933 +defaultPref("layout.css.notify-of-unvisited", false); // no benefit with RFP enabled +defaultPref("dom.event.contextmenu.enabled", false); // causes breakage with no demonstrated privacy benefit +lockPref("dom.registerProtocolHandler.insecure.enabled", true); // Deprecated +defaultPref("dom.security.https_only_mode_ever_enabled", true); // Triggered by dom.security.https_only_mode = true +lockPref("dom.enable_resource_timing", false); // conflicting with RFP +lockPref("device.sensors.enabled", false); // conflicting with RFP +lockPref("dom.gamepad.enabled", false); // conflicting with RFP +lockPref("dom.netinfo.enabled", false); // conflicting with RFP +lockPref("media.video_stats.enabled", false); // conflicting with RFP +lockPref("webgl.enable-debug-renderer-info", false); // conflicting with RFP +defaultPref("extensions.getAddons.themes.browseURL", ""); // Deprecated +lockPref("extensions.getAddons.compatOverides.url", ""); // Used for tests on localhost:8888 +defaultPref("extensions.ui.experiment.hidden", false); // Deprecated +defaultPref("extensions.webextensions.tabhide.enabled", false); // Deprecated +lockPref("dom.enable_performance", false); // conflicting with RFP +lockPref("dom.enable_performance_navigation_timing", false); // conflicting with RFP +lockPref("security.mixed_content.upgrade_display_content", true); // not worth having https://github.com/arkenfox/user.js/issues/754 +lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.rsa_rc4_128_md5", false); // Deprecated +lockPref("security.ssl3.rsa_rc4_128_sha", false); // Deprecated +lockPref("security.tls.unrestricted_rc4_fallback", false); // Deprecated +lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.rsa_seed_sha", false); // Deprecated +lockPref("security.ssl3.rsa_des_ede3_sha", false); // known to leak and increase fingerprint +lockPref("security.ssl3.rsa_aes_256_sha", false); // known to leak and increase fingerprint +lockPref("security.ssl3.rsa_aes_128_sha", false); // known to leak and increase fingerprint +lockPref("browser.safebrowsing.allowOverride", false); // we do not have SB enabled so we don't care if the bypass button is shown +defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? +lockPref("services.blocklist.onecrl.collection", ""); // Deprecated +lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint +lockPref("plugin.defaultXpi.state", 1); // Deprecated +lockPref("remote.log.level", "Info"); // already default and not important in any way +lockPref("webgl.min_capability_mode", true); // small to no gain according to arkenfox and TOR, breaks websites on the other side +lockPref("lightweightThemes.update.enabled", false); // Deprecated +lockPref("lightweightThemes.persisted.headerURL", false); // Deprecated +lockPref("lightweightThemes.persisted.footerURL", false); // Deprecated +lockPref("network.protocol-handler.warn-external-default",true); // any real benefit? +lockPref("network.protocol-handler.external.javascript",false); // any real benefit? +lockPref("network.protocol-handler.external.moz-extension",false); // any real benefit? +lockPref("network.protocol-handler.external.ftp",false);// any real benefit? +lockPref("network.protocol-handler.external.file",false);// any real benefit? +lockPref("network.protocol-handler.external.about",false);// any real benefit? +lockPref("network.protocol-handler.external.chrome",false);// any real benefit? +lockPref("network.protocol-handler.external.blob",false);// any real benefit? +lockPref("network.protocol-handler.external.data",false);// any real benefit? +lockPref("network.protocol-handler.expose-all",false);// any real benefit? +lockPref("network.protocol-handler.expose.http",true);// any real benefit? +lockPref("network.protocol-handler.expose.https",true);// any real benefit? +lockPref("network.protocol-handler.expose.javascript",true);// any real benefit? +lockPref("network.protocol-handler.expose.moz-extension",true);// any real benefit? +lockPref("network.protocol-handler.expose.ftp",true);// any real benefit? +lockPref("network.protocol-handler.expose.file",true);// any real benefit? +lockPref("network.protocol-handler.expose.about",true);// any real benefit? +lockPref("network.protocol-handler.expose.chrome",true);// any real benefit? +lockPref("network.protocol-handler.expose.blob",true);// any real benefit? +lockPref("network.protocol-handler.expose.data",true);// any real benefit? +lockPref("network.protocol-handler.external.http",false);// any real benefit? +lockPref("network.protocol-handler.external.https",false);// any real benefit? +lockPref("shumway.disabled", true); // Deprecated +lockPref("plugin.state.libgnome-shell-browser-plugin", 0); // Deprecated +lockPref("plugins.click_to_play", true); // Deprecated +lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); // Deprecated +lockPref("devtools.webide.enabled", false); // Deprecated +lockPref("devtools.webide.autoinstallADBExtension", false); // Deprecated +lockPref("network.allow-experiments", false); // Deprecated +lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // Deprecated +lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); // Deprecated +lockPref("network.netlink.route.check.IPv6", "::1"); // Deprecated +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // Deprecated +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // Deprecated +lockPref("security.tls.version.max", 4); // increases fingerprint +defaultPref("network.dns.blockDotOnion", true); // TOR is out of scope +lockPref("network.http.referer.hideOnionSource", true); // TOR is out of scope +lockPref("browser.onboarding.enabled", false); // Deprecated +lockPref("dom.mozTCPSocket.enabled", false); // Useless according to https://gitlab.torproject.org/legacy/trac/-/issues/27268#comment:2 +lockPref("devtools.webide.autoinstallADBHelper", false); // Deprecated +lockPref("app.update.enabled", false); // Deprecated +lockPref("browser.casting.enabled", false); // Deprecated, probably Android only +lockPref("browser.newtabpage.activity-stream.enabled", false); // Deprecated +lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); // Deprecated +lockPref("browser.newtabpage.directory.source", "data:text/plain,"); // Deprecated +lockPref("browser.newtabpage.enhanced", false); // Deprecated +lockPref("browser.selfsupport.url", ""); // Deprecated +lockPref("camera.control.face_detection.enabled", false); // Deprecated +lockPref("datareporting.healthreport.about.reportUrl", "data:,"); // Deprecated +lockPref("datareporting.healthreport.service.enabled", false); // Deprecated +lockPref("devtools.webide.autoinstallFxdtAdapters", false); // Deprecated +lockPref("devtools.webide.adaptersAddonURL", ""); // Deprecated +lockPref("dom.flyweb.enabled", false); // Deprecated +lockPref("dom.push.udp.wakeupEnabled", false); // Deprecated +lockPref("dom.telephony.enabled", false); // Deprecated +lockPref("extensions.shield-recipe-client.enabled", false); // Deprecated +lockPref("loop.logDomains", false); // Deprecated +lockPref("network.websocket.enabled", false); // Deprecated +lockPref("security.xpconnect.plugin.unrestricted", false); // Deprecated +lockPref("social.directories", ""); // Deprecated +lockPref("social.remote-install.enabled", false); // Deprecated +lockPref("social.whitelist", ""); // Deprecated +lockPref("pref.privacy.disable_button.change_blocklist", true); // seems to have no effect and probably deprecated +lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); // seems to have no effect and probably deprecated +lockPref("browser.pocket.enabled", false); // Deprecated +defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); // already default value and not that important, can still be flipped easily +lockPref("plugin.scan.plid.all", false); // Win-only, plugins are disabled so it's redundant +lockPref("webgl.dxgl.enabled", false); // Win-only, marked as useless https://github.com/arkenfox/user.js/issues/714 +lockPref("browser.search.countryCode", "US"); // Deprecated +lockPref("experiments.activeExperiment", false); // Deprecated +lockPref("experiments.enabled", false); // Deprecated +lockPref("experiments.manifest.uri", ""); // Deprecated +lockPref("experiments.supported", false); // Deprecated +lockPref("network.jar.block-remote-files", true); // Deprecated +lockPref("network.jar.open-unsafe-types", false); // Deprecated +lockPref("plugin.state.java", 0); // Deprecated +lockPref("trailhead.firstrun.branches", "join-privacy"); // Deprecated +lockPref("services.blocklist.update_enabled", false); // Deprecated +lockPref("shield.savant.enabled", false); // Deprecated +defaultPref("gfx.direct2d.disabled", false); // Win-only, default and probably out of scope +defaultPref("layers.acceleration.disabled", false); // default and probably out of scope +lockPref("browser.taskbar.previews.enable", false); // personal pref +lockPref("browser.taskbar.lists.enabled", false); // personal pref +lockPref("browser.taskbar.lists.frequent.enabled", false); // personal pref +lockPref("browser.taskbar.lists.recent.enabled", false); // personal pref +lockPref("browser.taskbar.lists.tasks.enabled", false); // personal pref +defaultPref("webgl.force-enabled", true); // out of scope, not worth +defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth +lockPref("privacy.trackingprotection.testing.report_blocked_node", false); // default false and we have tracking protection disabled +lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); // default false and we have tracking protection disabled +lockPref("privacy.trackingprotection.lower_network_priority", false); // default +lockPref("telemetry.origin_telemetry_test_mode.enabled", false); // default false and we have tracking protection disabled +lockPref("signon.storeSignons", false); // Deprecated +lockPref("browser.urlbar.filter.javascript", true); // default +lockPref("browser.search.geoip.url", ""); // Deprecated +defaultPref("privacy.clearOnShutdown.siteSettings", false); // default +defaultPref("privacy.clearOnShutdown.cache", true); // default +defaultPref("privacy.clearOnShutdown.sessions", true); // default +defaultPref("privacy.clearOnShutdown.downloads", true); // default +defaultPref("privacy.clearOnShutdown.formdata", true); // default +defaultPref("privacy.clearOnShutdown.history", true); // default +defaultPref("privacy.cpd.siteSettings", false); // default +defaultPref("privacy.cpd.downloads", true); // default +defaultPref("privacy.cpd.cache", true); // default +defaultPref("privacy.cpd.formdata", true); // default +defaultPref("privacy.cpd.history", true); // default +defaultPref("privacy.cpd.passwords", false); // default +defaultPref("privacy.cpd.sessions", true); // default +defaultPref("extensions.formautofill.addresses.capture.enabled", false); // default +lockPref("signon.autofillForms.http", false); // default +lockPref("network.trr.send_user-agent_headers", false); // default +lockPref("network.dns.disablePrefetchFromHTTPS", true); // default +lockPref("dom.imagecapture.enabled", false); // default +lockPref("dom.reporting.crash.enabled", false); // default +defaultPref("network.proxy.autoconfig_url.include_path", false); // default +lockPref("security.tls.version.min", 3); // default +defaultPref("extensions.webextensions.background-delayed-startup", true); //default +defaultPref("xpinstall.signatures.required", true); // default +lockPref("app.normandy.dev_mode", false); // default +defaultPref("pdfjs.enableWebGL", false); // default +lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable +lockPref("network.predictor.enable-prefetch", false); // default +lockPref("network.http.referer.spoofSource", false); // default +defaultPref("network.http.referer.defaultPolicy", 2); // default +defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default +defaultPref("layout.spellcheckDefault", 2); // why? +lockPref("privacy.trackingprotection.introURL", ""); // Deprecated +defaultPref("general.appname.override", "Netscape"); // no benefit over RFP +defaultPref("general.appversion.override", "5.0 (Windows)"); // no benefit over RFP, and it doesn't spoof +defaultPref("general.platform.override", "Win32"); // no benefit over RFP, and it doesn't spoof +defaultPref("general.oscpu.override", "Windows NT 6.1"); // no benefit over RFP, and it doesn't spoof +lockPref("general.buildID.override", "20100101"); // no benefit over RFP +lockPref("browser.startup.homepage_override.buildID", "20100101"); // no benefit over RFP +defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // no benefit over RFP and without may increase FP +lockPref("security.insecure_connection_icon.enabled", true); // Default +lockPref("security.insecure_connection_icon.pbmode.enabled", true); // Default +lockPref("browser.bookmarks.restore_default_bookmarks", false); // Default +lockPref("browser.contentblocking.cfr-milestone.enabled", false); // not needed with contenblocking disabled +lockPref("app.normandy.first_run", false); // default +lockPref("browser.send_pings", false); // default +lockPref("browser.send_pings.require_same_host", true); // default +defaultPref("browser.tabs.closeTabByDblclick", true); // why? +lockPref("devtools.debugger.force-local", true); // default +lockPref("gfx.offscreencanvas.enabled", false); // default +lockPref("media.webspeech.recognition.enable", false); // default +lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // default +lockPref("remote.force-local", true); // default +lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default +lockPref("security.fileuri.strict_origin_policy", true); // default +lockPref("security.insecure_field_warning.contextual.enabled", true); // default +defaultPref("security.remote_settings.intermediates.enabled", true); // default +lockPref("xpinstall.whitelist.required", true); // default +lockPref("browser.sessionhistory.max_entries", 20); // why? +lockPref("extensions.webapi.testing", false); // hidden but default false +lockPref("canvas.capturestream.enabled", false); // any real benefit? +lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments +defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup +// fxaccounts is disabled in policies +lockPref("identity.fxaccounts.enabled", false); +lockPref("identity.fxaccounts.remote.root", ""); +lockPref("identity.fxaccounts.auth.uri", ""); +lockPref("identity.fxaccounts.commands.enabled", false); +lockPref("identity.fxaccounts.remote.oauth.uri", ""); +lockPref("identity.fxaccounts.remote.profile.uri", ""); +lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); + +// all handled by lockPref("services.settings.server", "") +lockPref("services.blocklist.addons.collection", ""); +lockPref("services.blocklist.plugins.collection", ""); +lockPref("services.blocklist.gfx.collection", ""); +lockPref("services.blocklist.addons.signer", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.plugins.signer", ""); + +// useless as fxaccounts are off +lockPref("services.sync.addons.trustedSourceHostnames", ""); +lockPref("services.sync.lastversion", ""); +lockPref("services.sync.maxResyncs", 0); // 1 +lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 +lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false +lockPref("services.sync.engine.addons", false); //true +lockPref("services.sync.engine.addresses", false); //false +lockPref("services.sync.engine.addresses.available", false); +lockPref("services.sync.engine.bookmarks", false); //true +lockPref("services.sync.engine.creditcards", false); //false +lockPref("services.sync.engine.creditcards.available", false); //false +lockPref("services.sync.engine.history", false); //true +lockPref("services.sync.engine.passwords", false); //true +lockPref("services.sync.engine.prefs", false); //true +lockPref("services.sync.engine.tabs", false); //true +lockPref("services.sync.log.appender.file.logOnError", false); //true +lockPref("services.sync.log.appender.file.logOnSuccess", false); //false +lockPref("services.sync.log.cryptoDebug", false); //false +lockPref("services.sync.sendVersionInfo", false); //true +lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true +lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true +lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true +lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true +lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); //true +lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true +lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true +lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true +lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true +lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true +lockPref("services.sync.prefs.sync.browser.search.update", false); //true +lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true +lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true +lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true +lockPref("services.sync.prefs.sync.browser.startup.page", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.engines", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true +lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true +lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true +lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true +lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true +lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true +lockPref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", false); //true +lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true +lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true +lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true +lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true +lockPref("services.sync.prefs.sync.permissions.default.image", false); //true +lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true +lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true +lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true +lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true +lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true +lockPref("services.sync.prefs.sync.signon.rememberSignons", false); +lockPref("services.sync.prefs.sync.signon.management.page.breach-alerts.enabled", false); +lockPref("services.sync.prefs.sync.signon.generation.enabled", false); +lockPref("services.sync.prefs.sync.signon.autofillForms", false); +lockPref("services.sync.declinedEngines", ""); +lockPref("services.sync.globalScore", 0); +lockPref("services.sync.nextSync", 0); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); +lockPref("services.sync.tabs.lastSync", "0"); + +// useless as ui elements are not in the report page +lockPref("browser.contentblocking.report.cookie.url", ""); +lockPref("browser.contentblocking.report.cryptominer.url", ""); +lockPref("browser.contentblocking.report.endpoint_url", ""); +lockPref("browser.contentblocking.report.fingerprinter.url", ""); +lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); +lockPref("browser.contentblocking.report.manage_devices.url", ""); +lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); +lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); +lockPref("browser.contentblocking.report.monitor.home_page_url", ""); +lockPref("browser.contentblocking.report.monitor.preferences", ""); +lockPref("browser.contentblocking.report.monitor.url", ""); +lockPref("browser.contentblocking.report.proxy.enabled", false); +lockPref("browser.contentblocking.report.proxy_extension.url", ""); +lockPref("browser.contentblocking.report.social.url", ""); +lockPref("browser.contentblocking.report.tracker.url", ""); +lockPref("browser.contentblocking.report.vpn.url", ""); +lockPref("browser.contentblocking.report.vpn-promo.url", ""); +lockPref("browser.contentblocking.report.vpn-ios.url", ""); +lockPref("browser.contentblocking.report.vpn-android.url", ""); +``` #### Commented -Active prefs that were commented +Prefs that need to be addressed and that were disabled for now ``` -// this one should be deprecated and redudant since telemetry is disabled -// lockPref("telemetry.origin_telemetry_test_mode.enabled", false); - -// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant -// when 3rd party cookies are disabled -// lockPref("privacy.storagePrincipal.enabledForTrackers", false); - -// Lickely deprecated as it is now default behavior -//lockPref("privacy.donottrackheader.value", 1); - -// redudant and probably even conflicting with privacy.resistFingerprinting -// defaultPref("privacy.spoof_english", 2); - -// Deprecated -// lockPref("dom.indexedDB.enabled", true); - -// Is there any reason to change the default value? -// lockPref("extensions.autoDisableScopes", 11); +// all covered by previous prefs +// defaultPref("media.navigator.video.enabled", false); +// defaultPref("media.peerconnection.use_document_iceservers", false); +// defaultPref("media.peerconnection.identity.enabled", false); +// defaultPref("media.peerconnection.identity.timeout", 1); +// defaultPref("media.peerconnection.turn.disable", true); +// defaultPref("media.peerconnection.ice.tcp", false); ``` #### Unlocked Locked prefs that were unlocked, more should be unlocked probably ``` -lockPref("general.config.filename", "librewolf.cfg"); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("privacy.donottrackheader.enabled", true); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("permissions.default.geo", 2); +defaultPref("general.config.filename", "librewolf.cfg"); +defaultPref("privacy.donottrackheader.enabled", true); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("permissions.default.geo", 2); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("extensions.getAddons.themes.browseURL", "") +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); +defaultPref("alerts.showFavicons", false); // default: false +defaultPref("security.remote_settings.intermediates.enabled", true); +defaultPref("dom.battery.enabled", false); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("extensions.blocklist.enabled", false); +defaultPref("extensions.blocklist.detailsURL", ""); +defaultPref("extensions.blocklist.itemURL", ""); +defaultPref("security.OCSP.enabled", 0); // someone might want to have it on for security concerns +defaultPref("security.OCSP.require", false); +defaultPref("reader.parse-on-load.enabled", false); ``` -#### Made default -Prefs that were user set and are now default -``` -defaultPref("signon.management.page.breach-alerts.enabled", false); -defaultPref("signon.management.page.breachAlertUrl", ""); -``` #### To discuss -Prefs that need to be addressed +Prefs that need to be addressed and potential roadmap ``` -// This should be discussed -defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); -defaultPref("general.appname.override", "Netscape"); -defaultPref("general.appversion.override", "5.0 (Windows)"); -defaultPref("general.platform.override", "Win32"); -defaultPref("general.oscpu.override", "Windows NT 6.1"); +Open points: +// How much should we lock? +// How in depth should we go with urls +// SB - make re-enabling easier, test connections +// GEO - review to allow easier re-enabling +// evaluate certificate handling (oscp, crlite, blocklist) -// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI -defaultPref("network.cookie.cookieBehavior", 1); +missing from arkenfox in need of discussion: +security.pki.crlite_mode -> DISCUSS +security.remote_settings.crlite_filters.enabled -> DISCUSS +dom.security.https_only_mode_send_http_background_request -> DISCUSS +browser.download.useDownloadDir -> do we want to ask for download location each time? +``` + +## How to... +#### Stay logged +Add website to exceptions before login, both http and https link +#### Enable DRM content +``` +media.eme.enabled = true +media.gmp-widevinecdm.visible = true +media.gmp-widevinecdm.enabled = true +media.gmp-provider.enabled = true +media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml +``` +#### Use video conferencing +``` +media.peerconnection.enabled = true +media.peerconnection.ice.no_host = true +dom.webaudio.enabled = true +``` +screensharing `media.getusermedia.screensharing.enabled = true` +#### Enable addons search +``` +extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" +``` +#### Enable addons manual updates +``` +extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= +%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= +%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= +%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= +%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" +``` +#### Enable OCSP certificate checking +``` +security.OCSP.enabled = 1 +``` +you probably also want `security.OCSP.require = true` + +#### Hardened setup +``` +defaultPref("javascript.options.asmjs", false); // disable asm.js +defaultPref("javascript.options.wasm", false); // disable web assembly +defaultPref("webgl.disabled", true); // disable webgl +defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing +defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access ``` \ No newline at end of file diff --git a/README.md b/README.md old mode 100644 new mode 100755 index 9b16249..f63cd10 --- a/README.md +++ b/README.md @@ -1,3 +1,28 @@ # LibreWolf settings -Heavily borrowed from [ghacks-user.js](https://github.com/ghacksuserjs/ghacks-user.js) and [pyllyukko/user.js](https://github.com/pyllyukko/user.js). Not affiliated with either. +LibreWolf settings for all platforms. + +The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. +The old configuration (now tagged as `legacy`) should be considered deprecated and it will no longer be maintained. + +We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides, just place your own preferences in the proper location, according to your OS and install method: +- Most distros and macOS -> `~/.librewolf/librewolf.overrides.cfg` +- Flatpak -> `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` +- Windows -> `%USERPROFILE%\.librewolf\librewolf.overrides.cfg` + +## Useful links +- FAQ (coming soon): to help you creating your own pref file. +- [LibreWolf distributions](https://gitlab.com/librewolf-community/browser) +- [Issue tracker](https://gitlab.com/librewolf-community/settings/-/issues) +- Our community on [gitter](https://gitter.im/librewolf-community/librewolf) +- [Website](https://librewolf-community.gitlab.io/) +- [Docs](https://librewolf.readthedocs.io/en/latest/) +- [r/LibreWolf](https://www.reddit.com/r/LibreWolf/) + +## Notes and thanks +This repository benefits from the knowledge and research provided by [arkenfox](https://github.com/arkenfox), their documentation was vital to this revamp, so special thanks to their project. +We do not use arkenfox's user.js but we try to keep up with it, and we also consider it a great resource for users who want to find their own setup. + +Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home). + +Thank you to the whole LibreWolf community as once again this is entirely a community effort. \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg old mode 100644 new mode 100755 index f97fa12..cd12b9c --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1,188 +1,99 @@ -// --------- -// LibreWolf -// --------- -// -// Documentation .............. : -// ============================== -// -// "Section" : Description of the settings section separated by "----" -// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance -// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss -// Performance can be tested here : https://chromium.github.io/octane/ -// "Pref" : Preference/Settings name and or description followed by links or documentations -// and some time explanation why the setting is commented and ignored. -// "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here -// lockPref is used to lock preferences so they cannot be changed through the GUI or about:config. -// In many cases the GUI will change to reflect this, graying out or removing options. Appears -// in about:config as "locked". Some config items require lockPref to be set, such as app.update.enabled. -// It will not work if it set with just pref. -// "pref" : Sets the preference as if a user had set it, every time you start the browser. So users can make changes, -// but they will be erased on restart. If you set a particular preference this way, -// it shows up in about:config as "user set". -// "defaultPref" : Defaulting : Is used to alter the default value, though users can set it normally and their changes will -// be saved between sessions. If preferences are reset to default through the GUI or some other method, -// this is what they will go back to. Appears in about:config as "default". -// "clearPref" : Can be used to "blank" certain preferences. This can be useful e.g. to disable functions -// that rely on comparing version numbers. -// -// ==================================================================================== -// Protection ................. : -// ============================== -// -// Pref : Locking librewolf.cfg itself -defaultPref("general.config.filename", "librewolf.cfg"); -// -// ===================================================================================== -// Index librewolf.cfg .......... : -// ============================== -// -// ----------------------------------------------------------------------- -// Section : User settings // Bench Diff : +0 / 5000 -// Section : Defaulting Settings // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Controversial // Bench Diff : +0 / 5000 -// Section : Firefox Fingerprint // Bench Diff : +0 / 5000 -// Section : Locale/Time // Bench Diff : +0 / 5000 -// Section : Ghacks-user Selection // Bench Diff : +100 / 5000 -// Section : Extensions Manager // Bench Diff : +0 / 5000 -// Section : IJWY To Shut Up // Bench Diff : +0 / 5000 -// Section : Microsoft Windows // Bench Diff : +0 / 5000 -// Section : Firefox ESR60.x // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Security 1/3 // Bench Diff : +0 / 5000 -// Section : Security 2/3 // Bench Diff : +0 / 5000 -// Section : Security 3/3 (Cipher) // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Performance 1/5 // Bench Diff : +650 / 5000 -// Section : Performance 2/5 // Bench Diff : -800 / 5000 -// Section : Performance 3/5 // Bench Diff : -1720 / 5000 -// Section : Performance 4/5 // Bench Diff : -200 / 5000 -// Section : Performance 5/5 // Bench Diff : -50 / 5000 -// ----------------------------------------------------------------------- -// Section : General Settings 1/3 // Bench Diff : +100 / 5000 -// Section : General Settings 2/3 // Bench Diff : +0 / 5000 -// Section : General Settings 3/3 // Bench Diff : -40 / 5000 -// ----------------------------------------------------------------------- -// Section : Disabled - ON/OFF // Bench Diff : +0 / 5000 -// Section : Disabled - Deprecated Active // Bench Diff : +0 / 5000 -// Section : Disabled - Deprecated Inactive // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// -// ----------------------------------------------------------------------- -// Index local-settings.js .... : -// ============================== -// -// ----------------------------------------------------------------------- -// Section : General Settings // Bench Diff : ++ / 5000 -// ----------------------------------------------------------------------- -// -// ----------------------------------------------------------------------- - -// >>>>>>>>>>>>>>>>>>>>>>> -// Section : User Settings -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>>>>> - -// -------------------------------- -// User Settings : Cookies settings -// -------------------------------- - -// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI -defaultPref("network.cookie.cookieBehavior", 1); - -defaultPref("network.cookie.lifetimePolicy", 2); -defaultPref("network.cookie.thirdparty.sessionOnly", true); -lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); +//---------------| +// LibreWolf | +//---------------| +// Glossary: | +// ================================================================================================================================| +// | +// "Section" : Description of the settings section separated by "----" | +// "Pref" : Preference/Settings name and or description followed by links or documentations | +// and some time explanation why the setting is commented and ignored. | +// "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here | +// lockPref is used to lock preferences so they cannot be changed through the GUI or about:config. | +// In many cases the GUI will change to reflect this, graying out or removing options. Appears | +// in about:config as "locked". Some config items require lockPref to be set, such as app.update.enabled. | +// It will not work if it set with just pref. | +// "pref" : Sets the preference as if a user had set it, every time you start the browser. So users can make changes, | +// but they will be erased on restart. If you set a particular preference this way, | +// it shows up in about:config as "user set". | +// "defaultPref" : Defaulting : Is used to alter the default value, though users can set it normally and their changes will | +// be saved between sessions. If preferences are reset to default through the GUI or some other method, | +// this is what they will go back to. Appears in about:config as "default". | +// "clearPref" : Can be used to "blank" certain preferences. This can be useful e.g. to disable functions | +// that rely on comparing version numbers. | +// | +// ================================================================================================================================| // ----------------------------------- -// User Settings : Tracking protection +// # TRACKING PROTECTION // ----------------------------------- -// Disabling tracking protection and its UI elements in about:protections +defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more lockPref("privacy.trackingprotection.enabled", false); - lockPref("privacy.trackingprotection.pbmode.enabled", false); lockPref("privacy.trackingprotection.socialtracking.enabled", false); lockPref("privacy.trackingprotection.cryptomining.enabled", false); lockPref("privacy.trackingprotection.fingerprinting.enabled", false); -lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); - -// this one should be outdated and redudant since telemetry is disabled -//lockPref("telemetry.origin_telemetry_test_mode.enabled", false); - +lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("urlclassifier.trackingTable", ""); -lockPref("pref.privacy.disable_button.change_blocklist", true); -lockPref("browser.contentblocking.category", "custom"); -lockPref("browser.contentblocking.cfr-milestone.enabled", false); lockPref("browser.contentblocking.database.enabled", false); + +// remove urls +lockPref("browser.contentblocking.reportBreakage.url", ""); + +// hide ui elements lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); lockPref("browser.contentblocking.report.hide_vpn_banner", true); -lockPref("browser.contentblocking.report.monitor.home_page_url", ""); lockPref("browser.contentblocking.report.show_mobile_app", false); - -// From og .cfg -lockPref("browser.contentblocking.reportBreakage.enabled", false); -lockPref("browser.contentblocking.reportBreakage.url", ""); -lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false); -lockPref("browser.contentblocking.rejecttrackers.ui.enabled", false); -lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); -lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); -lockPref("browser.contentblocking.report.lockwise.url", ""); -lockPref("browser.contentblocking.report.proxy_extension.url", ""); -lockPref("browser.contentblocking.report.cookie.url", ""); -lockPref("browser.contentblocking.report.cryptominer.url", ""); -lockPref("browser.contentblocking.report.fingerprinter.url", ""); lockPref("browser.contentblocking.report.lockwise.enabled", false); -lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); -lockPref("browser.contentblocking.report.lockwise.url", ""); -lockPref("browser.contentblocking.report.manage_devices.url", ""); lockPref("browser.contentblocking.report.monitor.enabled", false); -lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); -lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); -lockPref("browser.contentblocking.report.monitor.url", ""); lockPref("browser.contentblocking.report.proxy.enabled", false); -lockPref("browser.contentblocking.report.proxy_extension.url", ""); -lockPref("browser.contentblocking.report.social.url", ""); -lockPref("browser.contentblocking.report.tracker.url", ""); - -// Windows only -lockPref("default-browser-agent.enabled", false); +lockPref("browser.contentblocking.report.vpn.enabled", false); // ---------------------------------- -// User Settings : Auto-play settings +// # AUTOPLAY // ---------------------------------- defaultPref("media.autoplay.default", 5); -defaultPref("media.autoplay.enabled.user-gestures-needed", false); +defaultPref("media.autoplay.blocking_policy", 2); // ----------------------------------------- -// User Settings : Password manager settings +// # PASSWORD MANAGER // ----------------------------------------- -lockPref("signon.storeSignons", false); lockPref("signon.rememberSignons", false); -lockPref("services.sync.prefs.sync.signon.rememberSignons", false); lockPref("signon.storeWhenAutocompleteOff", false); defaultPref("signon.management.page.breach-alerts.enabled", false); defaultPref("signon.management.page.breachAlertUrl", ""); +lockPref("signon.formlessCapture.enabled", false); // -------------------------------- -// User Settings : History settings +// # SEARCH AND URLBAR // -------------------------------- -// Out of place, cosmetic change -defaultPref("browser.tabs.drawInTitlebar", true); +defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); +lockPref("browser.urlbar.speculativeConnect.enabled", false); +lockPref("browser.urlbar.trimURLs", false); +lockPref("browser.search.suggest.enabled", false); +lockPref("browser.search.region", "US"); +lockPref("browser.fixup.alternate.enabled", false); +lockPref("browser.urlbar.suggest.searches", false); +lockPref("browser.search.update", false); -lockPref("browser.sessionhistory.max_entries", 20); -lockPref("browser.urlbar.filter.javascript", true); -pref("startup.homepage_override_url", "about:blank"); -pref("startup.homepage_welcome_url", "about:blank"); -pref("startup.homepage_welcome_url.additional", ""); +// -------------------------------- +// # SANITIZING, COOKIES AND HISTORY +// -------------------------------- -// For consistency with new cookie behavior +defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 +defaultPref("network.cookie.lifetimePolicy", 2); +defaultPref("network.cookie.thirdparty.sessionOnly", true); +lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); + +// includes new cookie behavior that allows to stay logged with exceptions +defaultPref("privacy.clearOnShutdown.cookies", false); defaultPref("privacy.clearOnShutdown.offlineApps", false); -defaultPref("privacy.cpd.offlineApps", false); // Offline Website Data +defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid accidental logout +defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout defaultPref("privacy.sanitize.timeSpan", 0); defaultPref("browser.formfill.enable", false); @@ -190,735 +101,240 @@ defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("places.history.enabled", false); defaultPref("privacy.history.custom", true); -// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant -// when 3rd party cookies are disabled -// lockPref("privacy.storagePrincipal.enabledForTrackers", false); - // -------------------------------------------------------------------- -// User Settings : Session : Other session settings on disabled section +// # SESSIONS // -------------------------------------------------------------------- lockPref("browser.sessionstore.privacy_level", 2); lockPref("browser.sessionstore.interval", 60000); // --------------------------------- -// User Settings : Autofill settings +// # AUTOFILL // --------------------------------- -defaultPref("extensions.formautofill.addresses.enabled", false); +defaultPref("extensions.formautofill.section.enabled", false); defaultPref("extensions.formautofill.available", "off"); +defaultPref("extensions.formautofill.addresses.enabled", false); defaultPref("extensions.formautofill.creditCards.enabled", false); defaultPref("extensions.formautofill.creditCards.available", false); defaultPref("extensions.formautofill.heuristics.enabled", false); lockPref("signon.autofillForms", false); -lockPref("signon.autofillForms.http", false); - -// ---------------------------------------------- -// User Settings : Check default browser Settings -// ---------------------------------------------- - -lockPref("browser.shell.checkDefaultBrowser", false); // ----------------------- -// User Settings : DRM/CDM +// # DRM // ----------------------- -// Includes new DRM implementation for easily re-enabling it +// includes new DRM implementation for easily re-enabling it // following four prefs must be set to true to play DRM content +// could be further reduced to 2 or 1 prefs defaultPref("media.eme.enabled", false); defaultPref("media.gmp-widevinecdm.visible", false); defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-provider.enabled", false); +defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections -defaultPref("media.gmp.trial-create.enabled", false); -defaultPref("media.gmp-widevinecdm.visible", false); -defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-gmpopenh264.enabled", false); -defaultPref("media.gmp-gmpopenh264.autoupdate", false); -defaultPref("media.peerconnection.video.enabled", false); // ---------------------- -// User Settings : WebRTC +// # WEBRTC // ---------------------- defaultPref("media.navigator.enabled", false); -defaultPref("media.navigator.video.enabled", false); -defaultPref("media.getusermedia.browser.enabled", false); -defaultPref("media.getusermedia.screensharing.enabled", false); -defaultPref("media.getusermedia.audiocapture.enabled", false); -defaultPref("media.peerconnection.use_document_iceservers", false); -defaultPref("media.peerconnection.identity.enabled", false); -// 10000 per default -defaultPref("media.peerconnection.identity.timeout", 1); -defaultPref("media.peerconnection.turn.disable", true); -defaultPref("media.peerconnection.ice.tcp", false); +defaultPref("media.peerconnection.enabled", false); defaultPref("media.peerconnection.ice.default_address_only", true); defaultPref("media.peerconnection.ice.no_host", true); defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); +// all covered by previous prefs +// defaultPref("media.navigator.video.enabled", false); +// defaultPref("media.peerconnection.use_document_iceservers", false); +// defaultPref("media.peerconnection.identity.enabled", false); +// defaultPref("media.peerconnection.identity.timeout", 1); +// defaultPref("media.peerconnection.turn.disable", true); +// defaultPref("media.peerconnection.ice.tcp", false); + +// ---------------------- +// # SHARING +// ---------------------- + +defaultPref("media.getusermedia.browser.enabled", false); +defaultPref("media.getusermedia.screensharing.enabled", false); +defaultPref("media.getusermedia.audiocapture.enabled", false); + // ---------------------------- -// User Settings : DNS settings +// # DNS // ---------------------------- lockPref("network.trr.mode", 5); lockPref("network.trr.bootstrapAddress", ""); lockPref("network.trr.uri", ""); -lockPref("network.trr.send_user-agent_headers", false); lockPref("network.trr.send_empty_accept-encoding_headers", false); defaultPref("network.dns.disableIPv6", true); lockPref("network.dns.disablePrefetch", true); -lockPref("network.dns.disablePrefetchFromHTTPS", true); // ------------------------------------ -// User Settings : new tab page +// # NEW TAB PAGE // ------------------------------------ +lockPref("browser.newtab.preload", false); lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); -lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); -lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); -lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); -lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); -lockPref("browser.newtabpage.activity-stream.prerender", false); -lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); -lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); -lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); -lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); -lockPref("browser.newtabpage.activity-stream.showSponsored", false); -lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); -lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); -lockPref("browser.newtabpage.activity-stream.asrouter.messageProviders", ""); -lockPref("browser.newtabpage.activity-stream.asrouter.devtoolsEnableds", true); -lockPref("browser.newtabpage.activity-stream.telemetry", false); -lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); -lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); -lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); -lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); -lockPref("browser.newtabpage.activity-stream.disableSnippets", true); -lockPref("browser.newtabpage.activity-stream.default.sites", ""); -lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false); -lockPref("browser.newtabpage.activity-stream.discoverystream.config", "{\"collapsible\":true,\"enabled\":false,\"personalized\":false,\"layout_endpoint\":\"\"}"); -lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); -lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnabled", false); lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); lockPref("browser.newtabpage.activity-stream.feeds.newtabinit", false); lockPref("browser.newtabpage.activity-stream.feeds.places", false); lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false); +lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); +lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); +lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); +lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); +lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); +lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); +lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); +lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); +lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); +lockPref("browser.newtabpage.activity-stream.showSponsored", false); +lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":false}"); +lockPref("browser.newtabpage.activity-stream.asrouter.devtoolsEnableds", true); +lockPref("browser.newtabpage.activity-stream.telemetry", false); +lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); +lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); +lockPref("browser.newtabpage.activity-stream.default.sites", ""); +lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false); +lockPref("browser.newtabpage.activity-stream.discoverystream.config", "{\"collapsible\":true,\"enabled\":false,\"personalized\":false,\"layout_endpoint\":\"\"}"); +lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); +lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnabled", false); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); -lockPref("browser.newtab.preload", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); +lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // ------------------------------------------- -// Defaulting Settings : Do not track settings +// # DO NOT TRACK // ------------------------------------------- // Unlocked as some think it increases fingerprint, they can now disable it defaultPref("privacy.donottrackheader.enabled", true); -// Lickely deprecated as it is now default behavior -//lockPref("privacy.donottrackheader.value", 1); - -// -------------------------------------- -// User Settings : Miscellaneous settings -// -------------------------------------- +// -------------------------------- +// # DOM +// -------------------------------- lockPref("dom.disable_beforeunload", true); -lockPref("permissions.delegation.enabled", false); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("permissions.default.geo", 2); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Defaulting Settings -// Those settings are not locked this section purpose is to change default setting... -// Modifications can still be done within firefox -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// -------------------------------------- -// Defaulting Settings : Other Defaulting -// -------------------------------------- - -// redudant and probably even conflicting with privacy.resistFingerprinting -// defaultPref("privacy.spoof_english", 2); - -// Referer -defaultPref("network.http.referer.defaultPolicy", 2); -defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 - -// Mixed stuff, many of these are already set by default in the same way as here but I left them for reference -defaultPref("privacy.userContext.ui.enabled", true); -defaultPref("privacy.userContext.enabled", true); -defaultPref("privacy.userContext.longPressBehavior", 2); -defaultPref("browser.aboutConfig.showWarning", false); -defaultPref("browser.download.autohideButton", false); -defaultPref("browser.ctrlTab.recentlyUsedOrder", false); -defaultPref("accessibility.typeaheadfind", false); -defaultPref("clipboard.autocopy", false); -defaultPref("layout.spellcheckDefault", 2); -defaultPref("browser.tabs.closeWindowWithLastTab", true); -defaultPref("general.autoScroll", false); -//defaultPref("network.http.sendRefererHeader", 1); -defaultPref("pdfjs.disabled", false); defaultPref("dom.disable_open_during_load", true); -defaultPref("browser.link.open_newwindow", 3); -defaultPref("browser.link.open_newwindow.restriction", 0); -defaultPref("network.proxy.autoconfig_url", ""); -defaultPref("network.proxy.autoconfig_url.include_path", false); -defaultPref("network.proxy.socks_remote_dns", true); -defaultPref("network.proxy.socks_version", 5); -defaultPref("browser.tabs.loadBookmarksInTabs", true); - -defaultPref("devtools.debugger.remote-enabled", false); -defaultPref("devtools.chrome.enabled", false); - -defaultPref("extensions.ui.experiment.hidden", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Firefox Fingerprint -// ResistFingerprinting : Overriden by 'privacy.resistFingerprinting' -// This needs to be kept disabled to make resistFingerprinting efficient -// https://wiki.mozilla.org/Security/Fingerprinting -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -defaultPref("privacy.resistFingerprinting", true); -defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Locale/Time/UserAgent -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -lockPref("dom.forms.datetime", false); -lockPref("javascript.use_us_english_locale", true); -lockPref("intl.regional_prefs.use_os_locales", false); -defaultPref("intl.locale.requested", "en-US"); -defaultPref("intl.accept_languages", "en-US, en"); - -// This should be discussed -defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); -defaultPref("general.appname.override", "Netscape"); -defaultPref("general.appversion.override", "5.0 (Windows)"); -defaultPref("general.platform.override", "Win32"); -defaultPref("general.oscpu.override", "Windows NT 6.1"); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Ghacks-user Selection -// Bench Diff : +100/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -lockPref("toolkit.coverage.endpoint.base", ""); -lockPref("toolkit.coverage.opt-out", true); -lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("browser.download.hide_plugins_without_extensions", false); -lockPref("webchannel.allowObject.urlWhitelist", ""); -lockPref("browser.cache.offline.storage.enable", false); -lockPref("network.http.redirection-limit", 10); -lockPref("extensions.enabledScopes", 5); - -// Is there any reason to change the default value? -// lockPref("extensions.autoDisableScopes", 11); - -lockPref("xpinstall.whitelist.required", true); // default: true - lockPref("dom.push.enabled", false); lockPref("dom.push.connection.enabled", false); lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" lockPref("dom.push.userAgentID", ""); - lockPref("dom.targetBlankNoOpener.enabled", true); -lockPref("dom.reporting.crash.enabled", false); +lockPref("dom.disable_window_move_resize", true); +defaultPref("dom.serviceWorkers.enabled", false); +defaultPref("dom.battery.enabled", false); +lockPref("dom.popup_maximum", 4); +defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +defaultPref("dom.webaudio.enabled", false); +lockPref("dom.vr.enabled", false); +lockPref("dom.vibrator.enabled", false); +defaultPref("dom.storage.next_gen", true); -lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default: true in FF59+ +// -------------------------------- +// # PERMISSIONS +// -------------------------------- -lockPref("services.blocklist.onecrl.collection", ""); -lockPref("services.blocklist.addons.collection", ""); -lockPref("services.blocklist.plugins.collection", ""); -lockPref("services.blocklist.gfx.collection", ""); -lockPref("browser.startup.blankWindow", false); -lockPref("privacy.trackingprotection.introURL", ""); +lockPref("permissions.delegation.enabled", false); +defaultPref("permissions.default.geo", 2); // unlocked as some think it increases fingerprint, they can now disable it +lockPref("permissions.manager.defaultsUrl", ""); + +// -------------------------------- +// # REFERERS +// -------------------------------- + +lockPref("network.http.referer.XOriginTrimmingPolicy", 2); +lockPref("network.http.referer.XOriginPolicy", 0); + +// -------------------------------- +// # PROXY +// -------------------------------- + +defaultPref("network.proxy.autoconfig_url", ""); +defaultPref("network.proxy.socks_remote_dns", true); +defaultPref("network.proxy.socks_version", 5); + +// -------------------------------------- +// # HTTP(S) +// -------------------------------------- lockPref("network.http.altsvc.enabled", false); lockPref("network.http.altsvc.oe", false); +defaultPref("dom.security.https_only_mode", true); +defaultPref("dom.security.https_only_mode_pbm", true); +defaultPref("network.auth.subresource-http-auth-allow", 1); -lockPref("network.file.disable_unc_paths", true); // (hidden pref) -lockPref("network.gio.supported-protocols", ""); // (hidden pref) - -lockPref("browser.urlbar.speculativeConnect.enabled", false); - -lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); - -lockPref("browser.shell.shortcutFavicons", false); -lockPref("alerts.showFavicons", false); // default: false +// -------------------------------------- +// # TLS +// -------------------------------------- defaultPref("security.ssl.require_safe_negotiation", true); -lockPref("security.tls.enable_0rtt_data", false); // (FF55+ default true) -lockPref("browser.xul.error_pages.expert_bad_cert", true); +lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +lockPref("security.ssl.disable_session_identifiers", true); +lockPref("browser.ssl_override_behavior", 1); +lockPref("security.tls.enable_0rtt_data", false); +lockPref("security.tls.version.enable-deprecated", false); +lockPref("security.tls.version.fallback-limit", 3); +lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos -lockPref("font.blacklist.underline_offset", ""); -lockPref("gfx.font_rendering.graphite.enabled", false); +// to check +lockPref("network.stricttransportsecurity.preloadlist", false); -lockPref("network.http.referer.XOriginTrimmingPolicy", 2); -lockPref("network.http.referer.XOriginPolicy", 2); -lockPref("network.http.referer.spoofSource", false); -lockPref("plugin.default.state", 1); -lockPref("plugin.defaultXpi.state", 1); +// -------------------------------------- +// # RFP +// -------------------------------------- -lockPref("canvas.capturestream.enabled", false); -lockPref("dom.imagecapture.enabled", false); // default: false -lockPref("gfx.offscreencanvas.enabled", false); // default: false +defaultPref("privacy.resistFingerprinting", true); +defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); +lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing -lockPref("dom.disable_window_move_resize", true); +// -------------------------------------- +// # LANGUAGE AND REGION +// -------------------------------------- -lockPref("accessibility.force_disabled", 1); -lockPref("browser.uitour.enabled", false); -lockPref("browser.uitour.url", ""); +defaultPref("javascript.use_us_english_locale", true); +defaultPref("intl.locale.requested", "en-US"); +defaultPref("privacy.spoof_english", 2); +// defaultPref("intl.regional_prefs.use_os_locales", false); // default -lockPref("middlemouse.contentLoadURL", false); -lockPref("permissions.manager.defaultsUrl", ""); +// ------------------------------------------------------- +// # EXTENSIONS - check readme section "Extensions Firewall" +// ------------------------------------------------------- -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Extensions Manager -// Extensions settings and experimental tentative to firewall extensions -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> +// handle default restricted domains +defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" +lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" -// ---------------------------------------------------------------------------------- -// Extensions Firewalling - Blocking Domains : -// ------------------------------------------- - -// !!!!!!!!!!!!!!!!!!! Important !!!!!!!!!!!!!!!!!!! -// Please check readme section "Extensions Firewall" - -// Pref : Restricted Domains I/II -// This will allow extensions to work everywhere -defaultPref("extensions.webextensions.restrictedDomains", ""); -// Default Value : available in "debug-notes.log" - -// Pref : Restricted Domains II/II -// Old restrictedDomains implementation -// Redirect basedomain used by identity api -lockPref("extensions.webextensions.identity.redirectDomain", ""); -// Default Value : "extensions.allizom.org" - -// ---------------------------------------------------------------------------------- -// Extensions Firewalling - Blocking The Network : -// ----------------------------------------------- - -// !!!!!!!!!!!!!!!!!!! Important !!!!!!!!!!!!!!!!!!! -// Please check readme section "Extensions Firewall" - -// Pref : CSP Settings For Extensions I/II : Extension Firewall Feature -// Uncomment to disable network for the extensions +// disable network for the extensions // Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>> defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;"); -// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature -// This value is applied after the first one (just ignore this) -//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); -// Default Value : "script-src 'self'; object-src 'self';" +// set extensions scopes +lockPref("extensions.enabledScopes", 5); +lockPref("extensions.autoDisableScopes", 11); -// ---------------------------------------------------------------------------------- -// Extensions Firewalling - CSP Main Settings : -// --------------------------------------------- +// Relevant for addons and lang packs search +defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% +defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% -// !!!!!!!!!!!!!!!!!!! Important !!!!!!!!!!!!!!!!!!! -// Please check readme section "Extensions Firewall" - -// Pref : CSP Main Settings I/II : -// Those are default values for CSP -// Those are not meant to to be uncommented -//defaultPref("security.csp.enable", true); //This is its default value -//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value -//defaultPref("security.csp.enable_violation_events", true); //This is its default value -//defaultPref("security.csp.experimentalEnabled", false); //This is its default value -//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value -// Default Content Security Policy to apply to signed contents. -//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value - -// Pref : Enable Content Security Policy (CSP) -// https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy -// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -lockPref("security.csp.enable", true); - -// Pref : Enable CSP 1.1 script-nonce directive support -// https://bugzilla.mozilla.org/show_bug.cgi?id=855326 -lockPref("security.csp.experimentalEnabled", true); - -// Pref : CSP Main Settings II/II : Pref : 2681 : Disable CSP Violation Events [FF59+] -// [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent -// [-] https://bugzilla.mozilla.org/1488165 -// Setting removed in firefox v64 -lockPref("security.csp.enable_violation_events", false); //Deprecated Active - -// ---------------------------------------------------------------------------------- -// Extensions Security : -// --------------------- - -// Pref : Enable tab-hiding API by default. -defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true - -// ---------------------------------------------------------------------------------- -// Extensions IJWY : -// ----------------- - -// Pref : Report Site Issue button -lockPref("extensions.webcompat-reporter.newIssueEndpoint", ""); -// Default Value -// https://webcompat.com/issues/new - -// Pref : 0518 : disable Web Compatibility Reporter (FF56+) -// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla -// Report Site Issue button -// Note that on enabling the button in other release channels, make sure to -// disable it in problematic tests, see disableNonReleaseActions() inside -// browser/modules/test/browser/head.js -lockPref("extensions.webcompat-reporter.enabled", false); // Default true - -// ---------------------------------------------------------------------------------- -// Extensions Performance : -// ------------------------ - -// Pref : Delaying extensions background script startup -defaultPref("extensions.webextensions.background-delayed-startup", true); //default true - -// Pref :Whether or not the installed extensions should be migrated to the -// storage.local IndexedDB backend. -//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false - -// Pref : if enabled, store execution times for API calls -//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false - -// Pref : Maximum age in milliseconds of performance counters in children -// When reached, the counters are sent to the main process and -// reset, so we reduce memory footprint. -//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : IJWY To Shut Up -// I Just Want You To Shut Up : Closing all non necessary communication to mozilla.org etc. -// These settings are not used in gHacks at the moment. -// Will be upstreamed once stable in final version. -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Disabling performance addon url [FF64+] -defaultPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); -// Default Value : https://perf-html.io - -// Pref : The default set of protocol handlers for irc [FF64+] -lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); -// Default Value : https://www.mibbit.com/?url=%s - -// Pref : -lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); // Deprecated Active -// Default Value -// https://www.mibbit.com/?url=%s - -// Pref : "coverage" ping [FF64+] -// This ping is not enabled by default. When enabled, a ping is generated a total of once -//per profile, as a diagnostic tool to determine whether Telemetry is working for users. -lockPref("toolkit.coverage.enabled", false); //default false - -// Pref : Allow extensions access to list of sites -// https://github.com/mozilla/gecko/blob/central/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp -lockPref("extensions.webapi.testing", false); // hidden prefs // default false - -// Pref : Disable recommended extensions [FF64+] -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // disable CFR - -// Disable recommendations in about:addons' Extensions and Themes panes [FF68+] -lockPref("extensions.getAddons.discovery.api_url", ""); -lockPref("extensions.htmlaboutaddons.discover.enabled", false); -lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); - -// [SETTING] General>Browsing>Recommend extensions as you browse -// [1] https://support.mozilla.org/en-US/kb/extension-recommendations - -// Pref : [FF64+] -lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); -lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); -// Default Value : -// {\"id\":\"cfr\",\"enabled\":false,\"type\":\"local\",\"localProvider\":\ -// "CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}} - -// Pref : [FF64+] -lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", ""); -// Default Value : -// {\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true} - -// Pref : [FF64+] -lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); -// Default Value : -// {\"id\":\"snippets\",\"enabled\":false,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/ -// %STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION% -// /%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000} - -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); - -lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":false}"); - -lockPref("browser.messaging-system.whatsNewPanel.enabled", false); -lockPref("browser.messaging-system.fxatoolbarbadge.enabled", false); - -// Pref : -lockPref("browser.onboarding.notification.tour-ids-queue", ""); - -// Pref : -lockPref("lightweightThemes.getMoreURL", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/themes - -// Pref : -lockPref("devtools.gcli.lodashSrc", ""); -// Default Value -// https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.6.1/lodash.min.js - -// Pref : -lockPref("media.decoder-doctor.new-issue-endpoint", ""); -// Default Value -// https://webcompat.com/issues/new - -// Pref : -lockPref("identity.sync.tokenserver.uri", ""); -// Default Value -// https://token.services.mozilla.com/1.0/sync/1.5 - -// Pref : -lockPref("devtools.webide.templatesURL", ""); -// Default Value -// https://code.cdn.mozilla.net/templates/list.json - -// Pref : -lockPref("browser.ping-centre.production.endpoint", ""); -// Default Value -// https://tiles.services.mozilla.com/v3/links/ping-centre - -// Pref : -lockPref("browser.translation.engine", ""); -// Default Value -// Google - -// Pref : -lockPref("network.trr.confirmationNS", ""); -// Default Value -// example.com - -// Pref : -lockPref("gecko.handlerService.schemes.mailto.1.name", ""); -// Default Value -// Gmail - -// Pref : -lockPref("gecko.handlerService.schemes.irc.0.name", ""); -// Default Value -// Mibbit - -// Pref : -lockPref("gecko.handlerService.schemes.ircs.0.name", ""); -// Default Value -// Mibbit - -// Pref : -lockPref("gecko.handlerService.schemes.mailto.0.name", ""); -// Default Value -// Yahoo! Mail - -// Pref : -lockPref("services.sync.lastversion", ""); -// Default Value -// firstrun - -// Pref : -lockPref("browser.safebrowsing.provider.mozilla.lists.base", ""); -// Default Value -// moz-std - -// Pref : -lockPref("browser.safebrowsing.provider.mozilla.lists.content", ""); -// Default Value -// moz-full - -// Pref : -lockPref("browser.safebrowsing.provider.google.advisoryName", ""); -// Default Value -// Google Safe Browsing - -// Pref : -lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); -// Default Value -// Google Safe Browsing - -// Pref : Test To Make FFox Silent -lockPref("browser.safebrowsing.provider.mozilla.lists", ""); -// Default Value -// base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256, -// mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256, -// except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256, -// block-flashsubdoc-digest256,except-flashsubdoc-digest256, -// except-flashinfobar-digest256,ads-track-digest256,social-track-digest256, -// analytics-track-digest256,fastblock1-track-digest256,fastblock1-trackwhite-digest256, -// fastblock2-track-digest256,fastblock2-trackwhite-digest256,fastblock3-track-digest256 - -// Pref : -lockPref("identity.fxaccounts.remote.root", ""); -// Default Value -// https://accounts.firefox.com/ - -// Pref : -lockPref("services.settings.server", ""); -// Default Value -// https://firefox.settings.services.mozilla.com/v1 - -// Pref : -lockPref("services.sync.fxa.privacyURL", ""); -// Default Value -// https://accounts.firefox.com/legal/privacy - -// Pref : -lockPref("services.sync.fxa.termsURL", ""); -// Default Value -// https://accounts.firefox.com/legal/terms - -// Pref : -lockPref("services.blocklist.addons.signer", ""); -// Default Value -// remote-settings.content-signature.mozilla.org - -// Pref : -lockPref("services.blocklist.gfx.signer", ""); -// Default Value -// remote-settings.content-signature.mozilla.org - -// Pref : -lockPref("services.blocklist.onecrl.signer", ""); -// Default Value -// onecrl.content-signature.mozilla.org - -// Pref : -lockPref("services.blocklist.pinning.signer", ""); -// Default Value -// pinning-preload.content-signature.mozilla.org - -// Pref : -lockPref("services.blocklist.plugins.signer", ""); -// Default Value -// remote-settings.content-signature.mozilla.org - -// Pref : -lockPref("services.settings.default_signer", ""); -// Default Value -// remote-settings.content-signature.mozilla.org - -// Pref : -lockPref("accessibility.support.url", ""); -// Default Value -// https://support.mozilla.org/%LOCALE%/kb/accessibility-services - -// Pref : -lockPref("app.normandy.shieldLearnMoreUrl", ""); -// Default Value -// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield - -// Pref : -lockPref("app.productInfo.baseURL", ""); -// Default Value -// https://www.mozilla.org/firefox/features/ - -// Pref : -lockPref("app.support.baseURL", ""); -// Default Value -// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/ - -// Pref : -lockPref("browser.chrome.errorReporter.infoURL", ""); -// Default Value -// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/nightly-error-collection - -// Pref : -lockPref("browser.dictionaries.download.url", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/dictionaries/ - -// Pref : -lockPref("browser.geolocation.warning.infoURL", ""); -// Default Value -// https://www.mozilla.org/%LOCALE%/firefox/geolocation/ - -// Pref : -lockPref("browser.search.searchEnginesURL", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/search-engines/ - -// Pref : -lockPref("browser.uitour.themeOrigin", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/themes/ - -// Pref : Disable WebIDE ADB Dxtension Downloads -// Pref : 2608 : gHacks Deprecated Active -lockPref("devtools.webide.adbAddonURL", ""); -// Default Value -// https://ftp.mozilla.org/pub/mozilla.org/labs/fxos-simulator/adb-helper/#OS#/adbhelper-#OS#-latest.xpi - -// Pref : -lockPref("extensions.getAddons.compatOverides.url", ""); -// Default Value -// https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=%LOCALE% - -// Pref : -defaultPref("extensions.getAddons.get.url", ""); -// Default Value -// https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% - -// Pref : -defaultPref("extensions.getAddons.langpacks.url", ""); -// Default Value -// https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% - -// Pref : -defaultPref("extensions.getAddons.link.url", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/ - -// Pref : -defaultPref("extensions.getAddons.search.browseURL", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% - -// Pref : -lockPref("extensions.getAddons.themes.browseURL", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox - -// Pref : -lockPref("services.sync.addons.trustedSourceHostnames", ""); -// Default Value -// addons.mozilla.org - -// Pref : -lockPref("toolkit.datacollection.infoURL", ""); -// Default Value -// https://www.mozilla.org/legal/privacy/firefox.html - -// Pref : -lockPref("xpinstall.signatures.devInfoURL", ""); -// Default Value -// https://wiki.mozilla.org/Addons/Extension_Signing - -// Pref : -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); -// Default Value -// google,amazon - -// Pref : -lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); -// Default Value -// https://accounts.firefox.com/ - -// Pref : +// other urls +defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% +defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ defaultPref("extensions.update.url", ""); // Default Value // https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= @@ -927,652 +343,89 @@ defaultPref("extensions.update.url", ""); // %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= // %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% -// Pref : -lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); -// Default Value -// {"api_key_pref":"extensions.pocket.oAuthConsumerKey","hidden":false,"provider_icon": -// "pocket","provider_name":"Pocket","read_more_endpoint":"https://getpocket.com/explore/ -// trending?src=fx_new_tab","stories_endpoint":"https://getpocket.cdn.mozilla.net/v3/ -// firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=en-US&feed_variant= -// default_spocs_on","stories_referrer":"https://getpocket.com/recommendations", -// "topics_endpoint":"https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics? -// version=2&consumer_key=$apiKey&locale_lang=en-US","show_spocs":true,"personalized":true} +// ui +defaultPref("extensions.getAddons.showPane", false); +lockPref("extensions.getAddons.discovery.api_url", ""); +lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); +lockPref("extensions.webcompat-reporter.enabled", false); +lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new -// Pref : -lockPref("lightweightThemes.recommendedThemes", ""); -// Default Value -// [{"id":"recommended-1","homepageURL":"https://addons.mozilla.org/firefox/addon/a-web-browser-renaissance/", -// "headerURL":"resource:///chrome/browser/content/browser/defaultthemes/1.header.jpg", -// "textcolor":"#000000","accentcolor":"#834d29","iconURL":"resource:///chrome/browser/content/browser/ -// defaultthemes/1.icon.jpg","previewURL":"resource:///chrome/browser/content/browser/defaultthemes/1. -// preview.jpg","author":"Sean.Martell","version":"0"},{"id":"recommended-2","homepageURL": -// "https://addons.mozilla.org/firefox/addon/space-fantasy/","headerURL": -// "resource:///chrome/browser/content/browser/defaultthemes/2.header.jpg", -// "textcolor":"#ffffff","accentcolor":"#d9d9d9","iconURL":"resource:///chrome/browser/content/browser/ -// defaultthemes/2.icon.jpg","previewURL":"resource:///chrome/browser/content/browser/defaultthemes/ -// 2.preview.jpg","author":"fx5800p","version":"1.0"},{"id":"recommended-4","homepageURL": -// "https://addons.mozilla.org/firefox/addon/pastel-gradient/","headerURL": -// "resource:///chrome/browser/content/browser/defaultthemes/4.header.png", -// "textcolor":"#000000","accentcolor":"#000000","iconURL": -// "resource:///chrome/browser/content/browser/defaultthemes/4.icon.png","previewURL": -// "resource:///chrome/browser/content/browser/defaultthemes/4.preview.png", -// "author":"darrinhenein","version":"1.0"}] +// background checking and updating +defaultPref("extensions.update.enabled", false); +defaultPref("extensions.update.autoUpdateDefault", false); +defaultPref("extensions.update.background.url", ""); +defaultPref("extensions.getAddons.cache.enabled", false); -// Other Sync Settings - Disabling By Prevention --------------------------------------------------------- +// blocklist +defaultPref("extensions.blocklist.enabled", false); +defaultPref("extensions.blocklist.detailsURL", ""); +defaultPref("extensions.blocklist.itemURL", ""); -lockPref("services.sync.maxResyncs", 0); //5 -lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 -lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false -lockPref("services.sync.engine.addons", false); //true -lockPref("services.sync.engine.addresses", false); //false -lockPref("services.sync.engine.bookmarks", false); //true -lockPref("services.sync.engine.bookmarks.buffer", false); //false -lockPref("services.sync.engine.creditcards", false); //false -lockPref("services.sync.engine.creditcards.available", false); //false -lockPref("services.sync.engine.history", false); //true -lockPref("services.sync.engine.passwords", false); //true -lockPref("services.sync.engine.prefs", false); //true -lockPref("services.sync.engine.tabs", false); //true -lockPref("services.sync.log.appender.file.logOnError", false); //true -lockPref("services.sync.log.appender.file.logOnSuccess", false); //false -lockPref("services.sync.log.cryptoDebug", false); //false -lockPref("services.sync.sendVersionInfo", false); //true -lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true -lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true -lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true -lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true -lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true -lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true -lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true -lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true -lockPref("services.sync.prefs.sync.browser.search.update", false); //true -lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); //true -lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true -lockPref("services.sync.prefs.sync.browser.startup.page", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true -lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true -lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true -lockPref("services.sync.prefs.sync.extensions.personas.current", false); //true -lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true -lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true -lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true -lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); //true -lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); //true -lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true -lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true -lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true -lockPref("services.sync.prefs.sync.permissions.default.image", false); //true -lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); //true -lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); //true -lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true -lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true -lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true -lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true -lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); //true -lockPref("services.sync.prefs.sync.security.OCSP.require", false); //true -lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true -lockPref("services.sync.prefs.sync.security.tls.version.max", false); //true -lockPref("services.sync.prefs.sync.security.tls.version.min", false); //true -lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true -lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true -lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); //true +// system addons +lockPref("extensions.systemAddon.update.url", ""); +lockPref("extensions.systemAddon.update.enabled", false); -// Testing ----------------------------------------------------------------------------------------------- +lockPref("xpinstall.signatures.devInfoURL", ""); +lockPref("extensions.webservice.discoverURL", ""); +lockPref("webextensions.storage.sync.serverURL", ""); +lockPref("extensions.screenshots.upload-disabled", true); +lockPref("lightweightThemes.getMoreURL", ""); +defaultPref("extensions.postDownloadThirdPartyPrompt", false); -// Pref : Test To Make FFox Silent -lockPref("browser.chrome.errorReporter.publicKey", ""); -// Default Value -// c709cb7a2c0b4f0882fcc84a5af161ec +// ------------------------------------------------------- +// # NORMANDY +// ------------------------------------------------------- -// Pref : Test To Make FFox Silent -lockPref("prio.publicKeyA", ""); -// Default Value -// 35AC1C7576C7C6EDD7FED6BCFC337B34D48CB4EE45C86BEEFB40BD8875707733 -lockPref("prio.publicKeyB", ""); -// Default Value -// 26E6674E65425B823F1F1D5F96E3BB3EF9E406EC7FBA7DEF8B08A35DD135AF50 +lockPref("app.normandy.enabled", false); +lockPref("app.normandy.api_url", ""); +lockPref("app.normandy.user_id", ""); +lockPref("app.normandy.shieldLearnMoreUrl", ""); -// Alpha Settings Not Needed At The Moment -------------------------------------------------------------- +// -------------------------------- +// # SECURITY +// -------------------------------- -// Pref : -//lockPref("urlclassifier.phishTable", ""); -// Default Value -// goog-phish-proto,test-phish-simple - -// Pref : -//lockPref("urlclassifier.passwordAllowTable", ""); -// Default Value -// goog-passwordwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadAllowTable", ""); -// Default Value -// goog-downloadwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadBlockTable", ""); -// Default Value -// goog-badbinurl-proto - -// Pref : Test To Make FFox Silent -//lockPref("security.content.signature.root_hash", ""); -// Default Value -// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.1.issuerName", ""); -// Default Value -// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.2.issuerName", ""); -// Default Value -// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US - -// Disabled ---------------------------------------------------------------------------------------------- - -// Pref : New page default sites -//lockPref("browser.newtabpage.activity-stream.default.sites", ""); -// Default Value -// https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/, -// https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Microsoft Windows -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Other webGl [WINDOWS] -lockPref("webgl.dxgl.enabled", false); - -// Pref : disable scanning for plugins [WINDOWS] -lockPref("plugin.scan.plid.all", false); - -// Pref : disable Windows jumplist [WINDOWS] -lockPref("browser.taskbar.lists.enabled", false); -lockPref("browser.taskbar.lists.frequent.enabled", false); -lockPref("browser.taskbar.lists.recent.enabled", false); -lockPref("browser.taskbar.lists.tasks.enabled", false); - -// Pref : disable Windows taskbar preview [WINDOWS] -lockPref("browser.taskbar.previews.enable", false); - -// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] -// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ -lockPref("network.protocol-handler.external.ms-windows-store", false); - -// Pref : disable background update service [WINDOWS] -// [SETTING] General>Firefox Updates>Use a background service to install updates -lockPref("app.update.service.enabled", false); - -// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) -// [1] https://bugzilla.mozilla.org/603903 -lockPref("toolkit.winRegisterApplicationRestart", false); - -// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) -// 0=disable detecting Family Safety mode and importing the root -// 1=only attempt to detect Family Safety mode (don't import the root) -// 2=detect Family Safety mode and import the root -// [1] https://trac.torproject.org/projects/tor/ticket/21686 -lockPref("security.family_safety.mode", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Firefox ESR60.x -// Deprecated Active For ESR -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Geolocation -lockPref("browser.search.countryCode", "US"); - -// Pref : Disable Mozilla telemetry/experiments -// https://wiki.mozilla.org/Platform/Features/Telemetry -// https://wiki.mozilla.org/Privacy/Reviews/Telemetry -// https://wiki.mozilla.org/Telemetry -// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry -// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 -// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry -// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html -// https://wiki.mozilla.org/Telemetry/Experiments -// https://support.mozilla.org/en-US/questions/1197144 -lockPref("experiments.activeExperiment", false); -lockPref("experiments.enabled", false); -lockPref("experiments.manifest.uri", ""); -lockPref("experiments.supported", false); - -// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+) -// [1] https://bugzilla.mozilla.org/1173171 -// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.block-remote-files", true); - -// Pref : 2613: disable JAR from opening Unsafe File Types -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.open-unsafe-types", false); - -// Pref : Disable Java NPAPI plugin -lockPref("plugin.state.java", 0); - -// Discussion at https://github.com/ghacksuserjs/ghacks-user.js/issues/743 -lockPref("trailhead.firstrun.branches", "join-privacy"); - -// Pref : 0402: enable Kinto blocklist updates (FF50+) -// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications -// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be -// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes -// [-] https://bugzilla.mozilla.org/1458917 -lockPref("services.blocklist.update_enabled", false); - -// Pref : 0503: disable "Savant" Shield study (FF61+) -// [-] https://bugzilla.mozilla.org/1457226 -lockPref("shield.savant.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 1/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Enable insecure password warnings (login forms in non-HTTPS pages) -// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ -// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 -lockPref("security.insecure_password.ui.enabled", true); - -// Pref : Show in-content login form warning UI for insecure login fields -// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 -lockPref("security.insecure_field_warning.contextual.enabled", true); - -// Pref : Disable HSTS preload list (pre-set HSTS sites list provided by Mozilla) -// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ -// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List -// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security -lockPref("network.stricttransportsecurity.preloadlist", false); - -// Pref : Disable TLS Session Tickets -// https://www.blackhat.com/us-13/briefings.html#NextGen -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf -// https://bugzilla.mozilla.org/show_bug.cgi?id=917049 -// https://bugzilla.mozilla.org/show_bug.cgi?id=967977 -// SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. -// Since the ID is unique, web servers can (and do) use it for tracking. If set to true, -// this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking -lockPref("security.ssl.disable_session_identifiers", true); - -// Pref : Blocking GD Parking Scam Site -// TODO: do we still need this? librefox.com isn't relevant anymore and this pretty much -// only tells LibreWolf to look for librefox.com locally -defaultPref("network.dns.localDomains", "librefox.com"); - -// Pref : Disable insecure TLS version fallback -// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 -// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645 -lockPref("security.tls.version.fallback-limit", 3); - -// Pref : Only allow TLS 1.2+ -// http://kb.mozillazine.org/Security.tls.version.* -lockPref("security.tls.version.min", 3); - -// enforce TLS 1.0 and 1.1 downgrades as session only -lockPref("security.tls.version.enable-deprecated", false); - -// Pref : Enfore Public Key Pinning -// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning -// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning -// "2. Strict. Pinning is always enforced." +// certificates lockPref("security.cert_pinning.enforcement_level", 2); - -// Pref : Disallow SHA-1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 -// https://shattered.io/ +defaultPref("security.OCSP.enabled", 0); +defaultPref("security.OCSP.require", false); +lockPref("security.ssl.enable_ocsp_stapling", true); lockPref("security.pki.sha1_enforcement_level", 1); -// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) -// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 -lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); - -// Pref : Pre-populate the current URL but do not pre-fetch the certificate in the -// "Add Security Exception" dialog -// http://kb.mozillazine.org/Browser.ssl_override_behavior -// https://github.com/pyllyukko/user.js/issues/210 -lockPref("browser.ssl_override_behavior", 1); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 2/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : -lockPref("security.ssl.errorReporting.automatic", false); -lockPref("security.ssl.errorReporting.url", ""); - -// Pref : Check disabled section -// OCSP leaks the visited sites. Exactly same issue as with safebrowsing. -// Stapling forces the site to prove that its certificate is good -// through the CA, so apparently nothing is leaked in this case. -// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ -lockPref("security.OCSP.enabled", 0); -lockPref("security.OCSP.require", false); -lockPref("security.ssl.enable_ocsp_stapling", true); - -// Pref : -lockPref("security.ssl.errorReporting.enabled", false); -lockPref("security.remote_settings.intermediates.enabled", true); - -// Pref : Manage certificates button -//lockPref("security.disable_button.openCertManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : Manage security devices button -//lockPref("security.disable_button.openDeviceManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : -lockPref("security.mixed_content.upgrade_display_content", true); +// mixed content lockPref("security.mixed_content.block_object_subrequest", true); lockPref("security.mixed_content.block_display_content", true); lockPref("security.mixed_content.block_active_content", true); -// Pref : -lockPref("security.insecure_connection_icon.enabled", true); -lockPref("security.insecure_connection_icon.pbmode.enabled", true); +// ui lockPref("security.insecure_connection_text.enabled", true); +lockPref("security.insecure_connection_text.pbmode.enabled", true); -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 3/3 (Cipher) -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> +lockPref("security.dialog_enable_delay", 700); +lockPref("security.csp.enable", true); -// Pref : -lockPref("security.ssl3.rsa_des_ede3_sha", false); -lockPref("security.ssl3.rsa_aes_256_sha", false); -lockPref("security.ssl3.rsa_aes_128_sha", false); +// ------------------------------------------------------- +// # SAFE BROWSING +// ------------------------------------------------------- -// Pref : Disable RC4 -// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security -// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 -// https://rc4.io/ -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 -lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); -lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); +lockPref("browser.safebrowsing.malware.enabled", false); +lockPref("browser.safebrowsing.passwords.enabled", false); +lockPref("browser.safebrowsing.phishing.enabled", false); -// Pref : Disable SEED cipher -// https://en.wikipedia.org/wiki/SEED -lockPref("security.ssl3.rsa_seed_sha", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 1/5 -// Defaulting settings - HW Settings can be checked under about:support -// Bench Diff : +650/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : +100/5000 -// Pref : Increases animation speed. May mitigate choppy scrolling. -defaultPref("layout.frame_rate.precise", true); - -// Bench Diff : +500/5000 -// Pref : Enable Hardware Acceleration and Off Main Thread Compositing (OMTC). -// It's likely your browser is already set to use these features. -// May introduce instability on some hardware. -// Tor compatibility - have inverted values in tor. -defaultPref("webgl.force-enabled", true); -defaultPref("layers.acceleration.force-enabled", true); - -// Pref : 2508: disable hardware acceleration to reduce graphics fingerprinting -// [SETTING] General>Performance>Custom>Use hardware acceleration when available -// [SETUP-PERF] Affects text rendering (fonts will look different) and impacts video performance. -// Parts of Quantum that utilize the GPU will also be affected as they are rolled out -// [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration -// Resolved by extension -defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] -defaultPref("layers.acceleration.disabled", false); - -// Bench Diff : 0/5000 -// Pref : -defaultPref("html5.offmainthread", true); //default true -defaultPref("layers.offmainthreadcomposition.enabled", true); -defaultPref("layers.offmainthreadcomposition.async-animations", true); -defaultPref("layers.async-video.enabled", true); - -// Bench Diff : +50/5000 -// Pref : Deprecated Active -defaultPref("browser.tabs.animate", false); - -// Pref : The impact for this one is negligible -//defaultPref("browser.download.animateNotifications", false); - -// Bench Diff : -80/5000 -// Pref : Spoof CPU Core Def 16 -// Default settings seems to be the best -//defaultPref("dom.maxHardwareConcurrency", 8); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 2/5 -// Bench Diff : -800/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -500/5000 -// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. -// Garbage collection releases memory back to the system. -// Default settings seems to be the best -//lockPref("javascript.options.mem.high_water_mark", 96); - -// Bench Diff : -200/5000 -// Pref : Disable WebAssembly -// https://webassembly.org/ -// https://en.wikipedia.org/wiki/WebAssembly -// https://trac.torproject.org/projects/tor/ticket/21549 -// Solved by extension disabled here for performance -//lockPref("javascript.options.wasm", false); - -// Bench Diff : -100/5000 -// Pref : Prevent font fingerprinting -// https://browserleaks.com/fonts -// https://github.com/pyllyukko/user.js/issues/120 -// Solved by extension disabled here for performance -//lockPref("browser.display.use_document_fonts", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 3/5 -// Bench Diff : -1720/5000 -// >>>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -220/5000 -// Pref : Disable webGL I/II -// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) -defaultPref("webgl.disabled", false); // Tor have it false but the rest is the same (webgl) -// This does not leak -lockPref("webgl.enable-webgl2", false); -lockPref("webgl.min_capability_mode", true); - -// Bench Diff : 0/5000 -// Pref : Disable webGL II/II -// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) -lockPref("pdfjs.enableWebGL", false); -lockPref("webgl.disable-extensions", true); -lockPref("webgl.disable-fail-if-major-performance-caveat", true); -lockPref("webgl.enable-debug-renderer-info", false); //Deprecated Active - -// Bench Diff : -1500/5000 -// Pref : Disable asm.js -// http://asmjs.org/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ -// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 -// Solved by extension disabled here for performance -// Tor enforce this -//lockPref("javascript.options.asmjs", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 4/5 -// Bench Diff : -200/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -200/5000 -// Pref : JS Shared Memory - Default false -// https://github.com/MrAlex94/Waterfox/issues/356 -lockPref("javascript.options.shared_memory", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 5/5 -// Bench Diff : -50/5000 -// >>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -50/5000 -// Pref : 2302 : disable service workers -// Service workers essentially act as proxy servers that sit between web apps, and the browser -// and network. They are event-driven, and can control the web page/site it is associated with, -// intercepting and modifying navigation and resource requests, and caching resources. -// SW may decrease performance depending on the script that is running in background. -// So overall, disabling SW should enhance performance because it blocks SW Scripts. -// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. -// [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. -defaultPref("dom.serviceWorkers.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 1/3 -// Bench Diff : +100/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Pref : Onboarding tour disabled because of included telemetry -// This extension has already been removed. This setting is here to disable it just in case it -// comes back or for users using the script outside the bundle. -lockPref("browser.onboarding.notification.finished", true); -lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); -lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); - -// Pref : -lockPref("devtools.onboarding.telemetry.logged", false); - -// Pref : -lockPref("services.sync.engine.addresses.available", false); - -// Pref : -lockPref("browser.bookmarks.restore_default_bookmarks", false); - -// Pref : -lockPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); - -// Pref : Caching for integrated PDF -lockPref("pdfjs.enabledCache.state", false); - -// Pref : -lockPref("pref.general.disable_button.default_browser", false); -lockPref("pref.privacy.disable_button.view_passwords", false); - -// Pref : -lockPref("identity.mobilepromo.android", ""); -pref("identity.sendtabpromo.url", ""); - -// Pref : -lockPref("extensions.systemAddon.update.url", ""); - -// Pref : -lockPref("datareporting.healthreport.infoURL", ""); - -// Pref : -lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); -lockPref("browser.urlbar.searchSuggestionsChoice", false); -lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); - -// Pref : -lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); - -// Pref : -lockPref("app.feedback.baseURL", ""); - -// Pref : -lockPref("app.normandy.enabled", false); -lockPref("app.normandy.api_url", ""); -lockPref("app.normandy.first_run", false); -lockPref("app.normandy.user_id", ""); - -// Pref : -lockPref("app.releaseNotesURL", ""); - -// Pref : -lockPref("app.update.auto", false); -defaultPref("extensions.update.autoUpdateDefault", false); -lockPref("app.update.staging.enabled", false); -lockPref("app.update.silent", false); -lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); -lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); -lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); - -// Pref : -lockPref("app.vendorURL", ""); - -// Pref : -lockPref("breakpad.reportURL", ""); - -// Pref : -lockPref("browser.chrome.errorReporter.submitUrl", ""); -lockPref("browser.chrome.errorReporter.enabled", false); - -// Pref : -lockPref("browser.ping-centre.staging.endpoint", ""); -lockPref("browser.ping-centre.telemetry", false); - -// Pref : Google Safe Browsing (Blocks dangerous and deceptive contents) - -// browser.safebrowsing.downloads.enabled true - // browser.safebrowsing.downloads.remote.block_potentially_unwanted true - // browser.safebrowsing.downloads.remote.block_uncommon true - // browser.safebrowsing.malware.enabled true - // browser.safebrowsing.phishing.enabled true - -lockPref("browser.safebrowsing.id", ""); -lockPref("browser.safebrowsing.provider.google4.pver", ""); -lockPref("browser.safebrowsing.provider.mozilla.pver", ""); -lockPref("browser.safebrowsing.allowOverride", false); -lockPref("browser.safebrowsing.blockedURIs.enabled", false); +// downloads and unwanted software lockPref("browser.safebrowsing.downloads.enabled", false); +lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false); lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false); -lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.url", ""); -lockPref("browser.safebrowsing.malware.enabled", false); -lockPref("browser.safebrowsing.passwords.enabled", false); -lockPref("browser.safebrowsing.phishing.enabled", false); + +// could try re-enabling some of these urls to see if it causes connections +lockPref("browser.safebrowsing.id", ""); +lockPref("browser.safebrowsing.blockedURIs.enabled", false); +lockPref("browser.safebrowsing.provider.google4.pver", ""); +lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); lockPref("browser.safebrowsing.provider.google4.advisoryURL", ""); lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); lockPref("browser.safebrowsing.provider.google4.dataSharingURL", ""); @@ -1584,6 +437,7 @@ lockPref("browser.safebrowsing.provider.google4.reportURL", ""); lockPref("browser.safebrowsing.provider.google4.updateURL", ""); lockPref("browser.safebrowsing.provider.google4.lastupdatetime", ""); lockPref("browser.safebrowsing.provider.google4.nextupdatetime", ""); +lockPref("browser.safebrowsing.provider.google.advisoryName", ""); lockPref("browser.safebrowsing.provider.google.advisoryURL", ""); lockPref("browser.safebrowsing.provider.google.gethashURL", ""); lockPref("browser.safebrowsing.provider.google.lastupdatetime", ""); @@ -1594,1145 +448,266 @@ lockPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); lockPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); lockPref("browser.safebrowsing.provider.google.reportURL", ""); lockPref("browser.safebrowsing.provider.google.updateURL", ""); +lockPref("browser.safebrowsing.provider.mozilla.pver", ""); +lockPref("browser.safebrowsing.provider.mozilla.lists", ""); +lockPref("browser.safebrowsing.provider.mozilla.lists.base", ""); +lockPref("browser.safebrowsing.provider.mozilla.lists.content", ""); +lockPref("browser.safebrowsing.provider.mozilla.updateURL", ""); lockPref("browser.safebrowsing.provider.mozilla.gethashURL", ""); lockPref("browser.safebrowsing.provider.mozilla.lastupdatetime", ""); lockPref("browser.safebrowsing.provider.mozilla.nextupdatetime", ""); -lockPref("browser.safebrowsing.provider.mozilla.updateURL", ""); lockPref("browser.safebrowsing.reportPhishURL", ""); -// Pref : -lockPref("browser.search.suggest.enabled", false); +// -------------------------------- +// # FONTS +// -------------------------------- -// Pref : -lockPref("captivedetect.canonicalURL", ""); +lockPref("gfx.font_rendering.graphite.enabled", false); +lockPref("gfx.font_rendering.opentype_svg.enabled", false); -// Pref : -lockPref("datareporting.policy.firstRunURL", ""); +// -------------------------------- +// # MISC +// -------------------------------- -// Pref : -lockPref("devtools.devedition.promo.url", ""); +// keep track of, should be useless as mozilla removed flash from source code +lockPref("dom.ipc.plugins.reportCrashURL", false); +lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); +lockPref("plugin.state.flash", 0); + +// more important stuff +lockPref("browser.shell.shortcutFavicons", false); +defaultPref("alerts.showFavicons", false); +defaultPref("browser.link.open_newwindow", 3); +defaultPref("browser.link.open_newwindow.restriction", 0); +lockPref("network.file.disable_unc_paths", true); // (hidden pref) +lockPref("network.gio.supported-protocols", ""); // (hidden pref) +lockPref("plugin.default.state", 1); +lockPref("network.IDN_show_punycode", true); +defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP + +// pocket, to check if we can remove +lockPref("extensions.pocket.enabled", false); +lockPref("extensions.pocket.site", ""); +lockPref("extensions.pocket.oAuthConsumerKey", ""); +lockPref("extensions.pocket.api", ""); + +// pdf reader +defaultPref("pdfjs.disabled", false); +defaultPref("pdfjs.enableScripting", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); + +// remote agent +lockPref("remote.enabled", false); + +// settings and behavior +lockPref("browser.shell.checkDefaultBrowser", false); +lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); +defaultPref("startup.homepage_override_url", "about:blank"); +defaultPref("startup.homepage_welcome_url", "about:blank"); +defaultPref("startup.homepage_welcome_url.additional", ""); +lockPref("browser.startup.homepage_override.mstone", "ignore"); +defaultPref("privacy.userContext.enabled", true); +defaultPref("general.autoScroll", false); +defaultPref("clipboard.autocopy", false); +defaultPref("browser.tabs.loadBookmarksInTabs", true); +lockPref("browser.download.manager.addToRecentDocs", false); +lockPref("accessibility.force_disabled", 1); +lockPref("browser.uitour.enabled", false); +lockPref("middlemouse.contentLoadURL", false); +defaultPref("accessibility.typeaheadfind", false); +lockPref("network.manage-offline-status", false); +lockPref("browser.helperApps.deleteTempFileOnExit", true); +lockPref("browser.pagethumbnails.capturing_disabled", true); +lockPref("browser.bookmarks.max_backups", 2); +defaultPref("reader.parse-on-load.enabled", false); + +// devtools +defaultPref("devtools.debugger.remote-enabled", false); +defaultPref("devtools.chrome.enabled", false); +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com lockPref("devtools.devices.url", ""); -lockPref("devtools.gcli.imgurUploadURL", ""); -lockPref("devtools.gcli.jquerySrc", ""); -lockPref("devtools.gcli.underscoreSrc", ""); -lockPref("devtools.telemetry.supported_performance_marks", ""); -// Fix ESR Devtools -//lockPref("devtools.telemetry.tools.opened.version", ""); -// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} +lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] +lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] +defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-community/browser/linux/-/issues/80 -// Pref : -lockPref("dom.battery.enabled", false); +// ui +defaultPref("browser.tabs.drawInTitlebar", true); +defaultPref("browser.aboutConfig.showWarning", false); +defaultPref("general.warnOnAboutConfig", false); +defaultPref("browser.download.autohideButton", false); +defaultPref("privacy.userContext.ui.enabled", true); +lockPref("browser.messaging-system.whatsNewPanel.enabled", false); -// Pref : -lockPref("dom.permissions.enabled", false); - -// Pref : Maximum popups that may be launched at the same time -lockPref("dom.popup_maximum", 4); - -// Pref : -lockPref("dom.registerProtocolHandler.insecure.enabled", true); - -// Pref : -lockPref("extensions.blocklist.detailsURL", ""); -lockPref("extensions.blocklist.itemURL", ""); - -// Pref : Block list url disabled -// gHacks tunes this to minimize privacy issues. its complitely disabled here -// Disabled complitely -lockPref("extensions.blocklist.url", ""); - -// Pref : -defaultPref("extensions.update.background.url", ""); - -// Pref : -defaultPref("extensions.getAddons.showPane", false); - -// Pref : -lockPref("extensions.webservice.discoverURL", ""); - -// Pref : +// urls and handlers +lockPref("media.decoder-doctor.new-issue-endpoint", ""); +lockPref("identity.sync.tokenserver.uri", ""); +lockPref("network.trr.confirmationNS", ""); +lockPref("browser.translation.engine", ""); // default Google lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // default Yahoo! Mail lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail +lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.irc.0.name", ""); +lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.ircs.0.name", ""); +lockPref("services.settings.server", ""); +lockPref("accessibility.support.url", ""); +lockPref("app.support.baseURL", ""); +lockPref("browser.uitour.url", ""); +lockPref("webchannel.allowObject.urlWhitelist", ""); +lockPref("browser.dictionaries.download.url", ""); +lockPref("browser.geolocation.warning.infoURL", ""); +lockPref("browser.search.searchEnginesURL", ""); +lockPref("browser.uitour.themeOrigin", ""); +lockPref("toolkit.datacollection.infoURL", ""); +lockPref("identity.mobilepromo.android", ""); +lockPref("identity.mobilepromo.ios", ""); +defaultPref("identity.sendtabpromo.url", ""); +lockPref("datareporting.healthreport.infoURL", ""); +lockPref("app.feedback.baseURL", ""); +lockPref("app.releaseNotesURL", ""); +lockPref("app.releaseNotesURL.aboutDialog", ""); +lockPref("browser.chrome.errorReporter.infoURL", ""); +lockPref("datareporting.policy.firstRunURL", ""); lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); -// Pref : -lockPref("geo.enabled", false); -lockPref("geo.wifi.uri", ""); +// -------------------------------- +// # CACHE +// -------------------------------- -// Disable using the OS's geolocation service +lockPref("browser.cache.offline.storage.enable", false); +lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] +defaultPref("media.memory_cache_max_size", 65536); + +// -------------------------------- +// # WEBGL AND PERFORMANCE +// -------------------------------- + +lockPref("webgl.enable-webgl2", false); +lockPref("webgl.disable-fail-if-major-performance-caveat", true); + +// -------------------------------- +// # JS +// -------------------------------- + +// should we consider disabling WebAssembly ? +// lockPref("javascript.options.wasm", false); + +// left as it is worth considering +// lockPref("javascript.options.asmjs", false); + +lockPref("javascript.options.shared_memory", false); + +// -------------------------------- +// # GEO +// -------------------------------- + +lockPref("geo.enabled", false); lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] lockPref("geo.provider.use_corelocation", false); // [MAC] lockPref("geo.provider.use_gpsd", false); // [LINUX] lockPref("geo.provider.network.url", ""); lockPref("geo.provider.network.logging.enabled", false); +lockPref("browser.region.network.url", ""); +lockPref("browser.region.update.enabled", false); -lockPref("geo.provider-country.network.scan", false); -lockPref("geo.provider-country.network.url", ""); +// -------------------------------- +// # PREFETCHING +// -------------------------------- -// Pref : -lockPref("identity.fxaccounts.auth.uri", ""); -lockPref("identity.fxaccounts.remote.oauth.uri", ""); -lockPref("identity.fxaccounts.remote.profile.uri", ""); -lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); -lockPref("identity.fxaccounts.service.sendLoginUrl", ""); -lockPref("identity.mobilepromo.ios", ""); - -lockPref("remote.enabled", false); -lockPref("remote.force-local", true); -lockPref("remote.log.level", "Info"); - -// Pref : -lockPref("layout.css.visited_links_enabled", false); -lockPref("layout.css.always-repaint-on-unvisited", false); -lockPref("layout.css.layout.css.notify-of-unvisited", false); - -// Pref : -lockPref("lpbmode.enabled", true); - -// Pref : -lockPref("mailnews.messageid_browser.url", ""); -lockPref("mailnews.mx_service_url", ""); - -// Pref : 0608 : disable predictor / prefetching (FF48+) -// Network predictor load pages before they are opened -// with mouse hover for example lockPref("network.predictor.enabled", false); -lockPref("network.predictor.cleaned-up", true); -lockPref("network.predictor.enable-prefetch", false); +lockPref("network.prefetch-next", false); +lockPref("network.http.speculative-parallel-limit", 0); -// Disable Network Connectivity Services +// -------------------------------- +// # OUTGOING CONNECTIONS +// -------------------------------- + +// updates +lockPref("app.update.auto", false); +lockPref("app.update.staging.enabled", false); +lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); +lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); +lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); + +// connectivity service lockPref("network.connectivity-service.enabled", false); lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0"); lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); lockPref("network.connectivity-service.DNSv6.domain", ""); lockPref("network.connectivity-service.DNSv4.domain", ""); -// Pref : -lockPref("plugins.crash.supportUrl", ""); - -// Pref : Sync prefs -lockPref("services.sync.clients.lastSync", "0"); -lockPref("services.sync.clients.lastSyncLocal", "0"); -lockPref("services.sync.declinedEngines", ""); -lockPref("services.sync.enabled", false); -lockPref("services.sync.globalScore", 0); -lockPref("services.sync.jpake.serverURL", ""); -lockPref("services.sync.migrated", true); -lockPref("services.sync.nextSync", 0); -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.passwords.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); -lockPref("services.sync.serverURL", ""); -lockPref("services.sync.tabs.lastSync", "0"); -lockPref("services.sync.tabs.lastSyncLocal", "0"); - -// Pref : -lockPref("sync.enabled", false); - -// Pref : -lockPref("sync.jpake.serverURL", ""); - -// Pref : -lockPref("sync.serverURL", ""); - -// Pref : +// telemetry lockPref("toolkit.crashreporter.infoURL", ""); - -// Pref : Disable telemetry lockPref("toolkit.telemetry.archive.enabled", false); lockPref("toolkit.telemetry.updatePing.enabled", false); lockPref("toolkit.telemetry.bhrPing.enabled", false); lockPref("toolkit.telemetry.cachedClientID", ""); lockPref("toolkit.telemetry.enabled", false); lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); -lockPref("toolkit.telemetry.hybridContent.enabled", false); -lockPref("toolkit.telemetry.infoURL", ""); lockPref("toolkit.telemetry.newProfilePing.enabled", false); lockPref("toolkit.telemetry.previousBuildID", ""); -lockPref("toolkit.telemetry.prompted", 2); //Setting seems to still exist -lockPref("toolkit.telemetry.rejected", true); lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); lockPref("toolkit.telemetry.server", "data:,"); lockPref("toolkit.telemetry.server_owner", ""); lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); +lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); lockPref("toolkit.telemetry.unified", false); -lockPref("toolkit.telemetry.coverage.opt-out", true); lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); +lockPref("security.protectionspopup.recordEventTelemetry", false); +lockPref("datareporting.healthreport.uploadEnabled", false); +lockPref("datareporting.policy.dataSubmissionEnabled", false); +lockPref("toolkit.coverage.endpoint.base", ""); +lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] +lockPref("toolkit.coverage.opt-out", true); +lockPref("toolkit.coverage.enabled", false); +lockPref("app.shield.optoutstudies.enabled", false); +lockPref("beacon.enabled", false); +lockPref("browser.ping-centre.telemetry", false); -lockPref("security.protectionspopup.recordEventTelemetry", false) - +// discovery lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); -// Pref : -lockPref("webextensions.storage.sync.serverURL", ""); - -// Pref : -lockPref("extensions.screenshots.upload-disabled", true); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 2/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Referer: ALL: control the amount of information to send -// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port -lockPref("network.http.referer.trimmingPolicy", 0); - -// Pref : Close tab -lockPref("browser.tabs.closeTabByDblclick", true); - -// Pref : Disable collection/sending of the health report (healthreport.sqlite*) -// https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf -// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html -lockPref("datareporting.healthreport.uploadEnabled", false); -lockPref("datareporting.policy.dataSubmissionEnabled", false); - -// Pref : Disable right-click menu manipulation via JavaScript (disabled) -defaultPref("dom.event.contextmenu.enabled", false); - -// Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript -// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in -// JS-based web applications (Google Docs etc.) -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled -lockPref("dom.event.clipboardevents.enabled", false); - -// Pref : Force Punycode for Internationalized Domain Names -// http://kb.mozillazine.org/Network.IDN_show_punycode -// https://www.xudongz.com/blog/2017/idn-phishing/ -// https://wiki.mozilla.org/IDN_Display_Algorithm -// https://en.wikipedia.org/wiki/IDN_homograph_attack -// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 -lockPref("network.IDN_show_punycode", true); - -// Pref : Disable Pocket -// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox -// https://github.com/pyllyukko/user.js/issues/143 -lockPref("extensions.pocket.enabled", false); -lockPref("extensions.pocket.site", ""); -lockPref("extensions.pocket.oAuthConsumerKey", ""); -lockPref("extensions.pocket.api", ""); - -// Pref : Disable downloading homepage snippets/messages from Mozilla -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content -// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service -lockPref("browser.aboutHomeSnippets.updateUrl", ""); - -// Pref : Don't reveal build ID -// Value taken from Tor Browser -// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -// Already enforced with 'privacy.resistFingerprinting' ? -lockPref("general.buildID.override", "20100101"); -lockPref("browser.startup.homepage_override.buildID", "20100101"); - -// Pref : Disable pinging URIs specified in HTML ping= attributes -// http://kb.mozillazine.org/Browser.send_pings -lockPref("browser.send_pings", false); - -// Pref : When browser pings are enabled, only allow pinging the origin page's host -// http://kb.mozillazine.org/Browser.send_pings.require_same_host -lockPref("browser.send_pings.require_same_host", true); - -// Pref : Do not download URLs for the offline cache -// http://kb.mozillazine.org/Browser.cache.offline.enable -lockPref("browser.cache.offline.enable", false); - -/* 1007: disable media cache from writing to disk in Private Browsing - * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB */ -lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] -lockPref("media.memory_cache_max_size", 16384); - -// Pref : Disable prefetching of URLs -// http://kb.mozillazine.org/Network.prefetch-next -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F -// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, -// so the browser downloads them immediately so they can be displayed immediately when the user requests it. -lockPref("network.prefetch-next", false); - -// Pref : Disable speculative pre-connections -// Disable prefetch link on hover. -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections -// https://bugzilla.mozilla.org/show_bug.cgi?id=814169 -lockPref("network.http.speculative-parallel-limit", 0); - -// Pref : WebSockets is a technology that makes it possible to open an interactive communication -// session between the user's browser and a server. (May leak IP when using proxy/VPN) -defaultPref("media.peerconnection.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 3/3 -// Bench Diff : -40/5000 -// >>>>>>>>>>>>>>>>>>>>> - -// Pref : Disable DOM timing API -// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI -// https://www.w3.org/TR/navigation-timing/#privacy -lockPref("dom.enable_performance", false); //Deprecated Active -lockPref("dom.enable_performance_navigation_timing", false); - -// Pref : Make sure the User Timing API does not provide a new high resolution timestamp -// https://trac.torproject.org/projects/tor/ticket/16336 -// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security -lockPref("dom.enable_user_timing", false); - -// Pref : Disable Web Audio API -// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 -// Avoid fingerprinting -defaultPref("dom.webaudio.enabled", false); - -// Pref : When geolocation is enabled, don't log geolocation requests to the console -lockPref("geo.wifi.logging.enabled", false); - -// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics) -// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon -lockPref("beacon.enabled", false); - -// Pref : Disable speech recognition -// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html -// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition -// https://wiki.mozilla.org/HTML5_Speech_API -lockPref("media.webspeech.recognition.enable", false); - -// Pref : Disable virtual reality devices APIs -// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM -// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API -lockPref("dom.vr.enabled", false); - -// Pref : Disable vibrator API -lockPref("dom.vibrator.enabled", false); - -// Pref : Disable GeoIP lookup on your address to set default search engine region -// https://trac.torproject.org/projects/tor/ticket/16254 -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine -lockPref("browser.search.region", "US"); -lockPref("browser.search.geoip.url", ""); -lockPref("browser.search.geoSpecificDefaults.url", ""); - -// Pref : Don't use Mozilla-provided location-specific search engines -lockPref("browser.search.geoSpecificDefaults", false); - -// Pref : Don't trim HTTP from URLs in the address bar. -// https://bugzilla.mozilla.org/show_bug.cgi?id=665580 -lockPref("browser.urlbar.trimURLs", false); - -// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar -// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html -lockPref("browser.fixup.alternate.enabled", false); - -// Pref : When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs -// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851 -lockPref("browser.fixup.hide_user_pass", true); - -// Pref : Don't monitor OS online/offline connection state -// https://trac.torproject.org/projects/tor/ticket/18945 -lockPref("network.manage-offline-status", false); - -// Pref : Set File URI Origin Policy -// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 -lockPref("security.fileuri.strict_origin_policy", true); - -// Pref : Disable SVG in OpenType fonts -// https://wiki.mozilla.org/SVGOpenTypeFonts -// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle -lockPref("gfx.font_rendering.opentype_svg.enabled", false); - -// Pref : Enable only whitelisted URL protocol handlers -// Disabling non-essential protocols breaks all interaction with custom protocols such -// as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... -// clients when clicking on links with these protocols -lockPref("network.protocol-handler.warn-external-default",true); -lockPref("network.protocol-handler.external.http",false); -lockPref("network.protocol-handler.external.https",false); -lockPref("network.protocol-handler.external.javascript",false); -lockPref("network.protocol-handler.external.moz-extension",false); -lockPref("network.protocol-handler.external.ftp",false); -lockPref("network.protocol-handler.external.file",false); -lockPref("network.protocol-handler.external.about",false); -lockPref("network.protocol-handler.external.chrome",false); -lockPref("network.protocol-handler.external.blob",false); -lockPref("network.protocol-handler.external.data",false); -lockPref("network.protocol-handler.expose-all",false); -lockPref("network.protocol-handler.expose.http",true); -lockPref("network.protocol-handler.expose.https",true); -lockPref("network.protocol-handler.expose.javascript",true); -lockPref("network.protocol-handler.expose.moz-extension",true); -lockPref("network.protocol-handler.expose.ftp",true); -lockPref("network.protocol-handler.expose.file",true); -lockPref("network.protocol-handler.expose.about",true); -lockPref("network.protocol-handler.expose.chrome",true); -lockPref("network.protocol-handler.expose.blob",true); -lockPref("network.protocol-handler.expose.data",true); - -// Pref : Ensure there is a security delay when installing add-ons (milliseconds) -// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox -// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ -lockPref("security.dialog_enable_delay", 700); - -// Pref : Opt-out of add-on metadata updates -// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -defaultPref("extensions.getAddons.cache.enabled", false); - -// Pref : Opt-out of theme (Persona) updates -// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 -lockPref("lightweightThemes.update.enabled", false); -lockPref("lightweightThemes.persisted.headerURL", false); -lockPref("lightweightThemes.persisted.footerURL", false); - -// Pref : Disable Flash Player NPAPI plugin -// http://kb.mozillazine.org/Flash_plugin -lockPref("plugin.state.flash", 0); - -// Pref : Disable sending Flash Player crash reports -lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); - -// Pref : When Flash Player crash reports are enabled, don't send the visited URL in the crash report -lockPref("dom.ipc.plugins.reportCrashURL", false); - -// Pref : Disable Shumway (Mozilla Flash renderer) -// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway -lockPref("shumway.disabled", true); - -// Pref : Disable Gnome Shell Integration NPAPI plugin -lockPref("plugin.state.libgnome-shell-browser-plugin", 0); - -// Pref : Enable click-to-play plugin -// https://wiki.mozilla.org/Firefox/Click_To_Play -// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ -lockPref("plugins.click_to_play", true); -lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); - -// Pref : Update addons automatically -// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ -defaultPref("extensions.update.enabled", false); - -// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla -// Updated at interval defined in extensions.blocklist.interval (default: 86400) -lockPref("extensions.blocklist.enabled", false); - -// Pref : Disable system add-on updates (hidden & always-enabled add-ons from Mozilla) -lockPref("extensions.systemAddon.update.enabled", false); - -// Pref : Disable WebIDE Web Debug -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.enabled", false); -lockPref("devtools.webide.autoinstallADBExtension", false); // [FF64+] -lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] -lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] - -// Pref : Disable remote debugging -// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop -// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings -lockPref("devtools.debugger.force-local", true); - -// Pref : Disallow Necko to do A/B testing -// https://trac.torproject.org/projects/tor/ticket/13170 -lockPref("network.allow-experiments", false); - -// Pref : Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't -// nag user about unsent crash reports -// https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js +// crash report +lockPref("breakpad.reportURL", ""); lockPref("browser.tabs.crashReporting.sendReport", false); lockPref("browser.crashReports.unsubmittedCheck.enabled", false); lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); -// Pref : Disable SHIELD -// https://support.mozilla.org/en-US/kb/shield -// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 -lockPref("app.shield.optoutstudies.enabled", false); - -// Pref : Disable "Show search suggestions in location bar results" -lockPref("browser.urlbar.suggest.searches", false); -lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); - -// Pref : Never check for updates to search engines -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking -lockPref("browser.search.update", false); - -// Pref : Disable automatic captive portal detection (Firefox >= 52.0) -// https://support.mozilla.org/en-US/questions/1157121 +// captive portal lockPref("network.captive-portal-service.enabled", false); +lockPref("captivedetect.canonicalURL", ""); -lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); -lockPref("network.netlink.route.check.IPv6", "::1"); +// -------------------------------- +// # WINDOWS +// -------------------------------- -// Pref : Disallow NTLMv1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=828183 -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); -// it is still allowed through HTTPS. -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); +// disable links launching Windows Store [WINDOWS] +lockPref("network.protocol-handler.external.ms-windows-store", false); -// Pref : Disable formless login capture -// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947 -lockPref("signon.formlessCapture.enabled", false); +// disable background update service [WINDOWS] +lockPref("app.update.service.enabled", false); -// Pref : Delete temporary files on exit -// https://bugzilla.mozilla.org/show_bug.cgi?id=238789 -lockPref("browser.helperApps.deleteTempFileOnExit", true); +// disable automatic Firefox start and session restore after reboot [WINDOWS] +lockPref("toolkit.winRegisterApplicationRestart", false); -// Pref : Do not create screenshots of visited pages (relates to the "new tab page" feature) -// https://support.mozilla.org/en-US/questions/973320 -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled -lockPref("browser.pagethumbnails.capturing_disabled", true); +// disable Windows 8.1 Family Safety cert [WINDOWS] +lockPref("security.family_safety.mode", 0); -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Disabled - ON/OFF -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> +// Windows only? +lockPref("default-browser-agent.enabled", false); -// - Disabled - Section OFF ----------------------------------------------------------------- - -// Pref : Don't remember browsing history -// MIGRATED to defaulting section, this setting does not need to be enforced -//lockPref("places.history.enabled", false); - -// Pref : Clear all history on shutdown -// MIGRATED to defaulting section, this setting does not need to be enforced -// This setting may be enforced here if preferred -//lockPref("privacy.sanitize.sanitizeOnShutdown", true); - -// Pref : 2804: reset default history items to clear with Ctrl-Shift-Del (to match above) -// This dialog can also be accessed from the menu History>Clear Recent History -// Firefox remembers your last choices. This will reset them when you start Firefox. -// [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog -// for "Clear Recent History" is opened, it is synced with 'privacy.cpd.history' -//defaultPref("privacy.cpd.siteSettings", false); // Site Preferences -//defaultPref("privacy.cpd.downloads", true); // not used, see note above -//defaultPref("privacy.cpd.cache", true); -//defaultPref("privacy.cpd.cookies", true); -//defaultPref("privacy.cpd.formdata", true); // Form & Search History -//defaultPref("privacy.cpd.history", true); // Browsing & Download History -//defaultPref("privacy.cpd.offlineApps", true); // Offline Website Data -//defaultPref("privacy.cpd.passwords", false); // this is not listed -//defaultPref("privacy.cpd.sessions", true); // Active Logins -// Not needed // replaced by //defaultPref("privacy.sanitize.sanitizeOnShutdown", true); -// Also default value are already good - -// Pref : 2803: set which history items are to be cleared on shutdown -// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings -// [NOTE] If 'history' is true, downloads will also be cleared regardless of the value -// but if 'history' is false, downloads can still be cleared independently -// However, this may not always be the case. The interface combines and syncs these -// prefs when set from there, and the sanitize code may change at any time -//defaultPref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences -//defaultPref("privacy.clearOnShutdown.cache", true); -//defaultPref("privacy.clearOnShutdown.cookies", true); -//defaultPref("privacy.clearOnShutdown.downloads", true); // see note above -//defaultPref("privacy.clearOnShutdown.formdata", true); // Form & Search History -//defaultPref("privacy.clearOnShutdown.history", true); // Browsing & Download History -//defaultPref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data -//defaultPref("privacy.clearOnShutdown.sessions", true); // Active Logins -// Make panel locked (bug) -// replaced by //defaultPref("privacy.sanitize.sanitizeOnShutdown", true); - -// Pref : 0801: disable location bar using search - PRIVACY -// don't leak typos to a search engine; give an error message instead -//lockPref("keyword.enabled", false); -// Beak search from url bar -// After other settings, this does not send any data to search. - -// Pref : Disable Firefox Account -//lockPref("identity.fxaccounts.enabled", false); //Deprecated Active -// Already disabled in policies.json - -// Pref : 2609: disable MathML (Mathematical Markup Language) (FF51+) -// [TEST] http://browserspy.dk/mathml.php -// [1] https://bugzilla.mozilla.org/1173199 -//lockPref("mathml.disabled", true); -// This setting is a fingerprint in itself - -// Pref : 2304: disable web notifications -// [1] https://developer.mozilla.org/docs/Web/API/Notifications_API -//lockPref("dom.webnotifications.enabled", false); // (FF22+) -//lockPref("dom.webnotifications.serviceworker.enabled", false); // (FF44+) -// After tuning, this is no longer a privacy issue but a feature - -// Pref : History sessionhistory -//lockPref("browser.sessionhistory.max_total_viewers", 0); - -// Pref : 0850f: disable location bar suggesting local search history (FF57+) -// [1] https://bugzilla.mozilla.org/1181644 -//lockPref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions -// No privacy issue here - -// Pref : 1020: disable the Session Restore service completely -// [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature -// It does not affect "Recently Closed Windows" or any history. -//lockPref("browser.sessionstore.max_tabs_undo", 0); -//lockPref("browser.sessionstore.max_windows_undo", 0); -// Not really a privacy issue, but it's useful to have this feature - -// Pref : Disable URL bar autocomplete and history/bookmark suggestion dropdown -//lockPref("browser.urlbar.autocomplete.enabled", false); -//lockPref("browser.urlbar.suggest.history", false); -//lockPref("browser.urlbar.suggest.bookmark", false); -//lockPref("browser.urlbar.suggest.openpage", false); -// This does not cause privacy/leaking issues - -// Pref : 2605: block web content in file processes (FF55+) -// [SETUP-WEB] You may want to disable this for corporate or developer environments -// [1] https://bugzilla.mozilla.org/1343184 -//lockPref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); -// Not an issue - -// DOWNLOADS -// Pref : 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used) -// [SETTING] To set your default "downloads", set General>Downloads>Save files to -//lockPref("browser.download.folderList", 2); -// Pref : 2651: enforce user interaction for security by always asking the user where to download -// [SETTING] General>Downloads>Always ask you where to save files -//lockPref("browser.download.useDownloadDir", false); -// Pref : 2654: disable "open with" in download dialog (FF50+) -// This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) -// in such a way that it is forbidden to run external applications. -// [SETUP-CHROME] This may interfere with some users' workflow or methods -// [1] https://bugzilla.mozilla.org/1281959 -//lockPref("browser.download.forbid_open_with", true); -// Not an issue - -// OCSP (Online Certificate Status Protocol) -// OCSP leaks the visited sites. Exactly same issue as with safebrowsing. -// Stapling forces the site to prove that its certificate is good -// through the CA, so apparently nothing is leaked in this case. -// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ -// Pref : 1211: control when to use OCSP fetching (to confirm current validity of certificates) -// 0=disabled, 1=enabled (default), 2=enabled for EV certificates only -// OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) -// It's a trade-off between security (checking) and privacy (leaking info to the CA) -// [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling -// [1] https://en.wikipedia.org/wiki/Ocsp -//lockPref("security.OCSP.enabled", 1); - -// Pref : 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB] -// When a CA cannot be reached to validate a cert, Firefox just continues with the connection (=soft-fail) -// Setting this pref to true tells Firefox to terminate the connection instead (=hard-fail) -// It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm that the cert is still valid (it -// could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers) -// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ -// [2] https://www.imperialviolet.org/2014/04/19/revchecking.html -//lockPref("security.OCSP.require", true); - -// Pref : 1022: disable resuming session from crash [SETUP-CHROME] -//lockPref("browser.sessionstore.resume_from_crash", false); -// Not really a privacy issue, but it's useful to have this feature - -// Pref : 0103: set HOME+NEWWINDOW page -// about:home=Activity Stream (default, see 0105), custom URL, about:blank -// [SETTING] Home>New Windows and Tabs>Homepage and new windows -//lockPref("browser.startup.homepage", "about:blank"); -// Let the user have the choice, and easily change it - -// Pref : 2740: disable service workers cache and cache storage -// [1] https://w3c.github.io/ServiceWorker/#privacy -//lockPref("dom.caches.enabled", false); -// Not really a privacy issue, but it's useful to have this feature -// Other settings solve privacy issues related to this - -// Pref : First-party isolation -// https://bugzilla.mozilla.org/show_bug.cgi?id=1299996 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 -// https://wiki.mozilla.org/Security/FirstPartyIsolation -// First-party isolation breaks Microsoft Teams -// First-party isolation causes HTTP basic auth to ask for credentials for every new tab (see #425) -// Solved by extension -// Pref : 4001: enable First Party Isolation (FF51+) -// [SETUP-WEB] May break cross-domain logins and site functionality until perfected -// [1] https://bugzilla.mozilla.org/1260931 -// enabled via addons -//lockPref("privacy.firstparty.isolate", true); -// Pref : 4002: enforce FPI restriction for window.opener (FF54+) -// [NOTE] Setting this to false may reduce the breakage in 4001 -// [FF65+] blocks postMessage with targetOrigin "*" if originAttributes don't match. But -// to reduce breakage it ignores the 1st-party domain (FPD) originAttribute. (see [2],[3]) -// The 2nd pref removes that limitation and will only allow communication if FPDs also match. -// [1] https://bugzilla.mozilla.org/1319773#c22 -// [2] https://bugzilla.mozilla.org/1492607 -// [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage -//lockPref("privacy.firstparty.isolate.restrict_opener_access", true); // default: true -// lockPref("privacy.firstparty.isolate.block_post_message", true); -// Enforced with addon - -// Pref : 0102: set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session) -// [SETTING] General>Startup>Restore previous session -//lockPref("browser.startup.page", 0); -// Let the user choose over settings page - -// Pref : 1001: disable disk cache -//lockPref("browser.cache.disk.enable", false); -//lockPref("browser.cache.disk.capacity", 0); -//lockPref("browser.cache.disk.smart_size.enabled", false); -//lockPref("browser.cache.disk.smart_size.first_run", false); -// Pref : 1003: disable memory cache -// [NOTE] Not recommended due to performance issues -// lockPref("browser.cache.memory.enable", false); -// lockPref("browser.cache.memory.capacity", 0); -// This is overkill. Disabled for performance. -// Firefox should be run in a container: sandbox or otherwise - -// Pref : New tab page -//lockPref("browser.newtabpage.enabled", false); -// New page site shortcuts does not spy after tunning. May be enabled if preferred. - -// Pref : Disable in-content SVG rendering (Firefox >= 53) (disabled) -// Disabling SVG support breaks many UI elements on many sites -// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 -//lockPref("svg.disabled", true); -// Solved by extension - -// Pref : Disable Caching of SSL Pages -// CIS Version 1.2.0 October 21st, 2011 2.5.8 -// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl -//lockPref("browser.cache.disk_cache_ssl", false); - -// Pref : 2212 : limit events that can cause a popup -// default is "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend contextmenu" -// [1] http://kb.mozillazine.org/Dom.popup_allowed_events -//lockPref("dom.popup_allowed_events", "click dblclick"); -// This does not cause privacy/leaking issues -// Also already set in "dom.popup_maximum" - -// Pref : 2031 : disable audio auto-play in non-active tabs (FF51+) -// [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ -//lockPref("media.block-autoplay-until-in-foreground", true); -// Not privacy/security related - -// Pref : 2403 : disable clipboard commands (cut/copy) from "non-privileged" content (FF41+) -// this disables document.execCommand("cut"/"copy") to protect your clipboard -// [1] https://bugzilla.mozilla.org/1170911 -//lockPref("dom.allow_cut_copy", false); -// Not an issue - -// Pref : 1405 : disable WOFF2 (Web Open Font Format) (FF35+) -//lockPref("gfx.downloadable_fonts.woff2.enabled", false); -// Solved by extension - -// Pref : 1406 : disable CSS Font Loading API -// Disabling fonts can uglify the web a fair bit. -//lockPref("layout.css.font-loading-api.enabled", false); -// Solved by extension - -// - Disabled - Dumped Disabled From (gHacks, Check user.js for description) ---------------- - -//lockPref("browser.chrome.site_icons", false); -//lockPref("browser.library.activity-stream.enabled", false); -//lockPref("browser.privatebrowsing.autostart", true); -//lockPref("browser.urlbar.maxRichResults", 0); -//lockPref("dom.storage.enabled", false); -//lockPref("dom.storageManager.enabled", false); -//lockPref("extensions.screenshots.disabled", true); -//lockPref("extensions.webextensions.restrictedDomains", ""); -//lockPref("font.name.monospace.x-unicode", "Lucida Console"); -//lockPref("font.name.monospace.x-western", "Lucida Console"); -//lockPref("font.name.sans-serif.x-unicode", "Arial"); -//lockPref("font.name.sans-serif.x-western", "Arial"); -//lockPref("font.name.serif.x-unicode", "Georgia"); -//lockPref("font.name.serif.x-western", "Georgia"); -//lockPref("font.system.whitelist", ""); -//lockPref("full-screen-api.enabled", false); -//lockPref("gfx.downloadable_fonts.enabled", false); -//lockPref("gfx.downloadable_fonts.fallback_delay", -1); -//lockPref("javascript.options.baselinejit", false); -//lockPref("javascript.options.ion", false); -//lockPref("media.media-capabilities.enabled", false); -//lockPref("network.dnsCacheEntries", 400); -//lockPref("network.dnsCacheExpiration", 60); -//lockPref("network.ftp.enabled", false); -//lockPref("permissions.default.camera", 2); -//lockPref("permissions.default.desktop-notification", 2); -//lockPref("permissions.default.microphone", 2); -//lockPref("permissions.default.shortcuts", 2); -//lockPref("privacy.window.maxInnerHeight", 900); -//lockPref("privacy.window.maxInnerWidth", 1600); -//lockPref("security.insecure_connection_text.pbmode.enabled", true); -//lockPref("security.nocertdb", true); -//lockPref("security.ssl3.dhe_rsa_aes_128_sha", false); -//lockPref("security.ssl3.dhe_rsa_aes_256_sha", false); -//lockPref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); -//lockPref("security.ssl3.ecdhe_rsa_aes_128_sha", false); -//lockPref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); - -// - Disabled - Section ON ------------------------------------------------------------------ - -// Pref : Tor settings -// This browser is not meant for tor -// Enabling those settings for user torifying their whole connection -defaultPref("network.dns.blockDotOnion", true); -lockPref("network.http.referer.hideOnionSource", true); - -// Pref : 1603 : CROSS ORIGIN: control when to send a referer -// 0=always (default), 1=only if base domains match, 2=only if hosts match -// Can break some important site... (payment... ) -lockPref("network.http.referer.XOriginPolicy", 1); - -// Pref : Only allow TLS 1.[0-3] -lockPref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Disabled - Deprecated Active -// Deprecated settings but left active for various reasons -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : 0516 : disable Onboarding (FF55+) -// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time -// about:home or about:newtab is opened, the onboarding overlay is injected into it -// [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] -// [1] https://wiki.mozilla.org/Firefox/Onboarding -// [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf -// [3] https://bugzilla.mozilla.org/863246#c154 -lockPref("browser.onboarding.enabled", false); // Removed in v64 //Deprecated Active - -// Pref : Disable WebIDE Web Debug Extension -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.autoinstallADBHelper", false); -// Replaced by "devtools.webide.autoinstallADBExtension" in 64 - -// Pref : Disable raw TCP socket support (mozTCPSocket) -// https://trac.torproject.org/projects/tor/ticket/18863 -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ -// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket -// is only exposed to chrome ( https://trac.torproject.org/projects/tor/ticket/27268#comment:2 ) -// Not important -lockPref("dom.mozTCPSocket.enabled", false); - -// Pref : Enforce checking for Firefox updates -lockPref("app.update.enabled", false); - -// Pref : Disable bookmark backups (default: 15) -// http://kb.mozillazine.org/Browser.bookmarks.max_backups -lockPref("browser.bookmarks.max_backups", 2); - -// Pref : Disable SSDP -// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967 -lockPref("browser.casting.enabled", false); - -// Pref : -lockPref("browser.newtabpage.activity-stream.enabled", false); -lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); -lockPref("browser.newtabpage.directory.source", "data:text/plain,"); -lockPref("browser.newtabpage.enhanced", false); - -// Pref : -lockPref("browser.pocket.enabled", false); - -// Pref : Disable Heartbeat (Mozilla user rating telemetry) -// https://wiki.mozilla.org/Advocacy/heartbeat -// https://trac.torproject.org/projects/tor/ticket/19047 -lockPref("browser.selfsupport.url", ""); - -// Pref : Don't reveal build ID -// Value taken from Tor Browser -// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -// Already enforced with 'privacy.resistFingerprinting' ? -lockPref("browser.startup.homepage_override.mstone", "ignore"); - -// Pref : Disable face detection -lockPref("camera.control.face_detection.enabled", false); - -// Pref : -lockPref("datareporting.healthreport.about.reportUrl", "data:,"); -lockPref("datareporting.healthreport.service.enabled", false); - -// Pref : -lockPref("device.sensors.enabled", false); - -// Pref : Disable WebIDE Web Debug -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.autoinstallFxdtAdapters", false); -lockPref("devtools.webide.adaptersAddonURL", ""); - -// Pref : Disable resource timing API -// https://www.w3.org/TR/resource-timing/#privacy-security -lockPref("dom.enable_resource_timing", false); - -// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) -// https://wiki.mozilla.org/FlyWeb -// https://wiki.mozilla.org/FlyWeb/Security_scenarios -// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit -// http://www.ghacks.net/2016/07/26/firefox-flyweb -lockPref("dom.flyweb.enabled", false); - -// Pref : -lockPref("dom.gamepad.enabled", false); - -// Pref : Disable leaking network/browser connection information via Javascript -// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) -// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API -// https://wicg.github.io/netinfo/#privacy-considerations -// https://bugzilla.mozilla.org/show_bug.cgi?id=960426 -lockPref("dom.netinfo.enabled", false); - -// Pref : 2306: disable push notifications (FF44+) -// web apps can receive messages pushed to them from a server, whether or -// not the web app is in the foreground, or even currently loaded -// [1] https://developer.mozilla.org/docs/Web/API/Push_API -lockPref("dom.push.udp.wakeupEnabled", false); //UDP Wake-up - -// Pref : Disable telephony API -// https://wiki.mozilla.org/WebAPI/Security/WebTelephony -lockPref("dom.telephony.enabled", false); - -// Pref : Disable SHIELD -// https://support.mozilla.org/en-US/kb/shield -// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 -lockPref("extensions.shield-recipe-client.enabled", false); - -// Pref : Disable Firefox Hello metrics collection -// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion -lockPref("loop.logDomains", false); - -// Pref : Disable video stats to reduce fingerprinting threat -// https://bugzilla.mozilla.org/show_bug.cgi?id=654550 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065 -lockPref("media.video_stats.enabled", false); - -// Pref : WebSockets is a technology that makes it possible to open an interactive communication -// session between the user's browser and a server. (May leak IP when using proxy/VPN) -lockPref("network.websocket.enabled", false); - -// Pref : Disable Reader -// Not deprecated but useful to be located here -lockPref("reader.parse-on-load.enabled", false); - -// CIS 2.7.4 Disable Scripting of Plugins by JavaScript -// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 -lockPref("security.xpconnect.plugin.unrestricted", false); - -// Pref : -lockPref("social.directories", ""); - -// Pref : -lockPref("social.remote-install.enabled", false); - -// Pref : -lockPref("social.whitelist", ""); - -// Pref : Disable RC4 -// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security -// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 -// https://rc4.io/ -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 -lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); -lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); -lockPref("security.ssl3.rsa_rc4_128_md5", false); -lockPref("security.ssl3.rsa_rc4_128_sha", false); -lockPref("security.tls.unrestricted_rc4_fallback", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Disabled - Deprecated Inactive -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// - Disabled - Deprecated Main ------------------------------------------------------------------- - -// Pref : Other old safebrowsing not used -//lockPref("browser.safebrowsing.appRepURL", ""); -//lockPref("browser.safebrowsing.enabled", false); -//lockPref("browser.safebrowsing.gethashURL", ""); -//lockPref("browser.safebrowsing.malware.reportURL", ""); -//lockPref("browser.safebrowsing.provider.google.appRepURL", ""); -//lockPref("browser.safebrowsing.reportErrorURL", ""); -//lockPref("browser.safebrowsing.reportGenericURL", ""); -//lockPref("browser.safebrowsing.reportMalwareErrorURL", ""); -//lockPref("browser.safebrowsing.reportMalwareMistakeURL", ""); -//lockPref("browser.safebrowsing.reportMalwareURL", ""); -//lockPref("browser.safebrowsing.reportPhishMistakeURL", ""); -//lockPref("browser.safebrowsing.reportURL", ""); -//lockPref("browser.safebrowsing.updateURL", ""); - -// Pref : 1031: disable favicons in tabs and new bookmarks - merged with browser.chrome.site_icons -// [-] https://bugzilla.mozilla.org/1453751 -// lockPref("browser.chrome.favicons", false); - -// Pref : Don't use OS values to determine locale, force using Firefox locale setting -// http://kb.mozillazine.org/Intl.locale.matchOS -// Disabled to make resistFingerprinting efficient -//lockPref("intl.locale.matchOS", false); - -// Pref : 1601: disable referer from SSL Websites -// [-] https://bugzilla.mozilla.org/1308725 -//lockPref("network.http.sendSecureXSiteReferrer", false); - -// Pref : 2030: disable auto-play of HTML5 media - replaced by media.autoplay.default -// [WARNING] This may break video playback on various sites -// [-] https://bugzilla.mozilla.org/1470082 -// Still active for ESR60.x but not important -//lockPref("media.autoplay.enabled", false); - -// Pref : 1007: disable randomized FF HTTP cache decay experiments -// [1] https://trac.torproject.org/projects/tor/ticket/13575 -// [-] https://bugzilla.mozilla.org/1430197 -//lockPref("browser.cache.frecency_experiment", -1); - -// Pref : 1606: set the default Referrer Policy - replaced by network.http.referer.defaultPolicy -// [-] https://bugzilla.mozilla.org/587523 -//lockPref("network.http.referer.userControlPolicy", 3); // (FF53-FF58) default: 3 - -// Pref : 2704: set cookie lifetime in days (see 2703) -// [-] https://bugzilla.mozilla.org/1457170 -// lockPref("network.cookie.lifetime.days", 90); // default: 90 - -// Pref : 2604: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled -// [-] https://bugzilla.mozilla.org/897811 -//lockPref("pageThumbs.enabled", false); - -// - Disabled - Default is same ------------------------------------------------------------------- -// This is generally a bad idea: if FF disables something due to a security concern, the -// end user who doesn't keep up to date with changes (IF they do update) would be screwed over -// Thanks to @Thorin-Oakenpants - -// Pref : Display a notification bar when websites offer data for offline use -// http://kb.mozillazine.org/Browser.offline-apps.notify -//lockPref("browser.offline-apps.notify", true); //Default true - -// Pref : Enable Subresource Integrity -// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity -// https://wiki.mozilla.org/Security/Subresource_Integrity -//lockPref("security.sri.enable", true); //Default true - -// Pref : Enable GCM ciphers (TLSv1.2 only) -// https://en.wikipedia.org/wiki/Galois/Counter_Mode -//lockPref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // Pref : 0xc02b //Default true - -// Pref : Enable ciphers with ECDHE and key size > 128bits -//lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // Pref : 0xc00a //Default true - -// Pref : Enable ChaCha20 and Poly1305 (Firefox >= 47) -// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/ -// https://tools.ietf.org/html/rfc7905 -// https://bugzilla.mozilla.org/show_bug.cgi?id=917571 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860 -// https://cr.yp.to/chacha.html -//lockPref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true); //Default true -//lockPref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true); //Default true - -// Pref : Enable GCM ciphers (TLSv1.2 only) -// https://en.wikipedia.org/wiki/Galois/Counter_Mode -//lockPref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // Pref : 0xc02f //Default true - -// Pref : Enable ciphers with ECDHE and key size > 128bits -//lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // Pref : 0xc014 //Default true - -// - Disabled - Dumped Deprecated From (gHacks, Check user.js for description) -------------------- - -//lockPref("general.useragent.locale", "en-US"); -//lockPref("browser.backspace_action", 2); -//lockPref("browser.bookmarks.showRecentlyBookmarked", false); -//lockPref("browser.crashReports.unsubmittedCheck.autoSubmit", false); -//lockPref("browser.ctrlTab.previews", true); -//lockPref("browser.formautofill.enabled", false); -//lockPref("browser.formfill.saveHttpsForms", false); -//lockPref("browser.fullscreen.animate", false); -//lockPref("browser.history.allowPopState", false); -//lockPref("browser.history.allowPushState", false); -//lockPref("browser.history.allowReplaceState", false); -//lockPref("browser.newtabpage.introShown", true); -//lockPref("browser.pocket.api", ""); -//lockPref("browser.pocket.oAuthConsumerKey", ""); -//lockPref("browser.pocket.site", ""); -//lockPref("browser.polaris.enabled", false); -//lockPref("browser.search.showOneOffButtons", false); -//lockPref("browser.selfsupport.enabled", false); -//lockPref("browser.sessionstore.privacy_level_deferred", 2); -//lockPref("browser.tabs.warnOnClose", false); -//lockPref("browser.tabs.warnOnCloseOtherTabs", false); -//lockPref("browser.tabs.warnOnOpen", false); -//lockPref("browser.trackingprotection.gethashURL", ""); -//lockPref("browser.trackingprotection.updateURL", ""); -//lockPref("browser.urlbar.decodeURLsOnCopy", true); -//lockPref("browser.urlbar.unifiedcomplete", false); -//lockPref("browser.usedOnWindows10.introURL", ""); -//lockPref("browser.zoom.siteSpecific", false); -//lockPref("camera.control.autofocus_moving_callback.enabled", false); -//lockPref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); -//lockPref("datareporting.healthreport.documentServerURI", ""); -//lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); -//lockPref("dom.archivereader.enabled", false); -//lockPref("dom.beforeAfterKeyboardEvent.enabled", false); -//lockPref("dom.disable_image_src_set", true); -//lockPref("dom.disable_window_open_feature.scrollbars", true); -//lockPref("dom.disable_window_status_change", true); -//lockPref("dom.idle-observers-api.enabled", false); -//lockPref("dom.keyboardevent.code.enabled", false); -//lockPref("dom.network.enabled", false); -//lockPref("dom.vr.oculus050.enabled", false); -//lockPref("dom.w3c_touch_events.enabled", 0); -//lockPref("dom.workers.enabled", false); -//lockPref("dom.workers.sharedWorkers.enabled", false); -//lockPref("extensions.formautofill.experimental", false); -//lockPref("extensions.screenshots.system-disabled", true); -//lockPref("extensions.shield-recipe-client.api_url", ""); -//lockPref("full-screen-api.approval-required", false); -//lockPref("full-screen-api.warning.delay", 0); -//lockPref("full-screen-api.warning.timeout", 0); -//lockPref("general.warnOnAboutConfig", false); -//lockPref("geo.security.allowinsecure", false); -//lockPref("loop.enabled", false); -//lockPref("loop.facebook.appId", ""); -//lockPref("loop.facebook.enabled", false); -//lockPref("loop.facebook.fallbackUrl", ""); -//lockPref("loop.facebook.shareUrl", ""); -//lockPref("loop.feedback.formURL", ""); -//lockPref("loop.feedback.manualFormURL", ""); -//lockPref("loop.server", ""); -//lockPref("media.block-play-until-visible", true); -//lockPref("media.eme.apiVisible", false); -//lockPref("media.eme.chromium-api.enabled", false); -//lockPref("media.getusermedia.screensharing.allow_on_old_platforms", false); -//lockPref("media.getusermedia.screensharing.allowed_domains", ""); -//lockPref("media.gmp-eme-adobe.autoupdate", false); -//lockPref("media.gmp-eme-adobe.visible", false); -//lockPref("media.ondevicechange.enabled", false); -//lockPref("media.webspeech.synth.enabled", false); -//lockPref("network.http.spdy.enabled.http2draft", false); -//lockPref("network.http.spdy.enabled.v3-1", false); -//lockPref("pfs.datasource.url", ""); -//lockPref("plugin.scan.Acrobat", "99999"); -//lockPref("plugin.scan.Quicktime", "99999"); -//lockPref("plugin.scan.WindowsMediaPlayer", "99999"); -//lockPref("plugins.enumerable_names", ""); -//lockPref("plugins.update.notifyUser", false); -//lockPref("plugins.update.url", ""); -//lockPref("privacy.clearOnShutdown.passwords", false); -//lockPref("security.mixed_content.send_hsts_priming", false); -//lockPref("security.mixed_content.use_hsts", true); -//lockPref("security.tls.insecure_fallback_hosts.use_static_list", false); -//lockPref("social.enabled", false); -//lockPref("social.share.activationPanelEnabled", false); -//lockPref("social.shareDirectory", ""); -//lockPref("social.toast-notifications.enabled", false); -//lockPref("startup.homepage_override_url", ""); -//lockPref("startup.homepage_welcome_url", ""); -//lockPref("startup.homepage_welcome_url.additional", ""); -//lockPref("toolkit.cosmeticAnimations.enabled", false); -//lockPref("toolkit.telemetry.unifiedIsOptIn", true); -//lockPref("ui.key.menuAccessKey", 0); -//lockPref("view_source.tab", false); - -defaultPref("xpinstall.signatures.required", true); - -// https://www.ghacks.net/2019/05/24/firefox-69-userchrome-css-and-usercontent-css-disabled-by-default/ -// might increase startup time, so keep it disabled, but modifiable by default -defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); - -// to be set for the console to work, see https://gitlab.com/librewolf-community/browser/linux/-/issues/80: -defaultPref("devtools.selfxss.count", 0); - -// enable HTTPS only mode by default -defaultPref("dom.security.https_only_mode", true); -defaultPref("dom.security.https_only_mode_ever_enabled", true); +// ----------------------------------- +// # OVERRIDES +// ----------------------------------- // allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` // or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). -// not yet verified to work on Windows and MacOS releases -let home_directory = getenv("HOME"); -if (home_directory) { - pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); +let profile_directory; +if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { + pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); } From b2803cf75fdf9b22d1147829510eec2bd60511ba Mon Sep 17 00:00:00 2001 From: fxbrit Date: Sat, 24 Apr 2021 15:19:03 +0200 Subject: [PATCH 03/37] reorganized tracking section + 3rd set of changes --- Changelog.md | 29 ++ librewolf.cfg | 834 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 863 insertions(+) diff --git a/Changelog.md b/Changelog.md index 4febc8f..8c0c02c 100755 --- a/Changelog.md +++ b/Changelog.md @@ -3,7 +3,19 @@ Previously missing, now added ``` defaultPref("pdfjs.enableScripting", false); +<<<<<<< HEAD lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway +======= +lockPref("privacy.trackingprotection.testing.report_blocked_node", false); +lockPref("browser.contentblocking.report.endpoint_url", ""); +lockPref("browser.contentblocking.report.monitor.home_page_url", ""); +lockPref("browser.contentblocking.report.monitor.preferences", ""); +lockPref("browser.contentblocking.report.vpn.url", ""); +lockPref("browser.contentblocking.report.vpn-promo.url", ""); +lockPref("browser.contentblocking.report.vpn-ios.url", ""); +lockPref("browser.contentblocking.report.vpn-android.url", ""); +lockPref("browser.contentblocking.category", "custom"); +>>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) lockPref("browser.contentblocking.cfr-milestone.enabled", false); lockPref("browser.contentblocking.database.enabled", false); lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); @@ -45,9 +57,15 @@ lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // Previously set to lockPref("network.http.referer.XOriginPolicy", 0); // Previously set to 1 defaultPref("privacy.clearOnShutdown.offlineApps", false); // For consistency with new cookie behavior defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cookie behavior +<<<<<<< HEAD lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384); +======= +lockPref("devtools.performance.recording.ui-base-url", ""); // Previously redirected to localhost +lockPref("services.settings.security.onecrl.signer", ""); // Previously services.blocklist.onecrl.signer +lockPref("browser.contentblocking.report.lockwise.howitworks.url", ""); +>>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) ``` #### Removed @@ -106,6 +124,7 @@ lockPref("services.settings.default_signer", ""); // Deprecated lockPref("app.productInfo.baseURL", ""); // Deprecated lockPref("devtools.webide.adbAddonURL", ""); // Deprecated lockPref("lightweightThemes.recommendedThemes", ""); // Deprecated +<<<<<<< HEAD defaultPref("media.gmp-gmpopenh264.autoupdate", false); // Adroid FF only lockPref("browser.newtabpage.activity-stream.prerender", false); // Deprecated lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // Deprecated @@ -404,6 +423,16 @@ lockPref("identity.fxaccounts.commands.enabled", false); lockPref("identity.fxaccounts.remote.oauth.uri", ""); lockPref("identity.fxaccounts.remote.profile.uri", ""); lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); +======= +``` + +#### Commented +Active prefs that were commented in order to address them before removing them +``` +// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant +// when 3rd party cookies are disabled +// lockPref("privacy.storagePrincipal.enabledForTrackers", false); +>>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) // all handled by lockPref("services.settings.server", "") lockPref("services.blocklist.addons.collection", ""); diff --git a/librewolf.cfg b/librewolf.cfg index cd12b9c..496d27a 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1,3 +1,4 @@ +<<<<<<< HEAD //---------------| // LibreWolf | //---------------| @@ -22,17 +23,121 @@ // that rely on comparing version numbers. | // | // ================================================================================================================================| +======= +// --------- +// LibreWolf +// --------- +// +// Documentation .............. : +// ============================== +// +// "Section" : Description of the settings section separated by "----" +// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance +// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss +// Performance can be tested here : https://chromium.github.io/octane/ +// "Pref" : Preference/Settings name and or description followed by links or documentations +// and some time explanation why the setting is commented and ignored. +// "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here +// lockPref is used to lock preferences so they cannot be changed through the GUI or about:config. +// In many cases the GUI will change to reflect this, graying out or removing options. Appears +// in about:config as "locked". Some config items require lockPref to be set, such as app.update.enabled. +// It will not work if it set with just pref. +// "pref" : Sets the preference as if a user had set it, every time you start the browser. So users can make changes, +// but they will be erased on restart. If you set a particular preference this way, +// it shows up in about:config as "user set". +// "defaultPref" : Defaulting : Is used to alter the default value, though users can set it normally and their changes will +// be saved between sessions. If preferences are reset to default through the GUI or some other method, +// this is what they will go back to. Appears in about:config as "default". +// "clearPref" : Can be used to "blank" certain preferences. This can be useful e.g. to disable functions +// that rely on comparing version numbers. +// +// ==================================================================================== +// Protection ................. : +// ============================== +// +// Pref : Locking librewolf.cfg itself +defaultPref("general.config.filename", "librewolf.cfg"); +// +// ===================================================================================== +// Index librewolf.cfg .......... : +// ============================== +// +// ----------------------------------------------------------------------- +// Section : User settings // Bench Diff : +0 / 5000 +// Section : Defaulting Settings // Bench Diff : +0 / 5000 +// ----------------------------------------------------------------------- +// Section : Controversial // Bench Diff : +0 / 5000 +// Section : Firefox Fingerprint // Bench Diff : +0 / 5000 +// Section : Locale/Time // Bench Diff : +0 / 5000 +// Section : Ghacks-user Selection // Bench Diff : +100 / 5000 +// Section : Extensions Manager // Bench Diff : +0 / 5000 +// Section : IJWY To Shut Up // Bench Diff : +0 / 5000 +// Section : Microsoft Windows // Bench Diff : +0 / 5000 +// Section : Firefox ESR60.x // Bench Diff : +0 / 5000 +// ----------------------------------------------------------------------- +// Section : Security 1/3 // Bench Diff : +0 / 5000 +// Section : Security 2/3 // Bench Diff : +0 / 5000 +// Section : Security 3/3 (Cipher) // Bench Diff : +0 / 5000 +// ----------------------------------------------------------------------- +// Section : Performance 1/5 // Bench Diff : +650 / 5000 +// Section : Performance 2/5 // Bench Diff : -800 / 5000 +// Section : Performance 3/5 // Bench Diff : -1720 / 5000 +// Section : Performance 4/5 // Bench Diff : -200 / 5000 +// Section : Performance 5/5 // Bench Diff : -50 / 5000 +// ----------------------------------------------------------------------- +// Section : General Settings 1/3 // Bench Diff : +100 / 5000 +// Section : General Settings 2/3 // Bench Diff : +0 / 5000 +// Section : General Settings 3/3 // Bench Diff : -40 / 5000 +// ----------------------------------------------------------------------- +// Section : Disabled - ON/OFF // Bench Diff : +0 / 5000 +// Section : Disabled - Deprecated Active // Bench Diff : +0 / 5000 +// Section : Disabled - Deprecated Inactive // Bench Diff : +0 / 5000 +// ----------------------------------------------------------------------- +// +// ----------------------------------------------------------------------- +// Index local-settings.js .... : +// ============================== +// +// ----------------------------------------------------------------------- +// Section : General Settings // Bench Diff : ++ / 5000 +// ----------------------------------------------------------------------- +// +// ----------------------------------------------------------------------- + +// >>>>>>>>>>>>>>>>>>>>>>> +// Section : User Settings +// Bench Diff : +0/5000 +// >>>>>>>>>>>>>>>>>>>>>>> + +// -------------------------------- +// User Settings : Cookies settings +// -------------------------------- + +// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI +defaultPref("network.cookie.cookieBehavior", 1); +defaultPref("network.cookie.lifetimePolicy", 2); +defaultPref("network.cookie.thirdparty.sessionOnly", true); +lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); +>>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) // ----------------------------------- // # TRACKING PROTECTION // ----------------------------------- +<<<<<<< HEAD defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more +======= +// set custom mode +lockPref("browser.contentblocking.category", "custom"); // Changing to other options is currently broken anyway + +// disabling tracking protection +>>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) lockPref("privacy.trackingprotection.enabled", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); lockPref("privacy.trackingprotection.socialtracking.enabled", false); lockPref("privacy.trackingprotection.cryptomining.enabled", false); lockPref("privacy.trackingprotection.fingerprinting.enabled", false); +<<<<<<< HEAD lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("urlclassifier.trackingTable", ""); lockPref("browser.contentblocking.database.enabled", false); @@ -49,6 +154,61 @@ lockPref("browser.contentblocking.report.lockwise.enabled", false); lockPref("browser.contentblocking.report.monitor.enabled", false); lockPref("browser.contentblocking.report.proxy.enabled", false); lockPref("browser.contentblocking.report.vpn.enabled", false); +======= + +// below are potentially useless as tracking protection is disabled +lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); +lockPref("privacy.trackingprotection.annotate_channels", false); +lockPref("privacy.trackingprotection.lower_network_priority", false); +lockPref("privacy.trackingprotection.testing.report_blocked_node", false); +lockPref("telemetry.origin_telemetry_test_mode.enabled", false); +lockPref("urlclassifier.trackingTable", ""); +lockPref("browser.contentblocking.database.enabled", false); + +// remove urls for/from tracking protection +lockPref("browser.contentblocking.reportBreakage.url", ""); + +// hide ui elements for tracking protection +lockPref("browser.contentblocking.cfr-milestone.enabled", false); +lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); + +// remove urls for/from protection report +lockPref("browser.contentblocking.report.cookie.url", ""); +lockPref("browser.contentblocking.report.cryptominer.url", ""); +lockPref("browser.contentblocking.report.endpoint_url", ""); +lockPref("browser.contentblocking.report.fingerprinter.url", ""); +lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); +lockPref("browser.contentblocking.report.manage_devices.url", ""); +lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); +lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); +lockPref("browser.contentblocking.report.monitor.home_page_url", ""); +lockPref("browser.contentblocking.report.monitor.preferences", ""); +lockPref("browser.contentblocking.report.monitor.url", ""); +lockPref("browser.contentblocking.report.proxy.enabled", false); +lockPref("browser.contentblocking.report.proxy_extension.url", ""); +lockPref("browser.contentblocking.report.social.url", ""); +lockPref("browser.contentblocking.report.tracker.url", ""); +lockPref("browser.contentblocking.report.vpn.url", ""); +lockPref("browser.contentblocking.report.vpn-promo.url", ""); +lockPref("browser.contentblocking.report.vpn-ios.url", ""); +lockPref("browser.contentblocking.report.vpn-android.url", ""); + +// hide ui elements from protection report +lockPref("browser.contentblocking.report.hide_vpn_banner", true); +lockPref("browser.contentblocking.report.show_mobile_app", false); +lockPref("browser.contentblocking.report.lockwise.enabled", false); +lockPref("browser.contentblocking.report.monitor.enabled", false); +lockPref("browser.contentblocking.report.proxy.enabled", false); +lockPref("browser.contentblocking.report.vpn.enabled", false); + +// Windows only +lockPref("default-browser-agent.enabled", false); +>>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) + +// to check, likely deprecated +lockPref("pref.privacy.disable_button.change_blocklist", true); +lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); // ---------------------------------- // # AUTOPLAY @@ -214,9 +374,36 @@ lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnabled", false); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); +<<<<<<< HEAD lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); +======= +lockPref("browser.newtab.preload", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); +lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); + +lockPref("extensions.getAddons.discovery.api_url", ""); +lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":false}"); + +lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); +// Default Value : +// {\"id\":\"cfr\",\"enabled\":false,\"type\":\"local\",\"localProvider\":\ +// "CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}} +lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", ""); +// Default Value : +// {\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true} +lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); +// Default Value : +// {\"id\":\"snippets\",\"enabled\":false,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/ +// %STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION% +// /%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000} +>>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) // ------------------------------------------- // # DO NOT TRACK @@ -401,8 +588,655 @@ lockPref("security.mixed_content.block_active_content", true); lockPref("security.insecure_connection_text.enabled", true); lockPref("security.insecure_connection_text.pbmode.enabled", true); +<<<<<<< HEAD lockPref("security.dialog_enable_delay", 700); lockPref("security.csp.enable", true); +======= +// Remove a bunch of URLs : +lockPref("lightweightThemes.getMoreURL", ""); +lockPref("media.decoder-doctor.new-issue-endpoint", ""); +lockPref("identity.sync.tokenserver.uri", ""); +lockPref("network.trr.confirmationNS", ""); +lockPref("browser.translation.engine", ""); // default Google +lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // default Yahoo! Mail +lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail +lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.irc.0.name", ""); +lockPref("services.sync.lastversion", ""); +lockPref("browser.safebrowsing.provider.mozilla.lists.base", ""); +lockPref("browser.safebrowsing.provider.mozilla.lists.content", ""); +lockPref("browser.safebrowsing.provider.google.advisoryName", ""); +lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); +lockPref("browser.safebrowsing.provider.mozilla.lists", ""); +lockPref("identity.fxaccounts.remote.root", ""); +lockPref("services.settings.server", ""); +lockPref("services.blocklist.addons.signer", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.plugins.signer", ""); +lockPref("accessibility.support.url", ""); +lockPref("app.normandy.shieldLearnMoreUrl", ""); +lockPref("app.support.baseURL", ""); +lockPref("browser.chrome.errorReporter.infoURL", ""); +lockPref("browser.dictionaries.download.url", ""); +lockPref("browser.geolocation.warning.infoURL", ""); +lockPref("browser.search.searchEnginesURL", ""); +lockPref("browser.uitour.themeOrigin", ""); +lockPref("extensions.getAddons.compatOverides.url", ""); +lockPref("services.sync.addons.trustedSourceHostnames", ""); +lockPref("toolkit.datacollection.infoURL", ""); +lockPref("xpinstall.signatures.devInfoURL", ""); +lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); + +// Relevant for addons and lang packs +defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% +defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% +defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ +defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% +defaultPref("extensions.getAddons.themes.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox +defaultPref("extensions.update.url", ""); +// Default Value +// https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= +// %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= +// %ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= +// %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= +// %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% + +// Other Sync Settings - Disabling By Prevention --------------------------------------------------------- + +lockPref("services.sync.maxResyncs", 0); //5 +lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 +lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false +lockPref("services.sync.engine.addons", false); //true +lockPref("services.sync.engine.addresses", false); //false +lockPref("services.sync.engine.bookmarks", false); //true +lockPref("services.sync.engine.bookmarks.buffer", false); //false +lockPref("services.sync.engine.creditcards", false); //false +lockPref("services.sync.engine.creditcards.available", false); //false +lockPref("services.sync.engine.history", false); //true +lockPref("services.sync.engine.passwords", false); //true +lockPref("services.sync.engine.prefs", false); //true +lockPref("services.sync.engine.tabs", false); //true +lockPref("services.sync.log.appender.file.logOnError", false); //true +lockPref("services.sync.log.appender.file.logOnSuccess", false); //false +lockPref("services.sync.log.cryptoDebug", false); //false +lockPref("services.sync.sendVersionInfo", false); //true +lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true +lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true +lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true +lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.enabled", false); //true +lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true +lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true +lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true +lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true +lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true +lockPref("services.sync.prefs.sync.browser.search.update", false); //true +lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); //true +lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true +lockPref("services.sync.prefs.sync.browser.startup.page", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true +lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true +lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true +lockPref("services.sync.prefs.sync.extensions.personas.current", false); //true +lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true +lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true +lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true +lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); //true +lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); //true +lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true +lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true +lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true +lockPref("services.sync.prefs.sync.permissions.default.image", false); //true +lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); //true +lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); //true +lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true +lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true +lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true +lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true +lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); //true +lockPref("services.sync.prefs.sync.security.OCSP.require", false); //true +lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true +lockPref("services.sync.prefs.sync.security.tls.version.max", false); //true +lockPref("services.sync.prefs.sync.security.tls.version.min", false); //true +lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true +lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true +lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); //true + +// Testing ----------------------------------------------------------------------------------------------- + +// Pref : Test To Make FFox Silent +lockPref("browser.chrome.errorReporter.publicKey", ""); +// Default Value +// c709cb7a2c0b4f0882fcc84a5af161ec + +// Pref : Test To Make FFox Silent +lockPref("prio.publicKeyA", ""); +// Default Value +// 35AC1C7576C7C6EDD7FED6BCFC337B34D48CB4EE45C86BEEFB40BD8875707733 +lockPref("prio.publicKeyB", ""); +// Default Value +// 26E6674E65425B823F1F1D5F96E3BB3EF9E406EC7FBA7DEF8B08A35DD135AF50 + +// Alpha Settings Not Needed At The Moment -------------------------------------------------------------- + +// Pref : +//lockPref("urlclassifier.phishTable", ""); +// Default Value +// goog-phish-proto,test-phish-simple + +// Pref : +//lockPref("urlclassifier.passwordAllowTable", ""); +// Default Value +// goog-passwordwhite-proto + +// Pref : +//lockPref("urlclassifier.downloadAllowTable", ""); +// Default Value +// goog-downloadwhite-proto + +// Pref : +//lockPref("urlclassifier.downloadBlockTable", ""); +// Default Value +// goog-badbinurl-proto + +// Pref : Test To Make FFox Silent +//lockPref("security.content.signature.root_hash", ""); +// Default Value +// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.1.issuerName", ""); +// Default Value +// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.2.issuerName", ""); +// Default Value +// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US + +// Disabled ---------------------------------------------------------------------------------------------- + +// Pref : New page default sites +//lockPref("browser.newtabpage.activity-stream.default.sites", ""); +// Default Value +// https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/, +// https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Microsoft Windows +// Bench Diff : +0/5000 +// >>>>>>>>>>>>>>>>>>>> + +// Pref : Other webGl [WINDOWS] +lockPref("webgl.dxgl.enabled", false); + +// Pref : disable scanning for plugins [WINDOWS] +lockPref("plugin.scan.plid.all", false); + +// Pref : disable Windows jumplist [WINDOWS] +lockPref("browser.taskbar.lists.enabled", false); +lockPref("browser.taskbar.lists.frequent.enabled", false); +lockPref("browser.taskbar.lists.recent.enabled", false); +lockPref("browser.taskbar.lists.tasks.enabled", false); + +// Pref : disable Windows taskbar preview [WINDOWS] +lockPref("browser.taskbar.previews.enable", false); + +// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] +// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ +lockPref("network.protocol-handler.external.ms-windows-store", false); + +// Pref : disable background update service [WINDOWS] +// [SETTING] General>Firefox Updates>Use a background service to install updates +lockPref("app.update.service.enabled", false); + +// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) +// [1] https://bugzilla.mozilla.org/603903 +lockPref("toolkit.winRegisterApplicationRestart", false); + +// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) +// 0=disable detecting Family Safety mode and importing the root +// 1=only attempt to detect Family Safety mode (don't import the root) +// 2=detect Family Safety mode and import the root +// [1] https://trac.torproject.org/projects/tor/ticket/21686 +lockPref("security.family_safety.mode", 0); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Firefox ESR60.x +// Deprecated Active For ESR +// Bench Diff : +0/5000 +// >>>>>>>>>>>>>>>>>>>> + +// Pref : Geolocation +lockPref("browser.search.countryCode", "US"); + +// Pref : Disable Mozilla telemetry/experiments +// https://wiki.mozilla.org/Platform/Features/Telemetry +// https://wiki.mozilla.org/Privacy/Reviews/Telemetry +// https://wiki.mozilla.org/Telemetry +// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry +// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 +// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry +// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html +// https://wiki.mozilla.org/Telemetry/Experiments +// https://support.mozilla.org/en-US/questions/1197144 +lockPref("experiments.activeExperiment", false); +lockPref("experiments.enabled", false); +lockPref("experiments.manifest.uri", ""); +lockPref("experiments.supported", false); + +// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+) +// [1] https://bugzilla.mozilla.org/1173171 +// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ +// [-] https://bugzilla.mozilla.org/1427726 +lockPref("network.jar.block-remote-files", true); + +// Pref : 2613: disable JAR from opening Unsafe File Types +// [-] https://bugzilla.mozilla.org/1427726 +lockPref("network.jar.open-unsafe-types", false); + +// Pref : Disable Java NPAPI plugin +lockPref("plugin.state.java", 0); + +// Discussion at https://github.com/ghacksuserjs/ghacks-user.js/issues/743 +lockPref("trailhead.firstrun.branches", "join-privacy"); + +// Pref : 0402: enable Kinto blocklist updates (FF50+) +// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications +// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be +// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes +// [-] https://bugzilla.mozilla.org/1458917 +lockPref("services.blocklist.update_enabled", false); + +// Pref : 0503: disable "Savant" Shield study (FF61+) +// [-] https://bugzilla.mozilla.org/1457226 +lockPref("shield.savant.enabled", false); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Security 1/3 +// Bench Diff : +0/5000 +// >>>>>>>>>>>>>>>>>>>> + +// Pref : Enable insecure password warnings (login forms in non-HTTPS pages) +// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ +// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 +lockPref("security.insecure_password.ui.enabled", true); + +// Pref : Show in-content login form warning UI for insecure login fields +// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 +lockPref("security.insecure_field_warning.contextual.enabled", true); + +// Pref : Disable HSTS preload list (pre-set HSTS sites list provided by Mozilla) +// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ +// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List +// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security +lockPref("network.stricttransportsecurity.preloadlist", false); + +// Pref : Disable TLS Session Tickets +// https://www.blackhat.com/us-13/briefings.html#NextGen +// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf +// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf +// https://bugzilla.mozilla.org/show_bug.cgi?id=917049 +// https://bugzilla.mozilla.org/show_bug.cgi?id=967977 +// SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. +// Since the ID is unique, web servers can (and do) use it for tracking. If set to true, +// this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking +lockPref("security.ssl.disable_session_identifiers", true); + +// Pref : Blocking GD Parking Scam Site +// TODO: do we still need this? librefox.com isn't relevant anymore and this pretty much +// only tells LibreWolf to look for librefox.com locally +defaultPref("network.dns.localDomains", "librefox.com"); + +// Pref : Disable insecure TLS version fallback +// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 +// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645 +lockPref("security.tls.version.fallback-limit", 3); + +// Pref : Only allow TLS 1.2+ +// http://kb.mozillazine.org/Security.tls.version.* +lockPref("security.tls.version.min", 3); + +// enforce TLS 1.0 and 1.1 downgrades as session only +lockPref("security.tls.version.enable-deprecated", false); + +// Pref : Enfore Public Key Pinning +// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning +// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning +// "2. Strict. Pinning is always enforced." +lockPref("security.cert_pinning.enforcement_level", 2); + +// Pref : Disallow SHA-1 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 +// https://shattered.io/ +lockPref("security.pki.sha1_enforcement_level", 1); + +// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) +// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 +lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); + +// Pref : Pre-populate the current URL but do not pre-fetch the certificate in the +// "Add Security Exception" dialog +// http://kb.mozillazine.org/Browser.ssl_override_behavior +// https://github.com/pyllyukko/user.js/issues/210 +lockPref("browser.ssl_override_behavior", 1); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Security 2/3 +// Bench Diff : +0/5000 +// >>>>>>>>>>>>>>>>>>>> + +// Pref : +lockPref("security.ssl.errorReporting.automatic", false); +lockPref("security.ssl.errorReporting.url", ""); + +// Pref : Check disabled section +// OCSP leaks the visited sites. Exactly same issue as with safebrowsing. +// Stapling forces the site to prove that its certificate is good +// through the CA, so apparently nothing is leaked in this case. +// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ +lockPref("security.OCSP.enabled", 0); +lockPref("security.OCSP.require", false); +lockPref("security.ssl.enable_ocsp_stapling", true); + +// Pref : +lockPref("security.ssl.errorReporting.enabled", false); +lockPref("security.remote_settings.intermediates.enabled", true); + +// Pref : Manage certificates button +//lockPref("security.disable_button.openCertManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : Manage security devices button +//lockPref("security.disable_button.openDeviceManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : +lockPref("security.mixed_content.upgrade_display_content", true); +lockPref("security.mixed_content.block_object_subrequest", true); +lockPref("security.mixed_content.block_display_content", true); +lockPref("security.mixed_content.block_active_content", true); + +// Pref : +lockPref("security.insecure_connection_icon.enabled", true); +lockPref("security.insecure_connection_icon.pbmode.enabled", true); +lockPref("security.insecure_connection_text.enabled", true); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Security 3/3 (Cipher) +// Bench Diff : +0/5000 +// >>>>>>>>>>>>>>>>>>>> + +// Pref : +lockPref("security.ssl3.rsa_des_ede3_sha", false); +lockPref("security.ssl3.rsa_aes_256_sha", false); +lockPref("security.ssl3.rsa_aes_128_sha", false); + +// Pref : Disable RC4 +// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security +// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 +// https://rc4.io/ +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 +lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); +lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); + +// Pref : Disable SEED cipher +// https://en.wikipedia.org/wiki/SEED +lockPref("security.ssl3.rsa_seed_sha", false); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Performance 1/5 +// Defaulting settings - HW Settings can be checked under about:support +// Bench Diff : +650/5000 +// >>>>>>>>>>>>>>>>>>>>>> + +// Bench Diff : +100/5000 +// Pref : Increases animation speed. May mitigate choppy scrolling. +defaultPref("layout.frame_rate.precise", true); + +// Bench Diff : +500/5000 +// Pref : Enable Hardware Acceleration and Off Main Thread Compositing (OMTC). +// It's likely your browser is already set to use these features. +// May introduce instability on some hardware. +// Tor compatibility - have inverted values in tor. +defaultPref("webgl.force-enabled", true); +defaultPref("layers.acceleration.force-enabled", true); + +// Pref : 2508: disable hardware acceleration to reduce graphics fingerprinting +// [SETTING] General>Performance>Custom>Use hardware acceleration when available +// [SETUP-PERF] Affects text rendering (fonts will look different) and impacts video performance. +// Parts of Quantum that utilize the GPU will also be affected as they are rolled out +// [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration +// Resolved by extension +defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] +defaultPref("layers.acceleration.disabled", false); + +// Bench Diff : 0/5000 +// Pref : +defaultPref("html5.offmainthread", true); //default true +defaultPref("layers.offmainthreadcomposition.enabled", true); +defaultPref("layers.offmainthreadcomposition.async-animations", true); +defaultPref("layers.async-video.enabled", true); + +// Bench Diff : +50/5000 +// Pref : Deprecated Active +defaultPref("browser.tabs.animate", false); + +// Pref : The impact for this one is negligible +//defaultPref("browser.download.animateNotifications", false); + +// Bench Diff : -80/5000 +// Pref : Spoof CPU Core Def 16 +// Default settings seems to be the best +//defaultPref("dom.maxHardwareConcurrency", 8); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Performance 2/5 +// Bench Diff : -800/5000 +// >>>>>>>>>>>>>>>>>>>>>> + +// Bench Diff : -500/5000 +// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. +// Garbage collection releases memory back to the system. +// Default settings seems to be the best +//lockPref("javascript.options.mem.high_water_mark", 96); + +// Bench Diff : -200/5000 +// Pref : Disable WebAssembly +// https://webassembly.org/ +// https://en.wikipedia.org/wiki/WebAssembly +// https://trac.torproject.org/projects/tor/ticket/21549 +// Solved by extension disabled here for performance +//lockPref("javascript.options.wasm", false); + +// Bench Diff : -100/5000 +// Pref : Prevent font fingerprinting +// https://browserleaks.com/fonts +// https://github.com/pyllyukko/user.js/issues/120 +// Solved by extension disabled here for performance +//lockPref("browser.display.use_document_fonts", 0); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Performance 3/5 +// Bench Diff : -1720/5000 +// >>>>>>>>>>>>>>>>>>>>>>> + +// Bench Diff : -220/5000 +// Pref : Disable webGL I/II +// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) +defaultPref("webgl.disabled", false); // Tor have it false but the rest is the same (webgl) +// This does not leak +lockPref("webgl.enable-webgl2", false); +lockPref("webgl.min_capability_mode", true); + +// Bench Diff : 0/5000 +// Pref : Disable webGL II/II +// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) +lockPref("pdfjs.enableWebGL", false); +lockPref("webgl.disable-extensions", true); +lockPref("webgl.disable-fail-if-major-performance-caveat", true); +lockPref("webgl.enable-debug-renderer-info", false); //Deprecated Active + +// Bench Diff : -1500/5000 +// Pref : Disable asm.js +// http://asmjs.org/ +// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ +// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ +// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 +// Solved by extension disabled here for performance +// Tor enforce this +//lockPref("javascript.options.asmjs", false); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Performance 4/5 +// Bench Diff : -200/5000 +// >>>>>>>>>>>>>>>>>>>>>> + +// Bench Diff : -200/5000 +// Pref : JS Shared Memory - Default false +// https://github.com/MrAlex94/Waterfox/issues/356 +lockPref("javascript.options.shared_memory", false); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Performance 5/5 +// Bench Diff : -50/5000 +// >>>>>>>>>>>>>>>>>>>>> + +// Bench Diff : -50/5000 +// Pref : 2302 : disable service workers +// Service workers essentially act as proxy servers that sit between web apps, and the browser +// and network. They are event-driven, and can control the web page/site it is associated with, +// intercepting and modifying navigation and resource requests, and caching resources. +// SW may decrease performance depending on the script that is running in background. +// So overall, disabling SW should enhance performance because it blocks SW Scripts. +// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. +// [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. +defaultPref("dom.serviceWorkers.enabled", false); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : General Settings 1/3 +// Bench Diff : +100/5000 +// >>>>>>>>>>>>>>>>>>>>>> + +// Pref : Onboarding tour disabled because of included telemetry +// This extension has already been removed. This setting is here to disable it just in case it +// comes back or for users using the script outside the bundle. +lockPref("browser.onboarding.notification.finished", true); +lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); +lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); + +// Pref : +lockPref("devtools.onboarding.telemetry.logged", false); + +// Pref : +lockPref("services.sync.engine.addresses.available", false); + +// Pref : +lockPref("browser.bookmarks.restore_default_bookmarks", false); + +// Pref : +lockPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); + +// Pref : Caching for integrated PDF +lockPref("pdfjs.enabledCache.state", false); + +// Pref : +lockPref("pref.general.disable_button.default_browser", false); +lockPref("pref.privacy.disable_button.view_passwords", false); + +// Pref : +lockPref("identity.mobilepromo.android", ""); +pref("identity.sendtabpromo.url", ""); + +// Pref : +lockPref("extensions.systemAddon.update.url", ""); + +// Pref : +lockPref("datareporting.healthreport.infoURL", ""); + +// Pref : +lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); +lockPref("browser.urlbar.searchSuggestionsChoice", false); +lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); + +// Pref : +lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); + +// Pref : +lockPref("app.feedback.baseURL", ""); + +// Pref : +lockPref("app.normandy.enabled", false); +lockPref("app.normandy.api_url", ""); +lockPref("app.normandy.first_run", false); +lockPref("app.normandy.user_id", ""); + +// Pref : +lockPref("app.releaseNotesURL", ""); + +// Pref : +lockPref("app.update.auto", false); +defaultPref("extensions.update.autoUpdateDefault", false); +lockPref("app.update.staging.enabled", false); +lockPref("app.update.silent", false); +lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); +lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); +lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); + +// Pref : +lockPref("app.vendorURL", ""); + +// Pref : +lockPref("breakpad.reportURL", ""); + +// Pref : +lockPref("browser.chrome.errorReporter.submitUrl", ""); +lockPref("browser.chrome.errorReporter.enabled", false); + +// Pref : +lockPref("browser.ping-centre.staging.endpoint", ""); +lockPref("browser.ping-centre.telemetry", false); +>>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) // ------------------------------------------------------- // # SAFE BROWSING From 1a3c869ce6e9ba15b2bdef9eba5e88fb6368d579 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 26 Apr 2021 01:25:55 +0200 Subject: [PATCH 04/37] re-organized and reviewed --- Changelog.md | 41 ++++ librewolf.cfg | 559 +++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 592 insertions(+), 8 deletions(-) diff --git a/Changelog.md b/Changelog.md index 8c0c02c..e9d3184 100755 --- a/Changelog.md +++ b/Changelog.md @@ -14,8 +14,12 @@ lockPref("browser.contentblocking.report.vpn.url", ""); lockPref("browser.contentblocking.report.vpn-promo.url", ""); lockPref("browser.contentblocking.report.vpn-ios.url", ""); lockPref("browser.contentblocking.report.vpn-android.url", ""); +<<<<<<< HEAD lockPref("browser.contentblocking.category", "custom"); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) +======= +lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway +>>>>>>> a35eb4b (re-organized and reviewed) lockPref("browser.contentblocking.cfr-milestone.enabled", false); lockPref("browser.contentblocking.database.enabled", false); lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); @@ -65,7 +69,11 @@ defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media lockPref("devtools.performance.recording.ui-base-url", ""); // Previously redirected to localhost lockPref("services.settings.security.onecrl.signer", ""); // Previously services.blocklist.onecrl.signer lockPref("browser.contentblocking.report.lockwise.howitworks.url", ""); +<<<<<<< HEAD >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) +======= +defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed +>>>>>>> a35eb4b (re-organized and reviewed) ``` #### Removed @@ -125,12 +133,16 @@ lockPref("app.productInfo.baseURL", ""); // Deprecated lockPref("devtools.webide.adbAddonURL", ""); // Deprecated lockPref("lightweightThemes.recommendedThemes", ""); // Deprecated <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> a35eb4b (re-organized and reviewed) defaultPref("media.gmp-gmpopenh264.autoupdate", false); // Adroid FF only lockPref("browser.newtabpage.activity-stream.prerender", false); // Deprecated lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // Deprecated lockPref("browser.newtabpage.activity-stream.disableSnippets", true); // Deprecated lockPref("privacy.donottrackheader.value", 1); // Deprecated defaultPref("privacy.userContext.longPressBehavior", 2); // Deprecated +<<<<<<< HEAD defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default lockPref("dom.forms.datetime", false); // Deprecated lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated @@ -424,6 +436,11 @@ lockPref("identity.fxaccounts.remote.oauth.uri", ""); lockPref("identity.fxaccounts.remote.profile.uri", ""); lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); ======= +======= +defaultPref("accessibility.typeaheadfind", false); // Already default +defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default +lockPref("dom.forms.datetime", false); // Deprecated +>>>>>>> a35eb4b (re-organized and reviewed) ``` #### Commented @@ -434,6 +451,7 @@ Active prefs that were commented in order to address them before removing them // lockPref("privacy.storagePrincipal.enabledForTrackers", false); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) +<<<<<<< HEAD // all handled by lockPref("services.settings.server", "") lockPref("services.blocklist.addons.collection", ""); lockPref("services.blocklist.plugins.collection", ""); @@ -558,6 +576,13 @@ lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false) lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); lockPref("services.sync.tabs.lastSync", "0"); +======= +// redudant with RFP and javascript.use_us_english_locale +// defaultPref("privacy.spoof_english", 2); + +// Likely deprecated +// lockPref("dom.indexedDB.enabled", true); +>>>>>>> a35eb4b (re-organized and reviewed) // useless as ui elements are not in the report page lockPref("browser.contentblocking.report.cookie.url", ""); @@ -623,11 +648,19 @@ Open points: // GEO - review to allow easier re-enabling // evaluate certificate handling (oscp, crlite, blocklist) +<<<<<<< HEAD missing from arkenfox in need of discussion: security.pki.crlite_mode -> DISCUSS security.remote_settings.crlite_filters.enabled -> DISCUSS dom.security.https_only_mode_send_http_background_request -> DISCUSS browser.download.useDownloadDir -> do we want to ask for download location each time? +======= +defaultPref("extensions.getAddons.themes.browseURL", "") + +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); +>>>>>>> a35eb4b (re-organized and reviewed) ``` ## How to... @@ -666,6 +699,7 @@ security.OCSP.enabled = 1 ``` you probably also want `security.OCSP.require = true` +<<<<<<< HEAD #### Hardened setup ``` defaultPref("javascript.options.asmjs", false); // disable asm.js @@ -673,4 +707,11 @@ defaultPref("javascript.options.wasm", false); // disable web assembly defaultPref("webgl.disabled", true); // disable webgl defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access +======= +// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI +defaultPref("network.cookie.cookieBehavior", 1); + +// What should we do with this pref +//defaultPref("network.http.sendRefererHeader", 1); +>>>>>>> a35eb4b (re-organized and reviewed) ``` \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index 496d27a..f8c45ae 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -109,6 +109,7 @@ defaultPref("general.config.filename", "librewolf.cfg"); // Bench Diff : +0/5000 // >>>>>>>>>>>>>>>>>>>>>>> +<<<<<<< HEAD // -------------------------------- // User Settings : Cookies settings // -------------------------------- @@ -122,13 +123,18 @@ lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); // ----------------------------------- // # TRACKING PROTECTION +======= + +// ----------------------------------- +// TRACKING PROTECTION +>>>>>>> a35eb4b (re-organized and reviewed) // ----------------------------------- <<<<<<< HEAD defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more ======= // set custom mode -lockPref("browser.contentblocking.category", "custom"); // Changing to other options is currently broken anyway +lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway // disabling tracking protection >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) @@ -211,14 +217,22 @@ lockPref("pref.privacy.disable_button.change_blocklist", true); lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); // ---------------------------------- +<<<<<<< HEAD // # AUTOPLAY +======= +// AUTOPLAY +>>>>>>> a35eb4b (re-organized and reviewed) // ---------------------------------- defaultPref("media.autoplay.default", 5); defaultPref("media.autoplay.blocking_policy", 2); // ----------------------------------------- +<<<<<<< HEAD // # PASSWORD MANAGER +======= +// PASSWORD MANAGER +>>>>>>> a35eb4b (re-organized and reviewed) // ----------------------------------------- lockPref("signon.rememberSignons", false); @@ -228,6 +242,7 @@ defaultPref("signon.management.page.breachAlertUrl", ""); lockPref("signon.formlessCapture.enabled", false); // -------------------------------- +<<<<<<< HEAD // # SEARCH AND URLBAR // -------------------------------- @@ -254,34 +269,93 @@ defaultPref("privacy.clearOnShutdown.cookies", false); defaultPref("privacy.clearOnShutdown.offlineApps", false); defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid accidental logout defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout +======= +// SEARCH +// -------------------------------- + +lockPref("browser.urlbar.filter.javascript", true); + +// -------------------------------- +// SANITIZING, COOKIES AND HISTORY +// -------------------------------- + +defaultPref("network.cookie.cookieBehavior", 1); // in the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI +defaultPref("network.cookie.lifetimePolicy", 2); +defaultPref("network.cookie.thirdparty.sessionOnly", true); +lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); + +// includes new cookie behavior that works with exceptions +defaultPref("privacy.clearOnShutdown.siteSettings", false); +defaultPref("privacy.clearOnShutdown.cache", true); +defaultPref("privacy.clearOnShutdown.cookies", false); +defaultPref("privacy.clearOnShutdown.downloads", true); +defaultPref("privacy.clearOnShutdown.formdata", true); +defaultPref("privacy.clearOnShutdown.history", true); +defaultPref("privacy.clearOnShutdown.offlineApps", false); +defaultPref("privacy.clearOnShutdown.sessions", true); +defaultPref("privacy.cpd.siteSettings", false); +defaultPref("privacy.cpd.downloads", true); +defaultPref("privacy.cpd.cache", true); +defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid accidental logout +defaultPref("privacy.cpd.formdata", true); +defaultPref("privacy.cpd.history", true); +defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout +defaultPref("privacy.cpd.passwords", false); +defaultPref("privacy.cpd.sessions", true); +>>>>>>> a35eb4b (re-organized and reviewed) defaultPref("privacy.sanitize.timeSpan", 0); defaultPref("browser.formfill.enable", false); defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("places.history.enabled", false); defaultPref("privacy.history.custom", true); +lockPref("browser.sessionhistory.max_entries", 20); +<<<<<<< HEAD // -------------------------------------------------------------------- // # SESSIONS +======= +// this sets a cookie jar for 3rd party origin which is the same as dFPI +// and probably redundant when 3rd party cookies are disabled +// lockPref("privacy.storagePrincipal.enabledForTrackers", false); + +// -------------------------------------------------------------------- +// SESSIONS +>>>>>>> a35eb4b (re-organized and reviewed) // -------------------------------------------------------------------- lockPref("browser.sessionstore.privacy_level", 2); lockPref("browser.sessionstore.interval", 60000); // --------------------------------- +<<<<<<< HEAD // # AUTOFILL +======= +// AUTOFILL +>>>>>>> a35eb4b (re-organized and reviewed) // --------------------------------- defaultPref("extensions.formautofill.section.enabled", false); defaultPref("extensions.formautofill.available", "off"); defaultPref("extensions.formautofill.addresses.enabled", false); +<<<<<<< HEAD +======= +defaultPref("extensions.formautofill.addresses.capture.enabled", false); +>>>>>>> a35eb4b (re-organized and reviewed) defaultPref("extensions.formautofill.creditCards.enabled", false); defaultPref("extensions.formautofill.creditCards.available", false); defaultPref("extensions.formautofill.heuristics.enabled", false); lockPref("signon.autofillForms", false); +<<<<<<< HEAD // ----------------------- // # DRM +======= +lockPref("signon.autofillForms.http", false); + +// ----------------------- +// DRM +>>>>>>> a35eb4b (re-organized and reviewed) // ----------------------- // includes new DRM implementation for easily re-enabling it @@ -293,14 +367,34 @@ defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-provider.enabled", false); defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections +<<<<<<< HEAD defaultPref("media.gmp-gmpopenh264.enabled", false); // ---------------------- // # WEBRTC +======= +defaultPref("media.gmp.trial-create.enabled", false); +defaultPref("media.gmp-gmpopenh264.enabled", false); + +// ---------------------- +// WebRTC +>>>>>>> a35eb4b (re-organized and reviewed) // ---------------------- defaultPref("media.navigator.enabled", false); defaultPref("media.peerconnection.enabled", false); +<<<<<<< HEAD +======= +defaultPref("media.navigator.video.enabled", false); +defaultPref("media.getusermedia.browser.enabled", false); +defaultPref("media.getusermedia.screensharing.enabled", false); +defaultPref("media.getusermedia.audiocapture.enabled", false); +defaultPref("media.peerconnection.use_document_iceservers", false); +defaultPref("media.peerconnection.identity.enabled", false); +defaultPref("media.peerconnection.identity.timeout", 1); // 10000 per default +defaultPref("media.peerconnection.turn.disable", true); +defaultPref("media.peerconnection.ice.tcp", false); +>>>>>>> a35eb4b (re-organized and reviewed) defaultPref("media.peerconnection.ice.default_address_only", true); defaultPref("media.peerconnection.ice.no_host", true); defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); @@ -322,7 +416,11 @@ defaultPref("media.getusermedia.screensharing.enabled", false); defaultPref("media.getusermedia.audiocapture.enabled", false); // ---------------------------- +<<<<<<< HEAD // # DNS +======= +// DNS +>>>>>>> a35eb4b (re-organized and reviewed) // ---------------------------- lockPref("network.trr.mode", 5); @@ -333,7 +431,11 @@ defaultPref("network.dns.disableIPv6", true); lockPref("network.dns.disablePrefetch", true); // ------------------------------------ +<<<<<<< HEAD // # NEW TAB PAGE +======= +// NEW TAB PAGE +>>>>>>> a35eb4b (re-organized and reviewed) // ------------------------------------ lockPref("browser.newtab.preload", false); @@ -375,6 +477,7 @@ lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnab lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); <<<<<<< HEAD +<<<<<<< HEAD lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); @@ -407,17 +510,134 @@ lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); // ------------------------------------------- // # DO NOT TRACK +======= +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); + +// ------------------------------------------- +// DO NOT TRACK +>>>>>>> a35eb4b (re-organized and reviewed) // ------------------------------------------- // Unlocked as some think it increases fingerprint, they can now disable it defaultPref("privacy.donottrackheader.enabled", true); // -------------------------------- +<<<<<<< HEAD // # DOM +======= +// DOM +>>>>>>> a35eb4b (re-organized and reviewed) // -------------------------------- lockPref("dom.disable_beforeunload", true); defaultPref("dom.disable_open_during_load", true); +<<<<<<< HEAD +======= + +// -------------------------------- +// PERMISSIONS +// -------------------------------- + +lockPref("permissions.delegation.enabled", false); +defaultPref("permissions.default.geo", 2); // unlocked as some think it increases fingerprint, they can now disable it + +// -------------------------------- +// REFERERS +// -------------------------------- + +defaultPref("network.http.referer.defaultPolicy", 2); +defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 +lockPref("network.http.referer.XOriginTrimmingPolicy", 2); +lockPref("network.http.referer.XOriginPolicy", 2); +lockPref("network.http.referer.spoofSource", false); +//defaultPref("network.http.sendRefererHeader", 1); + +// -------------------------------- +// PROXY +// -------------------------------- + +defaultPref("network.proxy.autoconfig_url", ""); +defaultPref("network.proxy.autoconfig_url.include_path", false); +defaultPref("network.proxy.socks_remote_dns", true); +defaultPref("network.proxy.socks_version", 5); + +// -------------------------------- +// MISC +// -------------------------------- + +defaultPref("browser.tabs.drawInTitlebar", true); +lockPref("browser.shell.checkDefaultBrowser", false); +defaultPref("startup.homepage_override_url", "about:blank"); +defaultPref("startup.homepage_welcome_url", "about:blank"); +defaultPref("startup.homepage_welcome_url.additional", ""); +defaultPref("privacy.userContext.ui.enabled", true); +defaultPref("privacy.userContext.enabled", true); +defaultPref("browser.aboutConfig.showWarning", false); +defaultPref("browser.download.autohideButton", false); +defaultPref("browser.ctrlTab.recentlyUsedOrder", false); +defaultPref("browser.link.open_newwindow", 3); +defaultPref("browser.link.open_newwindow.restriction", 0); +defaultPref("layout.spellcheckDefault", 2); +defaultPref("general.autoScroll", false); +defaultPref("clipboard.autocopy", false); +defaultPref("pdfjs.disabled", false); +defaultPref("pdfjs.enableScripting", false); +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); +defaultPref("browser.tabs.loadBookmarksInTabs", true); +defaultPref("devtools.debugger.remote-enabled", false); +defaultPref("devtools.chrome.enabled", false); +defaultPref("extensions.ui.experiment.hidden", false); + +// -------------------------------------- +// RFP +// -------------------------------------- + +defaultPref("privacy.resistFingerprinting", true); +defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); + +// -------------------------------------- +// LANGUAGE AND REGION +// -------------------------------------- + +//defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale +lockPref("javascript.use_us_english_locale", true); +lockPref("intl.regional_prefs.use_os_locales", false); +defaultPref("intl.locale.requested", "en-US"); +defaultPref("intl.accept_languages", "en-US, en"); + +// -------------------------------------- +// USER AGENT +// -------------------------------------- + +defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); +defaultPref("general.appname.override", "Netscape"); +defaultPref("general.appversion.override", "5.0 (Windows)"); +defaultPref("general.platform.override", "Win32"); +defaultPref("general.oscpu.override", "Windows NT 6.1"); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Ghacks-user Selection +// Bench Diff : +100/5000 +// >>>>>>>>>>>>>>>>>>>>>> + +lockPref("toolkit.coverage.endpoint.base", ""); +lockPref("toolkit.coverage.opt-out", true); +lockPref("browser.download.manager.addToRecentDocs", false); +lockPref("browser.download.hide_plugins_without_extensions", false); +lockPref("webchannel.allowObject.urlWhitelist", ""); +lockPref("browser.cache.offline.storage.enable", false); +lockPref("network.http.redirection-limit", 10); +lockPref("extensions.enabledScopes", 5); + +// Is there any reason to change the default value? +// lockPref("extensions.autoDisableScopes", 11); + +lockPref("xpinstall.whitelist.required", true); // default: true + +>>>>>>> a35eb4b (re-organized and reviewed) lockPref("dom.push.enabled", false); lockPref("dom.push.connection.enabled", false); lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" @@ -452,9 +672,15 @@ lockPref("network.http.referer.XOriginPolicy", 0); // # PROXY // -------------------------------- +<<<<<<< HEAD defaultPref("network.proxy.autoconfig_url", ""); defaultPref("network.proxy.socks_remote_dns", true); defaultPref("network.proxy.socks_version", 5); +======= + +lockPref("plugin.default.state", 1); +lockPref("plugin.defaultXpi.state", 1); +>>>>>>> a35eb4b (re-organized and reviewed) // -------------------------------------- // # HTTP(S) @@ -645,6 +871,9 @@ defaultPref("extensions.update.url", ""); // %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= // %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% +lockPref("extensions.getAddons.discovery.api_url", ""); +lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); + // Other Sync Settings - Disabling By Prevention --------------------------------------------------------- lockPref("services.sync.maxResyncs", 0); //5 @@ -739,6 +968,7 @@ lockPref("services.sync.prefs.sync.security.tls.version.min", false); //true lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); //true +lockPref("services.sync.prefs.sync.signon.rememberSignons", false); // Testing ----------------------------------------------------------------------------------------------- @@ -1112,7 +1342,7 @@ lockPref("webgl.min_capability_mode", true); // Bench Diff : 0/5000 // Pref : Disable webGL II/II // WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) -lockPref("pdfjs.enableWebGL", false); + lockPref("webgl.disable-extensions", true); lockPref("webgl.disable-fail-if-major-performance-caveat", true); lockPref("webgl.enable-debug-renderer-info", false); //Deprecated Active @@ -1174,12 +1404,6 @@ lockPref("services.sync.engine.addresses.available", false); // Pref : lockPref("browser.bookmarks.restore_default_bookmarks", false); -// Pref : -lockPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); - -// Pref : Caching for integrated PDF -lockPref("pdfjs.enabledCache.state", false); - // Pref : lockPref("pref.general.disable_button.default_browser", false); lockPref("pref.privacy.disable_button.view_passwords", false); @@ -1493,11 +1717,109 @@ lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); lockPref("security.protectionspopup.recordEventTelemetry", false); lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); +<<<<<<< HEAD lockPref("toolkit.coverage.endpoint.base", ""); lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] lockPref("toolkit.coverage.opt-out", true); lockPref("toolkit.coverage.enabled", false); lockPref("app.shield.optoutstudies.enabled", false); +======= + +// Pref : Disable right-click menu manipulation via JavaScript (disabled) +defaultPref("dom.event.contextmenu.enabled", false); + +// Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript +// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in +// JS-based web applications (Google Docs etc.) +// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled +lockPref("dom.event.clipboardevents.enabled", false); + +// Pref : Force Punycode for Internationalized Domain Names +// http://kb.mozillazine.org/Network.IDN_show_punycode +// https://www.xudongz.com/blog/2017/idn-phishing/ +// https://wiki.mozilla.org/IDN_Display_Algorithm +// https://en.wikipedia.org/wiki/IDN_homograph_attack +// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ +// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 +lockPref("network.IDN_show_punycode", true); + +// Pref : Disable Pocket +// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox +// https://github.com/pyllyukko/user.js/issues/143 +lockPref("extensions.pocket.enabled", false); +lockPref("extensions.pocket.site", ""); +lockPref("extensions.pocket.oAuthConsumerKey", ""); +lockPref("extensions.pocket.api", ""); + +// Pref : Disable downloading homepage snippets/messages from Mozilla +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content +// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service +lockPref("browser.aboutHomeSnippets.updateUrl", ""); + +// Pref : Don't reveal build ID +// Value taken from Tor Browser +// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 +// Already enforced with 'privacy.resistFingerprinting' ? +lockPref("general.buildID.override", "20100101"); +lockPref("browser.startup.homepage_override.buildID", "20100101"); + +// Pref : Disable pinging URIs specified in HTML ping= attributes +// http://kb.mozillazine.org/Browser.send_pings +lockPref("browser.send_pings", false); + +// Pref : When browser pings are enabled, only allow pinging the origin page's host +// http://kb.mozillazine.org/Browser.send_pings.require_same_host +lockPref("browser.send_pings.require_same_host", true); + +// Pref : Do not download URLs for the offline cache +// http://kb.mozillazine.org/Browser.cache.offline.enable +lockPref("browser.cache.offline.enable", false); + +/* 1007: disable media cache from writing to disk in Private Browsing + * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB */ +lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] +lockPref("media.memory_cache_max_size", 16384); + +// Pref : Disable prefetching of URLs +// http://kb.mozillazine.org/Network.prefetch-next +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F +// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, +// so the browser downloads them immediately so they can be displayed immediately when the user requests it. +lockPref("network.prefetch-next", false); + +// Pref : Disable speculative pre-connections +// Disable prefetch link on hover. +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections +// https://bugzilla.mozilla.org/show_bug.cgi?id=814169 +lockPref("network.http.speculative-parallel-limit", 0); + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : General Settings 3/3 +// Bench Diff : -40/5000 +// >>>>>>>>>>>>>>>>>>>>> + +// Pref : Disable DOM timing API +// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI +// https://www.w3.org/TR/navigation-timing/#privacy +lockPref("dom.enable_performance", false); //Deprecated Active +lockPref("dom.enable_performance_navigation_timing", false); + +// Pref : Make sure the User Timing API does not provide a new high resolution timestamp +// https://trac.torproject.org/projects/tor/ticket/16336 +// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security +lockPref("dom.enable_user_timing", false); + +// Pref : Disable Web Audio API +// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 +// Avoid fingerprinting +defaultPref("dom.webaudio.enabled", false); + +// Pref : When geolocation is enabled, don't log geolocation requests to the console +lockPref("geo.wifi.logging.enabled", false); + +// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics) +// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon +>>>>>>> a35eb4b (re-organized and reviewed) lockPref("beacon.enabled", false); lockPref("browser.ping-centre.telemetry", false); @@ -1516,9 +1838,230 @@ lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); lockPref("network.captive-portal-service.enabled", false); lockPref("captivedetect.canonicalURL", ""); +<<<<<<< HEAD // -------------------------------- // # WINDOWS // -------------------------------- +======= +lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); +lockPref("network.netlink.route.check.IPv6", "::1"); + +// Pref : Disallow NTLMv1 +// https://bugzilla.mozilla.org/show_bug.cgi?id=828183 +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); +// it is still allowed through HTTPS. +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); + +// Pref : Disable formless login capture +// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947 +lockPref("signon.formlessCapture.enabled", false); + +// Pref : Delete temporary files on exit +// https://bugzilla.mozilla.org/show_bug.cgi?id=238789 +lockPref("browser.helperApps.deleteTempFileOnExit", true); + +// Pref : Do not create screenshots of visited pages (relates to the "new tab page" feature) +// https://support.mozilla.org/en-US/questions/973320 +// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled +lockPref("browser.pagethumbnails.capturing_disabled", true); + +// - Disabled - Section ON ------------------------------------------------------------------ + +// Pref : Tor settings +// This browser is not meant for tor +// Enabling those settings for user torifying their whole connection +defaultPref("network.dns.blockDotOnion", true); +lockPref("network.http.referer.hideOnionSource", true); + +// Pref : 1603 : CROSS ORIGIN: control when to send a referer +// 0=always (default), 1=only if base domains match, 2=only if hosts match +// Can break some important site... (payment... ) +lockPref("network.http.referer.XOriginPolicy", 1); + +// Pref : Only allow TLS 1.[0-3] +lockPref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 + +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Disabled - Deprecated Active +// Deprecated settings but left active for various reasons +// Bench Diff : +0/5000 +// >>>>>>>>>>>>>>>>>>>> + +// Pref : 0516 : disable Onboarding (FF55+) +// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time +// about:home or about:newtab is opened, the onboarding overlay is injected into it +// [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] +// [1] https://wiki.mozilla.org/Firefox/Onboarding +// [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf +// [3] https://bugzilla.mozilla.org/863246#c154 +lockPref("browser.onboarding.enabled", false); // Removed in v64 //Deprecated Active + +// Pref : Disable WebIDE Web Debug Extension +// https://trac.torproject.org/projects/tor/ticket/16222 +// https://developer.mozilla.org/docs/Tools/WebIDE +lockPref("devtools.webide.autoinstallADBHelper", false); +// Replaced by "devtools.webide.autoinstallADBExtension" in 64 + +// Pref : Disable raw TCP socket support (mozTCPSocket) +// https://trac.torproject.org/projects/tor/ticket/18863 +// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ +// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket +// is only exposed to chrome ( https://trac.torproject.org/projects/tor/ticket/27268#comment:2 ) +// Not important +lockPref("dom.mozTCPSocket.enabled", false); + +// Pref : Enforce checking for Firefox updates +lockPref("app.update.enabled", false); + +// Pref : Disable bookmark backups (default: 15) +// http://kb.mozillazine.org/Browser.bookmarks.max_backups +lockPref("browser.bookmarks.max_backups", 2); + +// Pref : Disable SSDP +// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967 +lockPref("browser.casting.enabled", false); + +// Pref : +lockPref("browser.newtabpage.activity-stream.enabled", false); +lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); +lockPref("browser.newtabpage.directory.source", "data:text/plain,"); +lockPref("browser.newtabpage.enhanced", false); + +// Pref : +lockPref("browser.pocket.enabled", false); + +// Pref : Disable Heartbeat (Mozilla user rating telemetry) +// https://wiki.mozilla.org/Advocacy/heartbeat +// https://trac.torproject.org/projects/tor/ticket/19047 +lockPref("browser.selfsupport.url", ""); + +// Pref : Don't reveal build ID +// Value taken from Tor Browser +// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 +// Already enforced with 'privacy.resistFingerprinting' ? +lockPref("browser.startup.homepage_override.mstone", "ignore"); + +// Pref : Disable face detection +lockPref("camera.control.face_detection.enabled", false); + +// Pref : +lockPref("datareporting.healthreport.about.reportUrl", "data:,"); +lockPref("datareporting.healthreport.service.enabled", false); + +// Pref : +lockPref("device.sensors.enabled", false); + +// Pref : Disable WebIDE Web Debug +// https://trac.torproject.org/projects/tor/ticket/16222 +// https://developer.mozilla.org/docs/Tools/WebIDE +lockPref("devtools.webide.autoinstallFxdtAdapters", false); +lockPref("devtools.webide.adaptersAddonURL", ""); + +// Pref : Disable resource timing API +// https://www.w3.org/TR/resource-timing/#privacy-security +lockPref("dom.enable_resource_timing", false); + +// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) +// https://wiki.mozilla.org/FlyWeb +// https://wiki.mozilla.org/FlyWeb/Security_scenarios +// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit +// http://www.ghacks.net/2016/07/26/firefox-flyweb +lockPref("dom.flyweb.enabled", false); + +// Pref : +lockPref("dom.gamepad.enabled", false); + +// Pref : Disable leaking network/browser connection information via Javascript +// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) +// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API +// https://wicg.github.io/netinfo/#privacy-considerations +// https://bugzilla.mozilla.org/show_bug.cgi?id=960426 +lockPref("dom.netinfo.enabled", false); + +// Pref : 2306: disable push notifications (FF44+) +// web apps can receive messages pushed to them from a server, whether or +// not the web app is in the foreground, or even currently loaded +// [1] https://developer.mozilla.org/docs/Web/API/Push_API +lockPref("dom.push.udp.wakeupEnabled", false); //UDP Wake-up + +// Pref : Disable telephony API +// https://wiki.mozilla.org/WebAPI/Security/WebTelephony +lockPref("dom.telephony.enabled", false); + +// Pref : Disable SHIELD +// https://support.mozilla.org/en-US/kb/shield +// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 +lockPref("extensions.shield-recipe-client.enabled", false); + +// Pref : Disable Firefox Hello metrics collection +// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion +lockPref("loop.logDomains", false); + +// Pref : Disable video stats to reduce fingerprinting threat +// https://bugzilla.mozilla.org/show_bug.cgi?id=654550 +// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785 +// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065 +lockPref("media.video_stats.enabled", false); + +// Pref : WebSockets is a technology that makes it possible to open an interactive communication +// session between the user's browser and a server. (May leak IP when using proxy/VPN) +lockPref("network.websocket.enabled", false); + +// Pref : Disable Reader +// Not deprecated but useful to be located here +lockPref("reader.parse-on-load.enabled", false); + +// CIS 2.7.4 Disable Scripting of Plugins by JavaScript +// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 +lockPref("security.xpconnect.plugin.unrestricted", false); + +// Pref : +lockPref("social.directories", ""); + +// Pref : +lockPref("social.remote-install.enabled", false); + +// Pref : +lockPref("social.whitelist", ""); + +// Pref : Disable RC4 +// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security +// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 +// https://rc4.io/ +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 +lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); +lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); +lockPref("security.ssl3.rsa_rc4_128_md5", false); +lockPref("security.ssl3.rsa_rc4_128_sha", false); +lockPref("security.tls.unrestricted_rc4_fallback", false); + + + +defaultPref("xpinstall.signatures.required", true); + +// https://www.ghacks.net/2019/05/24/firefox-69-userchrome-css-and-usercontent-css-disabled-by-default/ +// might increase startup time, so keep it disabled, but modifiable by default +defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); + +// to be set for the console to work, see https://gitlab.com/librewolf-community/browser/linux/-/issues/80: +defaultPref("devtools.selfxss.count", 0); + +// enable HTTPS only mode by default +defaultPref("dom.security.https_only_mode", true); +defaultPref("dom.security.https_only_mode_ever_enabled", true); + +// JS in PDF + + + + + + + + + + +>>>>>>> a35eb4b (re-organized and reviewed) // disable links launching Windows Store [WINDOWS] lockPref("network.protocol-handler.external.ms-windows-store", false); From 2a6070ae1b561c6c7ed206da72db1e371f62c99c Mon Sep 17 00:00:00 2001 From: fxbrit Date: Tue, 27 Apr 2021 01:53:34 +0200 Subject: [PATCH 05/37] reorganized, revisited --- Changelog.md | 277 ++++++++++++ librewolf.cfg | 1165 ++++++++++++++++++++++++------------------------- 2 files changed, 842 insertions(+), 600 deletions(-) diff --git a/Changelog.md b/Changelog.md index e9d3184..a81a7ca 100755 --- a/Changelog.md +++ b/Changelog.md @@ -38,6 +38,7 @@ lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); +<<<<<<< HEAD lockPref("app.normandy.dev_mode", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); @@ -50,6 +51,29 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false); defaultPref("general.warnOnAboutConfig", false); defaultPref("network.auth.subresource-http-auth-allow", 1); defaultPref("browser.display.use_system_colors", false); +======= +defaultPref("intl.accept_languages", "en-US, en"); +lockPref("app.normandy.dev_mode", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true +lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true +lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +>>>>>>> 55c94dc (reorganized, revisited) ``` #### Modified @@ -73,10 +97,136 @@ lockPref("browser.contentblocking.report.lockwise.howitworks.url", ""); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) ======= defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed +<<<<<<< HEAD >>>>>>> a35eb4b (re-organized and reviewed) ``` #### Removed +======= +lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // services.sync.prefs.sync.browser.contentblocking.enabled +``` + +#### Removed +Lines that were commented and are now removed +``` +// Librefox Compatibility Fix +// commented out, we're setting it differently later on +// defaultPref("extensions.autoDisableScopes", 0); + +// Removing https-everywhere adding 2 librefox addons +// keep it commented out for now, until we have more recent, properly pre-installed addons +// defaultPref("extensions.enabledAddons", ...); + +//lockPref("browser.contentblocking.global-toggle.enabled", false); +//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); +//lockPref("browser.contentblocking.fastblock.ui.enabled", false); +//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); +//lockPref("browser.contentblocking.allowlist.storage.enabled", false); +//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); +//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.ui.enabled", false); +//lockPref("browser.contentblocking.enabled", false); + +//lockPref("security.ask_for_password", 2); +//lockPref("security.password_lifetime", 5); + +//defaultPref("privacy.cpd.openWindows", true); // Clear session data +//defaultPref("privacy.clearOnShutdown.openWindows", true); +//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); +//lockPref("permissions.memory_only", true); // (hidden pref) +//lockPref("browser.formfill.expire_days", 0); + +//lockPref("browser.urlbar.autoFill", false); +//lockPref("browser.urlbar.autoFill.typed", false); + +//lockPref("media.peerconnection.video.h264", true); + +//lockPref("network.proxy.autoconfig_url.include_path", false); +//lockPref("network.proxy.socks_remote_dns", true); + +//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); +//lockPref("browser.devedition.theme.enabled", true); +//lockPref("devtools.theme", "dark"); +//lockPref("browser.devedition.theme.showCustomizeButton", true); + +//defaultPref("extensions.ui.dictionary.hidden", false); +//defaultPref("extensions.ui.locale.hidden", false); + +//lockPref("dom.indexedDB.logging.details", false); //default true +//lockPref("dom.indexedDB.logging.enabled", false); //default true +//lockPref("network.http.spdy.enabled", false); +//lockPref("network.http.spdy.enabled.deps", false); +//lockPref("network.http.spdy.enabled.http2", false); +//lockPref("network.http.spdy.websockets", false); + +// lockPref("dom.IntersectionObserver.enabled", false); + +// Pref : CSP Main Settings I/II : +// Those are default values for CSP +// Those are not meant to to be uncommented +//defaultPref("security.csp.enable", true); //This is its default value +//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value +//defaultPref("security.csp.enable_violation_events", true); //This is its default value +//defaultPref("security.csp.experimentalEnabled", false); //This is its default value +//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value +// Default Content Security Policy to apply to signed contents. +//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value + +// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature +// This value is applied after the first one (just ignore this) +//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); +// Default Value : "script-src 'self'; object-src 'self';" + +// Pref :Whether or not the installed extensions should be migrated to the +// storage.local IndexedDB backend. +//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false + +// Pref : if enabled, store execution times for API calls +//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false + +// Pref : Maximum age in milliseconds of performance counters in children +// When reached, the counters are sent to the main process and +// reset, so we reduce memory footprint. +//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.1.issuerName", ""); +// Default Value +// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.2.issuerName", ""); +// Default Value +// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US + +// Pref : Manage certificates button +//lockPref("security.disable_button.openCertManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : Manage security devices button +//lockPref("security.disable_button.openDeviceManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : The impact for this one is negligible +//defaultPref("browser.download.animateNotifications", false); +// Bench Diff : -80/5000 +// Pref : Spoof CPU Core Def 16 +// Default settings seems to be the best +//defaultPref("dom.maxHardwareConcurrency", 8); +// Bench Diff : -500/5000 +// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. +// Garbage collection releases memory back to the system. +// Default settings seems to be the best +//lockPref("javascript.options.mem.high_water_mark", 96); +// Bench Diff : -100/5000 +// Pref : Prevent font fingerprinting +// https://browserleaks.com/fonts +// https://github.com/pyllyukko/user.js/issues/120 +// Solved by extension disabled here for performance +//lockPref("browser.display.use_document_fonts", 0); +``` +>>>>>>> 55c94dc (reorganized, revisited) Active prefs that were removed ``` lockPref("network.cookie.same-site.enabled", true); // Deprecated @@ -143,6 +293,7 @@ lockPref("browser.newtabpage.activity-stream.disableSnippets", true); // Depreca lockPref("privacy.donottrackheader.value", 1); // Deprecated defaultPref("privacy.userContext.longPressBehavior", 2); // Deprecated <<<<<<< HEAD +<<<<<<< HEAD defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default lockPref("dom.forms.datetime", false); // Deprecated lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated @@ -615,6 +766,74 @@ Prefs that need to be addressed and that were disabled for now // defaultPref("media.peerconnection.identity.timeout", 1); // defaultPref("media.peerconnection.turn.disable", true); // defaultPref("media.peerconnection.ice.tcp", false); +======= +defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default +lockPref("dom.forms.datetime", false); // Deprecated +lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated +lockPref("services.sync.clients.lastSync", "0"); // Deprecated +lockPref("services.sync.clients.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.enabled", false); // Deprecated +lockPref("services.sync.jpake.serverURL", ""); // Deprecated +lockPref("services.sync.migrated", true); // Deprecated +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.password", false); // Deprecated +lockPref("services.sync.serverURL", ""); // Deprecated +lockPref("services.sync.tabs.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.engine.bookmarks.buffer", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.extensions.personas.current", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.require", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.max", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.min", false); // Deprecated +lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); // Deprecated +lockPref("prio.publicKeyB", ""); // Deprecated +lockPref("prio.publicKeyA", ""); // Deprecated +lockPref("browser.chrome.errorReporter.publicKey", ""); // Deprecated +lockPref("security.insecure_password.ui.enabled", true); // Deprecated +defaultPref("network.dns.localDomains", "librefox.com"); // Doesn't make sense at all +lockPref("security.ssl.errorReporting.automatic", false); // Deprecated +lockPref("security.ssl.errorReporting.url", ""); // Deprecated +lockPref("security.ssl.errorReporting.enabled", false); // Deprecated +defaultPref("layout.frame_rate.precise", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.enabled", true); // Deprecated +defaultPref("layers.async-video.enabled", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.async-animations", true); // Default true and not important to set +defaultPref("html5.offmainthread", true); // Default true and not important to set +defaultPref("browser.tabs.animate", false); // Deprecated +lockPref("webgl.disable-extensions", true); // Deprecated +lockPref("browser.onboarding.notification.finished", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // Deprecated +lockPref("devtools.onboarding.telemetry.logged", false); // Deprecated +lockPref("pref.general.disable_button.default_browser", false); // Deprecated +lockPref("pref.privacy.disable_button.view_passwords", false); // Deprecated +lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // Deprecated +lockPref("browser.urlbar.searchSuggestionsChoice", false); // Deprecated +lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // Deprecated +lockPref("app.update.silent", false); // Deprecated +lockPref("app.vendorURL", ""); // Deprecated +lockPref("browser.chrome.errorReporter.submitUrl", ""); // Deprecated +lockPref("browser.chrome.errorReporter.enabled", false); // Deprecated +lockPref("browser.ping-centre.staging.endpoint", ""); // Deprecated +lockPref("devtools.devedition.promo.url", ""); // Deprecated +lockPref("devtools.gcli.imgurUploadURL", ""); // Deprecated +lockPref("devtools.gcli.jquerySrc", ""); // Deprecated +lockPref("devtools.gcli.underscoreSrc", ""); // Deprecated +lockPref("devtools.telemetry.supported_performance_marks", ""); // Deprecated +lockPref("dom.permissions.enabled", false); // Deprecated +lockPref("extensions.blocklist.url", ""); // Deprecated +lockPref("geo.wifi.uri", ""); // Deprecated +lockPref("geo.provider-country.network.scan", false); // Deprecated +lockPref("geo.provider-country.network.url", ""); // Deprecated +lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated +>>>>>>> 55c94dc (reorganized, revisited) ``` #### Unlocked @@ -660,7 +879,17 @@ defaultPref("extensions.getAddons.themes.browseURL", "") defaultPref("pdfjs.enableWebGL", false); defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); defaultPref("pdfjs.enabledCache.state", false); +<<<<<<< HEAD >>>>>>> a35eb4b (re-organized and reviewed) +======= + +defaultPref("alerts.showFavicons", false); // default: false + +defaultPref("security.remote_settings.intermediates.enabled", true); + +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("dom.battery.enabled", false); +>>>>>>> 55c94dc (reorganized, revisited) ``` ## How to... @@ -668,11 +897,20 @@ defaultPref("pdfjs.enabledCache.state", false); Add website to exceptions before login, both http and https link #### Enable DRM content ``` +<<<<<<< HEAD media.eme.enabled = true media.gmp-widevinecdm.visible = true media.gmp-widevinecdm.enabled = true media.gmp-provider.enabled = true media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml +======= +defaultPref("signon.management.page.breach-alerts.enabled", false); +defaultPref("signon.management.page.breachAlertUrl", ""); +defaultPref("startup.homepage_override_url", "about:blank"); +defaultPref("startup.homepage_welcome_url", "about:blank"); +defaultPref("startup.homepage_welcome_url.additional", ""); +defaultPref("identity.sendtabpromo.url", ""); +>>>>>>> 55c94dc (reorganized, revisited) ``` #### Use video conferencing ``` @@ -713,5 +951,44 @@ defaultPref("network.cookie.cookieBehavior", 1); // What should we do with this pref //defaultPref("network.http.sendRefererHeader", 1); +<<<<<<< HEAD >>>>>>> a35eb4b (re-organized and reviewed) +======= + +// could it be replaced by services.settings.security.onecrl.collection ? +lockPref("services.blocklist.onecrl.collection", ""); + +// should we consider disabling WebAssembly ? +//lockPref("javascript.options.wasm", false); + +// How much should we lock? +// MISC - check if everything should stay, re-organize +// TESTING - untouched, except two entries already addressed +// WINDOWS - untouched +// ESR - untouched +``` + +#### Commented +Prefs that need to be addressed and that were disabled for now +``` +// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant +// when 3rd party cookies are disabled +// lockPref("privacy.storagePrincipal.enabledForTrackers", false); + +// redudant with RFP and javascript.use_us_english_locale +// defaultPref("privacy.spoof_english", 2); + +// Likely deprecated +// lockPref("dom.indexedDB.enabled", true); + +// Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/ +// defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true + +// conflicting with previous prefs? +// defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] +// defaultPref("layers.acceleration.disabled", false); + +// seems to be deprecated +// lockPref("dom.registerProtocolHandler.insecure.enabled", true); +>>>>>>> 55c94dc (reorganized, revisited) ``` \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index f8c45ae..bb300e0 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1,4 +1,7 @@ <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> 55c94dc (reorganized, revisited) //---------------| // LibreWolf | //---------------| @@ -6,6 +9,12 @@ // ================================================================================================================================| // | // "Section" : Description of the settings section separated by "----" | +<<<<<<< HEAD +======= +// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance | +// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss | +// Performance can be tested here : https://chromium.github.io/octane/ | +>>>>>>> 55c94dc (reorganized, revisited) // "Pref" : Preference/Settings name and or description followed by links or documentations | // and some time explanation why the setting is commented and ignored. | // "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here | @@ -23,6 +32,7 @@ // that rely on comparing version numbers. | // | // ================================================================================================================================| +<<<<<<< HEAD ======= // --------- // LibreWolf @@ -108,6 +118,8 @@ defaultPref("general.config.filename", "librewolf.cfg"); // Section : User Settings // Bench Diff : +0/5000 // >>>>>>>>>>>>>>>>>>>>>>> +======= +>>>>>>> 55c94dc (reorganized, revisited) <<<<<<< HEAD // -------------------------------- @@ -130,6 +142,7 @@ lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); >>>>>>> a35eb4b (re-organized and reviewed) // ----------------------------------- +<<<<<<< HEAD <<<<<<< HEAD defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more ======= @@ -138,12 +151,22 @@ lockPref("browser.contentblocking.category", "custom"); // changing to other opt // disabling tracking protection >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) +======= +defaultPref("general.config.filename", "librewolf.cfg"); + +// ----------------------------------- +// TRACKING PROTECTION +// ----------------------------------- + +lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway +>>>>>>> 55c94dc (reorganized, revisited) lockPref("privacy.trackingprotection.enabled", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); lockPref("privacy.trackingprotection.socialtracking.enabled", false); lockPref("privacy.trackingprotection.cryptomining.enabled", false); lockPref("privacy.trackingprotection.fingerprinting.enabled", false); <<<<<<< HEAD +<<<<<<< HEAD lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("urlclassifier.trackingTable", ""); lockPref("browser.contentblocking.database.enabled", false); @@ -163,6 +186,8 @@ lockPref("browser.contentblocking.report.vpn.enabled", false); ======= // below are potentially useless as tracking protection is disabled +======= +>>>>>>> 55c94dc (reorganized, revisited) lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("privacy.trackingprotection.lower_network_priority", false); @@ -171,15 +196,9 @@ lockPref("telemetry.origin_telemetry_test_mode.enabled", false); lockPref("urlclassifier.trackingTable", ""); lockPref("browser.contentblocking.database.enabled", false); -// remove urls for/from tracking protection +// remove urls lockPref("browser.contentblocking.reportBreakage.url", ""); - -// hide ui elements for tracking protection -lockPref("browser.contentblocking.cfr-milestone.enabled", false); -lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); -lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); - -// remove urls for/from protection report +lockPref("privacy.trackingprotection.introURL", ""); lockPref("browser.contentblocking.report.cookie.url", ""); lockPref("browser.contentblocking.report.cryptominer.url", ""); lockPref("browser.contentblocking.report.endpoint_url", ""); @@ -200,7 +219,10 @@ lockPref("browser.contentblocking.report.vpn-promo.url", ""); lockPref("browser.contentblocking.report.vpn-ios.url", ""); lockPref("browser.contentblocking.report.vpn-android.url", ""); -// hide ui elements from protection report +// hide ui elements +lockPref("browser.contentblocking.cfr-milestone.enabled", false); +lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); lockPref("browser.contentblocking.report.hide_vpn_banner", true); lockPref("browser.contentblocking.report.show_mobile_app", false); lockPref("browser.contentblocking.report.lockwise.enabled", false); @@ -208,11 +230,11 @@ lockPref("browser.contentblocking.report.monitor.enabled", false); lockPref("browser.contentblocking.report.proxy.enabled", false); lockPref("browser.contentblocking.report.vpn.enabled", false); -// Windows only +// Windows only? lockPref("default-browser-agent.enabled", false); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -// to check, likely deprecated +// to check, could be deprecated/useless lockPref("pref.privacy.disable_button.change_blocklist", true); lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); @@ -274,6 +296,8 @@ defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid // -------------------------------- lockPref("browser.urlbar.filter.javascript", true); +lockPref("browser.urlbar.speculativeConnect.enabled", false); +lockPref("browser.search.suggest.enabled", false); // -------------------------------- // SANITIZING, COOKIES AND HISTORY @@ -377,8 +401,12 @@ defaultPref("media.gmp.trial-create.enabled", false); defaultPref("media.gmp-gmpopenh264.enabled", false); // ---------------------- +<<<<<<< HEAD // WebRTC >>>>>>> a35eb4b (re-organized and reviewed) +======= +// WEBRTC +>>>>>>> 55c94dc (reorganized, revisited) // ---------------------- defaultPref("media.navigator.enabled", false); @@ -513,6 +541,7 @@ lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); ======= lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); +lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // ------------------------------------------- // DO NOT TRACK @@ -533,7 +562,22 @@ defaultPref("privacy.donottrackheader.enabled", true); lockPref("dom.disable_beforeunload", true); defaultPref("dom.disable_open_during_load", true); <<<<<<< HEAD +<<<<<<< HEAD ======= +======= +lockPref("dom.push.enabled", false); +lockPref("dom.push.connection.enabled", false); +lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" +lockPref("dom.push.userAgentID", ""); +lockPref("dom.targetBlankNoOpener.enabled", true); +lockPref("dom.reporting.crash.enabled", false); +lockPref("dom.imagecapture.enabled", false); +lockPref("dom.disable_window_move_resize", true); +defaultPref("dom.serviceWorkers.enabled", false); +defaultPref("dom.battery.enabled", false); +lockPref("dom.popup_maximum", 4); +// lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated +>>>>>>> 55c94dc (reorganized, revisited) // -------------------------------- // PERMISSIONS @@ -562,34 +606,30 @@ defaultPref("network.proxy.autoconfig_url.include_path", false); defaultPref("network.proxy.socks_remote_dns", true); defaultPref("network.proxy.socks_version", 5); -// -------------------------------- -// MISC -// -------------------------------- +// -------------------------------------- +// HTTP(S) +// -------------------------------------- -defaultPref("browser.tabs.drawInTitlebar", true); -lockPref("browser.shell.checkDefaultBrowser", false); -defaultPref("startup.homepage_override_url", "about:blank"); -defaultPref("startup.homepage_welcome_url", "about:blank"); -defaultPref("startup.homepage_welcome_url.additional", ""); -defaultPref("privacy.userContext.ui.enabled", true); -defaultPref("privacy.userContext.enabled", true); -defaultPref("browser.aboutConfig.showWarning", false); -defaultPref("browser.download.autohideButton", false); -defaultPref("browser.ctrlTab.recentlyUsedOrder", false); -defaultPref("browser.link.open_newwindow", 3); -defaultPref("browser.link.open_newwindow.restriction", 0); -defaultPref("layout.spellcheckDefault", 2); -defaultPref("general.autoScroll", false); -defaultPref("clipboard.autocopy", false); -defaultPref("pdfjs.disabled", false); -defaultPref("pdfjs.enableScripting", false); -defaultPref("pdfjs.enableWebGL", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); -defaultPref("browser.tabs.loadBookmarksInTabs", true); -defaultPref("devtools.debugger.remote-enabled", false); -defaultPref("devtools.chrome.enabled", false); -defaultPref("extensions.ui.experiment.hidden", false); +lockPref("network.http.altsvc.enabled", false); +lockPref("network.http.altsvc.oe", false); +defaultPref("dom.security.https_only_mode", true); +defaultPref("dom.security.https_only_mode_ever_enabled", true); + +// -------------------------------------- +// TLS +// -------------------------------------- + +defaultPref("security.ssl.require_safe_negotiation", true); +lockPref("security.tls.enable_0rtt_data", false); +lockPref("security.tls.version.enable-deprecated", false); +lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos +lockPref("browser.ssl_override_behavior", 1); +lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +lockPref("security.insecure_field_warning.contextual.enabled", true); +lockPref("network.stricttransportsecurity.preloadlist", false); +lockPref("security.ssl.disable_session_identifiers", true); +lockPref("security.tls.version.fallback-limit", 3); +lockPref("security.tls.version.min", 3); // -------------------------------------- // RFP @@ -618,6 +658,7 @@ defaultPref("general.appversion.override", "5.0 (Windows)"); defaultPref("general.platform.override", "Win32"); defaultPref("general.oscpu.override", "Windows NT 6.1"); +<<<<<<< HEAD // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Ghacks-user Selection // Bench Diff : +100/5000 @@ -733,10 +774,21 @@ defaultPref("privacy.spoof_english", 2); defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" +======= +// ------------------------------------------------------- +// EXTENSIONS - check readme section "Extensions Firewall" +// ------------------------------------------------------- + +// handle default restriced domains +defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" +lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" + +>>>>>>> 55c94dc (reorganized, revisited) // disable network for the extensions // Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>> defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;"); +<<<<<<< HEAD // set extensions scopes lockPref("extensions.enabledScopes", 5); lockPref("extensions.autoDisableScopes", 11); @@ -856,8 +908,16 @@ lockPref("services.sync.addons.trustedSourceHostnames", ""); lockPref("toolkit.datacollection.infoURL", ""); lockPref("xpinstall.signatures.devInfoURL", ""); lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); +======= +// enable Content Security Policy (CSP) +lockPref("security.csp.enable", true); -// Relevant for addons and lang packs +// set extensions scopes +lockPref("extensions.enabledScopes", 5); +lockPref("extensions.autoDisableScopes", 11); +>>>>>>> 55c94dc (reorganized, revisited) + +// Relevant for addons and lang packs search defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ @@ -871,588 +931,67 @@ defaultPref("extensions.update.url", ""); // %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= // %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% +defaultPref("extensions.update.autoUpdateDefault", false); +lockPref("xpinstall.whitelist.required", true); // default: true +lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new +lockPref("extensions.webcompat-reporter.enabled", false); +defaultPref("extensions.webextensions.background-delayed-startup", true); //default true +lockPref("xpinstall.signatures.devInfoURL", ""); +lockPref("extensions.getAddons.compatOverides.url", ""); +lockPref("extensions.webapi.testing", false); // hidden prefs // default false lockPref("extensions.getAddons.discovery.api_url", ""); lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); +lockPref("extensions.systemAddon.update.url", ""); +lockPref("extensions.blocklist.detailsURL", ""); +lockPref("extensions.blocklist.itemURL", ""); +defaultPref("extensions.update.background.url", ""); +defaultPref("extensions.getAddons.showPane", false); +lockPref("extensions.webservice.discoverURL", ""); -// Other Sync Settings - Disabling By Prevention --------------------------------------------------------- -lockPref("services.sync.maxResyncs", 0); //5 -lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 -lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false -lockPref("services.sync.engine.addons", false); //true -lockPref("services.sync.engine.addresses", false); //false -lockPref("services.sync.engine.bookmarks", false); //true -lockPref("services.sync.engine.bookmarks.buffer", false); //false -lockPref("services.sync.engine.creditcards", false); //false -lockPref("services.sync.engine.creditcards.available", false); //false -lockPref("services.sync.engine.history", false); //true -lockPref("services.sync.engine.passwords", false); //true -lockPref("services.sync.engine.prefs", false); //true -lockPref("services.sync.engine.tabs", false); //true -lockPref("services.sync.log.appender.file.logOnError", false); //true -lockPref("services.sync.log.appender.file.logOnSuccess", false); //false -lockPref("services.sync.log.cryptoDebug", false); //false -lockPref("services.sync.sendVersionInfo", false); //true -lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true -lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true -lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true -lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true -lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true -lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true -lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true -lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true -lockPref("services.sync.prefs.sync.browser.search.update", false); //true -lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); //true -lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true -lockPref("services.sync.prefs.sync.browser.startup.page", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true -lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true -lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true -lockPref("services.sync.prefs.sync.extensions.personas.current", false); //true -lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true -lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true -lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true -lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); //true -lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); //true -lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true -lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true -lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true -lockPref("services.sync.prefs.sync.permissions.default.image", false); //true -lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); //true -lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); //true -lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true -lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true -lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true -lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true -lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); //true -lockPref("services.sync.prefs.sync.security.OCSP.require", false); //true -lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true -lockPref("services.sync.prefs.sync.security.tls.version.max", false); //true -lockPref("services.sync.prefs.sync.security.tls.version.min", false); //true -lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true -lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true -lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); //true -lockPref("services.sync.prefs.sync.signon.rememberSignons", false); +// Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/ +// defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true -// Testing ----------------------------------------------------------------------------------------------- +// ------------------------------------------------------- +// NORMANDY +// ------------------------------------------------------- -// Pref : Test To Make FFox Silent -lockPref("browser.chrome.errorReporter.publicKey", ""); -// Default Value -// c709cb7a2c0b4f0882fcc84a5af161ec +lockPref("app.normandy.enabled", false); +lockPref("app.normandy.api_url", ""); +lockPref("app.normandy.first_run", false); +lockPref("app.normandy.user_id", ""); +lockPref("app.normandy.shieldLearnMoreUrl", ""); +lockPref("app.normandy.dev_mode", false); -// Pref : Test To Make FFox Silent -lockPref("prio.publicKeyA", ""); -// Default Value -// 35AC1C7576C7C6EDD7FED6BCFC337B34D48CB4EE45C86BEEFB40BD8875707733 -lockPref("prio.publicKeyB", ""); -// Default Value -// 26E6674E65425B823F1F1D5F96E3BB3EF9E406EC7FBA7DEF8B08A35DD135AF50 +// -------------------------------- +// SECURITY +// -------------------------------- -// Alpha Settings Not Needed At The Moment -------------------------------------------------------------- - -// Pref : -//lockPref("urlclassifier.phishTable", ""); -// Default Value -// goog-phish-proto,test-phish-simple - -// Pref : -//lockPref("urlclassifier.passwordAllowTable", ""); -// Default Value -// goog-passwordwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadAllowTable", ""); -// Default Value -// goog-downloadwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadBlockTable", ""); -// Default Value -// goog-badbinurl-proto - -// Pref : Test To Make FFox Silent -//lockPref("security.content.signature.root_hash", ""); -// Default Value -// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.1.issuerName", ""); -// Default Value -// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.2.issuerName", ""); -// Default Value -// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US - -// Disabled ---------------------------------------------------------------------------------------------- - -// Pref : New page default sites -//lockPref("browser.newtabpage.activity-stream.default.sites", ""); -// Default Value -// https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/, -// https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Microsoft Windows -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Other webGl [WINDOWS] -lockPref("webgl.dxgl.enabled", false); - -// Pref : disable scanning for plugins [WINDOWS] -lockPref("plugin.scan.plid.all", false); - -// Pref : disable Windows jumplist [WINDOWS] -lockPref("browser.taskbar.lists.enabled", false); -lockPref("browser.taskbar.lists.frequent.enabled", false); -lockPref("browser.taskbar.lists.recent.enabled", false); -lockPref("browser.taskbar.lists.tasks.enabled", false); - -// Pref : disable Windows taskbar preview [WINDOWS] -lockPref("browser.taskbar.previews.enable", false); - -// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] -// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ -lockPref("network.protocol-handler.external.ms-windows-store", false); - -// Pref : disable background update service [WINDOWS] -// [SETTING] General>Firefox Updates>Use a background service to install updates -lockPref("app.update.service.enabled", false); - -// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) -// [1] https://bugzilla.mozilla.org/603903 -lockPref("toolkit.winRegisterApplicationRestart", false); - -// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) -// 0=disable detecting Family Safety mode and importing the root -// 1=only attempt to detect Family Safety mode (don't import the root) -// 2=detect Family Safety mode and import the root -// [1] https://trac.torproject.org/projects/tor/ticket/21686 -lockPref("security.family_safety.mode", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Firefox ESR60.x -// Deprecated Active For ESR -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Geolocation -lockPref("browser.search.countryCode", "US"); - -// Pref : Disable Mozilla telemetry/experiments -// https://wiki.mozilla.org/Platform/Features/Telemetry -// https://wiki.mozilla.org/Privacy/Reviews/Telemetry -// https://wiki.mozilla.org/Telemetry -// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry -// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 -// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry -// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html -// https://wiki.mozilla.org/Telemetry/Experiments -// https://support.mozilla.org/en-US/questions/1197144 -lockPref("experiments.activeExperiment", false); -lockPref("experiments.enabled", false); -lockPref("experiments.manifest.uri", ""); -lockPref("experiments.supported", false); - -// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+) -// [1] https://bugzilla.mozilla.org/1173171 -// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.block-remote-files", true); - -// Pref : 2613: disable JAR from opening Unsafe File Types -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.open-unsafe-types", false); - -// Pref : Disable Java NPAPI plugin -lockPref("plugin.state.java", 0); - -// Discussion at https://github.com/ghacksuserjs/ghacks-user.js/issues/743 -lockPref("trailhead.firstrun.branches", "join-privacy"); - -// Pref : 0402: enable Kinto blocklist updates (FF50+) -// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications -// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be -// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes -// [-] https://bugzilla.mozilla.org/1458917 -lockPref("services.blocklist.update_enabled", false); - -// Pref : 0503: disable "Savant" Shield study (FF61+) -// [-] https://bugzilla.mozilla.org/1457226 -lockPref("shield.savant.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 1/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Enable insecure password warnings (login forms in non-HTTPS pages) -// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ -// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 -lockPref("security.insecure_password.ui.enabled", true); - -// Pref : Show in-content login form warning UI for insecure login fields -// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 -lockPref("security.insecure_field_warning.contextual.enabled", true); - -// Pref : Disable HSTS preload list (pre-set HSTS sites list provided by Mozilla) -// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ -// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List -// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security -lockPref("network.stricttransportsecurity.preloadlist", false); - -// Pref : Disable TLS Session Tickets -// https://www.blackhat.com/us-13/briefings.html#NextGen -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf -// https://bugzilla.mozilla.org/show_bug.cgi?id=917049 -// https://bugzilla.mozilla.org/show_bug.cgi?id=967977 -// SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. -// Since the ID is unique, web servers can (and do) use it for tracking. If set to true, -// this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking -lockPref("security.ssl.disable_session_identifiers", true); - -// Pref : Blocking GD Parking Scam Site -// TODO: do we still need this? librefox.com isn't relevant anymore and this pretty much -// only tells LibreWolf to look for librefox.com locally -defaultPref("network.dns.localDomains", "librefox.com"); - -// Pref : Disable insecure TLS version fallback -// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 -// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645 -lockPref("security.tls.version.fallback-limit", 3); - -// Pref : Only allow TLS 1.2+ -// http://kb.mozillazine.org/Security.tls.version.* -lockPref("security.tls.version.min", 3); - -// enforce TLS 1.0 and 1.1 downgrades as session only -lockPref("security.tls.version.enable-deprecated", false); - -// Pref : Enfore Public Key Pinning -// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning -// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning -// "2. Strict. Pinning is always enforced." +// certs lockPref("security.cert_pinning.enforcement_level", 2); - -// Pref : Disallow SHA-1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 -// https://shattered.io/ -lockPref("security.pki.sha1_enforcement_level", 1); - -// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) -// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 -lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); - -// Pref : Pre-populate the current URL but do not pre-fetch the certificate in the -// "Add Security Exception" dialog -// http://kb.mozillazine.org/Browser.ssl_override_behavior -// https://github.com/pyllyukko/user.js/issues/210 -lockPref("browser.ssl_override_behavior", 1); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 2/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : -lockPref("security.ssl.errorReporting.automatic", false); -lockPref("security.ssl.errorReporting.url", ""); - -// Pref : Check disabled section -// OCSP leaks the visited sites. Exactly same issue as with safebrowsing. -// Stapling forces the site to prove that its certificate is good -// through the CA, so apparently nothing is leaked in this case. -// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ lockPref("security.OCSP.enabled", 0); lockPref("security.OCSP.require", false); lockPref("security.ssl.enable_ocsp_stapling", true); -// Pref : -lockPref("security.ssl.errorReporting.enabled", false); -lockPref("security.remote_settings.intermediates.enabled", true); - -// Pref : Manage certificates button -//lockPref("security.disable_button.openCertManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : Manage security devices button -//lockPref("security.disable_button.openDeviceManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : +// mixed content lockPref("security.mixed_content.upgrade_display_content", true); lockPref("security.mixed_content.block_object_subrequest", true); lockPref("security.mixed_content.block_display_content", true); lockPref("security.mixed_content.block_active_content", true); -// Pref : -lockPref("security.insecure_connection_icon.enabled", true); -lockPref("security.insecure_connection_icon.pbmode.enabled", true); -lockPref("security.insecure_connection_text.enabled", true); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 3/3 (Cipher) -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : +// ciphers +lockPref("security.pki.sha1_enforcement_level", 1); lockPref("security.ssl3.rsa_des_ede3_sha", false); lockPref("security.ssl3.rsa_aes_256_sha", false); lockPref("security.ssl3.rsa_aes_128_sha", false); - -// Pref : Disable RC4 -// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security -// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 -// https://rc4.io/ -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); - -// Pref : Disable SEED cipher -// https://en.wikipedia.org/wiki/SEED lockPref("security.ssl3.rsa_seed_sha", false); -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 1/5 -// Defaulting settings - HW Settings can be checked under about:support -// Bench Diff : +650/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : +100/5000 -// Pref : Increases animation speed. May mitigate choppy scrolling. -defaultPref("layout.frame_rate.precise", true); - -// Bench Diff : +500/5000 -// Pref : Enable Hardware Acceleration and Off Main Thread Compositing (OMTC). -// It's likely your browser is already set to use these features. -// May introduce instability on some hardware. -// Tor compatibility - have inverted values in tor. -defaultPref("webgl.force-enabled", true); -defaultPref("layers.acceleration.force-enabled", true); - -// Pref : 2508: disable hardware acceleration to reduce graphics fingerprinting -// [SETTING] General>Performance>Custom>Use hardware acceleration when available -// [SETUP-PERF] Affects text rendering (fonts will look different) and impacts video performance. -// Parts of Quantum that utilize the GPU will also be affected as they are rolled out -// [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration -// Resolved by extension -defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] -defaultPref("layers.acceleration.disabled", false); - -// Bench Diff : 0/5000 -// Pref : -defaultPref("html5.offmainthread", true); //default true -defaultPref("layers.offmainthreadcomposition.enabled", true); -defaultPref("layers.offmainthreadcomposition.async-animations", true); -defaultPref("layers.async-video.enabled", true); - -// Bench Diff : +50/5000 -// Pref : Deprecated Active -defaultPref("browser.tabs.animate", false); - -// Pref : The impact for this one is negligible -//defaultPref("browser.download.animateNotifications", false); - -// Bench Diff : -80/5000 -// Pref : Spoof CPU Core Def 16 -// Default settings seems to be the best -//defaultPref("dom.maxHardwareConcurrency", 8); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 2/5 -// Bench Diff : -800/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -500/5000 -// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. -// Garbage collection releases memory back to the system. -// Default settings seems to be the best -//lockPref("javascript.options.mem.high_water_mark", 96); - -// Bench Diff : -200/5000 -// Pref : Disable WebAssembly -// https://webassembly.org/ -// https://en.wikipedia.org/wiki/WebAssembly -// https://trac.torproject.org/projects/tor/ticket/21549 -// Solved by extension disabled here for performance -//lockPref("javascript.options.wasm", false); - -// Bench Diff : -100/5000 -// Pref : Prevent font fingerprinting -// https://browserleaks.com/fonts -// https://github.com/pyllyukko/user.js/issues/120 -// Solved by extension disabled here for performance -//lockPref("browser.display.use_document_fonts", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 3/5 -// Bench Diff : -1720/5000 -// >>>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -220/5000 -// Pref : Disable webGL I/II -// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) -defaultPref("webgl.disabled", false); // Tor have it false but the rest is the same (webgl) -// This does not leak -lockPref("webgl.enable-webgl2", false); -lockPref("webgl.min_capability_mode", true); - -// Bench Diff : 0/5000 -// Pref : Disable webGL II/II -// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) - -lockPref("webgl.disable-extensions", true); -lockPref("webgl.disable-fail-if-major-performance-caveat", true); -lockPref("webgl.enable-debug-renderer-info", false); //Deprecated Active - -// Bench Diff : -1500/5000 -// Pref : Disable asm.js -// http://asmjs.org/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ -// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 -// Solved by extension disabled here for performance -// Tor enforce this -//lockPref("javascript.options.asmjs", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 4/5 -// Bench Diff : -200/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -200/5000 -// Pref : JS Shared Memory - Default false -// https://github.com/MrAlex94/Waterfox/issues/356 -lockPref("javascript.options.shared_memory", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 5/5 -// Bench Diff : -50/5000 -// >>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -50/5000 -// Pref : 2302 : disable service workers -// Service workers essentially act as proxy servers that sit between web apps, and the browser -// and network. They are event-driven, and can control the web page/site it is associated with, -// intercepting and modifying navigation and resource requests, and caching resources. -// SW may decrease performance depending on the script that is running in background. -// So overall, disabling SW should enhance performance because it blocks SW Scripts. -// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. -// [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. -defaultPref("dom.serviceWorkers.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 1/3 -// Bench Diff : +100/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Pref : Onboarding tour disabled because of included telemetry -// This extension has already been removed. This setting is here to disable it just in case it -// comes back or for users using the script outside the bundle. -lockPref("browser.onboarding.notification.finished", true); -lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); -lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); - -// Pref : -lockPref("devtools.onboarding.telemetry.logged", false); - -// Pref : -lockPref("services.sync.engine.addresses.available", false); - -// Pref : -lockPref("browser.bookmarks.restore_default_bookmarks", false); - -// Pref : -lockPref("pref.general.disable_button.default_browser", false); -lockPref("pref.privacy.disable_button.view_passwords", false); - -// Pref : -lockPref("identity.mobilepromo.android", ""); -pref("identity.sendtabpromo.url", ""); - -// Pref : -lockPref("extensions.systemAddon.update.url", ""); - -// Pref : -lockPref("datareporting.healthreport.infoURL", ""); - -// Pref : -lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); -lockPref("browser.urlbar.searchSuggestionsChoice", false); -lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); - -// Pref : -lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); - -// Pref : -lockPref("app.feedback.baseURL", ""); - -// Pref : -lockPref("app.normandy.enabled", false); -lockPref("app.normandy.api_url", ""); -lockPref("app.normandy.first_run", false); -lockPref("app.normandy.user_id", ""); - -// Pref : -lockPref("app.releaseNotesURL", ""); - -// Pref : -lockPref("app.update.auto", false); -defaultPref("extensions.update.autoUpdateDefault", false); -lockPref("app.update.staging.enabled", false); -lockPref("app.update.silent", false); -lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); -lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); -lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); - -// Pref : -lockPref("app.vendorURL", ""); - -// Pref : -lockPref("breakpad.reportURL", ""); +// reduce breakage +defaultPref("security.remote_settings.intermediates.enabled", true); +<<<<<<< HEAD // Pref : lockPref("browser.chrome.errorReporter.submitUrl", ""); lockPref("browser.chrome.errorReporter.enabled", false); @@ -1471,6 +1010,21 @@ lockPref("browser.safebrowsing.passwords.enabled", false); lockPref("browser.safebrowsing.phishing.enabled", false); // downloads and unwanted software +======= +// ui +lockPref("security.insecure_connection_icon.enabled", true); +lockPref("security.insecure_connection_icon.pbmode.enabled", true); +lockPref("security.insecure_connection_text.enabled", true); +lockPref("security.insecure_connection_text.pbmode.enabled", true); + +// ------------------------------------------------------- +// SAFE BROWSING +// ------------------------------------------------------- + +lockPref("browser.safebrowsing.malware.enabled", false); +lockPref("browser.safebrowsing.passwords.enabled", false); +lockPref("browser.safebrowsing.phishing.enabled", false); +>>>>>>> 55c94dc (reorganized, revisited) lockPref("browser.safebrowsing.downloads.enabled", false); lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false); @@ -1478,9 +1032,14 @@ lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false); lockPref("browser.safebrowsing.downloads.remote.url", ""); +<<<<<<< HEAD // could try re-enabling some of these urls to see if it causes connections lockPref("browser.safebrowsing.id", ""); +======= +lockPref("browser.safebrowsing.id", ""); +lockPref("browser.safebrowsing.allowOverride", false); +>>>>>>> 55c94dc (reorganized, revisited) lockPref("browser.safebrowsing.blockedURIs.enabled", false); lockPref("browser.safebrowsing.provider.google4.pver", ""); lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); @@ -1517,6 +1076,7 @@ lockPref("browser.safebrowsing.provider.mozilla.nextupdatetime", ""); lockPref("browser.safebrowsing.reportPhishURL", ""); // -------------------------------- +<<<<<<< HEAD // # FONTS // -------------------------------- @@ -1662,6 +1222,273 @@ lockPref("javascript.options.shared_memory", false); // # GEO // -------------------------------- +======= +// MISC +// -------------------------------- + +lockPref("app.update.auto", false); +lockPref("app.update.staging.enabled", false); +lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); +lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); +lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); +defaultPref("browser.tabs.drawInTitlebar", true); +lockPref("browser.shell.checkDefaultBrowser", false); +lockPref("browser.shell.shortcutFavicons", false); +defaultPref("alerts.showFavicons", false); // default: false +defaultPref("startup.homepage_override_url", "about:blank"); +defaultPref("startup.homepage_welcome_url", "about:blank"); +defaultPref("startup.homepage_welcome_url.additional", ""); +lockPref("browser.startup.blankWindow", false); +defaultPref("privacy.userContext.ui.enabled", true); +defaultPref("privacy.userContext.enabled", true); +defaultPref("browser.aboutConfig.showWarning", false); +defaultPref("browser.download.autohideButton", false); +defaultPref("browser.ctrlTab.recentlyUsedOrder", false); +defaultPref("browser.link.open_newwindow", 3); +defaultPref("browser.link.open_newwindow.restriction", 0); +defaultPref("layout.spellcheckDefault", 2); +defaultPref("general.autoScroll", false); +defaultPref("clipboard.autocopy", false); +defaultPref("pdfjs.disabled", false); +defaultPref("pdfjs.enableScripting", false); +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); +defaultPref("browser.tabs.loadBookmarksInTabs", true); +defaultPref("devtools.debugger.remote-enabled", false); +defaultPref("devtools.chrome.enabled", false); +defaultPref("extensions.ui.experiment.hidden", false); +lockPref("toolkit.coverage.endpoint.base", ""); +lockPref("toolkit.coverage.opt-out", true); +lockPref("toolkit.coverage.enabled", false); +lockPref("webchannel.allowObject.urlWhitelist", ""); +lockPref("browser.download.manager.addToRecentDocs", false); +lockPref("browser.cache.offline.storage.enable", false); +lockPref("network.http.redirection-limit", 10); +lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); +lockPref("services.blocklist.onecrl.collection", ""); // could it be replaced by services.settings.security.onecrl.collection ? +lockPref("services.blocklist.addons.collection", ""); +lockPref("services.blocklist.plugins.collection", ""); +lockPref("services.blocklist.gfx.collection", ""); +lockPref("network.file.disable_unc_paths", true); // (hidden pref) +lockPref("network.gio.supported-protocols", ""); // (hidden pref) +lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); +lockPref("font.blacklist.underline_offset", ""); +lockPref("gfx.font_rendering.graphite.enabled", false); +lockPref("plugin.default.state", 1); +lockPref("plugin.defaultXpi.state", 1); +lockPref("canvas.capturestream.enabled", false); +lockPref("gfx.offscreencanvas.enabled", false); // default: false +lockPref("accessibility.force_disabled", 1); +lockPref("browser.uitour.enabled", false); +lockPref("browser.uitour.url", ""); +lockPref("middlemouse.contentLoadURL", false); +lockPref("permissions.manager.defaultsUrl", ""); +lockPref("lightweightThemes.getMoreURL", ""); +lockPref("media.decoder-doctor.new-issue-endpoint", ""); +lockPref("identity.sync.tokenserver.uri", ""); +lockPref("network.trr.confirmationNS", ""); +lockPref("browser.translation.engine", ""); // default Google +lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // default Yahoo! Mail +lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail +lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.irc.0.name", ""); +lockPref("identity.fxaccounts.remote.root", ""); +lockPref("services.settings.server", ""); +lockPref("services.blocklist.addons.signer", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.plugins.signer", ""); +lockPref("accessibility.support.url", ""); +lockPref("app.support.baseURL", ""); +lockPref("browser.chrome.errorReporter.infoURL", ""); +lockPref("browser.dictionaries.download.url", ""); +lockPref("browser.geolocation.warning.infoURL", ""); +lockPref("browser.search.searchEnginesURL", ""); +lockPref("browser.uitour.themeOrigin", ""); +lockPref("toolkit.datacollection.infoURL", ""); +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com +lockPref("browser.messaging-system.whatsNewPanel.enabled", false); +defaultPref("accessibility.typeaheadfind", false); +lockPref("browser.bookmarks.restore_default_bookmarks", false); +lockPref("identity.mobilepromo.android", ""); +lockPref("identity.mobilepromo.ios", ""); +defaultPref("identity.sendtabpromo.url", ""); +lockPref("datareporting.healthreport.infoURL", ""); +lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); +lockPref("app.feedback.baseURL", ""); +lockPref("app.releaseNotesURL", ""); +lockPref("app.releaseNotesURL.aboutDialog", ""); +lockPref("breakpad.reportURL", ""); +lockPref("browser.chrome.errorReporter.infoURL", false); +lockPref("browser.ping-centre.log", ""); +lockPref("browser.ping-centre.telemetry", false); +lockPref("captivedetect.canonicalURL", ""); +lockPref("datareporting.policy.firstRunURL", ""); +lockPref("devtools.devices.url", ""); +lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); +lockPref("identity.fxaccounts.auth.uri", ""); +lockPref("identity.fxaccounts.commands.enabled", false); +lockPref("identity.fxaccounts.remote.oauth.uri", ""); +lockPref("identity.fxaccounts.remote.profile.uri", ""); +lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); +lockPref("remote.enabled", false); +lockPref("remote.force-local", true); +lockPref("remote.log.level", "Info"); + +// -------------------------------- +// SYNC +// -------------------------------- + +lockPref("services.sync.addons.trustedSourceHostnames", ""); +lockPref("services.sync.lastversion", ""); +lockPref("services.sync.maxResyncs", 0); // 1 +lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 +lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false +lockPref("services.sync.engine.addons", false); //true +lockPref("services.sync.engine.addresses", false); //false +lockPref("services.sync.engine.addresses.available", false); +lockPref("services.sync.engine.bookmarks", false); //true +lockPref("services.sync.engine.creditcards", false); //false +lockPref("services.sync.engine.creditcards.available", false); //false +lockPref("services.sync.engine.history", false); //true +lockPref("services.sync.engine.passwords", false); //true +lockPref("services.sync.engine.prefs", false); //true +lockPref("services.sync.engine.tabs", false); //true +lockPref("services.sync.log.appender.file.logOnError", false); //true +lockPref("services.sync.log.appender.file.logOnSuccess", false); //false +lockPref("services.sync.log.cryptoDebug", false); //false +lockPref("services.sync.sendVersionInfo", false); //true +lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true +lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true +lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true +lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true +lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); //true +lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true +lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true +lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true +lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true +lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true +lockPref("services.sync.prefs.sync.browser.search.update", false); //true +lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true +lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true +lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true +lockPref("services.sync.prefs.sync.browser.startup.page", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.engines", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true +lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true +lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true +lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true +lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true +lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true +lockPref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", false); //true +lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true +lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true +lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true +lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true +lockPref("services.sync.prefs.sync.permissions.default.image", false); //true +lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true +lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true +lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true +lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true +lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true +lockPref("services.sync.prefs.sync.signon.rememberSignons", false); +lockPref("services.sync.prefs.sync.signon.management.page.breach-alerts.enabled", false); +lockPref("services.sync.prefs.sync.signon.generation.enabled", false); +lockPref("services.sync.prefs.sync.signon.autofillForms", false); +lockPref("services.sync.declinedEngines", ""); +lockPref("services.sync.globalScore", 0); +lockPref("services.sync.nextSync", 0); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); +lockPref("services.sync.tabs.lastSync", "0"); + +// -------------------------------- +// WEBGL +// -------------------------------- + +defaultPref("webgl.force-enabled", true); +defaultPref("layers.acceleration.force-enabled", true); +lockPref("webgl.enable-webgl2", false); +lockPref("webgl.min_capability_mode", true); +lockPref("webgl.disable-fail-if-major-performance-caveat", true); +lockPref("webgl.enable-debug-renderer-info", false); + +// conflicting with previous prefs? +// defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] +// defaultPref("layers.acceleration.disabled", false); + +// -------------------------------- +// JS +// -------------------------------- + +// should we consider disabling WebAssembly ? +// lockPref("javascript.options.wasm", false); + +// left as it is worth considering +// lockPref("javascript.options.asmjs", false); + +lockPref("javascript.options.shared_memory", false); + +// -------------------------------- +// GEO +// -------------------------------- + +>>>>>>> 55c94dc (reorganized, revisited) lockPref("geo.enabled", false); lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] lockPref("geo.provider.use_corelocation", false); // [MAC] @@ -1671,9 +1498,17 @@ lockPref("geo.provider.network.logging.enabled", false); lockPref("browser.region.network.url", ""); lockPref("browser.region.update.enabled", false); +<<<<<<< HEAD // -------------------------------- // # PREFETCHING // -------------------------------- +======= + +// Pref : +lockPref("layout.css.visited_links_enabled", false); +lockPref("layout.css.always-repaint-on-unvisited", false); +lockPref("layout.css.layout.css.notify-of-unvisited", false); +>>>>>>> 55c94dc (reorganized, revisited) lockPref("network.predictor.enabled", false); lockPref("network.prefetch-next", false); @@ -1697,7 +1532,23 @@ lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); lockPref("network.connectivity-service.DNSv6.domain", ""); lockPref("network.connectivity-service.DNSv4.domain", ""); +<<<<<<< HEAD // telemetry +======= +// Pref : +lockPref("plugins.crash.supportUrl", ""); + +// Pref : +lockPref("sync.enabled", false); + +// Pref : +lockPref("sync.jpake.serverURL", ""); + +// Pref : +lockPref("sync.serverURL", ""); + +// Pref : +>>>>>>> 55c94dc (reorganized, revisited) lockPref("toolkit.crashreporter.infoURL", ""); lockPref("toolkit.telemetry.archive.enabled", false); lockPref("toolkit.telemetry.updatePing.enabled", false); @@ -2046,16 +1897,130 @@ defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); // to be set for the console to work, see https://gitlab.com/librewolf-community/browser/linux/-/issues/80: defaultPref("devtools.selfxss.count", 0); -// enable HTTPS only mode by default -defaultPref("dom.security.https_only_mode", true); -defaultPref("dom.security.https_only_mode_ever_enabled", true); - -// JS in PDF +// -------------------------------- +// TESTING +// -------------------------------- + +// Pref : +//lockPref("urlclassifier.phishTable", ""); +// Default Value +// goog-phish-proto,test-phish-simple + +// Pref : +//lockPref("urlclassifier.passwordAllowTable", ""); +// Default Value +// goog-passwordwhite-proto + +// Pref : +//lockPref("urlclassifier.downloadAllowTable", ""); +// Default Value +// goog-downloadwhite-proto + +// Pref : +//lockPref("urlclassifier.downloadBlockTable", ""); +// Default Value +// goog-badbinurl-proto + +// Pref : Test To Make FFox Silent +//lockPref("security.content.signature.root_hash", ""); +// Default Value +// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E + +// -------------------------------- +// WINDOWS +// -------------------------------- + +// Pref : Other webGl [WINDOWS] +lockPref("webgl.dxgl.enabled", false); + +// Pref : disable scanning for plugins [WINDOWS] +lockPref("plugin.scan.plid.all", false); + +// Pref : disable Windows jumplist [WINDOWS] +lockPref("browser.taskbar.lists.enabled", false); +lockPref("browser.taskbar.lists.frequent.enabled", false); +lockPref("browser.taskbar.lists.recent.enabled", false); +lockPref("browser.taskbar.lists.tasks.enabled", false); + +// Pref : disable Windows taskbar preview [WINDOWS] +lockPref("browser.taskbar.previews.enable", false); + +// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] +// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ +lockPref("network.protocol-handler.external.ms-windows-store", false); + +// Pref : disable background update service [WINDOWS] +// [SETTING] General>Firefox Updates>Use a background service to install updates +lockPref("app.update.service.enabled", false); + +// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) +// [1] https://bugzilla.mozilla.org/603903 +lockPref("toolkit.winRegisterApplicationRestart", false); + +// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) +// 0=disable detecting Family Safety mode and importing the root +// 1=only attempt to detect Family Safety mode (don't import the root) +// 2=detect Family Safety mode and import the root +// [1] https://trac.torproject.org/projects/tor/ticket/21686 +lockPref("security.family_safety.mode", 0); + +// -------------------------------- +// ESR +// -------------------------------- + +// Pref : Geolocation +lockPref("browser.search.countryCode", "US"); + +// Pref : Disable Mozilla telemetry/experiments +// https://wiki.mozilla.org/Platform/Features/Telemetry +// https://wiki.mozilla.org/Privacy/Reviews/Telemetry +// https://wiki.mozilla.org/Telemetry +// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry +// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 +// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry +// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html +// https://wiki.mozilla.org/Telemetry/Experiments +// https://support.mozilla.org/en-US/questions/1197144 +lockPref("experiments.activeExperiment", false); +lockPref("experiments.enabled", false); +lockPref("experiments.manifest.uri", ""); +lockPref("experiments.supported", false); + +// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+) +// [1] https://bugzilla.mozilla.org/1173171 +// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ +// [-] https://bugzilla.mozilla.org/1427726 +lockPref("network.jar.block-remote-files", true); + +// Pref : 2613: disable JAR from opening Unsafe File Types +// [-] https://bugzilla.mozilla.org/1427726 +lockPref("network.jar.open-unsafe-types", false); + +// Pref : Disable Java NPAPI plugin +lockPref("plugin.state.java", 0); + +// Discussion at https://github.com/ghacksuserjs/ghacks-user.js/issues/743 +lockPref("trailhead.firstrun.branches", "join-privacy"); + +// Pref : 0402: enable Kinto blocklist updates (FF50+) +// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications +// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be +// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes +// [-] https://bugzilla.mozilla.org/1458917 +lockPref("services.blocklist.update_enabled", false); + +// Pref : 0503: disable "Savant" Shield study (FF61+) +// [-] https://bugzilla.mozilla.org/1457226 +lockPref("shield.savant.enabled", false); + +// Fix ESR Devtools +//lockPref("devtools.telemetry.tools.opened.version", ""); +// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} From 0ce6204b90f6faea5b4268d4af3911702918431c Mon Sep 17 00:00:00 2001 From: fxbrit Date: Tue, 27 Apr 2021 19:36:09 +0200 Subject: [PATCH 06/37] knocked out some more prefs --- Changelog.md | 42 ++++++++++ librewolf.cfg | 212 ++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 232 insertions(+), 22 deletions(-) diff --git a/Changelog.md b/Changelog.md index a81a7ca..5f71fcf 100755 --- a/Changelog.md +++ b/Changelog.md @@ -73,7 +73,11 @@ lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabl lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +<<<<<<< HEAD >>>>>>> 55c94dc (reorganized, revisited) +======= +lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); +>>>>>>> 653a6ed (knocked out some more prefs) ``` #### Modified @@ -104,6 +108,7 @@ defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.e #### Removed ======= lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // services.sync.prefs.sync.browser.contentblocking.enabled +defaultPref("layout.css.notify-of-unvisited", false); // layout.css.layout.css.notify-of-unvisited ``` #### Removed @@ -379,6 +384,7 @@ lockPref("geo.wifi.logging.enabled", false); // Deprecated lockPref("browser.search.geoSpecificDefaults.url", ""); // Deprecated lockPref("browser.search.geoSpecificDefaults", false); // Deprecated lockPref("browser.fixup.hide_user_pass", true); // Deprecated +<<<<<<< HEAD lockPref("privacy.storagePrincipal.enabledForTrackers", false); // redundant with dFPI defaultPref("layout.css.visited_links_enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1632765 defaultPref("layout.css.always-repaint-on-unvisited", false); // no benefit with RFP enabled -> https://github.com/arkenfox/user.js/issues/933 @@ -592,6 +598,8 @@ defaultPref("accessibility.typeaheadfind", false); // Already default defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default lockPref("dom.forms.datetime", false); // Deprecated >>>>>>> a35eb4b (re-organized and reviewed) +======= +>>>>>>> 653a6ed (knocked out some more prefs) ``` #### Commented @@ -889,7 +897,19 @@ defaultPref("security.remote_settings.intermediates.enabled", true); // Unlocked as some think it increases fingerprint, they can now disable it defaultPref("dom.battery.enabled", false); +<<<<<<< HEAD >>>>>>> 55c94dc (reorganized, revisited) +======= + +defaultPref("layout.css.visited_links_enabled", false); +defaultPref("layout.css.always-repaint-on-unvisited", false); +defaultPref("layout.css.notify-of-unvisited", false); + +defaultPref("browser.tabs.closeTabByDblclick", true); + +// Unlocked as known to cause breakage +defaultPref("dom.event.clipboardevents.enabled", false); +>>>>>>> 653a6ed (knocked out some more prefs) ``` ## How to... @@ -914,6 +934,7 @@ defaultPref("identity.sendtabpromo.url", ""); ``` #### Use video conferencing ``` +<<<<<<< HEAD media.peerconnection.enabled = true media.peerconnection.ice.no_host = true dom.webaudio.enabled = true @@ -936,6 +957,16 @@ extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionC security.OCSP.enabled = 1 ``` you probably also want `security.OCSP.require = true` +======= +// This should be discussed +defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); +defaultPref("general.appname.override", "Netscape"); +defaultPref("general.appversion.override", "5.0 (Windows)"); +defaultPref("general.platform.override", "Win32"); +defaultPref("general.oscpu.override", "Windows NT 6.1"); +lockPref("general.buildID.override", "20100101"); +lockPref("browser.startup.homepage_override.buildID", "20100101"); +>>>>>>> 653a6ed (knocked out some more prefs) <<<<<<< HEAD #### Hardened setup @@ -990,5 +1021,16 @@ Prefs that need to be addressed and that were disabled for now // seems to be deprecated // lockPref("dom.registerProtocolHandler.insecure.enabled", true); +<<<<<<< HEAD >>>>>>> 55c94dc (reorganized, revisited) +======= + +// apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable +// should be checked +// lockPref("browser.cache.offline.enable", false); + +// redundant with RFP +// lockPref("dom.enable_performance", false); //Deprecated Active +// lockPref("dom.enable_performance_navigation_timing", false); +>>>>>>> 653a6ed (knocked out some more prefs) ``` \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index bb300e0..12bc23a 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -265,6 +265,7 @@ lockPref("signon.formlessCapture.enabled", false); // -------------------------------- <<<<<<< HEAD +<<<<<<< HEAD // # SEARCH AND URLBAR // -------------------------------- @@ -293,11 +294,18 @@ defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid acci defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout ======= // SEARCH +======= +// SEARCH AND URLBAR +>>>>>>> 653a6ed (knocked out some more prefs) // -------------------------------- lockPref("browser.urlbar.filter.javascript", true); lockPref("browser.urlbar.speculativeConnect.enabled", false); +lockPref("browser.urlbar.trimURLs", false); lockPref("browser.search.suggest.enabled", false); +lockPref("browser.search.region", "US"); +lockPref("browser.search.geoip.url", ""); +lockPref("browser.fixup.alternate.enabled", false); // -------------------------------- // SANITIZING, COOKIES AND HISTORY @@ -335,10 +343,17 @@ defaultPref("places.history.enabled", false); defaultPref("privacy.history.custom", true); lockPref("browser.sessionhistory.max_entries", 20); +<<<<<<< HEAD <<<<<<< HEAD // -------------------------------------------------------------------- // # SESSIONS ======= +======= +defaultPref("layout.css.visited_links_enabled", false); +defaultPref("layout.css.always-repaint-on-unvisited", false); +defaultPref("layout.css.notify-of-unvisited", false); + +>>>>>>> 653a6ed (knocked out some more prefs) // this sets a cookie jar for 3rd party origin which is the same as dFPI // and probably redundant when 3rd party cookies are disabled // lockPref("privacy.storagePrincipal.enabledForTrackers", false); @@ -576,6 +591,12 @@ lockPref("dom.disable_window_move_resize", true); defaultPref("dom.serviceWorkers.enabled", false); defaultPref("dom.battery.enabled", false); lockPref("dom.popup_maximum", 4); +defaultPref("dom.event.contextmenu.enabled", false); +defaultPref("dom.event.clipboardevents.enabled", false); +defaultPref("dom.webaudio.enabled", false); +lockPref("dom.vr.enabled", false); +lockPref("dom.vibrator.enabled", false); + // lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated >>>>>>> 55c94dc (reorganized, revisited) @@ -595,6 +616,7 @@ defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: lockPref("network.http.referer.XOriginTrimmingPolicy", 2); lockPref("network.http.referer.XOriginPolicy", 2); lockPref("network.http.referer.spoofSource", false); +lockPref("network.http.referer.trimmingPolicy", 0); //defaultPref("network.http.sendRefererHeader", 1); // -------------------------------- @@ -649,7 +671,7 @@ defaultPref("intl.locale.requested", "en-US"); defaultPref("intl.accept_languages", "en-US, en"); // -------------------------------------- -// USER AGENT +// USER AGENT AND IDENTITY // -------------------------------------- defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); @@ -657,6 +679,8 @@ defaultPref("general.appname.override", "Netscape"); defaultPref("general.appversion.override", "5.0 (Windows)"); defaultPref("general.platform.override", "Win32"); defaultPref("general.oscpu.override", "Windows NT 6.1"); +lockPref("general.buildID.override", "20100101"); +lockPref("browser.startup.homepage_override.buildID", "20100101"); <<<<<<< HEAD // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> @@ -947,7 +971,9 @@ lockPref("extensions.blocklist.itemURL", ""); defaultPref("extensions.update.background.url", ""); defaultPref("extensions.getAddons.showPane", false); lockPref("extensions.webservice.discoverURL", ""); - +lockPref("webextensions.storage.sync.serverURL", ""); +lockPref("extensions.screenshots.upload-disabled", true); +defaultPref("extensions.ui.experiment.hidden", false); // Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/ // defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true @@ -1257,13 +1283,11 @@ defaultPref("pdfjs.enabledCache.state", false); defaultPref("browser.tabs.loadBookmarksInTabs", true); defaultPref("devtools.debugger.remote-enabled", false); defaultPref("devtools.chrome.enabled", false); -defaultPref("extensions.ui.experiment.hidden", false); lockPref("toolkit.coverage.endpoint.base", ""); lockPref("toolkit.coverage.opt-out", true); lockPref("toolkit.coverage.enabled", false); lockPref("webchannel.allowObject.urlWhitelist", ""); lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("browser.cache.offline.storage.enable", false); lockPref("network.http.redirection-limit", 10); lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); lockPref("services.blocklist.onecrl.collection", ""); // could it be replaced by services.settings.security.onecrl.collection ? @@ -1322,7 +1346,6 @@ lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); lockPref("app.feedback.baseURL", ""); lockPref("app.releaseNotesURL", ""); lockPref("app.releaseNotesURL.aboutDialog", ""); -lockPref("breakpad.reportURL", ""); lockPref("browser.chrome.errorReporter.infoURL", false); lockPref("browser.ping-centre.log", ""); lockPref("browser.ping-centre.telemetry", false); @@ -1338,6 +1361,21 @@ lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); lockPref("remote.enabled", false); lockPref("remote.force-local", true); lockPref("remote.log.level", "Info"); +defaultPref("browser.tabs.closeTabByDblclick", true); +lockPref("network.IDN_show_punycode", true); +lockPref("media.webspeech.recognition.enable", false); + +// -------------------------------- +// CACHE +// -------------------------------- + +lockPref("browser.cache.offline.storage.enable", false); +lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] +lockPref("media.memory_cache_max_size", 16384); + +// apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable +// should be checked +// lockPref("browser.cache.offline.enable", false); // -------------------------------- // SYNC @@ -1498,6 +1536,7 @@ lockPref("geo.provider.network.logging.enabled", false); lockPref("browser.region.network.url", ""); lockPref("browser.region.update.enabled", false); +<<<<<<< HEAD <<<<<<< HEAD // -------------------------------- // # PREFETCHING @@ -1525,6 +1564,21 @@ lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); +======= +// -------------------------------- +// PREFETCHING +// -------------------------------- + +lockPref("network.predictor.enabled", false); +lockPref("network.predictor.enable-prefetch", false); +lockPref("network.prefetch-next", false); +lockPref("network.http.speculative-parallel-limit", 0); + +// -------------------------------- +// OUTGOING CONNECTIONS +// -------------------------------- + +>>>>>>> 653a6ed (knocked out some more prefs) // connectivity service lockPref("network.connectivity-service.enabled", false); lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0"); @@ -1532,6 +1586,7 @@ lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); lockPref("network.connectivity-service.DNSv6.domain", ""); lockPref("network.connectivity-service.DNSv4.domain", ""); +<<<<<<< HEAD <<<<<<< HEAD // telemetry ======= @@ -1549,6 +1604,9 @@ lockPref("sync.serverURL", ""); // Pref : >>>>>>> 55c94dc (reorganized, revisited) +======= +// telemetry +>>>>>>> 653a6ed (knocked out some more prefs) lockPref("toolkit.crashreporter.infoURL", ""); lockPref("toolkit.telemetry.archive.enabled", false); lockPref("toolkit.telemetry.updatePing.enabled", false); @@ -1565,6 +1623,7 @@ lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); lockPref("toolkit.telemetry.unified", false); lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); +<<<<<<< HEAD lockPref("security.protectionspopup.recordEventTelemetry", false); lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); @@ -1597,30 +1656,25 @@ lockPref("network.IDN_show_punycode", true); // Pref : Disable Pocket // https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox // https://github.com/pyllyukko/user.js/issues/143 +======= +lockPref("security.protectionspopup.recordEventTelemetry", false) + +// pocket +>>>>>>> 653a6ed (knocked out some more prefs) lockPref("extensions.pocket.enabled", false); lockPref("extensions.pocket.site", ""); lockPref("extensions.pocket.oAuthConsumerKey", ""); lockPref("extensions.pocket.api", ""); -// Pref : Disable downloading homepage snippets/messages from Mozilla -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content -// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service -lockPref("browser.aboutHomeSnippets.updateUrl", ""); - -// Pref : Don't reveal build ID -// Value taken from Tor Browser -// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -// Already enforced with 'privacy.resistFingerprinting' ? -lockPref("general.buildID.override", "20100101"); -lockPref("browser.startup.homepage_override.buildID", "20100101"); - -// Pref : Disable pinging URIs specified in HTML ping= attributes -// http://kb.mozillazine.org/Browser.send_pings +lockPref("browser.discovery.enabled", false); +lockPref("browser.discovery.containers.enabled", false); +lockPref("browser.discovery.sites", ""); +lockPref("breakpad.reportURL", ""); +lockPref("datareporting.healthreport.uploadEnabled", false); +lockPref("datareporting.policy.dataSubmissionEnabled", false); lockPref("browser.send_pings", false); - -// Pref : When browser pings are enabled, only allow pinging the origin page's host -// http://kb.mozillazine.org/Browser.send_pings.require_same_host lockPref("browser.send_pings.require_same_host", true); +<<<<<<< HEAD // Pref : Do not download URLs for the offline cache // http://kb.mozillazine.org/Browser.cache.offline.enable @@ -1671,13 +1725,127 @@ lockPref("geo.wifi.logging.enabled", false); // Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics) // https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon >>>>>>> a35eb4b (re-organized and reviewed) +======= +>>>>>>> 653a6ed (knocked out some more prefs) lockPref("beacon.enabled", false); lockPref("browser.ping-centre.telemetry", false); +<<<<<<< HEAD // discovery lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); +======= + + + +// Pref : Don't monitor OS online/offline connection state +// https://trac.torproject.org/projects/tor/ticket/18945 +lockPref("network.manage-offline-status", false); + +// Pref : Set File URI Origin Policy +// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy +// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 +lockPref("security.fileuri.strict_origin_policy", true); + +// Pref : Disable SVG in OpenType fonts +// https://wiki.mozilla.org/SVGOpenTypeFonts +// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle +lockPref("gfx.font_rendering.opentype_svg.enabled", false); + +// Pref : Enable only whitelisted URL protocol handlers +// Disabling non-essential protocols breaks all interaction with custom protocols such +// as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... +// clients when clicking on links with these protocols +lockPref("network.protocol-handler.warn-external-default",true); +lockPref("network.protocol-handler.external.http",false); +lockPref("network.protocol-handler.external.https",false); +lockPref("network.protocol-handler.external.javascript",false); +lockPref("network.protocol-handler.external.moz-extension",false); +lockPref("network.protocol-handler.external.ftp",false); +lockPref("network.protocol-handler.external.file",false); +lockPref("network.protocol-handler.external.about",false); +lockPref("network.protocol-handler.external.chrome",false); +lockPref("network.protocol-handler.external.blob",false); +lockPref("network.protocol-handler.external.data",false); +lockPref("network.protocol-handler.expose-all",false); +lockPref("network.protocol-handler.expose.http",true); +lockPref("network.protocol-handler.expose.https",true); +lockPref("network.protocol-handler.expose.javascript",true); +lockPref("network.protocol-handler.expose.moz-extension",true); +lockPref("network.protocol-handler.expose.ftp",true); +lockPref("network.protocol-handler.expose.file",true); +lockPref("network.protocol-handler.expose.about",true); +lockPref("network.protocol-handler.expose.chrome",true); +lockPref("network.protocol-handler.expose.blob",true); +lockPref("network.protocol-handler.expose.data",true); + +// Pref : Ensure there is a security delay when installing add-ons (milliseconds) +// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox +// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ +lockPref("security.dialog_enable_delay", 700); + +// Pref : Opt-out of add-on metadata updates +// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ +defaultPref("extensions.getAddons.cache.enabled", false); + +// Pref : Opt-out of theme (Persona) updates +// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 +lockPref("lightweightThemes.update.enabled", false); +lockPref("lightweightThemes.persisted.headerURL", false); +lockPref("lightweightThemes.persisted.footerURL", false); + +// Pref : Disable Flash Player NPAPI plugin +// http://kb.mozillazine.org/Flash_plugin +lockPref("plugin.state.flash", 0); + +// Pref : Disable sending Flash Player crash reports +lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); + +// Pref : When Flash Player crash reports are enabled, don't send the visited URL in the crash report +lockPref("dom.ipc.plugins.reportCrashURL", false); + +// Pref : Disable Shumway (Mozilla Flash renderer) +// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway +lockPref("shumway.disabled", true); + +// Pref : Disable Gnome Shell Integration NPAPI plugin +lockPref("plugin.state.libgnome-shell-browser-plugin", 0); + +// Pref : Enable click-to-play plugin +// https://wiki.mozilla.org/Firefox/Click_To_Play +// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ +lockPref("plugins.click_to_play", true); +lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); + +// Pref : Update addons automatically +// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ +defaultPref("extensions.update.enabled", false); + +// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla +// Updated at interval defined in extensions.blocklist.interval (default: 86400) +lockPref("extensions.blocklist.enabled", false); + +// Pref : Disable system add-on updates (hidden & always-enabled add-ons from Mozilla) +lockPref("extensions.systemAddon.update.enabled", false); + +// Pref : Disable WebIDE Web Debug +// https://trac.torproject.org/projects/tor/ticket/16222 +// https://developer.mozilla.org/docs/Tools/WebIDE +lockPref("devtools.webide.enabled", false); +lockPref("devtools.webide.autoinstallADBExtension", false); // [FF64+] +lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] +lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] + +// Pref : Disable remote debugging +// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop +// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings +lockPref("devtools.debugger.force-local", true); + +// Pref : Disallow Necko to do A/B testing +// https://trac.torproject.org/projects/tor/ticket/13170 +lockPref("network.allow-experiments", false); +>>>>>>> 653a6ed (knocked out some more prefs) // crash report lockPref("breakpad.reportURL", ""); From be4116e123374025b437117fd5630d28e901c508 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 30 Apr 2021 02:38:17 +0200 Subject: [PATCH 07/37] reviewed and reorganized up to extensions --- librewolf.cfg | 144 +++++++++++++++++++++++++------------------------- 1 file changed, 73 insertions(+), 71 deletions(-) diff --git a/librewolf.cfg b/librewolf.cfg index 12bc23a..4f9c595 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -138,8 +138,12 @@ lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); ======= // ----------------------------------- +<<<<<<< HEAD // TRACKING PROTECTION >>>>>>> a35eb4b (re-organized and reviewed) +======= +// FILENAME +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // ----------------------------------- <<<<<<< HEAD @@ -234,7 +238,7 @@ lockPref("browser.contentblocking.report.vpn.enabled", false); lockPref("default-browser-agent.enabled", false); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -// to check, could be deprecated/useless +// to check, could be deprecated lockPref("pref.privacy.disable_button.change_blocklist", true); lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); @@ -278,6 +282,9 @@ lockPref("browser.fixup.alternate.enabled", false); lockPref("browser.urlbar.suggest.searches", false); lockPref("browser.search.update", false); +// to check, probably useless +lockPref("signon.storeSignons", false); + // -------------------------------- // # SANITIZING, COOKIES AND HISTORY // -------------------------------- @@ -299,6 +306,7 @@ defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid >>>>>>> 653a6ed (knocked out some more prefs) // -------------------------------- +defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); lockPref("browser.urlbar.filter.javascript", true); lockPref("browser.urlbar.speculativeConnect.enabled", false); lockPref("browser.urlbar.trimURLs", false); @@ -311,12 +319,12 @@ lockPref("browser.fixup.alternate.enabled", false); // SANITIZING, COOKIES AND HISTORY // -------------------------------- -defaultPref("network.cookie.cookieBehavior", 1); // in the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI +defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 defaultPref("network.cookie.lifetimePolicy", 2); defaultPref("network.cookie.thirdparty.sessionOnly", true); lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); -// includes new cookie behavior that works with exceptions +// includes new cookie behavior that allows to stay logged with exceptions defaultPref("privacy.clearOnShutdown.siteSettings", false); defaultPref("privacy.clearOnShutdown.cache", true); defaultPref("privacy.clearOnShutdown.cookies", false); @@ -343,6 +351,7 @@ defaultPref("places.history.enabled", false); defaultPref("privacy.history.custom", true); lockPref("browser.sessionhistory.max_entries", 20); +<<<<<<< HEAD <<<<<<< HEAD <<<<<<< HEAD // -------------------------------------------------------------------- @@ -358,6 +367,8 @@ defaultPref("layout.css.notify-of-unvisited", false); // and probably redundant when 3rd party cookies are disabled // lockPref("privacy.storagePrincipal.enabledForTrackers", false); +======= +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // -------------------------------------------------------------------- // SESSIONS >>>>>>> a35eb4b (re-organized and reviewed) @@ -406,6 +417,7 @@ defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-provider.enabled", false); defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections +<<<<<<< HEAD <<<<<<< HEAD defaultPref("media.gmp-gmpopenh264.enabled", false); @@ -413,6 +425,8 @@ defaultPref("media.gmp-gmpopenh264.enabled", false); // # WEBRTC ======= defaultPref("media.gmp.trial-create.enabled", false); +======= +>>>>>>> 7887469 (reviewed and reorganized up to extensions) defaultPref("media.gmp-gmpopenh264.enabled", false); // ---------------------- @@ -427,6 +441,7 @@ defaultPref("media.gmp-gmpopenh264.enabled", false); defaultPref("media.navigator.enabled", false); defaultPref("media.peerconnection.enabled", false); <<<<<<< HEAD +<<<<<<< HEAD ======= defaultPref("media.navigator.video.enabled", false); defaultPref("media.getusermedia.browser.enabled", false); @@ -438,6 +453,8 @@ defaultPref("media.peerconnection.identity.timeout", 1); // 10000 per default defaultPref("media.peerconnection.turn.disable", true); defaultPref("media.peerconnection.ice.tcp", false); >>>>>>> a35eb4b (re-organized and reviewed) +======= +>>>>>>> 7887469 (reviewed and reorganized up to extensions) defaultPref("media.peerconnection.ice.default_address_only", true); defaultPref("media.peerconnection.ice.no_host", true); defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); @@ -451,7 +468,11 @@ defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // defaultPref("media.peerconnection.ice.tcp", false); // ---------------------- +<<<<<<< HEAD // # SHARING +======= +// SHARING +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // ---------------------- defaultPref("media.getusermedia.browser.enabled", false); @@ -591,33 +612,36 @@ lockPref("dom.disable_window_move_resize", true); defaultPref("dom.serviceWorkers.enabled", false); defaultPref("dom.battery.enabled", false); lockPref("dom.popup_maximum", 4); -defaultPref("dom.event.contextmenu.enabled", false); defaultPref("dom.event.clipboardevents.enabled", false); defaultPref("dom.webaudio.enabled", false); lockPref("dom.vr.enabled", false); lockPref("dom.vibrator.enabled", false); +<<<<<<< HEAD // lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated >>>>>>> 55c94dc (reorganized, revisited) +======= +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // -------------------------------- // PERMISSIONS // -------------------------------- lockPref("permissions.delegation.enabled", false); defaultPref("permissions.default.geo", 2); // unlocked as some think it increases fingerprint, they can now disable it +lockPref("permissions.manager.defaultsUrl", ""); // -------------------------------- // REFERERS // -------------------------------- defaultPref("network.http.referer.defaultPolicy", 2); -defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 +defaultPref("network.http.referer.defaultPolicy.pbmode", 2); lockPref("network.http.referer.XOriginTrimmingPolicy", 2); lockPref("network.http.referer.XOriginPolicy", 2); lockPref("network.http.referer.spoofSource", false); -lockPref("network.http.referer.trimmingPolicy", 0); -//defaultPref("network.http.sendRefererHeader", 1); +lockPref("network.http.referer.trimmingPolicy", 0); +// defaultPref("network.http.sendRefererHeader", 1); // -------------------------------- // PROXY @@ -635,23 +659,25 @@ defaultPref("network.proxy.socks_version", 5); lockPref("network.http.altsvc.enabled", false); lockPref("network.http.altsvc.oe", false); defaultPref("dom.security.https_only_mode", true); -defaultPref("dom.security.https_only_mode_ever_enabled", true); +defaultPref("dom.security.https_only_mode_pbm", true); // -------------------------------------- // TLS // -------------------------------------- defaultPref("security.ssl.require_safe_negotiation", true); +lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +lockPref("security.ssl.disable_session_identifiers", true); +lockPref("browser.ssl_override_behavior", 1); lockPref("security.tls.enable_0rtt_data", false); lockPref("security.tls.version.enable-deprecated", false); -lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos -lockPref("browser.ssl_override_behavior", 1); -lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); -lockPref("security.insecure_field_warning.contextual.enabled", true); -lockPref("network.stricttransportsecurity.preloadlist", false); -lockPref("security.ssl.disable_session_identifiers", true); lockPref("security.tls.version.fallback-limit", 3); lockPref("security.tls.version.min", 3); +lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos +lockPref("security.insecure_field_warning.contextual.enabled", true); + +// to check +lockPref("network.stricttransportsecurity.preloadlist", false); // -------------------------------------- // RFP @@ -664,7 +690,7 @@ defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // LANGUAGE AND REGION // -------------------------------------- -//defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale +// defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale lockPref("javascript.use_us_english_locale", true); lockPref("intl.regional_prefs.use_os_locales", false); defaultPref("intl.locale.requested", "en-US"); @@ -674,6 +700,7 @@ defaultPref("intl.accept_languages", "en-US, en"); // USER AGENT AND IDENTITY // -------------------------------------- +// worth discussing defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); defaultPref("general.appname.override", "Netscape"); defaultPref("general.appversion.override", "5.0 (Windows)"); @@ -942,11 +969,12 @@ lockPref("extensions.autoDisableScopes", 11); >>>>>>> 55c94dc (reorganized, revisited) // Relevant for addons and lang packs search +defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% + +// other urls defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ -defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% -defaultPref("extensions.getAddons.themes.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox defaultPref("extensions.update.url", ""); // Default Value // https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= @@ -955,28 +983,34 @@ defaultPref("extensions.update.url", ""); // %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= // %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% -defaultPref("extensions.update.autoUpdateDefault", false); -lockPref("xpinstall.whitelist.required", true); // default: true -lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new -lockPref("extensions.webcompat-reporter.enabled", false); -defaultPref("extensions.webextensions.background-delayed-startup", true); //default true -lockPref("xpinstall.signatures.devInfoURL", ""); -lockPref("extensions.getAddons.compatOverides.url", ""); -lockPref("extensions.webapi.testing", false); // hidden prefs // default false +// ui +defaultPref("extensions.getAddons.showPane", false); lockPref("extensions.getAddons.discovery.api_url", ""); lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); -lockPref("extensions.systemAddon.update.url", ""); -lockPref("extensions.blocklist.detailsURL", ""); -lockPref("extensions.blocklist.itemURL", ""); +lockPref("extensions.webcompat-reporter.enabled", false); +lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new + +// background checking and updating +defaultPref("extensions.update.enabled", false); +defaultPref("extensions.update.autoUpdateDefault", false); defaultPref("extensions.update.background.url", ""); -defaultPref("extensions.getAddons.showPane", false); + +// blocklist +defaultPref("extensions.blocklist.enabled", false); +defaultPref("extensions.blocklist.detailsURL", ""); +defaultPref("extensions.blocklist.itemURL", ""); + +// system addons +lockPref("extensions.systemAddon.update.url", ""); +lockPref("extensions.systemAddon.update.enabled", false); + +lockPref("xpinstall.whitelist.required", true); // default: true +lockPref("xpinstall.signatures.devInfoURL", ""); +defaultPref("extensions.webextensions.background-delayed-startup", true); //default true +lockPref("extensions.webapi.testing", false); // hidden prefs // default false lockPref("extensions.webservice.discoverURL", ""); lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); -defaultPref("extensions.ui.experiment.hidden", false); - -// Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/ -// defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true // ------------------------------------------------------- // NORMANDY @@ -1307,7 +1341,6 @@ lockPref("accessibility.force_disabled", 1); lockPref("browser.uitour.enabled", false); lockPref("browser.uitour.url", ""); lockPref("middlemouse.contentLoadURL", false); -lockPref("permissions.manager.defaultsUrl", ""); lockPref("lightweightThemes.getMoreURL", ""); lockPref("media.decoder-doctor.new-issue-endpoint", ""); lockPref("identity.sync.tokenserver.uri", ""); @@ -1504,7 +1537,6 @@ defaultPref("layers.acceleration.force-enabled", true); lockPref("webgl.enable-webgl2", false); lockPref("webgl.min_capability_mode", true); lockPref("webgl.disable-fail-if-major-performance-caveat", true); -lockPref("webgl.enable-debug-renderer-info", false); // conflicting with previous prefs? // defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] @@ -1624,6 +1656,7 @@ lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); lockPref("toolkit.telemetry.unified", false); lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); <<<<<<< HEAD +<<<<<<< HEAD lockPref("security.protectionspopup.recordEventTelemetry", false); lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); @@ -1658,6 +1691,11 @@ lockPref("network.IDN_show_punycode", true); // https://github.com/pyllyukko/user.js/issues/143 ======= lockPref("security.protectionspopup.recordEventTelemetry", false) +======= +lockPref("security.protectionspopup.recordEventTelemetry", false); +lockPref("datareporting.healthreport.uploadEnabled", false); +lockPref("datareporting.policy.dataSubmissionEnabled", false); +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // pocket >>>>>>> 653a6ed (knocked out some more prefs) @@ -1670,8 +1708,6 @@ lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); lockPref("breakpad.reportURL", ""); -lockPref("datareporting.healthreport.uploadEnabled", false); -lockPref("datareporting.policy.dataSubmissionEnabled", false); lockPref("browser.send_pings", false); lockPref("browser.send_pings.require_same_host", true); <<<<<<< HEAD @@ -1818,17 +1854,6 @@ lockPref("plugin.state.libgnome-shell-browser-plugin", 0); lockPref("plugins.click_to_play", true); lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); -// Pref : Update addons automatically -// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ -defaultPref("extensions.update.enabled", false); - -// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla -// Updated at interval defined in extensions.blocklist.interval (default: 86400) -lockPref("extensions.blocklist.enabled", false); - -// Pref : Disable system add-on updates (hidden & always-enabled add-ons from Mozilla) -lockPref("extensions.systemAddon.update.enabled", false); - // Pref : Disable WebIDE Web Debug // https://trac.torproject.org/projects/tor/ticket/16222 // https://developer.mozilla.org/docs/Tools/WebIDE @@ -1967,19 +1992,12 @@ lockPref("camera.control.face_detection.enabled", false); lockPref("datareporting.healthreport.about.reportUrl", "data:,"); lockPref("datareporting.healthreport.service.enabled", false); -// Pref : -lockPref("device.sensors.enabled", false); - // Pref : Disable WebIDE Web Debug // https://trac.torproject.org/projects/tor/ticket/16222 // https://developer.mozilla.org/docs/Tools/WebIDE lockPref("devtools.webide.autoinstallFxdtAdapters", false); lockPref("devtools.webide.adaptersAddonURL", ""); -// Pref : Disable resource timing API -// https://www.w3.org/TR/resource-timing/#privacy-security -lockPref("dom.enable_resource_timing", false); - // Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) // https://wiki.mozilla.org/FlyWeb // https://wiki.mozilla.org/FlyWeb/Security_scenarios @@ -1987,16 +2005,6 @@ lockPref("dom.enable_resource_timing", false); // http://www.ghacks.net/2016/07/26/firefox-flyweb lockPref("dom.flyweb.enabled", false); -// Pref : -lockPref("dom.gamepad.enabled", false); - -// Pref : Disable leaking network/browser connection information via Javascript -// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) -// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API -// https://wicg.github.io/netinfo/#privacy-considerations -// https://bugzilla.mozilla.org/show_bug.cgi?id=960426 -lockPref("dom.netinfo.enabled", false); - // Pref : 2306: disable push notifications (FF44+) // web apps can receive messages pushed to them from a server, whether or // not the web app is in the foreground, or even currently loaded @@ -2016,12 +2024,6 @@ lockPref("extensions.shield-recipe-client.enabled", false); // https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion lockPref("loop.logDomains", false); -// Pref : Disable video stats to reduce fingerprinting threat -// https://bugzilla.mozilla.org/show_bug.cgi?id=654550 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065 -lockPref("media.video_stats.enabled", false); - // Pref : WebSockets is a technology that makes it possible to open an interactive communication // session between the user's browser and a server. (May leak IP when using proxy/VPN) lockPref("network.websocket.enabled", false); From aab4a2f7aa49a873664639ff1f733c8485409695 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 30 Apr 2021 02:38:27 +0200 Subject: [PATCH 08/37] added re-enabling guides --- Changelog.md | 87 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 76 insertions(+), 11 deletions(-) diff --git a/Changelog.md b/Changelog.md index 5f71fcf..c85d306 100755 --- a/Changelog.md +++ b/Changelog.md @@ -77,13 +77,22 @@ lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClic >>>>>>> 55c94dc (reorganized, revisited) ======= lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); +<<<<<<< HEAD >>>>>>> 653a6ed (knocked out some more prefs) +======= +defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); +defaultPref("dom.security.https_only_mode_pbm", true); +>>>>>>> c16522a (added re-enabling guides) ``` #### Modified Updated some present prefs to better one ``` defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 +<<<<<<< HEAD +======= +defaultPref("network.http.referer.defaultPolicy", 2); // Previously set to 3 +>>>>>>> c16522a (added re-enabling guides) lockPref("browser.cache.offline.storage.enable", false); // Previously browser.cache.offline.insecure.enable lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // Previously set to 0 lockPref("network.http.referer.XOriginPolicy", 0); // Previously set to 1 @@ -108,7 +117,6 @@ defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.e #### Removed ======= lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // services.sync.prefs.sync.browser.contentblocking.enabled -defaultPref("layout.css.notify-of-unvisited", false); // layout.css.layout.css.notify-of-unvisited ``` #### Removed @@ -385,6 +393,9 @@ lockPref("browser.search.geoSpecificDefaults.url", ""); // Deprecated lockPref("browser.search.geoSpecificDefaults", false); // Deprecated lockPref("browser.fixup.hide_user_pass", true); // Deprecated <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> c16522a (added re-enabling guides) lockPref("privacy.storagePrincipal.enabledForTrackers", false); // redundant with dFPI defaultPref("layout.css.visited_links_enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1632765 defaultPref("layout.css.always-repaint-on-unvisited", false); // no benefit with RFP enabled -> https://github.com/arkenfox/user.js/issues/933 @@ -404,6 +415,7 @@ defaultPref("extensions.ui.experiment.hidden", false); // Deprecated defaultPref("extensions.webextensions.tabhide.enabled", false); // Deprecated lockPref("dom.enable_performance", false); // conflicting with RFP lockPref("dom.enable_performance_navigation_timing", false); // conflicting with RFP +<<<<<<< HEAD lockPref("security.mixed_content.upgrade_display_content", true); // not worth having https://github.com/arkenfox/user.js/issues/754 lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // Deprecated lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // Deprecated @@ -842,6 +854,8 @@ lockPref("geo.provider-country.network.scan", false); // Deprecated lockPref("geo.provider-country.network.url", ""); // Deprecated lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated >>>>>>> 55c94dc (reorganized, revisited) +======= +>>>>>>> c16522a (added re-enabling guides) ``` #### Unlocked @@ -909,7 +923,17 @@ defaultPref("browser.tabs.closeTabByDblclick", true); // Unlocked as known to cause breakage defaultPref("dom.event.clipboardevents.enabled", false); +<<<<<<< HEAD >>>>>>> 653a6ed (knocked out some more prefs) +======= + +// already default and no reason to lock it +lockPref("network.http.referer.trimmingPolicy", 0); + +defaultPref("extensions.blocklist.enabled", false); +defaultPref("extensions.blocklist.detailsURL", ""); +defaultPref("extensions.blocklist.itemURL", ""); +>>>>>>> c16522a (added re-enabling guides) ``` ## How to... @@ -968,6 +992,7 @@ lockPref("general.buildID.override", "20100101"); lockPref("browser.startup.homepage_override.buildID", "20100101"); >>>>>>> 653a6ed (knocked out some more prefs) +<<<<<<< HEAD <<<<<<< HEAD #### Hardened setup ``` @@ -980,6 +1005,8 @@ defaultPref("dom.event.clipboardevents.enabled", false); // disable user trigger // In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI defaultPref("network.cookie.cookieBehavior", 1); +======= +>>>>>>> c16522a (added re-enabling guides) // What should we do with this pref //defaultPref("network.http.sendRefererHeader", 1); <<<<<<< HEAD @@ -993,6 +1020,11 @@ lockPref("services.blocklist.onecrl.collection", ""); //lockPref("javascript.options.wasm", false); // How much should we lock? +// How much should we care bout URLs? + +Other points: +// DRM - should we make it even easier? +// COOKIES - now using dFPI // MISC - check if everything should stay, re-organize // TESTING - untouched, except two entries already addressed // WINDOWS - untouched @@ -1002,35 +1034,68 @@ lockPref("services.blocklist.onecrl.collection", ""); #### Commented Prefs that need to be addressed and that were disabled for now ``` -// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant -// when 3rd party cookies are disabled -// lockPref("privacy.storagePrincipal.enabledForTrackers", false); - // redudant with RFP and javascript.use_us_english_locale // defaultPref("privacy.spoof_english", 2); -// Likely deprecated -// lockPref("dom.indexedDB.enabled", true); - -// Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/ -// defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true - // conflicting with previous prefs? // defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] // defaultPref("layers.acceleration.disabled", false); +<<<<<<< HEAD // seems to be deprecated // lockPref("dom.registerProtocolHandler.insecure.enabled", true); <<<<<<< HEAD >>>>>>> 55c94dc (reorganized, revisited) ======= +======= +>>>>>>> c16522a (added re-enabling guides) // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable // should be checked // lockPref("browser.cache.offline.enable", false); +<<<<<<< HEAD // redundant with RFP // lockPref("dom.enable_performance", false); //Deprecated Active // lockPref("dom.enable_performance_navigation_timing", false); >>>>>>> 653a6ed (knocked out some more prefs) +======= +// all covered by previous prefs +// defaultPref("media.navigator.video.enabled", false); +// defaultPref("media.peerconnection.use_document_iceservers", false); +// defaultPref("media.peerconnection.identity.enabled", false); +// defaultPref("media.peerconnection.identity.timeout", 1); +// defaultPref("media.peerconnection.turn.disable", true); +// defaultPref("media.peerconnection.ice.tcp", false); +``` + +## How to... +#### Stay logged +Add website to exceptions before login, both http and https link +#### Enable DRM content +``` +media.eme.enabled = true +media.gmp-widevinecdm.visible = true +media.gmp-widevinecdm.enabled = true +media.gmp-provider.enabled = true +``` +#### Use video conferencing +``` +media.peerconnection.enabled = true +media.peerconnection.ice.no_host = true +dom.webaudio.enabled = true +``` +screensharing `media.getusermedia.screensharing.enabled = true` +#### Enable addons search +``` +extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" +``` +#### Enable addons manual updates +``` +extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= +%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= +%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= +%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= +%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" +>>>>>>> c16522a (added re-enabling guides) ``` \ No newline at end of file From 6ee55717497cc4ce49ea063377935e27ef0ba4f1 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 30 Apr 2021 19:25:07 +0200 Subject: [PATCH 09/37] reorganized and improved some entries --- Changelog.md | 27 ++++++++++++- librewolf.cfg | 102 ++++++++++++++++++++++++++------------------------ 2 files changed, 79 insertions(+), 50 deletions(-) diff --git a/Changelog.md b/Changelog.md index c85d306..2953315 100755 --- a/Changelog.md +++ b/Changelog.md @@ -416,6 +416,9 @@ defaultPref("extensions.webextensions.tabhide.enabled", false); // Deprecated lockPref("dom.enable_performance", false); // conflicting with RFP lockPref("dom.enable_performance_navigation_timing", false); // conflicting with RFP <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> 4041ab1 (reorganized and improved some entries) lockPref("security.mixed_content.upgrade_display_content", true); // not worth having https://github.com/arkenfox/user.js/issues/754 lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // Deprecated lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // Deprecated @@ -429,6 +432,7 @@ lockPref("security.ssl3.rsa_des_ede3_sha", false); // known to leak and increase lockPref("security.ssl3.rsa_aes_256_sha", false); // known to leak and increase fingerprint lockPref("security.ssl3.rsa_aes_128_sha", false); // known to leak and increase fingerprint lockPref("browser.safebrowsing.allowOverride", false); // we do not have SB enabled so we don't care if the bypass button is shown +<<<<<<< HEAD defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? lockPref("services.blocklist.onecrl.collection", ""); // Deprecated lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint @@ -856,6 +860,11 @@ lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated >>>>>>> 55c94dc (reorganized, revisited) ======= >>>>>>> c16522a (added re-enabling guides) +======= +defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why? +lockPref("services.blocklist.onecrl.collection", ""); // Deprecated + +>>>>>>> 4041ab1 (reorganized and improved some entries) ``` #### Unlocked @@ -933,7 +942,14 @@ lockPref("network.http.referer.trimmingPolicy", 0); defaultPref("extensions.blocklist.enabled", false); defaultPref("extensions.blocklist.detailsURL", ""); defaultPref("extensions.blocklist.itemURL", ""); +<<<<<<< HEAD >>>>>>> c16522a (added re-enabling guides) +======= + +// someone might want to have it on for security concerns +defaultPref("security.OCSP.enabled", 0); +defaultPref("security.OCSP.require", false); +>>>>>>> 4041ab1 (reorganized and improved some entries) ``` ## How to... @@ -1097,5 +1113,14 @@ extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionC %ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" +<<<<<<< HEAD >>>>>>> c16522a (added re-enabling guides) -``` \ No newline at end of file +``` +======= +``` +#### Enable OCSP certificate checking +``` +security.OCSP.enabled = 1 +``` +you probably also want `security.OCSP.require = true` +>>>>>>> 4041ab1 (reorganized and improved some entries) diff --git a/librewolf.cfg b/librewolf.cfg index 4f9c595..3b2c844 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -660,6 +660,7 @@ lockPref("network.http.altsvc.enabled", false); lockPref("network.http.altsvc.oe", false); defaultPref("dom.security.https_only_mode", true); defaultPref("dom.security.https_only_mode_pbm", true); +lockPref("network.http.redirection-limit", 10); // -------------------------------------- // TLS @@ -685,6 +686,7 @@ lockPref("network.stricttransportsecurity.preloadlist", false); defaultPref("privacy.resistFingerprinting", true); defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); +lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing // -------------------------------------- // LANGUAGE AND REGION @@ -1027,27 +1029,18 @@ lockPref("app.normandy.dev_mode", false); // SECURITY // -------------------------------- -// certs +// certificates lockPref("security.cert_pinning.enforcement_level", 2); -lockPref("security.OCSP.enabled", 0); -lockPref("security.OCSP.require", false); +defaultPref("security.OCSP.enabled", 0); +defaultPref("security.OCSP.require", false); lockPref("security.ssl.enable_ocsp_stapling", true); +lockPref("security.pki.sha1_enforcement_level", 1); // mixed content -lockPref("security.mixed_content.upgrade_display_content", true); lockPref("security.mixed_content.block_object_subrequest", true); lockPref("security.mixed_content.block_display_content", true); lockPref("security.mixed_content.block_active_content", true); -// ciphers -lockPref("security.pki.sha1_enforcement_level", 1); -lockPref("security.ssl3.rsa_des_ede3_sha", false); -lockPref("security.ssl3.rsa_aes_256_sha", false); -lockPref("security.ssl3.rsa_aes_128_sha", false); -lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); -lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); -lockPref("security.ssl3.rsa_seed_sha", false); - // reduce breakage defaultPref("security.remote_settings.intermediates.enabled", true); @@ -1084,7 +1077,12 @@ lockPref("security.insecure_connection_text.pbmode.enabled", true); lockPref("browser.safebrowsing.malware.enabled", false); lockPref("browser.safebrowsing.passwords.enabled", false); lockPref("browser.safebrowsing.phishing.enabled", false); +<<<<<<< HEAD >>>>>>> 55c94dc (reorganized, revisited) +======= + +// downloads and unwanted software +>>>>>>> 4041ab1 (reorganized and improved some entries) lockPref("browser.safebrowsing.downloads.enabled", false); lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false); @@ -1093,6 +1091,7 @@ lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", fal lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false); lockPref("browser.safebrowsing.downloads.remote.url", ""); <<<<<<< HEAD +<<<<<<< HEAD // could try re-enabling some of these urls to see if it causes connections lockPref("browser.safebrowsing.id", ""); @@ -1100,6 +1099,11 @@ lockPref("browser.safebrowsing.id", ""); lockPref("browser.safebrowsing.id", ""); lockPref("browser.safebrowsing.allowOverride", false); >>>>>>> 55c94dc (reorganized, revisited) +======= + +// could try re-enabling some of these urls to see if it causes connections +lockPref("browser.safebrowsing.id", ""); +>>>>>>> 4041ab1 (reorganized and improved some entries) lockPref("browser.safebrowsing.blockedURIs.enabled", false); lockPref("browser.safebrowsing.provider.google4.pver", ""); lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); @@ -1286,48 +1290,45 @@ lockPref("javascript.options.shared_memory", false); // MISC // -------------------------------- -lockPref("app.update.auto", false); -lockPref("app.update.staging.enabled", false); -lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); -lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); -lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); +// ui defaultPref("browser.tabs.drawInTitlebar", true); -lockPref("browser.shell.checkDefaultBrowser", false); +defaultPref("browser.aboutConfig.showWarning", false); +defaultPref("browser.download.autohideButton", false); +defaultPref("privacy.userContext.ui.enabled", true); + +// more important stuff lockPref("browser.shell.shortcutFavicons", false); -defaultPref("alerts.showFavicons", false); // default: false +defaultPref("alerts.showFavicons", false); +defaultPref("browser.link.open_newwindow", 3); +defaultPref("browser.link.open_newwindow.restriction", 0); +lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); + +// settings +lockPref("browser.shell.checkDefaultBrowser", false); defaultPref("startup.homepage_override_url", "about:blank"); defaultPref("startup.homepage_welcome_url", "about:blank"); defaultPref("startup.homepage_welcome_url.additional", ""); -lockPref("browser.startup.blankWindow", false); -defaultPref("privacy.userContext.ui.enabled", true); defaultPref("privacy.userContext.enabled", true); -defaultPref("browser.aboutConfig.showWarning", false); -defaultPref("browser.download.autohideButton", false); -defaultPref("browser.ctrlTab.recentlyUsedOrder", false); -defaultPref("browser.link.open_newwindow", 3); -defaultPref("browser.link.open_newwindow.restriction", 0); defaultPref("layout.spellcheckDefault", 2); defaultPref("general.autoScroll", false); defaultPref("clipboard.autocopy", false); +defaultPref("browser.tabs.loadBookmarksInTabs", true); +lockPref("browser.download.manager.addToRecentDocs", false); +lockPref("webchannel.allowObject.urlWhitelist", ""); + +// pdf reader defaultPref("pdfjs.disabled", false); defaultPref("pdfjs.enableScripting", false); defaultPref("pdfjs.enableWebGL", false); defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); defaultPref("pdfjs.enabledCache.state", false); -defaultPref("browser.tabs.loadBookmarksInTabs", true); + defaultPref("devtools.debugger.remote-enabled", false); defaultPref("devtools.chrome.enabled", false); -lockPref("toolkit.coverage.endpoint.base", ""); -lockPref("toolkit.coverage.opt-out", true); -lockPref("toolkit.coverage.enabled", false); -lockPref("webchannel.allowObject.urlWhitelist", ""); -lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("network.http.redirection-limit", 10); -lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); -lockPref("services.blocklist.onecrl.collection", ""); // could it be replaced by services.settings.security.onecrl.collection ? lockPref("services.blocklist.addons.collection", ""); lockPref("services.blocklist.plugins.collection", ""); lockPref("services.blocklist.gfx.collection", ""); + lockPref("network.file.disable_unc_paths", true); // (hidden pref) lockPref("network.gio.supported-protocols", ""); // (hidden pref) lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); @@ -1610,7 +1611,17 @@ lockPref("network.http.speculative-parallel-limit", 0); // OUTGOING CONNECTIONS // -------------------------------- +<<<<<<< HEAD >>>>>>> 653a6ed (knocked out some more prefs) +======= +// updates +lockPref("app.update.auto", false); +lockPref("app.update.staging.enabled", false); +lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); +lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); +lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); + +>>>>>>> 4041ab1 (reorganized and improved some entries) // connectivity service lockPref("network.connectivity-service.enabled", false); lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0"); @@ -1661,6 +1672,7 @@ lockPref("security.protectionspopup.recordEventTelemetry", false); lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); <<<<<<< HEAD +<<<<<<< HEAD lockPref("toolkit.coverage.endpoint.base", ""); lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] lockPref("toolkit.coverage.opt-out", true); @@ -1696,6 +1708,11 @@ lockPref("security.protectionspopup.recordEventTelemetry", false); lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); >>>>>>> 7887469 (reviewed and reorganized up to extensions) +======= +lockPref("toolkit.coverage.endpoint.base", ""); +lockPref("toolkit.coverage.opt-out", true); +lockPref("toolkit.coverage.enabled", false); +>>>>>>> 4041ab1 (reorganized and improved some entries) // pocket >>>>>>> 653a6ed (knocked out some more prefs) @@ -2045,19 +2062,6 @@ lockPref("social.remote-install.enabled", false); // Pref : lockPref("social.whitelist", ""); -// Pref : Disable RC4 -// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security -// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 -// https://rc4.io/ -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 -lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); -lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); -lockPref("security.ssl3.rsa_rc4_128_md5", false); -lockPref("security.ssl3.rsa_rc4_128_sha", false); -lockPref("security.tls.unrestricted_rc4_fallback", false); - - - defaultPref("xpinstall.signatures.required", true); // https://www.ghacks.net/2019/05/24/firefox-69-userchrome-css-and-usercontent-css-disabled-by-default/ From d1eecc122648d3e759f8515b1a21a2a552a40d61 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Sat, 1 May 2021 14:56:11 +0200 Subject: [PATCH 10/37] updated and started editing external protocols --- Changelog.md | 18 ++++- librewolf.cfg | 204 +++++++++++++++++++++++++++++--------------------- 2 files changed, 137 insertions(+), 85 deletions(-) diff --git a/Changelog.md b/Changelog.md index 2953315..4292d04 100755 --- a/Changelog.md +++ b/Changelog.md @@ -433,6 +433,7 @@ lockPref("security.ssl3.rsa_aes_256_sha", false); // known to leak and increase lockPref("security.ssl3.rsa_aes_128_sha", false); // known to leak and increase fingerprint lockPref("browser.safebrowsing.allowOverride", false); // we do not have SB enabled so we don't care if the bypass button is shown <<<<<<< HEAD +<<<<<<< HEAD defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? lockPref("services.blocklist.onecrl.collection", ""); // Deprecated lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint @@ -865,6 +866,16 @@ defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why? lockPref("services.blocklist.onecrl.collection", ""); // Deprecated >>>>>>> 4041ab1 (reorganized and improved some entries) +======= +defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? +lockPref("services.blocklist.onecrl.collection", ""); // Deprecated +lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint +lockPref("plugin.defaultXpi.state", 1); // Deprecated +lockPref("remote.log.level", "Info"); // already default and not important in any way +lockPref("webgl.min_capability_mode", true); // small to no gain according to arkenfox and TOR, breaks websites on the other side +lockPref("network.protocol-handler.external.http",false); // Deprecated or not existent +lockPref("network.protocol-handler.external.https",false); // Deprecated or not existent +>>>>>>> 8b7a898 (updated and started editing external protocols) ``` #### Unlocked @@ -1041,10 +1052,12 @@ lockPref("services.blocklist.onecrl.collection", ""); Other points: // DRM - should we make it even easier? // COOKIES - now using dFPI -// MISC - check if everything should stay, re-organize // TESTING - untouched, except two entries already addressed // WINDOWS - untouched // ESR - untouched +// MISC - check if fxaccounts need their pref +// SYNC - does it need to exist given that fxaccounts are off? +// SB - make re-enabling easier, test connections ``` #### Commented @@ -1053,6 +1066,7 @@ Prefs that need to be addressed and that were disabled for now // redudant with RFP and javascript.use_us_english_locale // defaultPref("privacy.spoof_english", 2); +<<<<<<< HEAD // conflicting with previous prefs? // defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] // defaultPref("layers.acceleration.disabled", false); @@ -1066,6 +1080,8 @@ Prefs that need to be addressed and that were disabled for now ======= >>>>>>> c16522a (added re-enabling guides) +======= +>>>>>>> 8b7a898 (updated and started editing external protocols) // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable // should be checked // lockPref("browser.cache.offline.enable", false); diff --git a/librewolf.cfg b/librewolf.cfg index 3b2c844..770c928 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1013,6 +1013,7 @@ lockPref("extensions.webapi.testing", false); // hidden prefs // default false lockPref("extensions.webservice.discoverURL", ""); lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); +lockPref("lightweightThemes.getMoreURL", ""); // ------------------------------------------------------- // NORMANDY @@ -1141,6 +1142,7 @@ lockPref("browser.safebrowsing.reportPhishURL", ""); // -------------------------------- <<<<<<< HEAD +<<<<<<< HEAD // # FONTS // -------------------------------- @@ -1288,13 +1290,17 @@ lockPref("javascript.options.shared_memory", false); ======= // MISC +======= +// FONTS +>>>>>>> 8b7a898 (updated and started editing external protocols) // -------------------------------- -// ui -defaultPref("browser.tabs.drawInTitlebar", true); -defaultPref("browser.aboutConfig.showWarning", false); -defaultPref("browser.download.autohideButton", false); -defaultPref("privacy.userContext.ui.enabled", true); +lockPref("gfx.font_rendering.graphite.enabled", false); +lockPref("gfx.font_rendering.opentype_svg.enabled", false); + +// -------------------------------- +// MISC +// -------------------------------- // more important stuff lockPref("browser.shell.shortcutFavicons", false); @@ -1302,9 +1308,43 @@ defaultPref("alerts.showFavicons", false); defaultPref("browser.link.open_newwindow", 3); defaultPref("browser.link.open_newwindow.restriction", 0); lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); +lockPref("network.file.disable_unc_paths", true); // (hidden pref) +lockPref("network.gio.supported-protocols", ""); // (hidden pref) +lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); +lockPref("plugin.default.state", 1); +lockPref("gfx.offscreencanvas.enabled", false); // default: false +lockPref("canvas.capturestream.enabled", false); +lockPref("network.IDN_show_punycode", true); +lockPref("security.fileuri.strict_origin_policy", true); -// settings +// fxaccount, to check +lockPref("identity.fxaccounts.remote.root", ""); +lockPref("identity.fxaccounts.auth.uri", ""); +lockPref("identity.fxaccounts.commands.enabled", false); +lockPref("identity.fxaccounts.remote.oauth.uri", ""); +lockPref("identity.fxaccounts.remote.profile.uri", ""); +lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); + +// pocket +lockPref("extensions.pocket.enabled", false); +lockPref("extensions.pocket.site", ""); +lockPref("extensions.pocket.oAuthConsumerKey", ""); +lockPref("extensions.pocket.api", ""); + +// pdf reader +defaultPref("pdfjs.disabled", false); +defaultPref("pdfjs.enableScripting", false); +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); + +// remote agent +lockPref("remote.enabled", false); +lockPref("remote.force-local", true); + +// settings and behavior lockPref("browser.shell.checkDefaultBrowser", false); +lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); defaultPref("startup.homepage_override_url", "about:blank"); defaultPref("startup.homepage_welcome_url", "about:blank"); defaultPref("startup.homepage_welcome_url.additional", ""); @@ -1314,35 +1354,29 @@ defaultPref("general.autoScroll", false); defaultPref("clipboard.autocopy", false); defaultPref("browser.tabs.loadBookmarksInTabs", true); lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("webchannel.allowObject.urlWhitelist", ""); - -// pdf reader -defaultPref("pdfjs.disabled", false); -defaultPref("pdfjs.enableScripting", false); -defaultPref("pdfjs.enableWebGL", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); - -defaultPref("devtools.debugger.remote-enabled", false); -defaultPref("devtools.chrome.enabled", false); -lockPref("services.blocklist.addons.collection", ""); -lockPref("services.blocklist.plugins.collection", ""); -lockPref("services.blocklist.gfx.collection", ""); - -lockPref("network.file.disable_unc_paths", true); // (hidden pref) -lockPref("network.gio.supported-protocols", ""); // (hidden pref) -lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); -lockPref("font.blacklist.underline_offset", ""); -lockPref("gfx.font_rendering.graphite.enabled", false); -lockPref("plugin.default.state", 1); -lockPref("plugin.defaultXpi.state", 1); -lockPref("canvas.capturestream.enabled", false); -lockPref("gfx.offscreencanvas.enabled", false); // default: false lockPref("accessibility.force_disabled", 1); lockPref("browser.uitour.enabled", false); -lockPref("browser.uitour.url", ""); lockPref("middlemouse.contentLoadURL", false); -lockPref("lightweightThemes.getMoreURL", ""); +defaultPref("accessibility.typeaheadfind", false); +lockPref("browser.bookmarks.restore_default_bookmarks", false); +defaultPref("browser.tabs.closeTabByDblclick", true); +lockPref("media.webspeech.recognition.enable", false); +lockPref("network.manage-offline-status", false); + +// devtools +defaultPref("devtools.debugger.remote-enabled", false); +defaultPref("devtools.chrome.enabled", false); +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com +lockPref("devtools.devices.url", ""); + +// ui +defaultPref("browser.tabs.drawInTitlebar", true); +defaultPref("browser.aboutConfig.showWarning", false); +defaultPref("browser.download.autohideButton", false); +defaultPref("privacy.userContext.ui.enabled", true); +lockPref("browser.messaging-system.whatsNewPanel.enabled", false); + +// urls and handlers lockPref("media.decoder-doctor.new-issue-endpoint", ""); lockPref("identity.sync.tokenserver.uri", ""); lockPref("network.trr.confirmationNS", ""); @@ -1353,51 +1387,38 @@ lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); lockPref("gecko.handlerService.schemes.irc.0.name", ""); -lockPref("identity.fxaccounts.remote.root", ""); lockPref("services.settings.server", ""); -lockPref("services.blocklist.addons.signer", ""); -lockPref("services.blocklist.gfx.signer", ""); -lockPref("services.settings.security.onecrl.signer", ""); -lockPref("services.blocklist.pinning.signer", ""); -lockPref("services.blocklist.plugins.signer", ""); lockPref("accessibility.support.url", ""); lockPref("app.support.baseURL", ""); +lockPref("browser.uitour.url", ""); +lockPref("webchannel.allowObject.urlWhitelist", ""); lockPref("browser.chrome.errorReporter.infoURL", ""); lockPref("browser.dictionaries.download.url", ""); lockPref("browser.geolocation.warning.infoURL", ""); lockPref("browser.search.searchEnginesURL", ""); lockPref("browser.uitour.themeOrigin", ""); lockPref("toolkit.datacollection.infoURL", ""); -lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com -lockPref("browser.messaging-system.whatsNewPanel.enabled", false); -defaultPref("accessibility.typeaheadfind", false); -lockPref("browser.bookmarks.restore_default_bookmarks", false); lockPref("identity.mobilepromo.android", ""); lockPref("identity.mobilepromo.ios", ""); defaultPref("identity.sendtabpromo.url", ""); lockPref("datareporting.healthreport.infoURL", ""); -lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); lockPref("app.feedback.baseURL", ""); lockPref("app.releaseNotesURL", ""); lockPref("app.releaseNotesURL.aboutDialog", ""); -lockPref("browser.chrome.errorReporter.infoURL", false); -lockPref("browser.ping-centre.log", ""); -lockPref("browser.ping-centre.telemetry", false); -lockPref("captivedetect.canonicalURL", ""); +lockPref("browser.chrome.errorReporter.infoURL", ""); lockPref("datareporting.policy.firstRunURL", ""); -lockPref("devtools.devices.url", ""); lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); -lockPref("identity.fxaccounts.auth.uri", ""); -lockPref("identity.fxaccounts.commands.enabled", false); -lockPref("identity.fxaccounts.remote.oauth.uri", ""); -lockPref("identity.fxaccounts.remote.profile.uri", ""); -lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); -lockPref("remote.enabled", false); -lockPref("remote.force-local", true); -lockPref("remote.log.level", "Info"); -defaultPref("browser.tabs.closeTabByDblclick", true); -lockPref("network.IDN_show_punycode", true); -lockPref("media.webspeech.recognition.enable", false); + + +// to check, should all be handled by lockPref("services.settings.server", "") +lockPref("services.blocklist.addons.collection", ""); +lockPref("services.blocklist.plugins.collection", ""); +lockPref("services.blocklist.gfx.collection", ""); +lockPref("services.blocklist.addons.signer", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.plugins.signer", ""); // -------------------------------- // CACHE @@ -1530,18 +1551,15 @@ lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false lockPref("services.sync.tabs.lastSync", "0"); // -------------------------------- -// WEBGL +// WEBGL AND PERFORMANCE // -------------------------------- defaultPref("webgl.force-enabled", true); defaultPref("layers.acceleration.force-enabled", true); lockPref("webgl.enable-webgl2", false); -lockPref("webgl.min_capability_mode", true); lockPref("webgl.disable-fail-if-major-performance-caveat", true); - -// conflicting with previous prefs? -// defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] -// defaultPref("layers.acceleration.disabled", false); +defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] +defaultPref("layers.acceleration.disabled", false); // -------------------------------- // JS @@ -1710,8 +1728,10 @@ lockPref("datareporting.policy.dataSubmissionEnabled", false); >>>>>>> 7887469 (reviewed and reorganized up to extensions) ======= lockPref("toolkit.coverage.endpoint.base", ""); +lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] lockPref("toolkit.coverage.opt-out", true); lockPref("toolkit.coverage.enabled", false); +<<<<<<< HEAD >>>>>>> 4041ab1 (reorganized and improved some entries) // pocket @@ -1720,10 +1740,20 @@ lockPref("extensions.pocket.enabled", false); lockPref("extensions.pocket.site", ""); lockPref("extensions.pocket.oAuthConsumerKey", ""); lockPref("extensions.pocket.api", ""); +======= +lockPref("app.shield.optoutstudies.enabled", false); +lockPref("beacon.enabled", false); +// ping +lockPref("browser.send_pings", false); +lockPref("browser.send_pings.require_same_host", true); +>>>>>>> 8b7a898 (updated and started editing external protocols) + +// discovery lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); +<<<<<<< HEAD lockPref("breakpad.reportURL", ""); lockPref("browser.send_pings", false); lockPref("browser.send_pings.require_same_host", true); @@ -1789,30 +1819,24 @@ lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); ======= +======= +// crash report +lockPref("breakpad.reportURL", ""); +lockPref("browser.tabs.crashReporting.sendReport", false); +lockPref("browser.crashReports.unsubmittedCheck.enabled", false); +lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); +>>>>>>> 8b7a898 (updated and started editing external protocols) +// captive portal +lockPref("network.captive-portal-service.enabled", false); +lockPref("captivedetect.canonicalURL", ""); -// Pref : Don't monitor OS online/offline connection state -// https://trac.torproject.org/projects/tor/ticket/18945 -lockPref("network.manage-offline-status", false); +// -------------------------------- +// EXTERNAL PROTOCOLS +// -------------------------------- -// Pref : Set File URI Origin Policy -// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 -lockPref("security.fileuri.strict_origin_policy", true); - -// Pref : Disable SVG in OpenType fonts -// https://wiki.mozilla.org/SVGOpenTypeFonts -// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle -lockPref("gfx.font_rendering.opentype_svg.enabled", false); - -// Pref : Enable only whitelisted URL protocol handlers -// Disabling non-essential protocols breaks all interaction with custom protocols such -// as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... -// clients when clicking on links with these protocols lockPref("network.protocol-handler.warn-external-default",true); -lockPref("network.protocol-handler.external.http",false); -lockPref("network.protocol-handler.external.https",false); lockPref("network.protocol-handler.external.javascript",false); lockPref("network.protocol-handler.external.moz-extension",false); lockPref("network.protocol-handler.external.ftp",false); @@ -1889,6 +1913,7 @@ lockPref("devtools.debugger.force-local", true); lockPref("network.allow-experiments", false); >>>>>>> 653a6ed (knocked out some more prefs) +<<<<<<< HEAD // crash report lockPref("breakpad.reportURL", ""); lockPref("browser.tabs.crashReporting.sendReport", false); @@ -1904,6 +1929,17 @@ lockPref("captivedetect.canonicalURL", ""); // # WINDOWS // -------------------------------- ======= +======= + +// Pref : Disable "Show search suggestions in location bar results" +lockPref("browser.urlbar.suggest.searches", false); +lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); + +// Pref : Never check for updates to search engines +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking +lockPref("browser.search.update", false); + +>>>>>>> 8b7a898 (updated and started editing external protocols) lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); lockPref("network.netlink.route.check.IPv6", "::1"); From 11c294671fbd70382f04226aadca77e6eae1389c Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 00:25:05 +0200 Subject: [PATCH 11/37] processed everything up to EOF --- Changelog.md | 104 +++++++++++++++++++++++++++++++++++++++++++++++++- librewolf.cfg | 68 ++++++++++++++++++++++++++++----- 2 files changed, 162 insertions(+), 10 deletions(-) diff --git a/Changelog.md b/Changelog.md index 4292d04..ea88e4a 100755 --- a/Changelog.md +++ b/Changelog.md @@ -99,11 +99,15 @@ lockPref("network.http.referer.XOriginPolicy", 0); // Previously set to 1 defaultPref("privacy.clearOnShutdown.offlineApps", false); // For consistency with new cookie behavior defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cookie behavior <<<<<<< HEAD +<<<<<<< HEAD lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384); ======= lockPref("devtools.performance.recording.ui-base-url", ""); // Previously redirected to localhost +======= +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 +>>>>>>> 45bf63e (processed everything up to EOF) lockPref("services.settings.security.onecrl.signer", ""); // Previously services.blocklist.onecrl.signer lockPref("browser.contentblocking.report.lockwise.howitworks.url", ""); <<<<<<< HEAD @@ -238,6 +242,14 @@ Lines that were commented and are now removed // https://github.com/pyllyukko/user.js/issues/120 // Solved by extension disabled here for performance //lockPref("browser.display.use_document_fonts", 0); + + +// Fix ESR Devtools +//lockPref("devtools.telemetry.tools.opened.version", ""); +// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} + +ALL OF Disabled - Deprecated Inactive +ALL OF Disabled - Section OFF ``` >>>>>>> 55c94dc (reorganized, revisited) Active prefs that were removed @@ -873,9 +885,96 @@ lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerpri lockPref("plugin.defaultXpi.state", 1); // Deprecated lockPref("remote.log.level", "Info"); // already default and not important in any way lockPref("webgl.min_capability_mode", true); // small to no gain according to arkenfox and TOR, breaks websites on the other side +<<<<<<< HEAD lockPref("network.protocol-handler.external.http",false); // Deprecated or not existent lockPref("network.protocol-handler.external.https",false); // Deprecated or not existent >>>>>>> 8b7a898 (updated and started editing external protocols) +======= +lockPref("lightweightThemes.update.enabled", false); // Deprecated +lockPref("lightweightThemes.persisted.headerURL", false); // Deprecated +lockPref("lightweightThemes.persisted.footerURL", false); // Deprecated +lockPref("network.protocol-handler.warn-external-default",true); // any real benefit? +lockPref("network.protocol-handler.external.javascript",false); // any real benefit? +lockPref("network.protocol-handler.external.moz-extension",false); // any real benefit? +lockPref("network.protocol-handler.external.ftp",false);// any real benefit? +lockPref("network.protocol-handler.external.file",false);// any real benefit? +lockPref("network.protocol-handler.external.about",false);// any real benefit? +lockPref("network.protocol-handler.external.chrome",false);// any real benefit? +lockPref("network.protocol-handler.external.blob",false);// any real benefit? +lockPref("network.protocol-handler.external.data",false);// any real benefit? +lockPref("network.protocol-handler.expose-all",false);// any real benefit? +lockPref("network.protocol-handler.expose.http",true);// any real benefit? +lockPref("network.protocol-handler.expose.https",true);// any real benefit? +lockPref("network.protocol-handler.expose.javascript",true);// any real benefit? +lockPref("network.protocol-handler.expose.moz-extension",true);// any real benefit? +lockPref("network.protocol-handler.expose.ftp",true);// any real benefit? +lockPref("network.protocol-handler.expose.file",true);// any real benefit? +lockPref("network.protocol-handler.expose.about",true);// any real benefit? +lockPref("network.protocol-handler.expose.chrome",true);// any real benefit? +lockPref("network.protocol-handler.expose.blob",true);// any real benefit? +lockPref("network.protocol-handler.expose.data",true);// any real benefit? +lockPref("network.protocol-handler.external.http",false);// any real benefit? +lockPref("network.protocol-handler.external.https",false);// any real benefit? +lockPref("shumway.disabled", true); // Deprecated +lockPref("plugin.state.libgnome-shell-browser-plugin", 0); // Deprecated +lockPref("plugins.click_to_play", true); // Deprecated +lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); // Deprecated +lockPref("devtools.webide.enabled", false); // Deprecated +lockPref("devtools.webide.autoinstallADBExtension", false); // Deprecated +lockPref("network.allow-experiments", false); // Deprecated +lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // Deprecated +lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); // Deprecated +lockPref("network.netlink.route.check.IPv6", "::1"); // Deprecated +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // Deprecated +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // Deprecated +lockPref("security.tls.version.max", 4); // increases fingerprint +defaultPref("network.dns.blockDotOnion", true); // TOR is out of scope +lockPref("network.http.referer.hideOnionSource", true); // TOR is out of scope +lockPref("browser.onboarding.enabled", false); // Deprecated +lockPref("dom.mozTCPSocket.enabled", false); // Useless according to https://gitlab.torproject.org/legacy/trac/-/issues/27268#comment:2 +lockPref("devtools.webide.autoinstallADBHelper", false); // Deprecated +lockPref("app.update.enabled", false); // Deprecated +lockPref("browser.casting.enabled", false); // Deprecated, probably Android only +lockPref("browser.newtabpage.activity-stream.enabled", false); // Deprecated +lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); // Deprecated +lockPref("browser.newtabpage.directory.source", "data:text/plain,"); // Deprecated +lockPref("browser.newtabpage.enhanced", false); // Deprecated +lockPref("browser.selfsupport.url", ""); // Deprecated +lockPref("camera.control.face_detection.enabled", false); // Deprecated +lockPref("datareporting.healthreport.about.reportUrl", "data:,"); // Deprecated +lockPref("datareporting.healthreport.service.enabled", false); // Deprecated +lockPref("devtools.webide.autoinstallFxdtAdapters", false); // Deprecated +lockPref("devtools.webide.adaptersAddonURL", ""); // Deprecated +lockPref("dom.flyweb.enabled", false); // Deprecated +lockPref("dom.push.udp.wakeupEnabled", false); // Deprecated +lockPref("dom.telephony.enabled", false); // Deprecated +lockPref("extensions.shield-recipe-client.enabled", false); // Deprecated +lockPref("loop.logDomains", false); // Deprecated +lockPref("network.websocket.enabled", false); // Deprecated +lockPref("security.xpconnect.plugin.unrestricted", false); // Deprecated +lockPref("social.directories", ""); // Deprecated +lockPref("social.remote-install.enabled", false); // Deprecated +lockPref("social.whitelist", ""); // Deprecated +lockPref("pref.privacy.disable_button.change_blocklist", true); // seems to have no effect and probably deprecated +lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); // seems to have no effect and probably deprecated +lockPref("browser.pocket.enabled", false); // Deprecated +defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); // already default value and not that important, can still be flipped easily +lockPref("plugin.scan.plid.all", false); // Win-only, plugins are disabled so it's redundant +lockPref("webgl.dxgl.enabled", false); // Win-only, marked as useless https://github.com/arkenfox/user.js/issues/714 +lockPref("browser.search.countryCode", "US"); // Deprecated +lockPref("experiments.activeExperiment", false); // Deprecated +lockPref("experiments.enabled", false); // Deprecated +lockPref("experiments.manifest.uri", ""); // Deprecated +lockPref("experiments.supported", false); // Deprecated +lockPref("network.jar.block-remote-files", true); // Deprecated +lockPref("network.jar.open-unsafe-types", false); // Deprecated +lockPref("plugin.state.java", 0); // Deprecated +lockPref("trailhead.firstrun.branches", "join-privacy"); // Deprecated +lockPref("services.blocklist.update_enabled", false); // Deprecated +lockPref("shield.savant.enabled", false); // Deprecated +defaultPref("gfx.direct2d.disabled", false); // Win-only, default and probably out of scope +defaultPref("layers.acceleration.disabled", false); // default and probably out of scope +>>>>>>> 45bf63e (processed everything up to EOF) ``` #### Unlocked @@ -1046,11 +1145,14 @@ lockPref("services.blocklist.onecrl.collection", ""); // should we consider disabling WebAssembly ? //lockPref("javascript.options.wasm", false); +// to check +defaultPref("xpinstall.signatures.required", true); + // How much should we lock? // How much should we care bout URLs? Other points: -// DRM - should we make it even easier? +// DRM - should we make it even easier? check update connections // COOKIES - now using dFPI // TESTING - untouched, except two entries already addressed // WINDOWS - untouched diff --git a/librewolf.cfg b/librewolf.cfg index 770c928..4c0c0ca 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -10,11 +10,14 @@ // | // "Section" : Description of the settings section separated by "----" | <<<<<<< HEAD +<<<<<<< HEAD ======= // "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance | // +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss | // Performance can be tested here : https://chromium.github.io/octane/ | >>>>>>> 55c94dc (reorganized, revisited) +======= +>>>>>>> 45bf63e (processed everything up to EOF) // "Pref" : Preference/Settings name and or description followed by links or documentations | // and some time explanation why the setting is commented and ignored. | // "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here | @@ -238,10 +241,6 @@ lockPref("browser.contentblocking.report.vpn.enabled", false); lockPref("default-browser-agent.enabled", false); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -// to check, could be deprecated -lockPref("pref.privacy.disable_button.change_blocklist", true); -lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); - // ---------------------------------- <<<<<<< HEAD // # AUTOPLAY @@ -266,6 +265,7 @@ lockPref("signon.storeWhenAutocompleteOff", false); defaultPref("signon.management.page.breach-alerts.enabled", false); defaultPref("signon.management.page.breachAlertUrl", ""); lockPref("signon.formlessCapture.enabled", false); +<<<<<<< HEAD // -------------------------------- <<<<<<< HEAD @@ -281,6 +281,8 @@ lockPref("browser.search.region", "US"); lockPref("browser.fixup.alternate.enabled", false); lockPref("browser.urlbar.suggest.searches", false); lockPref("browser.search.update", false); +======= +>>>>>>> 45bf63e (processed everything up to EOF) // to check, probably useless lockPref("signon.storeSignons", false); @@ -314,6 +316,8 @@ lockPref("browser.search.suggest.enabled", false); lockPref("browser.search.region", "US"); lockPref("browser.search.geoip.url", ""); lockPref("browser.fixup.alternate.enabled", false); +lockPref("browser.urlbar.suggest.searches", false); +lockPref("browser.search.update", false); // -------------------------------- // SANITIZING, COOKIES AND HISTORY @@ -841,6 +845,7 @@ lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect ba // Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>> defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;"); +<<<<<<< HEAD <<<<<<< HEAD // set extensions scopes lockPref("extensions.enabledScopes", 5); @@ -965,6 +970,8 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // enable Content Security Policy (CSP) lockPref("security.csp.enable", true); +======= +>>>>>>> 45bf63e (processed everything up to EOF) // set extensions scopes lockPref("extensions.enabledScopes", 5); lockPref("extensions.autoDisableScopes", 11); @@ -972,10 +979,10 @@ lockPref("extensions.autoDisableScopes", 11); // Relevant for addons and lang packs search defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% +defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% // other urls defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% -defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ defaultPref("extensions.update.url", ""); // Default Value @@ -996,6 +1003,7 @@ lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value defaultPref("extensions.update.enabled", false); defaultPref("extensions.update.autoUpdateDefault", false); defaultPref("extensions.update.background.url", ""); +defaultPref("extensions.getAddons.cache.enabled", false); // blocklist defaultPref("extensions.blocklist.enabled", false); @@ -1015,6 +1023,9 @@ lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); lockPref("lightweightThemes.getMoreURL", ""); +// to check +defaultPref("xpinstall.signatures.required", true); + // ------------------------------------------------------- // NORMANDY // ------------------------------------------------------- @@ -1071,6 +1082,9 @@ lockPref("security.insecure_connection_icon.pbmode.enabled", true); lockPref("security.insecure_connection_text.enabled", true); lockPref("security.insecure_connection_text.pbmode.enabled", true); +lockPref("security.dialog_enable_delay", 700); +lockPref("security.csp.enable", true); + // ------------------------------------------------------- // SAFE BROWSING // ------------------------------------------------------- @@ -1312,12 +1326,14 @@ lockPref("network.file.disable_unc_paths", true); // (hidden pref) lockPref("network.gio.supported-protocols", ""); // (hidden pref) lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); lockPref("plugin.default.state", 1); +lockPref("plugin.state.flash", 0); lockPref("gfx.offscreencanvas.enabled", false); // default: false lockPref("canvas.capturestream.enabled", false); lockPref("network.IDN_show_punycode", true); lockPref("security.fileuri.strict_origin_policy", true); // fxaccount, to check +lockPref("identity.fxaccounts.enabled", false); lockPref("identity.fxaccounts.remote.root", ""); lockPref("identity.fxaccounts.auth.uri", ""); lockPref("identity.fxaccounts.commands.enabled", false); @@ -1348,6 +1364,7 @@ lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); defaultPref("startup.homepage_override_url", "about:blank"); defaultPref("startup.homepage_welcome_url", "about:blank"); defaultPref("startup.homepage_welcome_url.additional", ""); +lockPref("browser.startup.homepage_override.mstone", "ignore"); defaultPref("privacy.userContext.enabled", true); defaultPref("layout.spellcheckDefault", 2); defaultPref("general.autoScroll", false); @@ -1362,12 +1379,20 @@ lockPref("browser.bookmarks.restore_default_bookmarks", false); defaultPref("browser.tabs.closeTabByDblclick", true); lockPref("media.webspeech.recognition.enable", false); lockPref("network.manage-offline-status", false); +lockPref("browser.helperApps.deleteTempFileOnExit", true); +lockPref("browser.pagethumbnails.capturing_disabled", true); +lockPref("browser.bookmarks.max_backups", 2); +lockPref("reader.parse-on-load.enabled", false); // devtools defaultPref("devtools.debugger.remote-enabled", false); defaultPref("devtools.chrome.enabled", false); lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com lockPref("devtools.devices.url", ""); +lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] +lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] +lockPref("devtools.debugger.force-local", true); +defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-community/browser/linux/-/issues/80 // ui defaultPref("browser.tabs.drawInTitlebar", true); @@ -1558,8 +1583,6 @@ defaultPref("webgl.force-enabled", true); defaultPref("layers.acceleration.force-enabled", true); lockPref("webgl.enable-webgl2", false); lockPref("webgl.disable-fail-if-major-performance-caveat", true); -defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] -defaultPref("layers.acceleration.disabled", false); // -------------------------------- // JS @@ -1826,16 +1849,22 @@ lockPref("breakpad.reportURL", ""); lockPref("browser.tabs.crashReporting.sendReport", false); lockPref("browser.crashReports.unsubmittedCheck.enabled", false); lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); +<<<<<<< HEAD >>>>>>> 8b7a898 (updated and started editing external protocols) +======= +lockPref("dom.ipc.plugins.reportCrashURL", false); +lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); +>>>>>>> 45bf63e (processed everything up to EOF) // captive portal lockPref("network.captive-portal-service.enabled", false); lockPref("captivedetect.canonicalURL", ""); // -------------------------------- -// EXTERNAL PROTOCOLS +// WINDOWS // -------------------------------- +<<<<<<< HEAD lockPref("network.protocol-handler.warn-external-default",true); lockPref("network.protocol-handler.external.javascript",false); lockPref("network.protocol-handler.external.moz-extension",false); @@ -2106,14 +2135,31 @@ defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); // to be set for the console to work, see https://gitlab.com/librewolf-community/browser/linux/-/issues/80: defaultPref("devtools.selfxss.count", 0); +======= +// disable Windows jumplist [WINDOWS] +lockPref("browser.taskbar.lists.enabled", false); +lockPref("browser.taskbar.lists.frequent.enabled", false); +lockPref("browser.taskbar.lists.recent.enabled", false); +lockPref("browser.taskbar.lists.tasks.enabled", false); +>>>>>>> 45bf63e (processed everything up to EOF) +// disable Windows taskbar preview [WINDOWS] +lockPref("browser.taskbar.previews.enable", false); +// disable links launching Windows Store [WINDOWS] +lockPref("network.protocol-handler.external.ms-windows-store", false); +// disable background update service [WINDOWS] +lockPref("app.update.service.enabled", false); +// disable automatic Firefox start and session restore after reboot [WINDOWS] +lockPref("toolkit.winRegisterApplicationRestart", false); +// disable Windows 8.1 Family Safety cert [WINDOWS] +lockPref("security.family_safety.mode", 0); // -------------------------------- -// TESTING +// TESTING - unchanged // -------------------------------- // Pref : @@ -2139,6 +2185,7 @@ defaultPref("devtools.selfxss.count", 0); // Pref : Test To Make FFox Silent //lockPref("security.content.signature.root_hash", ""); // Default Value +<<<<<<< HEAD // 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E // -------------------------------- @@ -2263,3 +2310,6 @@ let profile_directory; if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); } +======= +// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E +>>>>>>> 45bf63e (processed everything up to EOF) From 51c1ecb08caaf561a7c8e33bb6bdae9446cc10cf Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 00:51:30 +0200 Subject: [PATCH 12/37] added some new prefs from arkenfox --- Changelog.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- librewolf.cfg | 12 +++++++++++- 2 files changed, 60 insertions(+), 3 deletions(-) diff --git a/Changelog.md b/Changelog.md index ea88e4a..e48c8c9 100755 --- a/Changelog.md +++ b/Changelog.md @@ -82,7 +82,17 @@ lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); ======= defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); defaultPref("dom.security.https_only_mode_pbm", true); +<<<<<<< HEAD >>>>>>> c16522a (added re-enabling guides) +======= +lockPref("browser.ping-centre.telemetry", false); +lockPref("browser.region.network.url", ""); +lockPref("browser.region.update.enabled", false); +defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +defaultPref("extensions.postDownloadThirdPartyPrompt", false); +defaultPref("general.warnOnAboutConfig", false); +defaultPref("network.auth.subresource-http-auth-allow", 1); +>>>>>>> 0267245 (added some new prefs from arkenfox) ``` #### Modified @@ -1155,11 +1165,16 @@ Other points: // DRM - should we make it even easier? check update connections // COOKIES - now using dFPI // TESTING - untouched, except two entries already addressed -// WINDOWS - untouched -// ESR - untouched // MISC - check if fxaccounts need their pref // SYNC - does it need to exist given that fxaccounts are off? // SB - make re-enabling easier, test connections + +for arkenfox: +dom.security.https_only_mode_send_http_background_request -> DISCUSS +dom.storage.next_gen -> DISCUSS +javascript.options.wasm -> DISCUSS +security.pki.crlite_mode -> DISCUSS +security.remote_settings.crlite_filters.enabled -> DISCUSS ``` #### Commented @@ -1241,4 +1256,36 @@ extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionC security.OCSP.enabled = 1 ``` you probably also want `security.OCSP.require = true` +<<<<<<< HEAD >>>>>>> 4041ab1 (reorganized and improved some entries) +======= + +## Missing compared to arkenfox +List of prefs missing in .cfg with reason why we do not have them +``` +browser.cache.disk.enable -> performance hit +browser.display.use_system_colors -> default +browser.download.useDownloadDir -> do we want to ask for download location each time? +browser.newtabpage.enabled -> we do not default to blank page +browser.startup.homepage -> we do not default to blank page +browser.startup.page -> we do not default to blank page +dom.allow_cut_copy -> we leave this on for usability +javascript.options.asmjs -> performance hit +keyword.enabled -> no privacy implication if trusty search engine +privacy.firstparty.isolate -> we have dFPI +privacy.resistFingerprinting.letterboxing -> usability hit +privacy.window.name.update.enabled -> default +security.ask_for_password -> disabled in librewolf +security.password_lifetime -> disabled in librewolf +ui.prefersReducedMotion -> usability hit +webgl.disabled -> usability hit +``` +ones worth discussing +``` +dom.security.https_only_mode_send_http_background_request -> DISCUSS +dom.storage.next_gen -> DISCUSS +javascript.options.wasm -> DISCUSS +security.pki.crlite_mode -> DISCUSS +security.remote_settings.crlite_filters.enabled -> DISCUSS +``` +>>>>>>> 0267245 (added some new prefs from arkenfox) diff --git a/librewolf.cfg b/librewolf.cfg index 4c0c0ca..cce7cfb 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -616,6 +616,7 @@ lockPref("dom.disable_window_move_resize", true); defaultPref("dom.serviceWorkers.enabled", false); defaultPref("dom.battery.enabled", false); lockPref("dom.popup_maximum", 4); +defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); defaultPref("dom.event.clipboardevents.enabled", false); defaultPref("dom.webaudio.enabled", false); lockPref("dom.vr.enabled", false); @@ -665,6 +666,7 @@ lockPref("network.http.altsvc.oe", false); defaultPref("dom.security.https_only_mode", true); defaultPref("dom.security.https_only_mode_pbm", true); lockPref("network.http.redirection-limit", 10); +defaultPref("network.auth.subresource-http-auth-allow", 1); // -------------------------------------- // TLS @@ -836,7 +838,7 @@ lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect ba // EXTENSIONS - check readme section "Extensions Firewall" // ------------------------------------------------------- -// handle default restriced domains +// handle default restricted domains defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" @@ -894,6 +896,12 @@ lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); lockPref("lightweightThemes.getMoreURL", ""); defaultPref("extensions.postDownloadThirdPartyPrompt", false); +<<<<<<< HEAD +======= + +// to check +defaultPref("xpinstall.signatures.required", true); +>>>>>>> 0267245 (added some new prefs from arkenfox) // ------------------------------------------------------- // # NORMANDY @@ -1397,6 +1405,7 @@ defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-co // ui defaultPref("browser.tabs.drawInTitlebar", true); defaultPref("browser.aboutConfig.showWarning", false); +defaultPref("general.warnOnAboutConfig", false); defaultPref("browser.download.autohideButton", false); defaultPref("privacy.userContext.ui.enabled", true); lockPref("browser.messaging-system.whatsNewPanel.enabled", false); @@ -1766,6 +1775,7 @@ lockPref("extensions.pocket.api", ""); ======= lockPref("app.shield.optoutstudies.enabled", false); lockPref("beacon.enabled", false); +lockPref("browser.ping-centre.telemetry", false); // ping lockPref("browser.send_pings", false); From e7183e626d2c5ccdefdb6bc89ad4680e2d1b33d3 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 01:08:10 +0200 Subject: [PATCH 13/37] removed some more --- Changelog.md | 13 ++++++++++--- librewolf.cfg | 5 +++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Changelog.md b/Changelog.md index e48c8c9..72b2fe5 100755 --- a/Changelog.md +++ b/Changelog.md @@ -984,7 +984,17 @@ lockPref("services.blocklist.update_enabled", false); // Deprecated lockPref("shield.savant.enabled", false); // Deprecated defaultPref("gfx.direct2d.disabled", false); // Win-only, default and probably out of scope defaultPref("layers.acceleration.disabled", false); // default and probably out of scope +<<<<<<< HEAD >>>>>>> 45bf63e (processed everything up to EOF) +======= +lockPref("browser.taskbar.previews.enable", false); // personal pref +lockPref("browser.taskbar.lists.enabled", false); // personal pref +lockPref("browser.taskbar.lists.frequent.enabled", false); // personal pref +lockPref("browser.taskbar.lists.recent.enabled", false); // personal pref +lockPref("browser.taskbar.lists.tasks.enabled", false); // personal pref +defaultPref("webgl.force-enabled", true); // out of scope, not worth +defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth +>>>>>>> 5b1fc33 (removed some more) ``` #### Unlocked @@ -1149,9 +1159,6 @@ defaultPref("network.cookie.cookieBehavior", 1); >>>>>>> a35eb4b (re-organized and reviewed) ======= -// could it be replaced by services.settings.security.onecrl.collection ? -lockPref("services.blocklist.onecrl.collection", ""); - // should we consider disabling WebAssembly ? //lockPref("javascript.options.wasm", false); diff --git a/librewolf.cfg b/librewolf.cfg index cce7cfb..573950a 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1588,8 +1588,6 @@ lockPref("services.sync.tabs.lastSync", "0"); // WEBGL AND PERFORMANCE // -------------------------------- -defaultPref("webgl.force-enabled", true); -defaultPref("layers.acceleration.force-enabled", true); lockPref("webgl.enable-webgl2", false); lockPref("webgl.disable-fail-if-major-performance-caveat", true); @@ -1874,6 +1872,7 @@ lockPref("captivedetect.canonicalURL", ""); // WINDOWS // -------------------------------- +<<<<<<< HEAD <<<<<<< HEAD lockPref("network.protocol-handler.warn-external-default",true); lockPref("network.protocol-handler.external.javascript",false); @@ -2156,6 +2155,8 @@ lockPref("browser.taskbar.lists.tasks.enabled", false); // disable Windows taskbar preview [WINDOWS] lockPref("browser.taskbar.previews.enable", false); +======= +>>>>>>> 5b1fc33 (removed some more) // disable links launching Windows Store [WINDOWS] lockPref("network.protocol-handler.external.ms-windows-store", false); From 8a79a9660b05ee60099b0990a2b7e0465cf21700 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 01:21:43 +0200 Subject: [PATCH 14/37] added overrides section --- librewolf.cfg | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/librewolf.cfg b/librewolf.cfg index 573950a..1ea0dd3 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -161,6 +161,18 @@ lockPref("browser.contentblocking.category", "custom"); // changing to other opt ======= defaultPref("general.config.filename", "librewolf.cfg"); +// ----------------------------------- +// OVERRIDES +// ----------------------------------- + +// allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` +// or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). +// not yet verified to work on Windows and MacOS releases +let home_directory = getenv("HOME"); +if (home_directory) { + pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); +} + // ----------------------------------- // TRACKING PROTECTION // ----------------------------------- From 7bf12660d8cb62ee29bad2a21dc15b9abb79b9c8 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 01:59:55 +0200 Subject: [PATCH 15/37] unlock content block cat as breaks cookie button --- librewolf.cfg | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/librewolf.cfg b/librewolf.cfg index 1ea0dd3..9536513 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -177,8 +177,12 @@ if (home_directory) { // TRACKING PROTECTION // ----------------------------------- +<<<<<<< HEAD lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway >>>>>>> 55c94dc (reorganized, revisited) +======= +defaultPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway +>>>>>>> 7b8bd35 (unlock content block cat as breaks cookie button) lockPref("privacy.trackingprotection.enabled", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); lockPref("privacy.trackingprotection.socialtracking.enabled", false); From 096247e7cf227ca5894619ebb0b1a3556e87daa3 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 02:46:43 +0200 Subject: [PATCH 16/37] reviewed DRM, removed ircs hand, moved exp prefs --- Changelog.md | 151 ++++++++++++++++++++++++++++++++++++++++++++++++++ librewolf.cfg | 144 ++--------------------------------------------- 2 files changed, 157 insertions(+), 138 deletions(-) diff --git a/Changelog.md b/Changelog.md index 72b2fe5..7089899 100755 --- a/Changelog.md +++ b/Changelog.md @@ -1234,6 +1234,7 @@ media.eme.enabled = true media.gmp-widevinecdm.visible = true media.gmp-widevinecdm.enabled = true media.gmp-provider.enabled = true +media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml ``` #### Use video conferencing ``` @@ -1295,4 +1296,154 @@ javascript.options.wasm -> DISCUSS security.pki.crlite_mode -> DISCUSS security.remote_settings.crlite_filters.enabled -> DISCUSS ``` +<<<<<<< HEAD >>>>>>> 0267245 (added some new prefs from arkenfox) +======= + +## Experimental removals +need testing, should be redundant prefs as we already disabled others +``` +/* +// fxaccount, to check +lockPref("identity.fxaccounts.enabled", false); +lockPref("identity.fxaccounts.remote.root", ""); +lockPref("identity.fxaccounts.auth.uri", ""); +lockPref("identity.fxaccounts.commands.enabled", false); +lockPref("identity.fxaccounts.remote.oauth.uri", ""); +lockPref("identity.fxaccounts.remote.profile.uri", ""); +lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); +*/ + +/* +// to check, should all be handled by lockPref("services.settings.server", "") +lockPref("services.blocklist.addons.collection", ""); +lockPref("services.blocklist.plugins.collection", ""); +lockPref("services.blocklist.gfx.collection", ""); +lockPref("services.blocklist.addons.signer", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.plugins.signer", ""); +*/ + +// -------------------------------- +// SYNC +// -------------------------------- + +/* +lockPref("services.sync.addons.trustedSourceHostnames", ""); +lockPref("services.sync.lastversion", ""); +lockPref("services.sync.maxResyncs", 0); // 1 +lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 +lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false +lockPref("services.sync.engine.addons", false); //true +lockPref("services.sync.engine.addresses", false); //false +lockPref("services.sync.engine.addresses.available", false); +lockPref("services.sync.engine.bookmarks", false); //true +lockPref("services.sync.engine.creditcards", false); //false +lockPref("services.sync.engine.creditcards.available", false); //false +lockPref("services.sync.engine.history", false); //true +lockPref("services.sync.engine.passwords", false); //true +lockPref("services.sync.engine.prefs", false); //true +lockPref("services.sync.engine.tabs", false); //true +lockPref("services.sync.log.appender.file.logOnError", false); //true +lockPref("services.sync.log.appender.file.logOnSuccess", false); //false +lockPref("services.sync.log.cryptoDebug", false); //false +lockPref("services.sync.sendVersionInfo", false); //true +lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true +lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true +lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true +lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true +lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); //true +lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true +lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true +lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true +lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true +lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true +lockPref("services.sync.prefs.sync.browser.search.update", false); //true +lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true +lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true +lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true +lockPref("services.sync.prefs.sync.browser.startup.page", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.engines", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true +lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true +lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true +lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true +lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true +lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true +lockPref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", false); //true +lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true +lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true +lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true +lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true +lockPref("services.sync.prefs.sync.permissions.default.image", false); //true +lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true +lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true +lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true +lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true +lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true +lockPref("services.sync.prefs.sync.signon.rememberSignons", false); +lockPref("services.sync.prefs.sync.signon.management.page.breach-alerts.enabled", false); +lockPref("services.sync.prefs.sync.signon.generation.enabled", false); +lockPref("services.sync.prefs.sync.signon.autofillForms", false); +lockPref("services.sync.declinedEngines", ""); +lockPref("services.sync.globalScore", 0); +lockPref("services.sync.nextSync", 0); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); +lockPref("services.sync.tabs.lastSync", "0"); +*/ +``` +>>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) diff --git a/librewolf.cfg b/librewolf.cfg index 9536513..035550b 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -435,11 +435,15 @@ defaultPref("media.eme.enabled", false); defaultPref("media.gmp-widevinecdm.visible", false); defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-provider.enabled", false); +<<<<<<< HEAD defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections <<<<<<< HEAD <<<<<<< HEAD defaultPref("media.gmp-gmpopenh264.enabled", false); +======= +defaultPref("media.gmp-manager.url", "data:text/plain,"); had to re-add to prevent connections +>>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) // ---------------------- // # WEBRTC @@ -1356,15 +1360,6 @@ lockPref("canvas.capturestream.enabled", false); lockPref("network.IDN_show_punycode", true); lockPref("security.fileuri.strict_origin_policy", true); -// fxaccount, to check -lockPref("identity.fxaccounts.enabled", false); -lockPref("identity.fxaccounts.remote.root", ""); -lockPref("identity.fxaccounts.auth.uri", ""); -lockPref("identity.fxaccounts.commands.enabled", false); -lockPref("identity.fxaccounts.remote.oauth.uri", ""); -lockPref("identity.fxaccounts.remote.profile.uri", ""); -lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); - // pocket lockPref("extensions.pocket.enabled", false); lockPref("extensions.pocket.site", ""); @@ -1437,6 +1432,8 @@ lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); lockPref("gecko.handlerService.schemes.irc.0.name", ""); +lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.ircs.0.name", ""); lockPref("services.settings.server", ""); lockPref("accessibility.support.url", ""); lockPref("app.support.baseURL", ""); @@ -1459,17 +1456,6 @@ lockPref("browser.chrome.errorReporter.infoURL", ""); lockPref("datareporting.policy.firstRunURL", ""); lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); - -// to check, should all be handled by lockPref("services.settings.server", "") -lockPref("services.blocklist.addons.collection", ""); -lockPref("services.blocklist.plugins.collection", ""); -lockPref("services.blocklist.gfx.collection", ""); -lockPref("services.blocklist.addons.signer", ""); -lockPref("services.blocklist.gfx.signer", ""); -lockPref("services.settings.security.onecrl.signer", ""); -lockPref("services.blocklist.pinning.signer", ""); -lockPref("services.blocklist.plugins.signer", ""); - // -------------------------------- // CACHE // -------------------------------- @@ -1482,124 +1468,6 @@ lockPref("media.memory_cache_max_size", 16384); // should be checked // lockPref("browser.cache.offline.enable", false); -// -------------------------------- -// SYNC -// -------------------------------- - -lockPref("services.sync.addons.trustedSourceHostnames", ""); -lockPref("services.sync.lastversion", ""); -lockPref("services.sync.maxResyncs", 0); // 1 -lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 -lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false -lockPref("services.sync.engine.addons", false); //true -lockPref("services.sync.engine.addresses", false); //false -lockPref("services.sync.engine.addresses.available", false); -lockPref("services.sync.engine.bookmarks", false); //true -lockPref("services.sync.engine.creditcards", false); //false -lockPref("services.sync.engine.creditcards.available", false); //false -lockPref("services.sync.engine.history", false); //true -lockPref("services.sync.engine.passwords", false); //true -lockPref("services.sync.engine.prefs", false); //true -lockPref("services.sync.engine.tabs", false); //true -lockPref("services.sync.log.appender.file.logOnError", false); //true -lockPref("services.sync.log.appender.file.logOnSuccess", false); //false -lockPref("services.sync.log.cryptoDebug", false); //false -lockPref("services.sync.sendVersionInfo", false); //true -lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true -lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true -lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true -lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true -lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); //true -lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true -lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true -lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true -lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true -lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true -lockPref("services.sync.prefs.sync.browser.search.update", false); //true -lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true -lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true -lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true -lockPref("services.sync.prefs.sync.browser.startup.page", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.engines", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true -lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true -lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true -lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true -lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true -lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true -lockPref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", false); //true -lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true -lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true -lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true -lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true -lockPref("services.sync.prefs.sync.permissions.default.image", false); //true -lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true -lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true -lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true -lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true -lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true -lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true -lockPref("services.sync.prefs.sync.signon.rememberSignons", false); -lockPref("services.sync.prefs.sync.signon.management.page.breach-alerts.enabled", false); -lockPref("services.sync.prefs.sync.signon.generation.enabled", false); -lockPref("services.sync.prefs.sync.signon.autofillForms", false); -lockPref("services.sync.declinedEngines", ""); -lockPref("services.sync.globalScore", 0); -lockPref("services.sync.nextSync", 0); -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); -lockPref("services.sync.tabs.lastSync", "0"); - // -------------------------------- // WEBGL AND PERFORMANCE // -------------------------------- From 657009646d7546da4bd96b3d65d37349a404b7a3 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 02:56:07 +0200 Subject: [PATCH 17/37] fixed broken comment --- librewolf.cfg | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/librewolf.cfg b/librewolf.cfg index 035550b..19f052a 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -436,6 +436,7 @@ defaultPref("media.gmp-widevinecdm.visible", false); defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-provider.enabled", false); <<<<<<< HEAD +<<<<<<< HEAD defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections <<<<<<< HEAD @@ -444,6 +445,9 @@ defaultPref("media.gmp-gmpopenh264.enabled", false); ======= defaultPref("media.gmp-manager.url", "data:text/plain,"); had to re-add to prevent connections >>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) +======= +defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections +>>>>>>> f733a19 (fixed broken comment) // ---------------------- // # WEBRTC From 6caca3e2f62ea70e4acd18f4d31dc3220587cb92 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 12:48:32 +0200 Subject: [PATCH 18/37] removed redundant stuff --- Changelog.md | 55 ++++++++++++++++++++++++++++++++++ librewolf.cfg | 82 +++++++++++++++++++-------------------------------- 2 files changed, 86 insertions(+), 51 deletions(-) diff --git a/Changelog.md b/Changelog.md index 7089899..6be563b 100755 --- a/Changelog.md +++ b/Changelog.md @@ -7,6 +7,7 @@ defaultPref("pdfjs.enableScripting", false); lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway ======= lockPref("privacy.trackingprotection.testing.report_blocked_node", false); +<<<<<<< HEAD lockPref("browser.contentblocking.report.endpoint_url", ""); lockPref("browser.contentblocking.report.monitor.home_page_url", ""); lockPref("browser.contentblocking.report.monitor.preferences", ""); @@ -18,6 +19,8 @@ lockPref("browser.contentblocking.report.vpn-android.url", ""); lockPref("browser.contentblocking.category", "custom"); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) ======= +======= +>>>>>>> 48fecfd (removed redundant stuff) lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway >>>>>>> a35eb4b (re-organized and reviewed) lockPref("browser.contentblocking.cfr-milestone.enabled", false); @@ -54,6 +57,7 @@ defaultPref("browser.display.use_system_colors", false); ======= defaultPref("intl.accept_languages", "en-US, en"); lockPref("app.normandy.dev_mode", false); +<<<<<<< HEAD lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true @@ -76,6 +80,8 @@ lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClic <<<<<<< HEAD >>>>>>> 55c94dc (reorganized, revisited) ======= +======= +>>>>>>> 48fecfd (removed redundant stuff) lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); <<<<<<< HEAD >>>>>>> 653a6ed (knocked out some more prefs) @@ -258,6 +264,8 @@ Lines that were commented and are now removed //lockPref("devtools.telemetry.tools.opened.version", ""); // Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} +// defaultPref("network.http.sendRefererHeader", 1); default is better + ALL OF Disabled - Deprecated Inactive ALL OF Disabled - Section OFF ``` @@ -555,7 +563,11 @@ defaultPref("webgl.force-enabled", true); // out of scope, not worth defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth lockPref("privacy.trackingprotection.testing.report_blocked_node", false); // default false and we have tracking protection disabled lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); // default false and we have tracking protection disabled +<<<<<<< HEAD lockPref("privacy.trackingprotection.lower_network_priority", false); // default +======= +lockPref("privacy.trackingprotection.lower_network_priority", false); // default false and we have tracking protection disabled +>>>>>>> 48fecfd (removed redundant stuff) lockPref("telemetry.origin_telemetry_test_mode.enabled", false); // default false and we have tracking protection disabled lockPref("signon.storeSignons", false); // Deprecated lockPref("browser.urlbar.filter.javascript", true); // default @@ -581,6 +593,7 @@ lockPref("dom.imagecapture.enabled", false); // default lockPref("dom.reporting.crash.enabled", false); // default defaultPref("network.proxy.autoconfig_url.include_path", false); // default lockPref("security.tls.version.min", 3); // default +<<<<<<< HEAD defaultPref("extensions.webextensions.background-delayed-startup", true); //default defaultPref("xpinstall.signatures.required", true); // default lockPref("app.normandy.dev_mode", false); // default @@ -995,6 +1008,16 @@ lockPref("browser.taskbar.lists.tasks.enabled", false); // personal pref defaultPref("webgl.force-enabled", true); // out of scope, not worth defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth >>>>>>> 5b1fc33 (removed some more) +======= +defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale +defaultPref("extensions.webextensions.background-delayed-startup", true); //default +lockPref("xpinstall.whitelist.required", true); // default +defaultPref("xpinstall.signatures.required", true); // default +lockPref("app.normandy.dev_mode", false); // default +defaultPref("pdfjs.enableWebGL", false); // default +// lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable +lockPref("network.predictor.enable-prefetch", false); // default +>>>>>>> 48fecfd (removed redundant stuff) ``` #### Unlocked @@ -1138,6 +1161,7 @@ lockPref("general.buildID.override", "20100101"); lockPref("browser.startup.homepage_override.buildID", "20100101"); >>>>>>> 653a6ed (knocked out some more prefs) +<<<<<<< HEAD <<<<<<< HEAD <<<<<<< HEAD #### Hardened setup @@ -1159,6 +1183,8 @@ defaultPref("network.cookie.cookieBehavior", 1); >>>>>>> a35eb4b (re-organized and reviewed) ======= +======= +>>>>>>> 48fecfd (removed redundant stuff) // should we consider disabling WebAssembly ? //lockPref("javascript.options.wasm", false); @@ -1187,6 +1213,7 @@ security.remote_settings.crlite_filters.enabled -> DISCUSS #### Commented Prefs that need to be addressed and that were disabled for now ``` +<<<<<<< HEAD // redudant with RFP and javascript.use_us_english_locale // defaultPref("privacy.spoof_english", 2); @@ -1216,6 +1243,8 @@ Prefs that need to be addressed and that were disabled for now // lockPref("dom.enable_performance_navigation_timing", false); >>>>>>> 653a6ed (knocked out some more prefs) ======= +======= +>>>>>>> 48fecfd (removed redundant stuff) // all covered by previous prefs // defaultPref("media.navigator.video.enabled", false); // defaultPref("media.peerconnection.use_document_iceservers", false); @@ -1445,5 +1474,31 @@ lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_p lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); lockPref("services.sync.tabs.lastSync", "0"); */ +<<<<<<< HEAD ``` >>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) +======= + +/* +lockPref("browser.contentblocking.report.cookie.url", ""); +lockPref("browser.contentblocking.report.cryptominer.url", ""); +lockPref("browser.contentblocking.report.endpoint_url", ""); +lockPref("browser.contentblocking.report.fingerprinter.url", ""); +lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); +lockPref("browser.contentblocking.report.manage_devices.url", ""); +lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); +lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); +lockPref("browser.contentblocking.report.monitor.home_page_url", ""); +lockPref("browser.contentblocking.report.monitor.preferences", ""); +lockPref("browser.contentblocking.report.monitor.url", ""); +lockPref("browser.contentblocking.report.proxy.enabled", false); +lockPref("browser.contentblocking.report.proxy_extension.url", ""); +lockPref("browser.contentblocking.report.social.url", ""); +lockPref("browser.contentblocking.report.tracker.url", ""); +lockPref("browser.contentblocking.report.vpn.url", ""); +lockPref("browser.contentblocking.report.vpn-promo.url", ""); +lockPref("browser.contentblocking.report.vpn-ios.url", ""); +lockPref("browser.contentblocking.report.vpn-android.url", ""); +*/ +``` +>>>>>>> 48fecfd (removed redundant stuff) diff --git a/librewolf.cfg b/librewolf.cfg index 19f052a..40f42a8 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -136,6 +136,7 @@ defaultPref("network.cookie.thirdparty.sessionOnly", true); lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) +<<<<<<< HEAD // ----------------------------------- // # TRACKING PROTECTION ======= @@ -161,6 +162,8 @@ lockPref("browser.contentblocking.category", "custom"); // changing to other opt ======= defaultPref("general.config.filename", "librewolf.cfg"); +======= +>>>>>>> 48fecfd (removed redundant stuff) // ----------------------------------- // OVERRIDES // ----------------------------------- @@ -177,12 +180,16 @@ if (home_directory) { // TRACKING PROTECTION // ----------------------------------- +<<<<<<< HEAD <<<<<<< HEAD lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway >>>>>>> 55c94dc (reorganized, revisited) ======= defaultPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway >>>>>>> 7b8bd35 (unlock content block cat as breaks cookie button) +======= +defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI +>>>>>>> 48fecfd (removed redundant stuff) lockPref("privacy.trackingprotection.enabled", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); lockPref("privacy.trackingprotection.socialtracking.enabled", false); @@ -190,6 +197,7 @@ lockPref("privacy.trackingprotection.cryptomining.enabled", false); lockPref("privacy.trackingprotection.fingerprinting.enabled", false); <<<<<<< HEAD <<<<<<< HEAD +<<<<<<< HEAD lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("urlclassifier.trackingTable", ""); lockPref("browser.contentblocking.database.enabled", false); @@ -212,35 +220,15 @@ lockPref("browser.contentblocking.report.vpn.enabled", false); ======= >>>>>>> 55c94dc (reorganized, revisited) lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); +======= +>>>>>>> 48fecfd (removed redundant stuff) lockPref("privacy.trackingprotection.annotate_channels", false); -lockPref("privacy.trackingprotection.lower_network_priority", false); -lockPref("privacy.trackingprotection.testing.report_blocked_node", false); -lockPref("telemetry.origin_telemetry_test_mode.enabled", false); lockPref("urlclassifier.trackingTable", ""); lockPref("browser.contentblocking.database.enabled", false); // remove urls lockPref("browser.contentblocking.reportBreakage.url", ""); lockPref("privacy.trackingprotection.introURL", ""); -lockPref("browser.contentblocking.report.cookie.url", ""); -lockPref("browser.contentblocking.report.cryptominer.url", ""); -lockPref("browser.contentblocking.report.endpoint_url", ""); -lockPref("browser.contentblocking.report.fingerprinter.url", ""); -lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); -lockPref("browser.contentblocking.report.manage_devices.url", ""); -lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); -lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); -lockPref("browser.contentblocking.report.monitor.home_page_url", ""); -lockPref("browser.contentblocking.report.monitor.preferences", ""); -lockPref("browser.contentblocking.report.monitor.url", ""); -lockPref("browser.contentblocking.report.proxy.enabled", false); -lockPref("browser.contentblocking.report.proxy_extension.url", ""); -lockPref("browser.contentblocking.report.social.url", ""); -lockPref("browser.contentblocking.report.tracker.url", ""); -lockPref("browser.contentblocking.report.vpn.url", ""); -lockPref("browser.contentblocking.report.vpn-promo.url", ""); -lockPref("browser.contentblocking.report.vpn-ios.url", ""); -lockPref("browser.contentblocking.report.vpn-android.url", ""); // hide ui elements lockPref("browser.contentblocking.cfr-milestone.enabled", false); @@ -300,9 +288,6 @@ lockPref("browser.search.update", false); ======= >>>>>>> 45bf63e (processed everything up to EOF) -// to check, probably useless -lockPref("signon.storeSignons", false); - // -------------------------------- // # SANITIZING, COOKIES AND HISTORY // -------------------------------- @@ -325,12 +310,10 @@ defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid // -------------------------------- defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); -lockPref("browser.urlbar.filter.javascript", true); lockPref("browser.urlbar.speculativeConnect.enabled", false); lockPref("browser.urlbar.trimURLs", false); lockPref("browser.search.suggest.enabled", false); lockPref("browser.search.region", "US"); -lockPref("browser.search.geoip.url", ""); lockPref("browser.fixup.alternate.enabled", false); lockPref("browser.urlbar.suggest.searches", false); lockPref("browser.search.update", false); @@ -345,24 +328,16 @@ defaultPref("network.cookie.thirdparty.sessionOnly", true); lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); // includes new cookie behavior that allows to stay logged with exceptions -defaultPref("privacy.clearOnShutdown.siteSettings", false); -defaultPref("privacy.clearOnShutdown.cache", true); defaultPref("privacy.clearOnShutdown.cookies", false); -defaultPref("privacy.clearOnShutdown.downloads", true); -defaultPref("privacy.clearOnShutdown.formdata", true); -defaultPref("privacy.clearOnShutdown.history", true); defaultPref("privacy.clearOnShutdown.offlineApps", false); -defaultPref("privacy.clearOnShutdown.sessions", true); -defaultPref("privacy.cpd.siteSettings", false); -defaultPref("privacy.cpd.downloads", true); -defaultPref("privacy.cpd.cache", true); defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid accidental logout -defaultPref("privacy.cpd.formdata", true); -defaultPref("privacy.cpd.history", true); defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout +<<<<<<< HEAD defaultPref("privacy.cpd.passwords", false); defaultPref("privacy.cpd.sessions", true); >>>>>>> a35eb4b (re-organized and reviewed) +======= +>>>>>>> 48fecfd (removed redundant stuff) defaultPref("privacy.sanitize.timeSpan", 0); defaultPref("browser.formfill.enable", false); @@ -409,19 +384,25 @@ defaultPref("extensions.formautofill.section.enabled", false); defaultPref("extensions.formautofill.available", "off"); defaultPref("extensions.formautofill.addresses.enabled", false); <<<<<<< HEAD +<<<<<<< HEAD ======= defaultPref("extensions.formautofill.addresses.capture.enabled", false); >>>>>>> a35eb4b (re-organized and reviewed) +======= +>>>>>>> 48fecfd (removed redundant stuff) defaultPref("extensions.formautofill.creditCards.enabled", false); defaultPref("extensions.formautofill.creditCards.available", false); defaultPref("extensions.formautofill.heuristics.enabled", false); lockPref("signon.autofillForms", false); <<<<<<< HEAD +<<<<<<< HEAD // ----------------------- // # DRM ======= lockPref("signon.autofillForms.http", false); +======= +>>>>>>> 48fecfd (removed redundant stuff) // ----------------------- // DRM @@ -634,8 +615,6 @@ lockPref("dom.push.connection.enabled", false); lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" lockPref("dom.push.userAgentID", ""); lockPref("dom.targetBlankNoOpener.enabled", true); -lockPref("dom.reporting.crash.enabled", false); -lockPref("dom.imagecapture.enabled", false); lockPref("dom.disable_window_move_resize", true); defaultPref("dom.serviceWorkers.enabled", false); defaultPref("dom.battery.enabled", false); @@ -670,14 +649,12 @@ lockPref("network.http.referer.XOriginTrimmingPolicy", 2); lockPref("network.http.referer.XOriginPolicy", 2); lockPref("network.http.referer.spoofSource", false); lockPref("network.http.referer.trimmingPolicy", 0); -// defaultPref("network.http.sendRefererHeader", 1); // -------------------------------- // PROXY // -------------------------------- defaultPref("network.proxy.autoconfig_url", ""); -defaultPref("network.proxy.autoconfig_url.include_path", false); defaultPref("network.proxy.socks_remote_dns", true); defaultPref("network.proxy.socks_version", 5); @@ -703,7 +680,6 @@ lockPref("browser.ssl_override_behavior", 1); lockPref("security.tls.enable_0rtt_data", false); lockPref("security.tls.version.enable-deprecated", false); lockPref("security.tls.version.fallback-limit", 3); -lockPref("security.tls.version.min", 3); lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos lockPref("security.insecure_field_warning.contextual.enabled", true); @@ -722,7 +698,6 @@ lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing // LANGUAGE AND REGION // -------------------------------------- -// defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale lockPref("javascript.use_us_english_locale", true); lockPref("intl.regional_prefs.use_os_locales", false); defaultPref("intl.locale.requested", "en-US"); @@ -915,6 +890,10 @@ lockPref("extensions.systemAddon.update.url", ""); lockPref("extensions.systemAddon.update.enabled", false); lockPref("xpinstall.signatures.devInfoURL", ""); +<<<<<<< HEAD +======= +lockPref("extensions.webapi.testing", false); // hidden prefs // default false +>>>>>>> 48fecfd (removed redundant stuff) lockPref("extensions.webservice.discoverURL", ""); lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); @@ -923,10 +902,13 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false); <<<<<<< HEAD ======= +<<<<<<< HEAD // to check defaultPref("xpinstall.signatures.required", true); >>>>>>> 0267245 (added some new prefs from arkenfox) +======= +>>>>>>> 48fecfd (removed redundant stuff) // ------------------------------------------------------- // # NORMANDY // ------------------------------------------------------- @@ -1364,7 +1346,7 @@ lockPref("canvas.capturestream.enabled", false); lockPref("network.IDN_show_punycode", true); lockPref("security.fileuri.strict_origin_policy", true); -// pocket +// pocket, to check if we can remove lockPref("extensions.pocket.enabled", false); lockPref("extensions.pocket.site", ""); lockPref("extensions.pocket.oAuthConsumerKey", ""); @@ -1373,7 +1355,6 @@ lockPref("extensions.pocket.api", ""); // pdf reader defaultPref("pdfjs.disabled", false); defaultPref("pdfjs.enableScripting", false); -defaultPref("pdfjs.enableWebGL", false); defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); defaultPref("pdfjs.enabledCache.state", false); @@ -1468,10 +1449,6 @@ lockPref("browser.cache.offline.storage.enable", false); lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] lockPref("media.memory_cache_max_size", 16384); -// apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable -// should be checked -// lockPref("browser.cache.offline.enable", false); - // -------------------------------- // WEBGL AND PERFORMANCE // -------------------------------- @@ -1539,7 +1516,6 @@ lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browse // -------------------------------- lockPref("network.predictor.enabled", false); -lockPref("network.predictor.enable-prefetch", false); lockPref("network.prefetch-next", false); lockPref("network.http.speculative-parallel-limit", 0); @@ -2055,6 +2031,7 @@ lockPref("app.update.service.enabled", false); lockPref("toolkit.winRegisterApplicationRestart", false); // disable Windows 8.1 Family Safety cert [WINDOWS] +<<<<<<< HEAD lockPref("security.family_safety.mode", 0); // -------------------------------- @@ -2212,3 +2189,6 @@ if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { ======= // 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E >>>>>>> 45bf63e (processed everything up to EOF) +======= +lockPref("security.family_safety.mode", 0); +>>>>>>> 48fecfd (removed redundant stuff) From 6dff49453cd02dc912cc9983d980b6aaa3e34bf1 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 15:41:09 +0200 Subject: [PATCH 19/37] imrpoved referers and language settings --- Changelog.md | 26 +++++++++++++++++++------- librewolf.cfg | 10 ++++------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/Changelog.md b/Changelog.md index 6be563b..c45bf1f 100755 --- a/Changelog.md +++ b/Changelog.md @@ -594,6 +594,7 @@ lockPref("dom.reporting.crash.enabled", false); // default defaultPref("network.proxy.autoconfig_url.include_path", false); // default lockPref("security.tls.version.min", 3); // default <<<<<<< HEAD +<<<<<<< HEAD defaultPref("extensions.webextensions.background-delayed-startup", true); //default defaultPref("xpinstall.signatures.required", true); // default lockPref("app.normandy.dev_mode", false); // default @@ -1010,14 +1011,25 @@ defaultPref("layers.acceleration.force-enabled", true); // out of scope, not wor >>>>>>> 5b1fc33 (removed some more) ======= defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale +======= +>>>>>>> 7732277 (imrpoved referers and language settings) defaultPref("extensions.webextensions.background-delayed-startup", true); //default -lockPref("xpinstall.whitelist.required", true); // default defaultPref("xpinstall.signatures.required", true); // default lockPref("app.normandy.dev_mode", false); // default defaultPref("pdfjs.enableWebGL", false); // default -// lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable +lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable lockPref("network.predictor.enable-prefetch", false); // default +<<<<<<< HEAD >>>>>>> 48fecfd (removed redundant stuff) +======= +lockPref("intl.regional_prefs.use_os_locales", false); // default +defaultPref("intl.locale.requested", "en-US"); // conflicting +defaultPref("privacy.spoof_english", 2); // automatically handled by RFP and other lang prefs +lockPref("network.http.referer.trimmingPolicy", 0); // default +lockPref("network.http.referer.spoofSource", false); // default +defaultPref("network.http.referer.defaultPolicy", 2); // default +defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default +>>>>>>> 7732277 (imrpoved referers and language settings) ``` #### Unlocked @@ -1183,6 +1195,7 @@ defaultPref("network.cookie.cookieBehavior", 1); >>>>>>> a35eb4b (re-organized and reviewed) ======= +<<<<<<< HEAD ======= >>>>>>> 48fecfd (removed redundant stuff) // should we consider disabling WebAssembly ? @@ -1194,18 +1207,17 @@ defaultPref("xpinstall.signatures.required", true); // How much should we lock? // How much should we care bout URLs? +======= +>>>>>>> 7732277 (imrpoved referers and language settings) Other points: -// DRM - should we make it even easier? check update connections +// How much should we lock? +// DRM - should we make it even easier? // COOKIES - now using dFPI -// TESTING - untouched, except two entries already addressed -// MISC - check if fxaccounts need their pref -// SYNC - does it need to exist given that fxaccounts are off? // SB - make re-enabling easier, test connections for arkenfox: dom.security.https_only_mode_send_http_background_request -> DISCUSS dom.storage.next_gen -> DISCUSS -javascript.options.wasm -> DISCUSS security.pki.crlite_mode -> DISCUSS security.remote_settings.crlite_filters.enabled -> DISCUSS ``` diff --git a/librewolf.cfg b/librewolf.cfg index 40f42a8..d4664aa 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -643,12 +643,8 @@ lockPref("permissions.manager.defaultsUrl", ""); // REFERERS // -------------------------------- -defaultPref("network.http.referer.defaultPolicy", 2); -defaultPref("network.http.referer.defaultPolicy.pbmode", 2); lockPref("network.http.referer.XOriginTrimmingPolicy", 2); lockPref("network.http.referer.XOriginPolicy", 2); -lockPref("network.http.referer.spoofSource", false); -lockPref("network.http.referer.trimmingPolicy", 0); // -------------------------------- // PROXY @@ -699,8 +695,6 @@ lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing // -------------------------------------- lockPref("javascript.use_us_english_locale", true); -lockPref("intl.regional_prefs.use_os_locales", false); -defaultPref("intl.locale.requested", "en-US"); defaultPref("intl.accept_languages", "en-US, en"); // -------------------------------------- @@ -900,7 +894,11 @@ lockPref("extensions.screenshots.upload-disabled", true); lockPref("lightweightThemes.getMoreURL", ""); defaultPref("extensions.postDownloadThirdPartyPrompt", false); <<<<<<< HEAD +<<<<<<< HEAD ======= +======= +lockPref("xpinstall.whitelist.required", true); // default +>>>>>>> 7732277 (imrpoved referers and language settings) <<<<<<< HEAD // to check From 6cab042770ef1c4da209e346b78f5fd5953313df Mon Sep 17 00:00:00 2001 From: fxbrit Date: Mon, 3 May 2021 23:52:19 +0200 Subject: [PATCH 20/37] fixed lang fp, relaxed xorigin --- Changelog.md | 20 ++++++++++++++++++++ librewolf.cfg | 10 ++++++---- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/Changelog.md b/Changelog.md index c45bf1f..530e6a4 100755 --- a/Changelog.md +++ b/Changelog.md @@ -4,6 +4,7 @@ Previously missing, now added ``` defaultPref("pdfjs.enableScripting", false); <<<<<<< HEAD +<<<<<<< HEAD lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway ======= lockPref("privacy.trackingprotection.testing.report_blocked_node", false); @@ -21,6 +22,8 @@ lockPref("browser.contentblocking.category", "custom"); ======= ======= >>>>>>> 48fecfd (removed redundant stuff) +======= +>>>>>>> 269747e (fixed lang fp, relaxed xorigin) lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway >>>>>>> a35eb4b (re-organized and reviewed) lockPref("browser.contentblocking.cfr-milestone.enabled", false); @@ -42,6 +45,7 @@ lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); <<<<<<< HEAD +<<<<<<< HEAD lockPref("app.normandy.dev_mode", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); @@ -56,6 +60,8 @@ defaultPref("network.auth.subresource-http-auth-allow", 1); defaultPref("browser.display.use_system_colors", false); ======= defaultPref("intl.accept_languages", "en-US, en"); +======= +>>>>>>> 269747e (fixed lang fp, relaxed xorigin) lockPref("app.normandy.dev_mode", false); <<<<<<< HEAD lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); @@ -106,9 +112,12 @@ Updated some present prefs to better one ``` defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 <<<<<<< HEAD +<<<<<<< HEAD ======= defaultPref("network.http.referer.defaultPolicy", 2); // Previously set to 3 >>>>>>> c16522a (added re-enabling guides) +======= +>>>>>>> 269747e (fixed lang fp, relaxed xorigin) lockPref("browser.cache.offline.storage.enable", false); // Previously browser.cache.offline.insecure.enable lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // Previously set to 0 lockPref("network.http.referer.XOriginPolicy", 0); // Previously set to 1 @@ -123,6 +132,7 @@ defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media lockPref("devtools.performance.recording.ui-base-url", ""); // Previously redirected to localhost ======= lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 +<<<<<<< HEAD >>>>>>> 45bf63e (processed everything up to EOF) lockPref("services.settings.security.onecrl.signer", ""); // Previously services.blocklist.onecrl.signer lockPref("browser.contentblocking.report.lockwise.howitworks.url", ""); @@ -137,6 +147,9 @@ defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.e #### Removed ======= lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // services.sync.prefs.sync.browser.contentblocking.enabled +======= +defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed +>>>>>>> 269747e (fixed lang fp, relaxed xorigin) ``` #### Removed @@ -601,6 +614,7 @@ lockPref("app.normandy.dev_mode", false); // default defaultPref("pdfjs.enableWebGL", false); // default lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable lockPref("network.predictor.enable-prefetch", false); // default +<<<<<<< HEAD lockPref("network.http.referer.spoofSource", false); // default defaultPref("network.http.referer.defaultPolicy", 2); // default defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default @@ -1025,11 +1039,17 @@ lockPref("network.predictor.enable-prefetch", false); // default lockPref("intl.regional_prefs.use_os_locales", false); // default defaultPref("intl.locale.requested", "en-US"); // conflicting defaultPref("privacy.spoof_english", 2); // automatically handled by RFP and other lang prefs +======= +>>>>>>> 269747e (fixed lang fp, relaxed xorigin) lockPref("network.http.referer.trimmingPolicy", 0); // default lockPref("network.http.referer.spoofSource", false); // default defaultPref("network.http.referer.defaultPolicy", 2); // default defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default +<<<<<<< HEAD >>>>>>> 7732277 (imrpoved referers and language settings) +======= +defaultPref("layout.spellcheckDefault", 2); // why? +>>>>>>> 269747e (fixed lang fp, relaxed xorigin) ``` #### Unlocked diff --git a/librewolf.cfg b/librewolf.cfg index d4664aa..87cadb2 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -624,6 +624,7 @@ defaultPref("dom.event.clipboardevents.enabled", false); defaultPref("dom.webaudio.enabled", false); lockPref("dom.vr.enabled", false); lockPref("dom.vibrator.enabled", false); +defaultPref("dom.storage.next_gen", true); <<<<<<< HEAD // lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated @@ -644,7 +645,7 @@ lockPref("permissions.manager.defaultsUrl", ""); // -------------------------------- lockPref("network.http.referer.XOriginTrimmingPolicy", 2); -lockPref("network.http.referer.XOriginPolicy", 2); +lockPref("network.http.referer.XOriginPolicy", 0); // -------------------------------- // PROXY @@ -694,8 +695,10 @@ lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing // LANGUAGE AND REGION // -------------------------------------- -lockPref("javascript.use_us_english_locale", true); -defaultPref("intl.accept_languages", "en-US, en"); +defaultPref("javascript.use_us_english_locale", true); +defaultPref("intl.locale.requested", "en-US"); +defaultPref("privacy.spoof_english", 2); +defaultPref("intl.regional_prefs.use_os_locales", false); // -------------------------------------- // USER AGENT AND IDENTITY @@ -1368,7 +1371,6 @@ defaultPref("startup.homepage_welcome_url", "about:blank"); defaultPref("startup.homepage_welcome_url.additional", ""); lockPref("browser.startup.homepage_override.mstone", "ignore"); defaultPref("privacy.userContext.enabled", true); -defaultPref("layout.spellcheckDefault", 2); defaultPref("general.autoScroll", false); defaultPref("clipboard.autocopy", false); defaultPref("browser.tabs.loadBookmarksInTabs", true); From 845d2bcf11c27ad34b9532f1ac46a3c31754abdd Mon Sep 17 00:00:00 2001 From: fxbrit Date: Tue, 4 May 2021 12:30:45 +0200 Subject: [PATCH 21/37] moved overrides to bottom --- librewolf.cfg | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/librewolf.cfg b/librewolf.cfg index 87cadb2..be38396 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -143,6 +143,7 @@ lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); // ----------------------------------- <<<<<<< HEAD +<<<<<<< HEAD // TRACKING PROTECTION >>>>>>> a35eb4b (re-organized and reviewed) ======= @@ -177,6 +178,8 @@ if (home_directory) { } // ----------------------------------- +======= +>>>>>>> 344e1e8 (moved overrides to bottom) // TRACKING PROTECTION // ----------------------------------- @@ -2173,15 +2176,21 @@ lockPref("toolkit.winRegisterApplicationRestart", false); // disable Windows 8.1 Family Safety cert [WINDOWS] lockPref("security.family_safety.mode", 0); +<<<<<<< HEAD // Windows only? lockPref("default-browser-agent.enabled", false); // ----------------------------------- // # OVERRIDES +======= +// ----------------------------------- +// OVERRIDES +>>>>>>> 344e1e8 (moved overrides to bottom) // ----------------------------------- // allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` // or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). +<<<<<<< HEAD let profile_directory; if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); @@ -2192,3 +2201,10 @@ if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { ======= lockPref("security.family_safety.mode", 0); >>>>>>> 48fecfd (removed redundant stuff) +======= +// not yet verified to work on Windows and MacOS releases +let home_directory = getenv("HOME"); +if (home_directory) { + pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); +} +>>>>>>> 344e1e8 (moved overrides to bottom) From 953610322c4d3a2680b28054c6f2f41fe2da3ba5 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Tue, 4 May 2021 14:29:01 +0200 Subject: [PATCH 22/37] updated overrides to work with Win --- librewolf.cfg | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/librewolf.cfg b/librewolf.cfg index be38396..1298995 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -2191,6 +2191,7 @@ lockPref("default-browser-agent.enabled", false); // allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` // or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). <<<<<<< HEAD +<<<<<<< HEAD let profile_directory; if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); @@ -2206,5 +2207,11 @@ lockPref("security.family_safety.mode", 0); let home_directory = getenv("HOME"); if (home_directory) { pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); +======= +// expected to work on both Windows and MacOS +let profile_directory; +if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { + pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); +>>>>>>> 0f5c3d5 (updated overrides to work with Win) } >>>>>>> 344e1e8 (moved overrides to bottom) From 73828458496a7910c07a75cb2e54449915af7633 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Tue, 4 May 2021 19:22:43 +0200 Subject: [PATCH 23/37] removed overrides for spoofing --- Changelog.md | 11 +++++++++++ librewolf.cfg | 4 +++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 530e6a4..6530d64 100755 --- a/Changelog.md +++ b/Changelog.md @@ -1049,7 +1049,18 @@ defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default >>>>>>> 7732277 (imrpoved referers and language settings) ======= defaultPref("layout.spellcheckDefault", 2); // why? +<<<<<<< HEAD >>>>>>> 269747e (fixed lang fp, relaxed xorigin) +======= +lockPref("privacy.trackingprotection.introURL", ""); // Deprecated +defaultPref("general.appname.override", "Netscape"); // no benefit over RFP +defaultPref("general.appversion.override", "5.0 (Windows)"); // no benefit over RFP, and it doesn't spoof +defaultPref("general.platform.override", "Win32"); // no benefit over RFP, and it doesn't spoof +defaultPref("general.oscpu.override", "Windows NT 6.1"); // no benefit over RFP, and it doesn't spoof +lockPref("general.buildID.override", "20100101"); // no benefit over RFP +lockPref("browser.startup.homepage_override.buildID", "20100101"); // no benefit over RFP +defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // no benefit over RFP and without may increase FP +>>>>>>> 934010b (removed overrides for spoofing) ``` #### Unlocked diff --git a/librewolf.cfg b/librewolf.cfg index 1298995..2ae39f6 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -231,7 +231,6 @@ lockPref("browser.contentblocking.database.enabled", false); // remove urls lockPref("browser.contentblocking.reportBreakage.url", ""); -lockPref("privacy.trackingprotection.introURL", ""); // hide ui elements lockPref("browser.contentblocking.cfr-milestone.enabled", false); @@ -703,6 +702,7 @@ defaultPref("intl.locale.requested", "en-US"); defaultPref("privacy.spoof_english", 2); defaultPref("intl.regional_prefs.use_os_locales", false); +<<<<<<< HEAD // -------------------------------------- // USER AGENT AND IDENTITY // -------------------------------------- @@ -833,6 +833,8 @@ defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allo lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" ======= +======= +>>>>>>> 934010b (removed overrides for spoofing) // ------------------------------------------------------- // EXTENSIONS - check readme section "Extensions Firewall" // ------------------------------------------------------- From 042040ac1d77eae40450b99f4097e90c8cb02a51 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Tue, 4 May 2021 19:24:52 +0200 Subject: [PATCH 24/37] add tags for .md rendering --- librewolf.cfg | 88 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 71 insertions(+), 17 deletions(-) diff --git a/librewolf.cfg b/librewolf.cfg index 2ae39f6..f69dfef 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -178,9 +178,13 @@ if (home_directory) { } // ----------------------------------- +<<<<<<< HEAD ======= >>>>>>> 344e1e8 (moved overrides to bottom) // TRACKING PROTECTION +======= +// # TRACKING PROTECTION +>>>>>>> 01804b5 (add tags for .md rendering) // ----------------------------------- <<<<<<< HEAD @@ -321,7 +325,7 @@ lockPref("browser.urlbar.suggest.searches", false); lockPref("browser.search.update", false); // -------------------------------- -// SANITIZING, COOKIES AND HISTORY +// # SANITIZING, COOKIES AND HISTORY // -------------------------------- defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 @@ -367,8 +371,12 @@ defaultPref("layout.css.notify-of-unvisited", false); ======= >>>>>>> 7887469 (reviewed and reorganized up to extensions) // -------------------------------------------------------------------- +<<<<<<< HEAD // SESSIONS >>>>>>> a35eb4b (re-organized and reviewed) +======= +// # SESSIONS +>>>>>>> 01804b5 (add tags for .md rendering) // -------------------------------------------------------------------- lockPref("browser.sessionstore.privacy_level", 2); @@ -376,10 +384,14 @@ lockPref("browser.sessionstore.interval", 60000); // --------------------------------- <<<<<<< HEAD +<<<<<<< HEAD // # AUTOFILL ======= // AUTOFILL >>>>>>> a35eb4b (re-organized and reviewed) +======= +// # AUTOFILL +>>>>>>> 01804b5 (add tags for .md rendering) // --------------------------------- defaultPref("extensions.formautofill.section.enabled", false); @@ -407,8 +419,12 @@ lockPref("signon.autofillForms.http", false); >>>>>>> 48fecfd (removed redundant stuff) // ----------------------- +<<<<<<< HEAD // DRM >>>>>>> a35eb4b (re-organized and reviewed) +======= +// # DRM +>>>>>>> 01804b5 (add tags for .md rendering) // ----------------------- // includes new DRM implementation for easily re-enabling it @@ -442,11 +458,15 @@ defaultPref("media.gmp-gmpopenh264.enabled", false); // ---------------------- <<<<<<< HEAD +<<<<<<< HEAD // WebRTC >>>>>>> a35eb4b (re-organized and reviewed) ======= // WEBRTC >>>>>>> 55c94dc (reorganized, revisited) +======= +// # WEBRTC +>>>>>>> 01804b5 (add tags for .md rendering) // ---------------------- defaultPref("media.navigator.enabled", false); @@ -480,10 +500,14 @@ defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // ---------------------- <<<<<<< HEAD +<<<<<<< HEAD // # SHARING ======= // SHARING >>>>>>> 7887469 (reviewed and reorganized up to extensions) +======= +// # SHARING +>>>>>>> 01804b5 (add tags for .md rendering) // ---------------------- defaultPref("media.getusermedia.browser.enabled", false); @@ -492,10 +516,14 @@ defaultPref("media.getusermedia.audiocapture.enabled", false); // ---------------------------- <<<<<<< HEAD +<<<<<<< HEAD // # DNS ======= // DNS >>>>>>> a35eb4b (re-organized and reviewed) +======= +// # DNS +>>>>>>> 01804b5 (add tags for .md rendering) // ---------------------------- lockPref("network.trr.mode", 5); @@ -507,10 +535,14 @@ lockPref("network.dns.disablePrefetch", true); // ------------------------------------ <<<<<<< HEAD +<<<<<<< HEAD // # NEW TAB PAGE ======= // NEW TAB PAGE >>>>>>> a35eb4b (re-organized and reviewed) +======= +// # NEW TAB PAGE +>>>>>>> 01804b5 (add tags for .md rendering) // ------------------------------------ lockPref("browser.newtab.preload", false); @@ -591,8 +623,12 @@ lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcut lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // ------------------------------------------- +<<<<<<< HEAD // DO NOT TRACK >>>>>>> a35eb4b (re-organized and reviewed) +======= +// # DO NOT TRACK +>>>>>>> 01804b5 (add tags for .md rendering) // ------------------------------------------- // Unlocked as some think it increases fingerprint, they can now disable it @@ -600,10 +636,14 @@ defaultPref("privacy.donottrackheader.enabled", true); // -------------------------------- <<<<<<< HEAD +<<<<<<< HEAD // # DOM ======= // DOM >>>>>>> a35eb4b (re-organized and reviewed) +======= +// # DOM +>>>>>>> 01804b5 (add tags for .md rendering) // -------------------------------- lockPref("dom.disable_beforeunload", true); @@ -635,7 +675,7 @@ defaultPref("dom.storage.next_gen", true); ======= >>>>>>> 7887469 (reviewed and reorganized up to extensions) // -------------------------------- -// PERMISSIONS +// # PERMISSIONS // -------------------------------- lockPref("permissions.delegation.enabled", false); @@ -643,14 +683,14 @@ defaultPref("permissions.default.geo", 2); // unlocked as some think it increase lockPref("permissions.manager.defaultsUrl", ""); // -------------------------------- -// REFERERS +// # REFERERS // -------------------------------- lockPref("network.http.referer.XOriginTrimmingPolicy", 2); lockPref("network.http.referer.XOriginPolicy", 0); // -------------------------------- -// PROXY +// # PROXY // -------------------------------- defaultPref("network.proxy.autoconfig_url", ""); @@ -658,7 +698,7 @@ defaultPref("network.proxy.socks_remote_dns", true); defaultPref("network.proxy.socks_version", 5); // -------------------------------------- -// HTTP(S) +// # HTTP(S) // -------------------------------------- lockPref("network.http.altsvc.enabled", false); @@ -669,7 +709,7 @@ lockPref("network.http.redirection-limit", 10); defaultPref("network.auth.subresource-http-auth-allow", 1); // -------------------------------------- -// TLS +// # TLS // -------------------------------------- defaultPref("security.ssl.require_safe_negotiation", true); @@ -686,7 +726,7 @@ lockPref("security.insecure_field_warning.contextual.enabled", true); lockPref("network.stricttransportsecurity.preloadlist", false); // -------------------------------------- -// RFP +// # RFP // -------------------------------------- defaultPref("privacy.resistFingerprinting", true); @@ -694,7 +734,7 @@ defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing // -------------------------------------- -// LANGUAGE AND REGION +// # LANGUAGE AND REGION // -------------------------------------- defaultPref("javascript.use_us_english_locale", true); @@ -836,7 +876,7 @@ lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect ba ======= >>>>>>> 934010b (removed overrides for spoofing) // ------------------------------------------------------- -// EXTENSIONS - check readme section "Extensions Firewall" +// # EXTENSIONS - check readme section "Extensions Firewall" // ------------------------------------------------------- // handle default restricted domains @@ -990,12 +1030,18 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // enable Content Security Policy (CSP) lockPref("security.csp.enable", true); +<<<<<<< HEAD ======= >>>>>>> 45bf63e (processed everything up to EOF) // set extensions scopes lockPref("extensions.enabledScopes", 5); lockPref("extensions.autoDisableScopes", 11); >>>>>>> 55c94dc (reorganized, revisited) +======= +// ------------------------------------------------------- +// # SAFE BROWSING +// ------------------------------------------------------- +>>>>>>> 01804b5 (add tags for .md rendering) // Relevant for addons and lang packs search defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% @@ -1177,6 +1223,7 @@ lockPref("browser.safebrowsing.reportPhishURL", ""); // -------------------------------- <<<<<<< HEAD <<<<<<< HEAD +<<<<<<< HEAD // # FONTS // -------------------------------- @@ -1327,13 +1374,16 @@ lockPref("javascript.options.shared_memory", false); ======= // FONTS >>>>>>> 8b7a898 (updated and started editing external protocols) +======= +// # FONTS +>>>>>>> 01804b5 (add tags for .md rendering) // -------------------------------- lockPref("gfx.font_rendering.graphite.enabled", false); lockPref("gfx.font_rendering.opentype_svg.enabled", false); // -------------------------------- -// MISC +// # MISC // -------------------------------- // more important stuff @@ -1447,7 +1497,7 @@ lockPref("datareporting.policy.firstRunURL", ""); lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); // -------------------------------- -// CACHE +// # CACHE // -------------------------------- lockPref("browser.cache.offline.storage.enable", false); @@ -1455,14 +1505,14 @@ lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] lockPref("media.memory_cache_max_size", 16384); // -------------------------------- -// WEBGL AND PERFORMANCE +// # WEBGL AND PERFORMANCE // -------------------------------- lockPref("webgl.enable-webgl2", false); lockPref("webgl.disable-fail-if-major-performance-caveat", true); // -------------------------------- -// JS +// # JS // -------------------------------- // should we consider disabling WebAssembly ? @@ -1474,7 +1524,7 @@ lockPref("webgl.disable-fail-if-major-performance-caveat", true); lockPref("javascript.options.shared_memory", false); // -------------------------------- -// GEO +// # GEO // -------------------------------- >>>>>>> 55c94dc (reorganized, revisited) @@ -1517,7 +1567,7 @@ lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browse ======= // -------------------------------- -// PREFETCHING +// # PREFETCHING // -------------------------------- lockPref("network.predictor.enabled", false); @@ -1525,7 +1575,7 @@ lockPref("network.prefetch-next", false); lockPref("network.http.speculative-parallel-limit", 0); // -------------------------------- -// OUTGOING CONNECTIONS +// # OUTGOING CONNECTIONS // -------------------------------- <<<<<<< HEAD @@ -1738,7 +1788,7 @@ lockPref("network.captive-portal-service.enabled", false); lockPref("captivedetect.canonicalURL", ""); // -------------------------------- -// WINDOWS +// # WINDOWS // -------------------------------- <<<<<<< HEAD @@ -2186,8 +2236,12 @@ lockPref("default-browser-agent.enabled", false); // # OVERRIDES ======= // ----------------------------------- +<<<<<<< HEAD // OVERRIDES >>>>>>> 344e1e8 (moved overrides to bottom) +======= +// # OVERRIDES +>>>>>>> 01804b5 (add tags for .md rendering) // ----------------------------------- // allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` From 7889fa9ce7fff83a0b07ff5a57a7e90c883dd619 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Tue, 4 May 2021 22:45:33 +0200 Subject: [PATCH 25/37] updated changelog --- Changelog.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 6530d64..3100ba1 100755 --- a/Changelog.md +++ b/Changelog.md @@ -1178,6 +1178,7 @@ dom.webaudio.enabled = true screensharing `media.getusermedia.screensharing.enabled = true` #### Enable addons search ``` +<<<<<<< HEAD extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" ``` #### Enable addons manual updates @@ -1203,6 +1204,8 @@ defaultPref("general.oscpu.override", "Windows NT 6.1"); lockPref("general.buildID.override", "20100101"); lockPref("browser.startup.homepage_override.buildID", "20100101"); >>>>>>> 653a6ed (knocked out some more prefs) +======= +>>>>>>> e7ed7c4 (updated changelog) <<<<<<< HEAD <<<<<<< HEAD @@ -1246,7 +1249,7 @@ Other points: // COOKIES - now using dFPI // SB - make re-enabling easier, test connections -for arkenfox: +from arkenfox: dom.security.https_only_mode_send_http_background_request -> DISCUSS dom.storage.next_gen -> DISCUSS security.pki.crlite_mode -> DISCUSS From 6f5190f26a8b3e9aaffcea905e129889b3ee5524 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Thu, 6 May 2021 01:49:02 +0200 Subject: [PATCH 26/37] more good stuff --- Changelog.md | 162 ++++++++++++++++++++++++++++++++++++++++++++++++++ librewolf.cfg | 55 +++++++++++------ 2 files changed, 200 insertions(+), 17 deletions(-) diff --git a/Changelog.md b/Changelog.md index 3100ba1..0065ffc 100755 --- a/Changelog.md +++ b/Changelog.md @@ -58,6 +58,7 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false); defaultPref("general.warnOnAboutConfig", false); defaultPref("network.auth.subresource-http-auth-allow", 1); defaultPref("browser.display.use_system_colors", false); +<<<<<<< HEAD ======= defaultPref("intl.accept_languages", "en-US, en"); ======= @@ -105,6 +106,8 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false); defaultPref("general.warnOnAboutConfig", false); defaultPref("network.auth.subresource-http-auth-allow", 1); >>>>>>> 0267245 (added some new prefs from arkenfox) +======= +>>>>>>> e7a5601 (more good stuff) ``` #### Modified @@ -128,6 +131,7 @@ defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cooki lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384); +<<<<<<< HEAD ======= lockPref("devtools.performance.recording.ui-base-url", ""); // Previously redirected to localhost ======= @@ -150,6 +154,8 @@ lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // ======= defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed >>>>>>> 269747e (fixed lang fp, relaxed xorigin) +======= +>>>>>>> e7a5601 (more good stuff) ``` #### Removed @@ -577,10 +583,14 @@ defaultPref("layers.acceleration.force-enabled", true); // out of scope, not wor lockPref("privacy.trackingprotection.testing.report_blocked_node", false); // default false and we have tracking protection disabled lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); // default false and we have tracking protection disabled <<<<<<< HEAD +<<<<<<< HEAD lockPref("privacy.trackingprotection.lower_network_priority", false); // default ======= lockPref("privacy.trackingprotection.lower_network_priority", false); // default false and we have tracking protection disabled >>>>>>> 48fecfd (removed redundant stuff) +======= +lockPref("privacy.trackingprotection.lower_network_priority", false); // default +>>>>>>> e7a5601 (more good stuff) lockPref("telemetry.origin_telemetry_test_mode.enabled", false); // default false and we have tracking protection disabled lockPref("signon.storeSignons", false); // Deprecated lockPref("browser.urlbar.filter.javascript", true); // default @@ -1060,6 +1070,7 @@ defaultPref("general.oscpu.override", "Windows NT 6.1"); // no benefit over RFP, lockPref("general.buildID.override", "20100101"); // no benefit over RFP lockPref("browser.startup.homepage_override.buildID", "20100101"); // no benefit over RFP defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // no benefit over RFP and without may increase FP +<<<<<<< HEAD >>>>>>> 934010b (removed overrides for spoofing) ``` @@ -1370,6 +1381,29 @@ dom.storage.next_gen -> DISCUSS javascript.options.wasm -> DISCUSS security.pki.crlite_mode -> DISCUSS security.remote_settings.crlite_filters.enabled -> DISCUSS +======= +lockPref("security.insecure_connection_icon.enabled", true); // Default +lockPref("security.insecure_connection_icon.pbmode.enabled", true); // Default +lockPref("browser.bookmarks.restore_default_bookmarks", false); // Default +lockPref("browser.contentblocking.cfr-milestone.enabled", false); // not needed with contenblocking disabled +lockPref("app.normandy.first_run", false); // default +lockPref("browser.send_pings", false); // default +lockPref("browser.send_pings.require_same_host", true); // default +defaultPref("browser.tabs.closeTabByDblclick", true); // why? +lockPref("devtools.debugger.force-local", true); // default +lockPref("gfx.offscreencanvas.enabled", false); // default +lockPref("media.webspeech.recognition.enable", false); // default +lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // default +lockPref("remote.force-local", true); // default +lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default +lockPref("security.fileuri.strict_origin_policy", true); // default +lockPref("security.insecure_field_warning.contextual.enabled", true); // default +defaultPref("security.remote_settings.intermediates.enabled", true); // default +lockPref("xpinstall.whitelist.required", true); // default +lockPref("browser.sessionhistory.max_entries", 20); // why? +lockPref("extensions.webapi.testing", false); // hidden but default false +lockPref("canvas.capturestream.enabled", false); // any real benefit? +>>>>>>> e7a5601 (more good stuff) ``` <<<<<<< HEAD >>>>>>> 0267245 (added some new prefs from arkenfox) @@ -1547,4 +1581,132 @@ lockPref("browser.contentblocking.report.vpn-ios.url", ""); lockPref("browser.contentblocking.report.vpn-android.url", ""); */ ``` +<<<<<<< HEAD >>>>>>> 48fecfd (removed redundant stuff) +======= + +#### Unlocked +Locked prefs that were unlocked, more should be unlocked probably +``` +lockPref("general.config.filename", "librewolf.cfg"); + +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("privacy.donottrackheader.enabled", true); + +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("permissions.default.geo", 2); + +defaultPref("extensions.getAddons.themes.browseURL", "") + +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); + +defaultPref("alerts.showFavicons", false); // default: false + +defaultPref("security.remote_settings.intermediates.enabled", true); + +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("dom.battery.enabled", false); + +defaultPref("browser.tabs.closeTabByDblclick", true); + +// Unlocked as known to cause breakage +defaultPref("dom.event.clipboardevents.enabled", false); + +// already default and no reason to lock it +lockPref("network.http.referer.trimmingPolicy", 0); + +defaultPref("extensions.blocklist.enabled", false); +defaultPref("extensions.blocklist.detailsURL", ""); +defaultPref("extensions.blocklist.itemURL", ""); + +// someone might want to have it on for security concerns +defaultPref("security.OCSP.enabled", 0); +defaultPref("security.OCSP.require", false); + +defaultPref("reader.parse-on-load.enabled", false); +``` + +#### Made default +Prefs that were user set and are now default +``` +defaultPref("signon.management.page.breach-alerts.enabled", false); +defaultPref("signon.management.page.breachAlertUrl", ""); +defaultPref("startup.homepage_override_url", "about:blank"); +defaultPref("startup.homepage_welcome_url", "about:blank"); +defaultPref("startup.homepage_welcome_url.additional", ""); +defaultPref("identity.sendtabpromo.url", ""); +``` +#### To discuss +Prefs that need to be addressed and potential roadmap +``` +Open points: +// How much should we lock? +// How in depth should we go with urls +// SB - make re-enabling easier, test connections +// GEO - review to allow easier re-enabling +// evaluate certificate handling (oscp, crlite, blocklist) + +missing from arkenfox in need of discussion: +security.pki.crlite_mode -> DISCUSS +security.remote_settings.crlite_filters.enabled -> DISCUSS +dom.security.https_only_mode_send_http_background_request -> DISCUSS +browser.download.useDownloadDir -> do we want to ask for download location each time? +``` + +#### Commented +Prefs that need to be addressed and that were disabled for now +``` +// all covered by previous prefs +// defaultPref("media.navigator.video.enabled", false); +// defaultPref("media.peerconnection.use_document_iceservers", false); +// defaultPref("media.peerconnection.identity.enabled", false); +// defaultPref("media.peerconnection.identity.timeout", 1); +// defaultPref("media.peerconnection.turn.disable", true); +// defaultPref("media.peerconnection.ice.tcp", false); +``` + +## How to... +#### Stay logged +Add website to exceptions before login, both http and https link +#### Enable DRM content +``` +media.eme.enabled = true +media.gmp-widevinecdm.visible = true +media.gmp-widevinecdm.enabled = true +media.gmp-provider.enabled = true +media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml +``` +#### Use video conferencing +``` +media.peerconnection.enabled = true +media.peerconnection.ice.no_host = true +dom.webaudio.enabled = true +``` +screensharing `media.getusermedia.screensharing.enabled = true` +#### Enable addons search +``` +extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" +``` +#### Enable addons manual updates +``` +extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= +%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= +%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= +%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= +%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" +``` +#### Enable OCSP certificate checking +``` +security.OCSP.enabled = 1 +``` +you probably also want `security.OCSP.require = true` + +#### Hardened setup +``` +defaultPref("javascript.options.asmjs", false); defaultPref("javascript.options.wasm", false); +defaultPref("webgl.disabled", true); +defaultPref("privacy.resistFingerprinting.letterboxing", true); +``` +>>>>>>> e7a5601 (more good stuff) diff --git a/librewolf.cfg b/librewolf.cfg index f69dfef..9092f96 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -187,6 +187,7 @@ if (home_directory) { >>>>>>> 01804b5 (add tags for .md rendering) // ----------------------------------- +<<<<<<< HEAD <<<<<<< HEAD <<<<<<< HEAD lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway @@ -197,6 +198,9 @@ defaultPref("browser.contentblocking.category", "custom"); // changing to other ======= defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI >>>>>>> 48fecfd (removed redundant stuff) +======= +defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more +>>>>>>> e7a5601 (more good stuff) lockPref("privacy.trackingprotection.enabled", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); lockPref("privacy.trackingprotection.socialtracking.enabled", false); @@ -237,7 +241,6 @@ lockPref("browser.contentblocking.database.enabled", false); lockPref("browser.contentblocking.reportBreakage.url", ""); // hide ui elements -lockPref("browser.contentblocking.cfr-milestone.enabled", false); lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); lockPref("browser.contentblocking.report.hide_vpn_banner", true); @@ -247,6 +250,7 @@ lockPref("browser.contentblocking.report.monitor.enabled", false); lockPref("browser.contentblocking.report.proxy.enabled", false); lockPref("browser.contentblocking.report.vpn.enabled", false); +<<<<<<< HEAD // Windows only? lockPref("default-browser-agent.enabled", false); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) @@ -257,6 +261,10 @@ lockPref("default-browser-agent.enabled", false); ======= // AUTOPLAY >>>>>>> a35eb4b (re-organized and reviewed) +======= +// ---------------------------------- +// # AUTOPLAY +>>>>>>> e7a5601 (more good stuff) // ---------------------------------- defaultPref("media.autoplay.default", 5); @@ -264,10 +272,14 @@ defaultPref("media.autoplay.blocking_policy", 2); // ----------------------------------------- <<<<<<< HEAD +<<<<<<< HEAD // # PASSWORD MANAGER ======= // PASSWORD MANAGER >>>>>>> a35eb4b (re-organized and reviewed) +======= +// # PASSWORD MANAGER +>>>>>>> e7a5601 (more good stuff) // ----------------------------------------- lockPref("signon.rememberSignons", false); @@ -295,6 +307,7 @@ lockPref("browser.search.update", false); >>>>>>> 45bf63e (processed everything up to EOF) // -------------------------------- +<<<<<<< HEAD // # SANITIZING, COOKIES AND HISTORY // -------------------------------- @@ -313,6 +326,9 @@ defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid ======= // SEARCH AND URLBAR >>>>>>> 653a6ed (knocked out some more prefs) +======= +// # SEARCH AND URLBAR +>>>>>>> e7a5601 (more good stuff) // -------------------------------- defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); @@ -350,7 +366,6 @@ defaultPref("browser.formfill.enable", false); defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("places.history.enabled", false); defaultPref("privacy.history.custom", true); -lockPref("browser.sessionhistory.max_entries", 20); <<<<<<< HEAD <<<<<<< HEAD @@ -720,7 +735,6 @@ lockPref("security.tls.enable_0rtt_data", false); lockPref("security.tls.version.enable-deprecated", false); lockPref("security.tls.version.fallback-limit", 3); lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos -lockPref("security.insecure_field_warning.contextual.enabled", true); // to check lockPref("network.stricttransportsecurity.preloadlist", false); @@ -933,9 +947,12 @@ lockPref("extensions.systemAddon.update.enabled", false); lockPref("xpinstall.signatures.devInfoURL", ""); <<<<<<< HEAD +<<<<<<< HEAD ======= lockPref("extensions.webapi.testing", false); // hidden prefs // default false >>>>>>> 48fecfd (removed redundant stuff) +======= +>>>>>>> e7a5601 (more good stuff) lockPref("extensions.webservice.discoverURL", ""); lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); @@ -943,10 +960,13 @@ lockPref("lightweightThemes.getMoreURL", ""); defaultPref("extensions.postDownloadThirdPartyPrompt", false); <<<<<<< HEAD <<<<<<< HEAD +<<<<<<< HEAD ======= ======= lockPref("xpinstall.whitelist.required", true); // default >>>>>>> 7732277 (imrpoved referers and language settings) +======= +>>>>>>> e7a5601 (more good stuff) <<<<<<< HEAD // to check @@ -1239,6 +1259,7 @@ lockPref("dom.ipc.plugins.reportCrashURL", false); lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); lockPref("plugin.state.flash", 0); +<<<<<<< HEAD // more important stuff lockPref("browser.shell.shortcutFavicons", false); defaultPref("alerts.showFavicons", false); @@ -1386,21 +1407,18 @@ lockPref("gfx.font_rendering.opentype_svg.enabled", false); // # MISC // -------------------------------- +======= +>>>>>>> e7a5601 (more good stuff) // more important stuff lockPref("browser.shell.shortcutFavicons", false); defaultPref("alerts.showFavicons", false); defaultPref("browser.link.open_newwindow", 3); defaultPref("browser.link.open_newwindow.restriction", 0); -lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); lockPref("network.file.disable_unc_paths", true); // (hidden pref) lockPref("network.gio.supported-protocols", ""); // (hidden pref) -lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); lockPref("plugin.default.state", 1); -lockPref("plugin.state.flash", 0); -lockPref("gfx.offscreencanvas.enabled", false); // default: false -lockPref("canvas.capturestream.enabled", false); lockPref("network.IDN_show_punycode", true); -lockPref("security.fileuri.strict_origin_policy", true); +defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP // pocket, to check if we can remove lockPref("extensions.pocket.enabled", false); @@ -1416,7 +1434,6 @@ defaultPref("pdfjs.enabledCache.state", false); // remote agent lockPref("remote.enabled", false); -lockPref("remote.force-local", true); // settings and behavior lockPref("browser.shell.checkDefaultBrowser", false); @@ -1434,14 +1451,11 @@ lockPref("accessibility.force_disabled", 1); lockPref("browser.uitour.enabled", false); lockPref("middlemouse.contentLoadURL", false); defaultPref("accessibility.typeaheadfind", false); -lockPref("browser.bookmarks.restore_default_bookmarks", false); -defaultPref("browser.tabs.closeTabByDblclick", true); -lockPref("media.webspeech.recognition.enable", false); lockPref("network.manage-offline-status", false); lockPref("browser.helperApps.deleteTempFileOnExit", true); lockPref("browser.pagethumbnails.capturing_disabled", true); lockPref("browser.bookmarks.max_backups", 2); -lockPref("reader.parse-on-load.enabled", false); +defaultPref("reader.parse-on-load.enabled", false); // devtools defaultPref("devtools.debugger.remote-enabled", false); @@ -1450,7 +1464,6 @@ lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555") lockPref("devtools.devices.url", ""); lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] -lockPref("devtools.debugger.force-local", true); defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-community/browser/linux/-/issues/80 // ui @@ -1479,7 +1492,6 @@ lockPref("accessibility.support.url", ""); lockPref("app.support.baseURL", ""); lockPref("browser.uitour.url", ""); lockPref("webchannel.allowObject.urlWhitelist", ""); -lockPref("browser.chrome.errorReporter.infoURL", ""); lockPref("browser.dictionaries.download.url", ""); lockPref("browser.geolocation.warning.infoURL", ""); lockPref("browser.search.searchEnginesURL", ""); @@ -1502,7 +1514,7 @@ lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); lockPref("browser.cache.offline.storage.enable", false); lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] -lockPref("media.memory_cache_max_size", 16384); +defaultPref("media.memory_cache_max_size", 65536); // -------------------------------- // # WEBGL AND PERFORMANCE @@ -1694,11 +1706,14 @@ lockPref("app.shield.optoutstudies.enabled", false); lockPref("beacon.enabled", false); lockPref("browser.ping-centre.telemetry", false); +<<<<<<< HEAD // ping lockPref("browser.send_pings", false); lockPref("browser.send_pings.require_same_host", true); >>>>>>> 8b7a898 (updated and started editing external protocols) +======= +>>>>>>> e7a5601 (more good stuff) // discovery lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); @@ -1777,6 +1792,7 @@ lockPref("browser.tabs.crashReporting.sendReport", false); lockPref("browser.crashReports.unsubmittedCheck.enabled", false); lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); <<<<<<< HEAD +<<<<<<< HEAD >>>>>>> 8b7a898 (updated and started editing external protocols) ======= lockPref("dom.ipc.plugins.reportCrashURL", false); @@ -1876,6 +1892,8 @@ lockPref("breakpad.reportURL", ""); lockPref("browser.tabs.crashReporting.sendReport", false); lockPref("browser.crashReports.unsubmittedCheck.enabled", false); lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); +======= +>>>>>>> e7a5601 (more good stuff) // captive portal lockPref("network.captive-portal-service.enabled", false); @@ -2229,6 +2247,9 @@ lockPref("toolkit.winRegisterApplicationRestart", false); lockPref("security.family_safety.mode", 0); <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> e7a5601 (more good stuff) // Windows only? lockPref("default-browser-agent.enabled", false); From dcca9f1d622ef079b164035a7764831bb89d9ee6 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Thu, 6 May 2021 01:59:06 +0200 Subject: [PATCH 27/37] updated changelog --- Changelog.md | 219 +++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 168 insertions(+), 51 deletions(-) diff --git a/Changelog.md b/Changelog.md index 0065ffc..080fa28 100755 --- a/Changelog.md +++ b/Changelog.md @@ -159,6 +159,7 @@ defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.e ``` #### Removed +<<<<<<< HEAD Lines that were commented and are now removed ``` // Librefox Compatibility Fix @@ -289,6 +290,8 @@ ALL OF Disabled - Deprecated Inactive ALL OF Disabled - Section OFF ``` >>>>>>> 55c94dc (reorganized, revisited) +======= +>>>>>>> 57702f8 (updated changelog) Active prefs that were removed ``` lockPref("network.cookie.same-site.enabled", true); // Deprecated @@ -625,6 +628,9 @@ defaultPref("pdfjs.enableWebGL", false); // default lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable lockPref("network.predictor.enable-prefetch", false); // default <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> 57702f8 (updated changelog) lockPref("network.http.referer.spoofSource", false); // default defaultPref("network.http.referer.defaultPolicy", 2); // default defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default @@ -658,8 +664,11 @@ lockPref("xpinstall.whitelist.required", true); // default lockPref("browser.sessionhistory.max_entries", 20); // why? lockPref("extensions.webapi.testing", false); // hidden but default false lockPref("canvas.capturestream.enabled", false); // any real benefit? +<<<<<<< HEAD lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup +======= +>>>>>>> 57702f8 (updated changelog) // fxaccounts is disabled in policies lockPref("identity.fxaccounts.enabled", false); @@ -669,6 +678,7 @@ lockPref("identity.fxaccounts.commands.enabled", false); lockPref("identity.fxaccounts.remote.oauth.uri", ""); lockPref("identity.fxaccounts.remote.profile.uri", ""); lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); +<<<<<<< HEAD ======= ======= defaultPref("accessibility.typeaheadfind", false); // Already default @@ -688,6 +698,9 @@ Active prefs that were commented in order to address them before removing them >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) <<<<<<< HEAD +======= + +>>>>>>> 57702f8 (updated changelog) // all handled by lockPref("services.settings.server", "") lockPref("services.blocklist.addons.collection", ""); lockPref("services.blocklist.plugins.collection", ""); @@ -812,6 +825,7 @@ lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false) lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); lockPref("services.sync.tabs.lastSync", "0"); +<<<<<<< HEAD ======= // redudant with RFP and javascript.use_us_english_locale // defaultPref("privacy.spoof_english", 2); @@ -1558,8 +1572,10 @@ lockPref("services.sync.tabs.lastSync", "0"); ``` >>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) ======= +======= +>>>>>>> 57702f8 (updated changelog) -/* +// useless as ui elements are not in the report page lockPref("browser.contentblocking.report.cookie.url", ""); lockPref("browser.contentblocking.report.cryptominer.url", ""); lockPref("browser.contentblocking.report.endpoint_url", ""); @@ -1579,7 +1595,17 @@ lockPref("browser.contentblocking.report.vpn.url", ""); lockPref("browser.contentblocking.report.vpn-promo.url", ""); lockPref("browser.contentblocking.report.vpn-ios.url", ""); lockPref("browser.contentblocking.report.vpn-android.url", ""); -*/ +``` +#### Commented +Prefs that need to be addressed and that were disabled for now +``` +// all covered by previous prefs +// defaultPref("media.navigator.video.enabled", false); +// defaultPref("media.peerconnection.use_document_iceservers", false); +// defaultPref("media.peerconnection.identity.enabled", false); +// defaultPref("media.peerconnection.identity.timeout", 1); +// defaultPref("media.peerconnection.turn.disable", true); +// defaultPref("media.peerconnection.ice.tcp", false); ``` <<<<<<< HEAD >>>>>>> 48fecfd (removed redundant stuff) @@ -1588,56 +1614,25 @@ lockPref("browser.contentblocking.report.vpn-android.url", ""); #### Unlocked Locked prefs that were unlocked, more should be unlocked probably ``` -lockPref("general.config.filename", "librewolf.cfg"); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("privacy.donottrackheader.enabled", true); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("permissions.default.geo", 2); - +defaultPref("general.config.filename", "librewolf.cfg"); +defaultPref("privacy.donottrackheader.enabled", true); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("permissions.default.geo", 2); // Unlocked as some think it increases fingerprint, they can now disable it defaultPref("extensions.getAddons.themes.browseURL", "") - defaultPref("pdfjs.enableWebGL", false); defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); defaultPref("pdfjs.enabledCache.state", false); - defaultPref("alerts.showFavicons", false); // default: false - defaultPref("security.remote_settings.intermediates.enabled", true); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("dom.battery.enabled", false); - -defaultPref("browser.tabs.closeTabByDblclick", true); - -// Unlocked as known to cause breakage -defaultPref("dom.event.clipboardevents.enabled", false); - -// already default and no reason to lock it -lockPref("network.http.referer.trimmingPolicy", 0); - +defaultPref("dom.battery.enabled", false); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("dom.event.clipboardevents.enabled", false); // Unlocked as known to cause breakage defaultPref("extensions.blocklist.enabled", false); defaultPref("extensions.blocklist.detailsURL", ""); defaultPref("extensions.blocklist.itemURL", ""); - -// someone might want to have it on for security concerns -defaultPref("security.OCSP.enabled", 0); +defaultPref("security.OCSP.enabled", 0); // someone might want to have it on for security concerns defaultPref("security.OCSP.require", false); - defaultPref("reader.parse-on-load.enabled", false); ``` -#### Made default -Prefs that were user set and are now default -``` -defaultPref("signon.management.page.breach-alerts.enabled", false); -defaultPref("signon.management.page.breachAlertUrl", ""); -defaultPref("startup.homepage_override_url", "about:blank"); -defaultPref("startup.homepage_welcome_url", "about:blank"); -defaultPref("startup.homepage_welcome_url.additional", ""); -defaultPref("identity.sendtabpromo.url", ""); -``` #### To discuss Prefs that need to be addressed and potential roadmap ``` @@ -1655,18 +1650,6 @@ dom.security.https_only_mode_send_http_background_request -> DISCUSS browser.download.useDownloadDir -> do we want to ask for download location each time? ``` -#### Commented -Prefs that need to be addressed and that were disabled for now -``` -// all covered by previous prefs -// defaultPref("media.navigator.video.enabled", false); -// defaultPref("media.peerconnection.use_document_iceservers", false); -// defaultPref("media.peerconnection.identity.enabled", false); -// defaultPref("media.peerconnection.identity.timeout", 1); -// defaultPref("media.peerconnection.turn.disable", true); -// defaultPref("media.peerconnection.ice.tcp", false); -``` - ## How to... #### Stay logged Add website to exceptions before login, both http and https link @@ -1709,4 +1692,138 @@ defaultPref("javascript.options.asmjs", false); defaultPref("webgl.disabled", true); defaultPref("privacy.resistFingerprinting.letterboxing", true); ``` +<<<<<<< HEAD >>>>>>> e7a5601 (more good stuff) +======= + +## Who cares +Prefs that were commented and are now removed +``` +// Librefox Compatibility Fix +// commented out, we're setting it differently later on +// defaultPref("extensions.autoDisableScopes", 0); + +// Removing https-everywhere adding 2 librefox addons +// keep it commented out for now, until we have more recent, properly pre-installed addons +// defaultPref("extensions.enabledAddons", ...); + +//lockPref("browser.contentblocking.global-toggle.enabled", false); +//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); +//lockPref("browser.contentblocking.fastblock.ui.enabled", false); +//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); +//lockPref("browser.contentblocking.allowlist.storage.enabled", false); +//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); +//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.ui.enabled", false); +//lockPref("browser.contentblocking.enabled", false); + +//lockPref("security.ask_for_password", 2); +//lockPref("security.password_lifetime", 5); + +//defaultPref("privacy.cpd.openWindows", true); // Clear session data +//defaultPref("privacy.clearOnShutdown.openWindows", true); +//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); +//lockPref("permissions.memory_only", true); // (hidden pref) +//lockPref("browser.formfill.expire_days", 0); + +//lockPref("browser.urlbar.autoFill", false); +//lockPref("browser.urlbar.autoFill.typed", false); + +//lockPref("media.peerconnection.video.h264", true); + +//lockPref("network.proxy.autoconfig_url.include_path", false); +//lockPref("network.proxy.socks_remote_dns", true); + +//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); +//lockPref("browser.devedition.theme.enabled", true); +//lockPref("devtools.theme", "dark"); +//lockPref("browser.devedition.theme.showCustomizeButton", true); + +//defaultPref("extensions.ui.dictionary.hidden", false); +//defaultPref("extensions.ui.locale.hidden", false); + +//lockPref("dom.indexedDB.logging.details", false); //default true +//lockPref("dom.indexedDB.logging.enabled", false); //default true +//lockPref("network.http.spdy.enabled", false); +//lockPref("network.http.spdy.enabled.deps", false); +//lockPref("network.http.spdy.enabled.http2", false); +//lockPref("network.http.spdy.websockets", false); + +// lockPref("dom.IntersectionObserver.enabled", false); + +// Pref : CSP Main Settings I/II : +// Those are default values for CSP +// Those are not meant to to be uncommented +//defaultPref("security.csp.enable", true); //This is its default value +//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value +//defaultPref("security.csp.enable_violation_events", true); //This is its default value +//defaultPref("security.csp.experimentalEnabled", false); //This is its default value +//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value +// Default Content Security Policy to apply to signed contents. +//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value + +// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature +// This value is applied after the first one (just ignore this) +//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); +// Default Value : "script-src 'self'; object-src 'self';" + +// Pref :Whether or not the installed extensions should be migrated to the +// storage.local IndexedDB backend. +//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false + +// Pref : if enabled, store execution times for API calls +//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false + +// Pref : Maximum age in milliseconds of performance counters in children +// When reached, the counters are sent to the main process and +// reset, so we reduce memory footprint. +//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.1.issuerName", ""); +// Default Value +// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.2.issuerName", ""); +// Default Value +// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US + +// Pref : Manage certificates button +//lockPref("security.disable_button.openCertManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : Manage security devices button +//lockPref("security.disable_button.openDeviceManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : The impact for this one is negligible +//defaultPref("browser.download.animateNotifications", false); +// Bench Diff : -80/5000 +// Pref : Spoof CPU Core Def 16 +// Default settings seems to be the best +//defaultPref("dom.maxHardwareConcurrency", 8); +// Bench Diff : -500/5000 +// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. +// Garbage collection releases memory back to the system. +// Default settings seems to be the best +//lockPref("javascript.options.mem.high_water_mark", 96); +// Bench Diff : -100/5000 +// Pref : Prevent font fingerprinting +// https://browserleaks.com/fonts +// https://github.com/pyllyukko/user.js/issues/120 +// Solved by extension disabled here for performance +//lockPref("browser.display.use_document_fonts", 0); + + +// Fix ESR Devtools +//lockPref("devtools.telemetry.tools.opened.version", ""); +// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} + +// defaultPref("network.http.sendRefererHeader", 1); default is better + +ALL OF Disabled - Deprecated Inactive +ALL OF Disabled - Section OFF +``` +>>>>>>> 57702f8 (updated changelog) From 3481c837217a88c39b4bece012b795e07541084b Mon Sep 17 00:00:00 2001 From: fxbrit Date: Thu, 6 May 2021 10:54:17 +0200 Subject: [PATCH 28/37] removed redirect limt --- Changelog.md | 4 ++++ librewolf.cfg | 1 - 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 080fa28..a83e152 100755 --- a/Changelog.md +++ b/Changelog.md @@ -665,10 +665,14 @@ lockPref("browser.sessionhistory.max_entries", 20); // why? lockPref("extensions.webapi.testing", false); // hidden but default false lockPref("canvas.capturestream.enabled", false); // any real benefit? <<<<<<< HEAD +<<<<<<< HEAD lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup ======= >>>>>>> 57702f8 (updated changelog) +======= +lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments +>>>>>>> 3afb2b3 (removed redirect limt) // fxaccounts is disabled in policies lockPref("identity.fxaccounts.enabled", false); diff --git a/librewolf.cfg b/librewolf.cfg index 9092f96..1cd4a73 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -720,7 +720,6 @@ lockPref("network.http.altsvc.enabled", false); lockPref("network.http.altsvc.oe", false); defaultPref("dom.security.https_only_mode", true); defaultPref("dom.security.https_only_mode_pbm", true); -lockPref("network.http.redirection-limit", 10); defaultPref("network.auth.subresource-http-auth-allow", 1); // -------------------------------------- From 481275ecb1744d440217749514f227e4a1df3485 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Thu, 6 May 2021 12:45:38 +0200 Subject: [PATCH 29/37] moved a pref to hardened setup --- Changelog.md | 14 ++++++++++---- librewolf.cfg | 1 - 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Changelog.md b/Changelog.md index a83e152..42bc6b2 100755 --- a/Changelog.md +++ b/Changelog.md @@ -666,6 +666,7 @@ lockPref("extensions.webapi.testing", false); // hidden but default false lockPref("canvas.capturestream.enabled", false); // any real benefit? <<<<<<< HEAD <<<<<<< HEAD +<<<<<<< HEAD lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup ======= @@ -673,6 +674,10 @@ defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with ======= lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments >>>>>>> 3afb2b3 (removed redirect limt) +======= +lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments +defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup +>>>>>>> 0f6e184 (moved a pref to hardened setup) // fxaccounts is disabled in policies lockPref("identity.fxaccounts.enabled", false); @@ -1628,7 +1633,6 @@ defaultPref("pdfjs.enabledCache.state", false); defaultPref("alerts.showFavicons", false); // default: false defaultPref("security.remote_settings.intermediates.enabled", true); defaultPref("dom.battery.enabled", false); // Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("dom.event.clipboardevents.enabled", false); // Unlocked as known to cause breakage defaultPref("extensions.blocklist.enabled", false); defaultPref("extensions.blocklist.detailsURL", ""); defaultPref("extensions.blocklist.itemURL", ""); @@ -1692,9 +1696,11 @@ you probably also want `security.OCSP.require = true` #### Hardened setup ``` -defaultPref("javascript.options.asmjs", false); defaultPref("javascript.options.wasm", false); -defaultPref("webgl.disabled", true); -defaultPref("privacy.resistFingerprinting.letterboxing", true); +defaultPref("javascript.options.asmjs", false); // disable asm.js +defaultPref("javascript.options.wasm", false); // disable web assembly +defaultPref("webgl.disabled", true); // disable webgl +defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing +defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access ``` <<<<<<< HEAD >>>>>>> e7a5601 (more good stuff) diff --git a/librewolf.cfg b/librewolf.cfg index 1cd4a73..ad225a7 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -677,7 +677,6 @@ defaultPref("dom.serviceWorkers.enabled", false); defaultPref("dom.battery.enabled", false); lockPref("dom.popup_maximum", 4); defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -defaultPref("dom.event.clipboardevents.enabled", false); defaultPref("dom.webaudio.enabled", false); lockPref("dom.vr.enabled", false); lockPref("dom.vibrator.enabled", false); From 7c6bbf4562a554925752a0fb2b9d5f3c8123f293 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Thu, 6 May 2021 21:38:42 +0200 Subject: [PATCH 30/37] commented a default pref that has no effect --- librewolf.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/librewolf.cfg b/librewolf.cfg index ad225a7..52e85e5 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -752,7 +752,7 @@ lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing defaultPref("javascript.use_us_english_locale", true); defaultPref("intl.locale.requested", "en-US"); defaultPref("privacy.spoof_english", 2); -defaultPref("intl.regional_prefs.use_os_locales", false); +// defaultPref("intl.regional_prefs.use_os_locales", false); // default <<<<<<< HEAD // -------------------------------------- From c6f21a399333b660d62d5c1eb7d9ca8a9ee92b55 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Thu, 6 May 2021 23:37:39 +0200 Subject: [PATCH 31/37] pre MR commit --- Changelog.md | 4 ++++ README.md | 15 ++++++++++++++- librewolf.cfg | 3 +++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 42bc6b2..9ef2836 100755 --- a/Changelog.md +++ b/Changelog.md @@ -1701,6 +1701,7 @@ defaultPref("javascript.options.wasm", false); // disable web assembly defaultPref("webgl.disabled", true); // disable webgl defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access +<<<<<<< HEAD ``` <<<<<<< HEAD >>>>>>> e7a5601 (more good stuff) @@ -1837,3 +1838,6 @@ ALL OF Disabled - Deprecated Inactive ALL OF Disabled - Section OFF ``` >>>>>>> 57702f8 (updated changelog) +======= +``` +>>>>>>> d24f87c (pre MR commit) diff --git a/README.md b/README.md index f63cd10..1800cd6 100755 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ LibreWolf settings for all platforms. +<<<<<<< HEAD The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. The old configuration (now tagged as `legacy`) should be considered deprecated and it will no longer be maintained. @@ -9,6 +10,12 @@ We encourage users to find **their own setup** and to use our default configurat - Most distros and macOS -> `~/.librewolf/librewolf.overrides.cfg` - Flatpak -> `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` - Windows -> `%USERPROFILE%\.librewolf\librewolf.overrides.cfg` +======= +The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to ovveride preferences with an external file. +The old configuration (now tagged as legacy) should be considered deprecated and it will no longer be maintained. + +We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the ovverides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`. +>>>>>>> d24f87c (pre MR commit) ## Useful links - FAQ (coming soon): to help you creating your own pref file. @@ -23,6 +30,12 @@ We encourage users to find **their own setup** and to use our default configurat This repository benefits from the knowledge and research provided by [arkenfox](https://github.com/arkenfox), their documentation was vital to this revamp, so special thanks to their project. We do not use arkenfox's user.js but we try to keep up with it, and we also consider it a great resource for users who want to find their own setup. +<<<<<<< HEAD Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home). -Thank you to the whole LibreWolf community as once again this is entirely a community effort. \ No newline at end of file +Thank you to the whole LibreWolf community as once again this is entirely a community effort. +======= +Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated in [bugzilla](https://bugzilla.mozilla.org/home). + +Thank you to the entire LibreWolf community as once again this is entirely a community effort. +>>>>>>> d24f87c (pre MR commit) diff --git a/librewolf.cfg b/librewolf.cfg index 52e85e5..e77cbe4 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -2267,6 +2267,7 @@ lockPref("default-browser-agent.enabled", false); // or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). <<<<<<< HEAD <<<<<<< HEAD +<<<<<<< HEAD let profile_directory; if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); @@ -2284,6 +2285,8 @@ if (home_directory) { pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); ======= // expected to work on both Windows and MacOS +======= +>>>>>>> d24f87c (pre MR commit) let profile_directory; if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); From 8c398d79c6eee615ec8381400de2ba6904abcf55 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Thu, 6 May 2021 23:39:26 +0200 Subject: [PATCH 32/37] tweaks --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 1800cd6..fb37613 100755 --- a/README.md +++ b/README.md @@ -14,8 +14,12 @@ We encourage users to find **their own setup** and to use our default configurat The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to ovveride preferences with an external file. The old configuration (now tagged as legacy) should be considered deprecated and it will no longer be maintained. +<<<<<<< HEAD We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the ovverides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`. >>>>>>> d24f87c (pre MR commit) +======= +We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`. +>>>>>>> c2f6d4e (tweaks) ## Useful links - FAQ (coming soon): to help you creating your own pref file. @@ -30,6 +34,7 @@ We encourage users to find **their own setup** and to use our default configurat This repository benefits from the knowledge and research provided by [arkenfox](https://github.com/arkenfox), their documentation was vital to this revamp, so special thanks to their project. We do not use arkenfox's user.js but we try to keep up with it, and we also consider it a great resource for users who want to find their own setup. +<<<<<<< HEAD <<<<<<< HEAD Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home). @@ -39,3 +44,8 @@ Some of the older prefs in this project are taken from [pyllyukko](https://githu Thank you to the entire LibreWolf community as once again this is entirely a community effort. >>>>>>> d24f87c (pre MR commit) +======= +Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home). + +Thank you to the whole LibreWolf community as once again this is entirely a community effort. +>>>>>>> c2f6d4e (tweaks) From 4ca48901bf925f525d2600de0ec6c180734914b1 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 7 May 2021 00:28:12 +0200 Subject: [PATCH 33/37] tweak --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index fb37613..d0a45ef 100755 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ LibreWolf settings for all platforms. +<<<<<<< HEAD <<<<<<< HEAD The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. The old configuration (now tagged as `legacy`) should be considered deprecated and it will no longer be maintained. @@ -12,6 +13,9 @@ We encourage users to find **their own setup** and to use our default configurat - Windows -> `%USERPROFILE%\.librewolf\librewolf.overrides.cfg` ======= The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to ovveride preferences with an external file. +======= +The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. +>>>>>>> f8a4623 (tweak) The old configuration (now tagged as legacy) should be considered deprecated and it will no longer be maintained. <<<<<<< HEAD From 15c31c6d8828c0a35031665692f13471eb10f69a Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 7 May 2021 00:28:29 +0200 Subject: [PATCH 34/37] tweak --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index d0a45ef..7f36f92 100755 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ LibreWolf settings for all platforms. <<<<<<< HEAD The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. The old configuration (now tagged as `legacy`) should be considered deprecated and it will no longer be maintained. +<<<<<<< HEAD We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides, just place your own preferences in the proper location, according to your OS and install method: - Most distros and macOS -> `~/.librewolf/librewolf.overrides.cfg` @@ -17,6 +18,8 @@ The configuration file was revamped and it includes improvements in usability, a The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. >>>>>>> f8a4623 (tweak) The old configuration (now tagged as legacy) should be considered deprecated and it will no longer be maintained. +======= +>>>>>>> 131c061 (tweak) <<<<<<< HEAD We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the ovverides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`. From 3dd540a05362670197256fbf45d535fd15641dc1 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 7 May 2021 09:22:01 +0200 Subject: [PATCH 35/37] added flatpak location --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 7f36f92..a491ecc 100755 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ The configuration file was revamped and it includes improvements in usability, a The old configuration (now tagged as `legacy`) should be considered deprecated and it will no longer be maintained. <<<<<<< HEAD +<<<<<<< HEAD We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides, just place your own preferences in the proper location, according to your OS and install method: - Most distros and macOS -> `~/.librewolf/librewolf.overrides.cfg` - Flatpak -> `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` @@ -27,6 +28,9 @@ We encourage users to find **their own setup** and to use our default configurat ======= We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`. >>>>>>> c2f6d4e (tweaks) +======= +We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`, or if you are using Flatpak `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg`. +>>>>>>> 6dbfa2e (added flatpak location) ## Useful links - FAQ (coming soon): to help you creating your own pref file. From a7439de11ba8c8c7f2c939ab8047fe58424d2414 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 7 May 2021 09:28:40 +0200 Subject: [PATCH 36/37] added Win location --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index a491ecc..dc32d6e 100755 --- a/README.md +++ b/README.md @@ -9,10 +9,14 @@ The old configuration (now tagged as `legacy`) should be considered deprecated a <<<<<<< HEAD <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> d79e65a (added Win location) We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides, just place your own preferences in the proper location, according to your OS and install method: - Most distros and macOS -> `~/.librewolf/librewolf.overrides.cfg` - Flatpak -> `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` - Windows -> `%USERPROFILE%\.librewolf\librewolf.overrides.cfg` +<<<<<<< HEAD ======= The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to ovveride preferences with an external file. ======= @@ -31,6 +35,8 @@ We encourage users to find **their own setup** and to use our default configurat ======= We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`, or if you are using Flatpak `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg`. >>>>>>> 6dbfa2e (added flatpak location) +======= +>>>>>>> d79e65a (added Win location) ## Useful links - FAQ (coming soon): to help you creating your own pref file. From 33a44bde53074c4bf27847fef48a316a3428c019 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 7 May 2021 16:35:49 +0200 Subject: [PATCH 37/37] rebased to latest commit from og repo --- Changelog.md | 1198 +------------------------------------ README.md | 42 +- librewolf.cfg | 1582 ------------------------------------------------- 3 files changed, 2 insertions(+), 2820 deletions(-) diff --git a/Changelog.md b/Changelog.md index 9ef2836..4febc8f 100755 --- a/Changelog.md +++ b/Changelog.md @@ -3,29 +3,7 @@ Previously missing, now added ``` defaultPref("pdfjs.enableScripting", false); -<<<<<<< HEAD -<<<<<<< HEAD lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway -======= -lockPref("privacy.trackingprotection.testing.report_blocked_node", false); -<<<<<<< HEAD -lockPref("browser.contentblocking.report.endpoint_url", ""); -lockPref("browser.contentblocking.report.monitor.home_page_url", ""); -lockPref("browser.contentblocking.report.monitor.preferences", ""); -lockPref("browser.contentblocking.report.vpn.url", ""); -lockPref("browser.contentblocking.report.vpn-promo.url", ""); -lockPref("browser.contentblocking.report.vpn-ios.url", ""); -lockPref("browser.contentblocking.report.vpn-android.url", ""); -<<<<<<< HEAD -lockPref("browser.contentblocking.category", "custom"); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -======= -======= ->>>>>>> 48fecfd (removed redundant stuff) -======= ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway ->>>>>>> a35eb4b (re-organized and reviewed) lockPref("browser.contentblocking.cfr-milestone.enabled", false); lockPref("browser.contentblocking.database.enabled", false); lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); @@ -44,8 +22,6 @@ lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); -<<<<<<< HEAD -<<<<<<< HEAD lockPref("app.normandy.dev_mode", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); @@ -58,240 +34,23 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false); defaultPref("general.warnOnAboutConfig", false); defaultPref("network.auth.subresource-http-auth-allow", 1); defaultPref("browser.display.use_system_colors", false); -<<<<<<< HEAD -======= -defaultPref("intl.accept_languages", "en-US, en"); -======= ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -lockPref("app.normandy.dev_mode", false); -<<<<<<< HEAD -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true -lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true -lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true -<<<<<<< HEAD ->>>>>>> 55c94dc (reorganized, revisited) -======= -======= ->>>>>>> 48fecfd (removed redundant stuff) -lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); -<<<<<<< HEAD ->>>>>>> 653a6ed (knocked out some more prefs) -======= -defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); -defaultPref("dom.security.https_only_mode_pbm", true); -<<<<<<< HEAD ->>>>>>> c16522a (added re-enabling guides) -======= -lockPref("browser.ping-centre.telemetry", false); -lockPref("browser.region.network.url", ""); -lockPref("browser.region.update.enabled", false); -defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -defaultPref("extensions.postDownloadThirdPartyPrompt", false); -defaultPref("general.warnOnAboutConfig", false); -defaultPref("network.auth.subresource-http-auth-allow", 1); ->>>>>>> 0267245 (added some new prefs from arkenfox) -======= ->>>>>>> e7a5601 (more good stuff) ``` #### Modified Updated some present prefs to better one ``` defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 -<<<<<<< HEAD -<<<<<<< HEAD -======= -defaultPref("network.http.referer.defaultPolicy", 2); // Previously set to 3 ->>>>>>> c16522a (added re-enabling guides) -======= ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) lockPref("browser.cache.offline.storage.enable", false); // Previously browser.cache.offline.insecure.enable lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // Previously set to 0 lockPref("network.http.referer.XOriginPolicy", 0); // Previously set to 1 defaultPref("privacy.clearOnShutdown.offlineApps", false); // For consistency with new cookie behavior defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cookie behavior -<<<<<<< HEAD -<<<<<<< HEAD lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384); -<<<<<<< HEAD -======= -lockPref("devtools.performance.recording.ui-base-url", ""); // Previously redirected to localhost -======= -lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 -<<<<<<< HEAD ->>>>>>> 45bf63e (processed everything up to EOF) -lockPref("services.settings.security.onecrl.signer", ""); // Previously services.blocklist.onecrl.signer -lockPref("browser.contentblocking.report.lockwise.howitworks.url", ""); -<<<<<<< HEAD ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -======= -defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed -<<<<<<< HEAD ->>>>>>> a35eb4b (re-organized and reviewed) ``` #### Removed -======= -lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // services.sync.prefs.sync.browser.contentblocking.enabled -======= -defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -======= ->>>>>>> e7a5601 (more good stuff) -``` - -#### Removed -<<<<<<< HEAD -Lines that were commented and are now removed -``` -// Librefox Compatibility Fix -// commented out, we're setting it differently later on -// defaultPref("extensions.autoDisableScopes", 0); - -// Removing https-everywhere adding 2 librefox addons -// keep it commented out for now, until we have more recent, properly pre-installed addons -// defaultPref("extensions.enabledAddons", ...); - -//lockPref("browser.contentblocking.global-toggle.enabled", false); -//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); -//lockPref("browser.contentblocking.fastblock.ui.enabled", false); -//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); -//lockPref("browser.contentblocking.allowlist.storage.enabled", false); -//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); -//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.ui.enabled", false); -//lockPref("browser.contentblocking.enabled", false); - -//lockPref("security.ask_for_password", 2); -//lockPref("security.password_lifetime", 5); - -//defaultPref("privacy.cpd.openWindows", true); // Clear session data -//defaultPref("privacy.clearOnShutdown.openWindows", true); -//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); -//lockPref("permissions.memory_only", true); // (hidden pref) -//lockPref("browser.formfill.expire_days", 0); - -//lockPref("browser.urlbar.autoFill", false); -//lockPref("browser.urlbar.autoFill.typed", false); - -//lockPref("media.peerconnection.video.h264", true); - -//lockPref("network.proxy.autoconfig_url.include_path", false); -//lockPref("network.proxy.socks_remote_dns", true); - -//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); -//lockPref("browser.devedition.theme.enabled", true); -//lockPref("devtools.theme", "dark"); -//lockPref("browser.devedition.theme.showCustomizeButton", true); - -//defaultPref("extensions.ui.dictionary.hidden", false); -//defaultPref("extensions.ui.locale.hidden", false); - -//lockPref("dom.indexedDB.logging.details", false); //default true -//lockPref("dom.indexedDB.logging.enabled", false); //default true -//lockPref("network.http.spdy.enabled", false); -//lockPref("network.http.spdy.enabled.deps", false); -//lockPref("network.http.spdy.enabled.http2", false); -//lockPref("network.http.spdy.websockets", false); - -// lockPref("dom.IntersectionObserver.enabled", false); - -// Pref : CSP Main Settings I/II : -// Those are default values for CSP -// Those are not meant to to be uncommented -//defaultPref("security.csp.enable", true); //This is its default value -//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value -//defaultPref("security.csp.enable_violation_events", true); //This is its default value -//defaultPref("security.csp.experimentalEnabled", false); //This is its default value -//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value -// Default Content Security Policy to apply to signed contents. -//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value - -// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature -// This value is applied after the first one (just ignore this) -//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); -// Default Value : "script-src 'self'; object-src 'self';" - -// Pref :Whether or not the installed extensions should be migrated to the -// storage.local IndexedDB backend. -//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false - -// Pref : if enabled, store execution times for API calls -//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false - -// Pref : Maximum age in milliseconds of performance counters in children -// When reached, the counters are sent to the main process and -// reset, so we reduce memory footprint. -//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.1.issuerName", ""); -// Default Value -// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.2.issuerName", ""); -// Default Value -// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US - -// Pref : Manage certificates button -//lockPref("security.disable_button.openCertManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : Manage security devices button -//lockPref("security.disable_button.openDeviceManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : The impact for this one is negligible -//defaultPref("browser.download.animateNotifications", false); -// Bench Diff : -80/5000 -// Pref : Spoof CPU Core Def 16 -// Default settings seems to be the best -//defaultPref("dom.maxHardwareConcurrency", 8); -// Bench Diff : -500/5000 -// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. -// Garbage collection releases memory back to the system. -// Default settings seems to be the best -//lockPref("javascript.options.mem.high_water_mark", 96); -// Bench Diff : -100/5000 -// Pref : Prevent font fingerprinting -// https://browserleaks.com/fonts -// https://github.com/pyllyukko/user.js/issues/120 -// Solved by extension disabled here for performance -//lockPref("browser.display.use_document_fonts", 0); - - -// Fix ESR Devtools -//lockPref("devtools.telemetry.tools.opened.version", ""); -// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} - -// defaultPref("network.http.sendRefererHeader", 1); default is better - -ALL OF Disabled - Deprecated Inactive -ALL OF Disabled - Section OFF -``` ->>>>>>> 55c94dc (reorganized, revisited) -======= ->>>>>>> 57702f8 (updated changelog) Active prefs that were removed ``` lockPref("network.cookie.same-site.enabled", true); // Deprecated @@ -347,18 +106,12 @@ lockPref("services.settings.default_signer", ""); // Deprecated lockPref("app.productInfo.baseURL", ""); // Deprecated lockPref("devtools.webide.adbAddonURL", ""); // Deprecated lockPref("lightweightThemes.recommendedThemes", ""); // Deprecated -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> a35eb4b (re-organized and reviewed) defaultPref("media.gmp-gmpopenh264.autoupdate", false); // Adroid FF only lockPref("browser.newtabpage.activity-stream.prerender", false); // Deprecated lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // Deprecated lockPref("browser.newtabpage.activity-stream.disableSnippets", true); // Deprecated lockPref("privacy.donottrackheader.value", 1); // Deprecated defaultPref("privacy.userContext.longPressBehavior", 2); // Deprecated -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default lockPref("dom.forms.datetime", false); // Deprecated lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated @@ -444,10 +197,6 @@ lockPref("geo.wifi.logging.enabled", false); // Deprecated lockPref("browser.search.geoSpecificDefaults.url", ""); // Deprecated lockPref("browser.search.geoSpecificDefaults", false); // Deprecated lockPref("browser.fixup.hide_user_pass", true); // Deprecated -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> c16522a (added re-enabling guides) lockPref("privacy.storagePrincipal.enabledForTrackers", false); // redundant with dFPI defaultPref("layout.css.visited_links_enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1632765 defaultPref("layout.css.always-repaint-on-unvisited", false); // no benefit with RFP enabled -> https://github.com/arkenfox/user.js/issues/933 @@ -467,10 +216,6 @@ defaultPref("extensions.ui.experiment.hidden", false); // Deprecated defaultPref("extensions.webextensions.tabhide.enabled", false); // Deprecated lockPref("dom.enable_performance", false); // conflicting with RFP lockPref("dom.enable_performance_navigation_timing", false); // conflicting with RFP -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> 4041ab1 (reorganized and improved some entries) lockPref("security.mixed_content.upgrade_display_content", true); // not worth having https://github.com/arkenfox/user.js/issues/754 lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // Deprecated lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // Deprecated @@ -484,8 +229,6 @@ lockPref("security.ssl3.rsa_des_ede3_sha", false); // known to leak and increase lockPref("security.ssl3.rsa_aes_256_sha", false); // known to leak and increase fingerprint lockPref("security.ssl3.rsa_aes_128_sha", false); // known to leak and increase fingerprint lockPref("browser.safebrowsing.allowOverride", false); // we do not have SB enabled so we don't care if the bypass button is shown -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? lockPref("services.blocklist.onecrl.collection", ""); // Deprecated lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint @@ -585,15 +328,7 @@ defaultPref("webgl.force-enabled", true); // out of scope, not worth defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth lockPref("privacy.trackingprotection.testing.report_blocked_node", false); // default false and we have tracking protection disabled lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); // default false and we have tracking protection disabled -<<<<<<< HEAD -<<<<<<< HEAD lockPref("privacy.trackingprotection.lower_network_priority", false); // default -======= -lockPref("privacy.trackingprotection.lower_network_priority", false); // default false and we have tracking protection disabled ->>>>>>> 48fecfd (removed redundant stuff) -======= -lockPref("privacy.trackingprotection.lower_network_priority", false); // default ->>>>>>> e7a5601 (more good stuff) lockPref("telemetry.origin_telemetry_test_mode.enabled", false); // default false and we have tracking protection disabled lockPref("signon.storeSignons", false); // Deprecated lockPref("browser.urlbar.filter.javascript", true); // default @@ -619,18 +354,12 @@ lockPref("dom.imagecapture.enabled", false); // default lockPref("dom.reporting.crash.enabled", false); // default defaultPref("network.proxy.autoconfig_url.include_path", false); // default lockPref("security.tls.version.min", 3); // default -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("extensions.webextensions.background-delayed-startup", true); //default defaultPref("xpinstall.signatures.required", true); // default lockPref("app.normandy.dev_mode", false); // default defaultPref("pdfjs.enableWebGL", false); // default lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable lockPref("network.predictor.enable-prefetch", false); // default -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> 57702f8 (updated changelog) lockPref("network.http.referer.spoofSource", false); // default defaultPref("network.http.referer.defaultPolicy", 2); // default defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default @@ -664,20 +393,8 @@ lockPref("xpinstall.whitelist.required", true); // default lockPref("browser.sessionhistory.max_entries", 20); // why? lockPref("extensions.webapi.testing", false); // hidden but default false lockPref("canvas.capturestream.enabled", false); // any real benefit? -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup -======= ->>>>>>> 57702f8 (updated changelog) -======= -lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments ->>>>>>> 3afb2b3 (removed redirect limt) -======= -lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments -defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup ->>>>>>> 0f6e184 (moved a pref to hardened setup) // fxaccounts is disabled in policies lockPref("identity.fxaccounts.enabled", false); @@ -687,29 +404,7 @@ lockPref("identity.fxaccounts.commands.enabled", false); lockPref("identity.fxaccounts.remote.oauth.uri", ""); lockPref("identity.fxaccounts.remote.profile.uri", ""); lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); -<<<<<<< HEAD -======= -======= -defaultPref("accessibility.typeaheadfind", false); // Already default -defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default -lockPref("dom.forms.datetime", false); // Deprecated ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 653a6ed (knocked out some more prefs) -``` -#### Commented -Active prefs that were commented in order to address them before removing them -``` -// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant -// when 3rd party cookies are disabled -// lockPref("privacy.storagePrincipal.enabledForTrackers", false); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) - -<<<<<<< HEAD -======= - ->>>>>>> 57702f8 (updated changelog) // all handled by lockPref("services.settings.server", "") lockPref("services.blocklist.addons.collection", ""); lockPref("services.blocklist.plugins.collection", ""); @@ -834,755 +529,6 @@ lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false) lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); lockPref("services.sync.tabs.lastSync", "0"); -<<<<<<< HEAD -======= -// redudant with RFP and javascript.use_us_english_locale -// defaultPref("privacy.spoof_english", 2); - -// Likely deprecated -// lockPref("dom.indexedDB.enabled", true); ->>>>>>> a35eb4b (re-organized and reviewed) - -// useless as ui elements are not in the report page -lockPref("browser.contentblocking.report.cookie.url", ""); -lockPref("browser.contentblocking.report.cryptominer.url", ""); -lockPref("browser.contentblocking.report.endpoint_url", ""); -lockPref("browser.contentblocking.report.fingerprinter.url", ""); -lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); -lockPref("browser.contentblocking.report.manage_devices.url", ""); -lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); -lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); -lockPref("browser.contentblocking.report.monitor.home_page_url", ""); -lockPref("browser.contentblocking.report.monitor.preferences", ""); -lockPref("browser.contentblocking.report.monitor.url", ""); -lockPref("browser.contentblocking.report.proxy.enabled", false); -lockPref("browser.contentblocking.report.proxy_extension.url", ""); -lockPref("browser.contentblocking.report.social.url", ""); -lockPref("browser.contentblocking.report.tracker.url", ""); -lockPref("browser.contentblocking.report.vpn.url", ""); -lockPref("browser.contentblocking.report.vpn-promo.url", ""); -lockPref("browser.contentblocking.report.vpn-ios.url", ""); -lockPref("browser.contentblocking.report.vpn-android.url", ""); -``` -#### Commented -Prefs that need to be addressed and that were disabled for now -``` -// all covered by previous prefs -// defaultPref("media.navigator.video.enabled", false); -// defaultPref("media.peerconnection.use_document_iceservers", false); -// defaultPref("media.peerconnection.identity.enabled", false); -// defaultPref("media.peerconnection.identity.timeout", 1); -// defaultPref("media.peerconnection.turn.disable", true); -// defaultPref("media.peerconnection.ice.tcp", false); -======= -defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default -lockPref("dom.forms.datetime", false); // Deprecated -lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated -lockPref("services.sync.clients.lastSync", "0"); // Deprecated -lockPref("services.sync.clients.lastSyncLocal", "0"); // Deprecated -lockPref("services.sync.enabled", false); // Deprecated -lockPref("services.sync.jpake.serverURL", ""); // Deprecated -lockPref("services.sync.migrated", true); // Deprecated -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.password", false); // Deprecated -lockPref("services.sync.serverURL", ""); // Deprecated -lockPref("services.sync.tabs.lastSyncLocal", "0"); // Deprecated -lockPref("services.sync.engine.bookmarks.buffer", false); // Deprecated -lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); // Deprecated -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); // Deprecated -lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); // Deprecated -lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); // Deprecated -lockPref("services.sync.prefs.sync.extensions.personas.current", false); // Deprecated -lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); // Deprecated -lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); // Deprecated -lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); // Deprecated -lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); // Deprecated -lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); // Deprecated -lockPref("services.sync.prefs.sync.security.OCSP.require", false); // Deprecated -lockPref("services.sync.prefs.sync.security.tls.version.max", false); // Deprecated -lockPref("services.sync.prefs.sync.security.tls.version.min", false); // Deprecated -lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); // Deprecated -lockPref("prio.publicKeyB", ""); // Deprecated -lockPref("prio.publicKeyA", ""); // Deprecated -lockPref("browser.chrome.errorReporter.publicKey", ""); // Deprecated -lockPref("security.insecure_password.ui.enabled", true); // Deprecated -defaultPref("network.dns.localDomains", "librefox.com"); // Doesn't make sense at all -lockPref("security.ssl.errorReporting.automatic", false); // Deprecated -lockPref("security.ssl.errorReporting.url", ""); // Deprecated -lockPref("security.ssl.errorReporting.enabled", false); // Deprecated -defaultPref("layout.frame_rate.precise", true); // Deprecated -defaultPref("layers.offmainthreadcomposition.enabled", true); // Deprecated -defaultPref("layers.async-video.enabled", true); // Deprecated -defaultPref("layers.offmainthreadcomposition.async-animations", true); // Default true and not important to set -defaultPref("html5.offmainthread", true); // Default true and not important to set -defaultPref("browser.tabs.animate", false); // Deprecated -lockPref("webgl.disable-extensions", true); // Deprecated -lockPref("browser.onboarding.notification.finished", true); // Deprecated -lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // Deprecated -lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // Deprecated -lockPref("devtools.onboarding.telemetry.logged", false); // Deprecated -lockPref("pref.general.disable_button.default_browser", false); // Deprecated -lockPref("pref.privacy.disable_button.view_passwords", false); // Deprecated -lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // Deprecated -lockPref("browser.urlbar.searchSuggestionsChoice", false); // Deprecated -lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // Deprecated -lockPref("app.update.silent", false); // Deprecated -lockPref("app.vendorURL", ""); // Deprecated -lockPref("browser.chrome.errorReporter.submitUrl", ""); // Deprecated -lockPref("browser.chrome.errorReporter.enabled", false); // Deprecated -lockPref("browser.ping-centre.staging.endpoint", ""); // Deprecated -lockPref("devtools.devedition.promo.url", ""); // Deprecated -lockPref("devtools.gcli.imgurUploadURL", ""); // Deprecated -lockPref("devtools.gcli.jquerySrc", ""); // Deprecated -lockPref("devtools.gcli.underscoreSrc", ""); // Deprecated -lockPref("devtools.telemetry.supported_performance_marks", ""); // Deprecated -lockPref("dom.permissions.enabled", false); // Deprecated -lockPref("extensions.blocklist.url", ""); // Deprecated -lockPref("geo.wifi.uri", ""); // Deprecated -lockPref("geo.provider-country.network.scan", false); // Deprecated -lockPref("geo.provider-country.network.url", ""); // Deprecated -lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated ->>>>>>> 55c94dc (reorganized, revisited) -======= ->>>>>>> c16522a (added re-enabling guides) -======= -defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why? -lockPref("services.blocklist.onecrl.collection", ""); // Deprecated - ->>>>>>> 4041ab1 (reorganized and improved some entries) -======= -defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? -lockPref("services.blocklist.onecrl.collection", ""); // Deprecated -lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint -lockPref("plugin.defaultXpi.state", 1); // Deprecated -lockPref("remote.log.level", "Info"); // already default and not important in any way -lockPref("webgl.min_capability_mode", true); // small to no gain according to arkenfox and TOR, breaks websites on the other side -<<<<<<< HEAD -lockPref("network.protocol-handler.external.http",false); // Deprecated or not existent -lockPref("network.protocol-handler.external.https",false); // Deprecated or not existent ->>>>>>> 8b7a898 (updated and started editing external protocols) -======= -lockPref("lightweightThemes.update.enabled", false); // Deprecated -lockPref("lightweightThemes.persisted.headerURL", false); // Deprecated -lockPref("lightweightThemes.persisted.footerURL", false); // Deprecated -lockPref("network.protocol-handler.warn-external-default",true); // any real benefit? -lockPref("network.protocol-handler.external.javascript",false); // any real benefit? -lockPref("network.protocol-handler.external.moz-extension",false); // any real benefit? -lockPref("network.protocol-handler.external.ftp",false);// any real benefit? -lockPref("network.protocol-handler.external.file",false);// any real benefit? -lockPref("network.protocol-handler.external.about",false);// any real benefit? -lockPref("network.protocol-handler.external.chrome",false);// any real benefit? -lockPref("network.protocol-handler.external.blob",false);// any real benefit? -lockPref("network.protocol-handler.external.data",false);// any real benefit? -lockPref("network.protocol-handler.expose-all",false);// any real benefit? -lockPref("network.protocol-handler.expose.http",true);// any real benefit? -lockPref("network.protocol-handler.expose.https",true);// any real benefit? -lockPref("network.protocol-handler.expose.javascript",true);// any real benefit? -lockPref("network.protocol-handler.expose.moz-extension",true);// any real benefit? -lockPref("network.protocol-handler.expose.ftp",true);// any real benefit? -lockPref("network.protocol-handler.expose.file",true);// any real benefit? -lockPref("network.protocol-handler.expose.about",true);// any real benefit? -lockPref("network.protocol-handler.expose.chrome",true);// any real benefit? -lockPref("network.protocol-handler.expose.blob",true);// any real benefit? -lockPref("network.protocol-handler.expose.data",true);// any real benefit? -lockPref("network.protocol-handler.external.http",false);// any real benefit? -lockPref("network.protocol-handler.external.https",false);// any real benefit? -lockPref("shumway.disabled", true); // Deprecated -lockPref("plugin.state.libgnome-shell-browser-plugin", 0); // Deprecated -lockPref("plugins.click_to_play", true); // Deprecated -lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); // Deprecated -lockPref("devtools.webide.enabled", false); // Deprecated -lockPref("devtools.webide.autoinstallADBExtension", false); // Deprecated -lockPref("network.allow-experiments", false); // Deprecated -lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // Deprecated -lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); // Deprecated -lockPref("network.netlink.route.check.IPv6", "::1"); // Deprecated -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // Deprecated -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // Deprecated -lockPref("security.tls.version.max", 4); // increases fingerprint -defaultPref("network.dns.blockDotOnion", true); // TOR is out of scope -lockPref("network.http.referer.hideOnionSource", true); // TOR is out of scope -lockPref("browser.onboarding.enabled", false); // Deprecated -lockPref("dom.mozTCPSocket.enabled", false); // Useless according to https://gitlab.torproject.org/legacy/trac/-/issues/27268#comment:2 -lockPref("devtools.webide.autoinstallADBHelper", false); // Deprecated -lockPref("app.update.enabled", false); // Deprecated -lockPref("browser.casting.enabled", false); // Deprecated, probably Android only -lockPref("browser.newtabpage.activity-stream.enabled", false); // Deprecated -lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); // Deprecated -lockPref("browser.newtabpage.directory.source", "data:text/plain,"); // Deprecated -lockPref("browser.newtabpage.enhanced", false); // Deprecated -lockPref("browser.selfsupport.url", ""); // Deprecated -lockPref("camera.control.face_detection.enabled", false); // Deprecated -lockPref("datareporting.healthreport.about.reportUrl", "data:,"); // Deprecated -lockPref("datareporting.healthreport.service.enabled", false); // Deprecated -lockPref("devtools.webide.autoinstallFxdtAdapters", false); // Deprecated -lockPref("devtools.webide.adaptersAddonURL", ""); // Deprecated -lockPref("dom.flyweb.enabled", false); // Deprecated -lockPref("dom.push.udp.wakeupEnabled", false); // Deprecated -lockPref("dom.telephony.enabled", false); // Deprecated -lockPref("extensions.shield-recipe-client.enabled", false); // Deprecated -lockPref("loop.logDomains", false); // Deprecated -lockPref("network.websocket.enabled", false); // Deprecated -lockPref("security.xpconnect.plugin.unrestricted", false); // Deprecated -lockPref("social.directories", ""); // Deprecated -lockPref("social.remote-install.enabled", false); // Deprecated -lockPref("social.whitelist", ""); // Deprecated -lockPref("pref.privacy.disable_button.change_blocklist", true); // seems to have no effect and probably deprecated -lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); // seems to have no effect and probably deprecated -lockPref("browser.pocket.enabled", false); // Deprecated -defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); // already default value and not that important, can still be flipped easily -lockPref("plugin.scan.plid.all", false); // Win-only, plugins are disabled so it's redundant -lockPref("webgl.dxgl.enabled", false); // Win-only, marked as useless https://github.com/arkenfox/user.js/issues/714 -lockPref("browser.search.countryCode", "US"); // Deprecated -lockPref("experiments.activeExperiment", false); // Deprecated -lockPref("experiments.enabled", false); // Deprecated -lockPref("experiments.manifest.uri", ""); // Deprecated -lockPref("experiments.supported", false); // Deprecated -lockPref("network.jar.block-remote-files", true); // Deprecated -lockPref("network.jar.open-unsafe-types", false); // Deprecated -lockPref("plugin.state.java", 0); // Deprecated -lockPref("trailhead.firstrun.branches", "join-privacy"); // Deprecated -lockPref("services.blocklist.update_enabled", false); // Deprecated -lockPref("shield.savant.enabled", false); // Deprecated -defaultPref("gfx.direct2d.disabled", false); // Win-only, default and probably out of scope -defaultPref("layers.acceleration.disabled", false); // default and probably out of scope -<<<<<<< HEAD ->>>>>>> 45bf63e (processed everything up to EOF) -======= -lockPref("browser.taskbar.previews.enable", false); // personal pref -lockPref("browser.taskbar.lists.enabled", false); // personal pref -lockPref("browser.taskbar.lists.frequent.enabled", false); // personal pref -lockPref("browser.taskbar.lists.recent.enabled", false); // personal pref -lockPref("browser.taskbar.lists.tasks.enabled", false); // personal pref -defaultPref("webgl.force-enabled", true); // out of scope, not worth -defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth ->>>>>>> 5b1fc33 (removed some more) -======= -defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale -======= ->>>>>>> 7732277 (imrpoved referers and language settings) -defaultPref("extensions.webextensions.background-delayed-startup", true); //default -defaultPref("xpinstall.signatures.required", true); // default -lockPref("app.normandy.dev_mode", false); // default -defaultPref("pdfjs.enableWebGL", false); // default -lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable -lockPref("network.predictor.enable-prefetch", false); // default -<<<<<<< HEAD ->>>>>>> 48fecfd (removed redundant stuff) -======= -lockPref("intl.regional_prefs.use_os_locales", false); // default -defaultPref("intl.locale.requested", "en-US"); // conflicting -defaultPref("privacy.spoof_english", 2); // automatically handled by RFP and other lang prefs -======= ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -lockPref("network.http.referer.trimmingPolicy", 0); // default -lockPref("network.http.referer.spoofSource", false); // default -defaultPref("network.http.referer.defaultPolicy", 2); // default -defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default -<<<<<<< HEAD ->>>>>>> 7732277 (imrpoved referers and language settings) -======= -defaultPref("layout.spellcheckDefault", 2); // why? -<<<<<<< HEAD ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -======= -lockPref("privacy.trackingprotection.introURL", ""); // Deprecated -defaultPref("general.appname.override", "Netscape"); // no benefit over RFP -defaultPref("general.appversion.override", "5.0 (Windows)"); // no benefit over RFP, and it doesn't spoof -defaultPref("general.platform.override", "Win32"); // no benefit over RFP, and it doesn't spoof -defaultPref("general.oscpu.override", "Windows NT 6.1"); // no benefit over RFP, and it doesn't spoof -lockPref("general.buildID.override", "20100101"); // no benefit over RFP -lockPref("browser.startup.homepage_override.buildID", "20100101"); // no benefit over RFP -defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // no benefit over RFP and without may increase FP -<<<<<<< HEAD ->>>>>>> 934010b (removed overrides for spoofing) -``` - -#### Unlocked -Locked prefs that were unlocked, more should be unlocked probably -``` -defaultPref("general.config.filename", "librewolf.cfg"); -defaultPref("privacy.donottrackheader.enabled", true); // Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("permissions.default.geo", 2); // Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("extensions.getAddons.themes.browseURL", "") -defaultPref("pdfjs.enableWebGL", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); -defaultPref("alerts.showFavicons", false); // default: false -defaultPref("security.remote_settings.intermediates.enabled", true); -defaultPref("dom.battery.enabled", false); // Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("extensions.blocklist.enabled", false); -defaultPref("extensions.blocklist.detailsURL", ""); -defaultPref("extensions.blocklist.itemURL", ""); -defaultPref("security.OCSP.enabled", 0); // someone might want to have it on for security concerns -defaultPref("security.OCSP.require", false); -defaultPref("reader.parse-on-load.enabled", false); -``` - -#### To discuss -Prefs that need to be addressed and potential roadmap -``` -Open points: -// How much should we lock? -// How in depth should we go with urls -// SB - make re-enabling easier, test connections -// GEO - review to allow easier re-enabling -// evaluate certificate handling (oscp, crlite, blocklist) - -<<<<<<< HEAD -missing from arkenfox in need of discussion: -security.pki.crlite_mode -> DISCUSS -security.remote_settings.crlite_filters.enabled -> DISCUSS -dom.security.https_only_mode_send_http_background_request -> DISCUSS -browser.download.useDownloadDir -> do we want to ask for download location each time? -======= -defaultPref("extensions.getAddons.themes.browseURL", "") - -defaultPref("pdfjs.enableWebGL", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); -<<<<<<< HEAD ->>>>>>> a35eb4b (re-organized and reviewed) -======= - -defaultPref("alerts.showFavicons", false); // default: false - -defaultPref("security.remote_settings.intermediates.enabled", true); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("dom.battery.enabled", false); -<<<<<<< HEAD ->>>>>>> 55c94dc (reorganized, revisited) -======= - -defaultPref("layout.css.visited_links_enabled", false); -defaultPref("layout.css.always-repaint-on-unvisited", false); -defaultPref("layout.css.notify-of-unvisited", false); - -defaultPref("browser.tabs.closeTabByDblclick", true); - -// Unlocked as known to cause breakage -defaultPref("dom.event.clipboardevents.enabled", false); -<<<<<<< HEAD ->>>>>>> 653a6ed (knocked out some more prefs) -======= - -// already default and no reason to lock it -lockPref("network.http.referer.trimmingPolicy", 0); - -defaultPref("extensions.blocklist.enabled", false); -defaultPref("extensions.blocklist.detailsURL", ""); -defaultPref("extensions.blocklist.itemURL", ""); -<<<<<<< HEAD ->>>>>>> c16522a (added re-enabling guides) -======= - -// someone might want to have it on for security concerns -defaultPref("security.OCSP.enabled", 0); -defaultPref("security.OCSP.require", false); ->>>>>>> 4041ab1 (reorganized and improved some entries) -``` - -## How to... -#### Stay logged -Add website to exceptions before login, both http and https link -#### Enable DRM content -``` -<<<<<<< HEAD -media.eme.enabled = true -media.gmp-widevinecdm.visible = true -media.gmp-widevinecdm.enabled = true -media.gmp-provider.enabled = true -media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml -======= -defaultPref("signon.management.page.breach-alerts.enabled", false); -defaultPref("signon.management.page.breachAlertUrl", ""); -defaultPref("startup.homepage_override_url", "about:blank"); -defaultPref("startup.homepage_welcome_url", "about:blank"); -defaultPref("startup.homepage_welcome_url.additional", ""); -defaultPref("identity.sendtabpromo.url", ""); ->>>>>>> 55c94dc (reorganized, revisited) -``` -#### Use video conferencing -``` -<<<<<<< HEAD -media.peerconnection.enabled = true -media.peerconnection.ice.no_host = true -dom.webaudio.enabled = true -``` -screensharing `media.getusermedia.screensharing.enabled = true` -#### Enable addons search -``` -<<<<<<< HEAD -extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" -``` -#### Enable addons manual updates -``` -extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= -%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= -%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= -%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" -``` -#### Enable OCSP certificate checking -``` -security.OCSP.enabled = 1 -``` -you probably also want `security.OCSP.require = true` -======= -// This should be discussed -defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); -defaultPref("general.appname.override", "Netscape"); -defaultPref("general.appversion.override", "5.0 (Windows)"); -defaultPref("general.platform.override", "Win32"); -defaultPref("general.oscpu.override", "Windows NT 6.1"); -lockPref("general.buildID.override", "20100101"); -lockPref("browser.startup.homepage_override.buildID", "20100101"); ->>>>>>> 653a6ed (knocked out some more prefs) -======= ->>>>>>> e7ed7c4 (updated changelog) - -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -#### Hardened setup -``` -defaultPref("javascript.options.asmjs", false); // disable asm.js -defaultPref("javascript.options.wasm", false); // disable web assembly -defaultPref("webgl.disabled", true); // disable webgl -defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing -defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access -======= -// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI -defaultPref("network.cookie.cookieBehavior", 1); - -======= ->>>>>>> c16522a (added re-enabling guides) -// What should we do with this pref -//defaultPref("network.http.sendRefererHeader", 1); -<<<<<<< HEAD ->>>>>>> a35eb4b (re-organized and reviewed) -======= - -<<<<<<< HEAD -======= ->>>>>>> 48fecfd (removed redundant stuff) -// should we consider disabling WebAssembly ? -//lockPref("javascript.options.wasm", false); - -// to check -defaultPref("xpinstall.signatures.required", true); - -// How much should we lock? -// How much should we care bout URLs? - -======= ->>>>>>> 7732277 (imrpoved referers and language settings) -Other points: -// How much should we lock? -// DRM - should we make it even easier? -// COOKIES - now using dFPI -// SB - make re-enabling easier, test connections - -from arkenfox: -dom.security.https_only_mode_send_http_background_request -> DISCUSS -dom.storage.next_gen -> DISCUSS -security.pki.crlite_mode -> DISCUSS -security.remote_settings.crlite_filters.enabled -> DISCUSS -``` - -#### Commented -Prefs that need to be addressed and that were disabled for now -``` -<<<<<<< HEAD -// redudant with RFP and javascript.use_us_english_locale -// defaultPref("privacy.spoof_english", 2); - -<<<<<<< HEAD -// conflicting with previous prefs? -// defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] -// defaultPref("layers.acceleration.disabled", false); - -<<<<<<< HEAD -// seems to be deprecated -// lockPref("dom.registerProtocolHandler.insecure.enabled", true); -<<<<<<< HEAD ->>>>>>> 55c94dc (reorganized, revisited) -======= - -======= ->>>>>>> c16522a (added re-enabling guides) -======= ->>>>>>> 8b7a898 (updated and started editing external protocols) -// apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable -// should be checked -// lockPref("browser.cache.offline.enable", false); - -<<<<<<< HEAD -// redundant with RFP -// lockPref("dom.enable_performance", false); //Deprecated Active -// lockPref("dom.enable_performance_navigation_timing", false); ->>>>>>> 653a6ed (knocked out some more prefs) -======= -======= ->>>>>>> 48fecfd (removed redundant stuff) -// all covered by previous prefs -// defaultPref("media.navigator.video.enabled", false); -// defaultPref("media.peerconnection.use_document_iceservers", false); -// defaultPref("media.peerconnection.identity.enabled", false); -// defaultPref("media.peerconnection.identity.timeout", 1); -// defaultPref("media.peerconnection.turn.disable", true); -// defaultPref("media.peerconnection.ice.tcp", false); -``` - -## How to... -#### Stay logged -Add website to exceptions before login, both http and https link -#### Enable DRM content -``` -media.eme.enabled = true -media.gmp-widevinecdm.visible = true -media.gmp-widevinecdm.enabled = true -media.gmp-provider.enabled = true -media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml -``` -#### Use video conferencing -``` -media.peerconnection.enabled = true -media.peerconnection.ice.no_host = true -dom.webaudio.enabled = true -``` -screensharing `media.getusermedia.screensharing.enabled = true` -#### Enable addons search -``` -extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" -``` -#### Enable addons manual updates -``` -extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= -%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= -%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= -%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" -<<<<<<< HEAD ->>>>>>> c16522a (added re-enabling guides) -``` -======= -``` -#### Enable OCSP certificate checking -``` -security.OCSP.enabled = 1 -``` -you probably also want `security.OCSP.require = true` -<<<<<<< HEAD ->>>>>>> 4041ab1 (reorganized and improved some entries) -======= - -## Missing compared to arkenfox -List of prefs missing in .cfg with reason why we do not have them -``` -browser.cache.disk.enable -> performance hit -browser.display.use_system_colors -> default -browser.download.useDownloadDir -> do we want to ask for download location each time? -browser.newtabpage.enabled -> we do not default to blank page -browser.startup.homepage -> we do not default to blank page -browser.startup.page -> we do not default to blank page -dom.allow_cut_copy -> we leave this on for usability -javascript.options.asmjs -> performance hit -keyword.enabled -> no privacy implication if trusty search engine -privacy.firstparty.isolate -> we have dFPI -privacy.resistFingerprinting.letterboxing -> usability hit -privacy.window.name.update.enabled -> default -security.ask_for_password -> disabled in librewolf -security.password_lifetime -> disabled in librewolf -ui.prefersReducedMotion -> usability hit -webgl.disabled -> usability hit -``` -ones worth discussing -``` -dom.security.https_only_mode_send_http_background_request -> DISCUSS -dom.storage.next_gen -> DISCUSS -javascript.options.wasm -> DISCUSS -security.pki.crlite_mode -> DISCUSS -security.remote_settings.crlite_filters.enabled -> DISCUSS -======= -lockPref("security.insecure_connection_icon.enabled", true); // Default -lockPref("security.insecure_connection_icon.pbmode.enabled", true); // Default -lockPref("browser.bookmarks.restore_default_bookmarks", false); // Default -lockPref("browser.contentblocking.cfr-milestone.enabled", false); // not needed with contenblocking disabled -lockPref("app.normandy.first_run", false); // default -lockPref("browser.send_pings", false); // default -lockPref("browser.send_pings.require_same_host", true); // default -defaultPref("browser.tabs.closeTabByDblclick", true); // why? -lockPref("devtools.debugger.force-local", true); // default -lockPref("gfx.offscreencanvas.enabled", false); // default -lockPref("media.webspeech.recognition.enable", false); // default -lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // default -lockPref("remote.force-local", true); // default -lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default -lockPref("security.fileuri.strict_origin_policy", true); // default -lockPref("security.insecure_field_warning.contextual.enabled", true); // default -defaultPref("security.remote_settings.intermediates.enabled", true); // default -lockPref("xpinstall.whitelist.required", true); // default -lockPref("browser.sessionhistory.max_entries", 20); // why? -lockPref("extensions.webapi.testing", false); // hidden but default false -lockPref("canvas.capturestream.enabled", false); // any real benefit? ->>>>>>> e7a5601 (more good stuff) -``` -<<<<<<< HEAD ->>>>>>> 0267245 (added some new prefs from arkenfox) -======= - -## Experimental removals -need testing, should be redundant prefs as we already disabled others -``` -/* -// fxaccount, to check -lockPref("identity.fxaccounts.enabled", false); -lockPref("identity.fxaccounts.remote.root", ""); -lockPref("identity.fxaccounts.auth.uri", ""); -lockPref("identity.fxaccounts.commands.enabled", false); -lockPref("identity.fxaccounts.remote.oauth.uri", ""); -lockPref("identity.fxaccounts.remote.profile.uri", ""); -lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); -*/ - -/* -// to check, should all be handled by lockPref("services.settings.server", "") -lockPref("services.blocklist.addons.collection", ""); -lockPref("services.blocklist.plugins.collection", ""); -lockPref("services.blocklist.gfx.collection", ""); -lockPref("services.blocklist.addons.signer", ""); -lockPref("services.blocklist.gfx.signer", ""); -lockPref("services.settings.security.onecrl.signer", ""); -lockPref("services.blocklist.pinning.signer", ""); -lockPref("services.blocklist.plugins.signer", ""); -*/ - -// -------------------------------- -// SYNC -// -------------------------------- - -/* -lockPref("services.sync.addons.trustedSourceHostnames", ""); -lockPref("services.sync.lastversion", ""); -lockPref("services.sync.maxResyncs", 0); // 1 -lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 -lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false -lockPref("services.sync.engine.addons", false); //true -lockPref("services.sync.engine.addresses", false); //false -lockPref("services.sync.engine.addresses.available", false); -lockPref("services.sync.engine.bookmarks", false); //true -lockPref("services.sync.engine.creditcards", false); //false -lockPref("services.sync.engine.creditcards.available", false); //false -lockPref("services.sync.engine.history", false); //true -lockPref("services.sync.engine.passwords", false); //true -lockPref("services.sync.engine.prefs", false); //true -lockPref("services.sync.engine.tabs", false); //true -lockPref("services.sync.log.appender.file.logOnError", false); //true -lockPref("services.sync.log.appender.file.logOnSuccess", false); //false -lockPref("services.sync.log.cryptoDebug", false); //false -lockPref("services.sync.sendVersionInfo", false); //true -lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true -lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true -lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true -lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true -lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); //true -lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true -lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true -lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true -lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true -lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true -lockPref("services.sync.prefs.sync.browser.search.update", false); //true -lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true -lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true -lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true -lockPref("services.sync.prefs.sync.browser.startup.page", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.engines", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true -lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true -lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true -lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true -lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true -lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true -lockPref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", false); //true -lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true -lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true -lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true -lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true -lockPref("services.sync.prefs.sync.permissions.default.image", false); //true -lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true -lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true -lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true -lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true -lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true -lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true -lockPref("services.sync.prefs.sync.signon.rememberSignons", false); -lockPref("services.sync.prefs.sync.signon.management.page.breach-alerts.enabled", false); -lockPref("services.sync.prefs.sync.signon.generation.enabled", false); -lockPref("services.sync.prefs.sync.signon.autofillForms", false); -lockPref("services.sync.declinedEngines", ""); -lockPref("services.sync.globalScore", 0); -lockPref("services.sync.nextSync", 0); -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); -lockPref("services.sync.tabs.lastSync", "0"); -*/ -<<<<<<< HEAD -``` ->>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) -======= -======= ->>>>>>> 57702f8 (updated changelog) // useless as ui elements are not in the report page lockPref("browser.contentblocking.report.cookie.url", ""); @@ -1616,9 +562,6 @@ Prefs that need to be addressed and that were disabled for now // defaultPref("media.peerconnection.turn.disable", true); // defaultPref("media.peerconnection.ice.tcp", false); ``` -<<<<<<< HEAD ->>>>>>> 48fecfd (removed redundant stuff) -======= #### Unlocked Locked prefs that were unlocked, more should be unlocked probably @@ -1701,143 +644,4 @@ defaultPref("javascript.options.wasm", false); // disable web assembly defaultPref("webgl.disabled", true); // disable webgl defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access -<<<<<<< HEAD -``` -<<<<<<< HEAD ->>>>>>> e7a5601 (more good stuff) -======= - -## Who cares -Prefs that were commented and are now removed -``` -// Librefox Compatibility Fix -// commented out, we're setting it differently later on -// defaultPref("extensions.autoDisableScopes", 0); - -// Removing https-everywhere adding 2 librefox addons -// keep it commented out for now, until we have more recent, properly pre-installed addons -// defaultPref("extensions.enabledAddons", ...); - -//lockPref("browser.contentblocking.global-toggle.enabled", false); -//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); -//lockPref("browser.contentblocking.fastblock.ui.enabled", false); -//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); -//lockPref("browser.contentblocking.allowlist.storage.enabled", false); -//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); -//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.ui.enabled", false); -//lockPref("browser.contentblocking.enabled", false); - -//lockPref("security.ask_for_password", 2); -//lockPref("security.password_lifetime", 5); - -//defaultPref("privacy.cpd.openWindows", true); // Clear session data -//defaultPref("privacy.clearOnShutdown.openWindows", true); -//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); -//lockPref("permissions.memory_only", true); // (hidden pref) -//lockPref("browser.formfill.expire_days", 0); - -//lockPref("browser.urlbar.autoFill", false); -//lockPref("browser.urlbar.autoFill.typed", false); - -//lockPref("media.peerconnection.video.h264", true); - -//lockPref("network.proxy.autoconfig_url.include_path", false); -//lockPref("network.proxy.socks_remote_dns", true); - -//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); -//lockPref("browser.devedition.theme.enabled", true); -//lockPref("devtools.theme", "dark"); -//lockPref("browser.devedition.theme.showCustomizeButton", true); - -//defaultPref("extensions.ui.dictionary.hidden", false); -//defaultPref("extensions.ui.locale.hidden", false); - -//lockPref("dom.indexedDB.logging.details", false); //default true -//lockPref("dom.indexedDB.logging.enabled", false); //default true -//lockPref("network.http.spdy.enabled", false); -//lockPref("network.http.spdy.enabled.deps", false); -//lockPref("network.http.spdy.enabled.http2", false); -//lockPref("network.http.spdy.websockets", false); - -// lockPref("dom.IntersectionObserver.enabled", false); - -// Pref : CSP Main Settings I/II : -// Those are default values for CSP -// Those are not meant to to be uncommented -//defaultPref("security.csp.enable", true); //This is its default value -//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value -//defaultPref("security.csp.enable_violation_events", true); //This is its default value -//defaultPref("security.csp.experimentalEnabled", false); //This is its default value -//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value -// Default Content Security Policy to apply to signed contents. -//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value - -// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature -// This value is applied after the first one (just ignore this) -//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); -// Default Value : "script-src 'self'; object-src 'self';" - -// Pref :Whether or not the installed extensions should be migrated to the -// storage.local IndexedDB backend. -//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false - -// Pref : if enabled, store execution times for API calls -//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false - -// Pref : Maximum age in milliseconds of performance counters in children -// When reached, the counters are sent to the main process and -// reset, so we reduce memory footprint. -//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.1.issuerName", ""); -// Default Value -// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.2.issuerName", ""); -// Default Value -// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US - -// Pref : Manage certificates button -//lockPref("security.disable_button.openCertManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : Manage security devices button -//lockPref("security.disable_button.openDeviceManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : The impact for this one is negligible -//defaultPref("browser.download.animateNotifications", false); -// Bench Diff : -80/5000 -// Pref : Spoof CPU Core Def 16 -// Default settings seems to be the best -//defaultPref("dom.maxHardwareConcurrency", 8); -// Bench Diff : -500/5000 -// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. -// Garbage collection releases memory back to the system. -// Default settings seems to be the best -//lockPref("javascript.options.mem.high_water_mark", 96); -// Bench Diff : -100/5000 -// Pref : Prevent font fingerprinting -// https://browserleaks.com/fonts -// https://github.com/pyllyukko/user.js/issues/120 -// Solved by extension disabled here for performance -//lockPref("browser.display.use_document_fonts", 0); - - -// Fix ESR Devtools -//lockPref("devtools.telemetry.tools.opened.version", ""); -// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} - -// defaultPref("network.http.sendRefererHeader", 1); default is better - -ALL OF Disabled - Deprecated Inactive -ALL OF Disabled - Section OFF -``` ->>>>>>> 57702f8 (updated changelog) -======= -``` ->>>>>>> d24f87c (pre MR commit) +``` \ No newline at end of file diff --git a/README.md b/README.md index dc32d6e..f63cd10 100755 --- a/README.md +++ b/README.md @@ -2,41 +2,13 @@ LibreWolf settings for all platforms. -<<<<<<< HEAD -<<<<<<< HEAD The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. The old configuration (now tagged as `legacy`) should be considered deprecated and it will no longer be maintained. -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> d79e65a (added Win location) We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides, just place your own preferences in the proper location, according to your OS and install method: - Most distros and macOS -> `~/.librewolf/librewolf.overrides.cfg` - Flatpak -> `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` - Windows -> `%USERPROFILE%\.librewolf\librewolf.overrides.cfg` -<<<<<<< HEAD -======= -The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to ovveride preferences with an external file. -======= -The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. ->>>>>>> f8a4623 (tweak) -The old configuration (now tagged as legacy) should be considered deprecated and it will no longer be maintained. -======= ->>>>>>> 131c061 (tweak) - -<<<<<<< HEAD -We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the ovverides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`. ->>>>>>> d24f87c (pre MR commit) -======= -We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`. ->>>>>>> c2f6d4e (tweaks) -======= -We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`, or if you are using Flatpak `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg`. ->>>>>>> 6dbfa2e (added flatpak location) -======= ->>>>>>> d79e65a (added Win location) ## Useful links - FAQ (coming soon): to help you creating your own pref file. @@ -51,18 +23,6 @@ We encourage users to find **their own setup** and to use our default configurat This repository benefits from the knowledge and research provided by [arkenfox](https://github.com/arkenfox), their documentation was vital to this revamp, so special thanks to their project. We do not use arkenfox's user.js but we try to keep up with it, and we also consider it a great resource for users who want to find their own setup. -<<<<<<< HEAD -<<<<<<< HEAD Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home). -Thank you to the whole LibreWolf community as once again this is entirely a community effort. -======= -Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated in [bugzilla](https://bugzilla.mozilla.org/home). - -Thank you to the entire LibreWolf community as once again this is entirely a community effort. ->>>>>>> d24f87c (pre MR commit) -======= -Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home). - -Thank you to the whole LibreWolf community as once again this is entirely a community effort. ->>>>>>> c2f6d4e (tweaks) +Thank you to the whole LibreWolf community as once again this is entirely a community effort. \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index e77cbe4..cd12b9c 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1,7 +1,3 @@ -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> 55c94dc (reorganized, revisited) //---------------| // LibreWolf | //---------------| @@ -9,15 +5,6 @@ // ================================================================================================================================| // | // "Section" : Description of the settings section separated by "----" | -<<<<<<< HEAD -<<<<<<< HEAD -======= -// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance | -// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss | -// Performance can be tested here : https://chromium.github.io/octane/ | ->>>>>>> 55c94dc (reorganized, revisited) -======= ->>>>>>> 45bf63e (processed everything up to EOF) // "Pref" : Preference/Settings name and or description followed by links or documentations | // and some time explanation why the setting is commented and ignored. | // "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here | @@ -35,204 +22,17 @@ // that rely on comparing version numbers. | // | // ================================================================================================================================| -<<<<<<< HEAD -======= -// --------- -// LibreWolf -// --------- -// -// Documentation .............. : -// ============================== -// -// "Section" : Description of the settings section separated by "----" -// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance -// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss -// Performance can be tested here : https://chromium.github.io/octane/ -// "Pref" : Preference/Settings name and or description followed by links or documentations -// and some time explanation why the setting is commented and ignored. -// "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here -// lockPref is used to lock preferences so they cannot be changed through the GUI or about:config. -// In many cases the GUI will change to reflect this, graying out or removing options. Appears -// in about:config as "locked". Some config items require lockPref to be set, such as app.update.enabled. -// It will not work if it set with just pref. -// "pref" : Sets the preference as if a user had set it, every time you start the browser. So users can make changes, -// but they will be erased on restart. If you set a particular preference this way, -// it shows up in about:config as "user set". -// "defaultPref" : Defaulting : Is used to alter the default value, though users can set it normally and their changes will -// be saved between sessions. If preferences are reset to default through the GUI or some other method, -// this is what they will go back to. Appears in about:config as "default". -// "clearPref" : Can be used to "blank" certain preferences. This can be useful e.g. to disable functions -// that rely on comparing version numbers. -// -// ==================================================================================== -// Protection ................. : -// ============================== -// -// Pref : Locking librewolf.cfg itself -defaultPref("general.config.filename", "librewolf.cfg"); -// -// ===================================================================================== -// Index librewolf.cfg .......... : -// ============================== -// -// ----------------------------------------------------------------------- -// Section : User settings // Bench Diff : +0 / 5000 -// Section : Defaulting Settings // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Controversial // Bench Diff : +0 / 5000 -// Section : Firefox Fingerprint // Bench Diff : +0 / 5000 -// Section : Locale/Time // Bench Diff : +0 / 5000 -// Section : Ghacks-user Selection // Bench Diff : +100 / 5000 -// Section : Extensions Manager // Bench Diff : +0 / 5000 -// Section : IJWY To Shut Up // Bench Diff : +0 / 5000 -// Section : Microsoft Windows // Bench Diff : +0 / 5000 -// Section : Firefox ESR60.x // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Security 1/3 // Bench Diff : +0 / 5000 -// Section : Security 2/3 // Bench Diff : +0 / 5000 -// Section : Security 3/3 (Cipher) // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Performance 1/5 // Bench Diff : +650 / 5000 -// Section : Performance 2/5 // Bench Diff : -800 / 5000 -// Section : Performance 3/5 // Bench Diff : -1720 / 5000 -// Section : Performance 4/5 // Bench Diff : -200 / 5000 -// Section : Performance 5/5 // Bench Diff : -50 / 5000 -// ----------------------------------------------------------------------- -// Section : General Settings 1/3 // Bench Diff : +100 / 5000 -// Section : General Settings 2/3 // Bench Diff : +0 / 5000 -// Section : General Settings 3/3 // Bench Diff : -40 / 5000 -// ----------------------------------------------------------------------- -// Section : Disabled - ON/OFF // Bench Diff : +0 / 5000 -// Section : Disabled - Deprecated Active // Bench Diff : +0 / 5000 -// Section : Disabled - Deprecated Inactive // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// -// ----------------------------------------------------------------------- -// Index local-settings.js .... : -// ============================== -// -// ----------------------------------------------------------------------- -// Section : General Settings // Bench Diff : ++ / 5000 -// ----------------------------------------------------------------------- -// -// ----------------------------------------------------------------------- -// >>>>>>>>>>>>>>>>>>>>>>> -// Section : User Settings -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>>>>> -======= ->>>>>>> 55c94dc (reorganized, revisited) - -<<<<<<< HEAD -// -------------------------------- -// User Settings : Cookies settings -// -------------------------------- - -// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI -defaultPref("network.cookie.cookieBehavior", 1); -defaultPref("network.cookie.lifetimePolicy", 2); -defaultPref("network.cookie.thirdparty.sessionOnly", true); -lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) - -<<<<<<< HEAD // ----------------------------------- // # TRACKING PROTECTION -======= - -// ----------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD -// TRACKING PROTECTION ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// FILENAME ->>>>>>> 7887469 (reviewed and reorganized up to extensions) // ----------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more -======= -// set custom mode -lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway - -// disabling tracking protection ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -======= -defaultPref("general.config.filename", "librewolf.cfg"); - -======= ->>>>>>> 48fecfd (removed redundant stuff) -// ----------------------------------- -// OVERRIDES -// ----------------------------------- - -// allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` -// or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). -// not yet verified to work on Windows and MacOS releases -let home_directory = getenv("HOME"); -if (home_directory) { - pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); -} - -// ----------------------------------- -<<<<<<< HEAD -======= ->>>>>>> 344e1e8 (moved overrides to bottom) -// TRACKING PROTECTION -======= -// # TRACKING PROTECTION ->>>>>>> 01804b5 (add tags for .md rendering) -// ----------------------------------- - -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway ->>>>>>> 55c94dc (reorganized, revisited) -======= -defaultPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway ->>>>>>> 7b8bd35 (unlock content block cat as breaks cookie button) -======= -defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI ->>>>>>> 48fecfd (removed redundant stuff) -======= -defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more ->>>>>>> e7a5601 (more good stuff) lockPref("privacy.trackingprotection.enabled", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); lockPref("privacy.trackingprotection.socialtracking.enabled", false); lockPref("privacy.trackingprotection.cryptomining.enabled", false); lockPref("privacy.trackingprotection.fingerprinting.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -lockPref("privacy.trackingprotection.annotate_channels", false); -lockPref("urlclassifier.trackingTable", ""); -lockPref("browser.contentblocking.database.enabled", false); - -// remove urls -lockPref("browser.contentblocking.reportBreakage.url", ""); - -// hide ui elements -lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); -lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); -lockPref("browser.contentblocking.report.hide_vpn_banner", true); -lockPref("browser.contentblocking.report.show_mobile_app", false); -lockPref("browser.contentblocking.report.lockwise.enabled", false); -lockPref("browser.contentblocking.report.monitor.enabled", false); -lockPref("browser.contentblocking.report.proxy.enabled", false); -lockPref("browser.contentblocking.report.vpn.enabled", false); -======= - -// below are potentially useless as tracking protection is disabled -======= ->>>>>>> 55c94dc (reorganized, revisited) -lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); -======= ->>>>>>> 48fecfd (removed redundant stuff) lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("urlclassifier.trackingTable", ""); lockPref("browser.contentblocking.database.enabled", false); @@ -250,36 +50,15 @@ lockPref("browser.contentblocking.report.monitor.enabled", false); lockPref("browser.contentblocking.report.proxy.enabled", false); lockPref("browser.contentblocking.report.vpn.enabled", false); -<<<<<<< HEAD -// Windows only? -lockPref("default-browser-agent.enabled", false); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) - -// ---------------------------------- -<<<<<<< HEAD -// # AUTOPLAY -======= -// AUTOPLAY ->>>>>>> a35eb4b (re-organized and reviewed) -======= // ---------------------------------- // # AUTOPLAY ->>>>>>> e7a5601 (more good stuff) // ---------------------------------- defaultPref("media.autoplay.default", 5); defaultPref("media.autoplay.blocking_policy", 2); // ----------------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # PASSWORD MANAGER -======= -// PASSWORD MANAGER ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # PASSWORD MANAGER ->>>>>>> e7a5601 (more good stuff) // ----------------------------------------- lockPref("signon.rememberSignons", false); @@ -287,50 +66,11 @@ lockPref("signon.storeWhenAutocompleteOff", false); defaultPref("signon.management.page.breach-alerts.enabled", false); defaultPref("signon.management.page.breachAlertUrl", ""); lockPref("signon.formlessCapture.enabled", false); -<<<<<<< HEAD // -------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # SEARCH AND URLBAR // -------------------------------- -defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); -lockPref("browser.urlbar.speculativeConnect.enabled", false); -lockPref("browser.urlbar.trimURLs", false); -lockPref("browser.search.suggest.enabled", false); -lockPref("browser.search.region", "US"); -lockPref("browser.fixup.alternate.enabled", false); -lockPref("browser.urlbar.suggest.searches", false); -lockPref("browser.search.update", false); -======= ->>>>>>> 45bf63e (processed everything up to EOF) - -// -------------------------------- -<<<<<<< HEAD -// # SANITIZING, COOKIES AND HISTORY -// -------------------------------- - -defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 -defaultPref("network.cookie.lifetimePolicy", 2); -defaultPref("network.cookie.thirdparty.sessionOnly", true); -lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); - -// includes new cookie behavior that allows to stay logged with exceptions -defaultPref("privacy.clearOnShutdown.cookies", false); -defaultPref("privacy.clearOnShutdown.offlineApps", false); -defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid accidental logout -defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout -======= -// SEARCH -======= -// SEARCH AND URLBAR ->>>>>>> 653a6ed (knocked out some more prefs) -======= -// # SEARCH AND URLBAR ->>>>>>> e7a5601 (more good stuff) -// -------------------------------- - defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); lockPref("browser.urlbar.speculativeConnect.enabled", false); lockPref("browser.urlbar.trimURLs", false); @@ -354,12 +94,6 @@ defaultPref("privacy.clearOnShutdown.cookies", false); defaultPref("privacy.clearOnShutdown.offlineApps", false); defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid accidental logout defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout -<<<<<<< HEAD -defaultPref("privacy.cpd.passwords", false); -defaultPref("privacy.cpd.sessions", true); ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 48fecfd (removed redundant stuff) defaultPref("privacy.sanitize.timeSpan", 0); defaultPref("browser.formfill.enable", false); @@ -367,79 +101,27 @@ defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("places.history.enabled", false); defaultPref("privacy.history.custom", true); -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD // -------------------------------------------------------------------- // # SESSIONS -======= -======= -defaultPref("layout.css.visited_links_enabled", false); -defaultPref("layout.css.always-repaint-on-unvisited", false); -defaultPref("layout.css.notify-of-unvisited", false); - ->>>>>>> 653a6ed (knocked out some more prefs) -// this sets a cookie jar for 3rd party origin which is the same as dFPI -// and probably redundant when 3rd party cookies are disabled -// lockPref("privacy.storagePrincipal.enabledForTrackers", false); - -======= ->>>>>>> 7887469 (reviewed and reorganized up to extensions) -// -------------------------------------------------------------------- -<<<<<<< HEAD -// SESSIONS ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # SESSIONS ->>>>>>> 01804b5 (add tags for .md rendering) // -------------------------------------------------------------------- lockPref("browser.sessionstore.privacy_level", 2); lockPref("browser.sessionstore.interval", 60000); // --------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # AUTOFILL -======= -// AUTOFILL ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # AUTOFILL ->>>>>>> 01804b5 (add tags for .md rendering) // --------------------------------- defaultPref("extensions.formautofill.section.enabled", false); defaultPref("extensions.formautofill.available", "off"); defaultPref("extensions.formautofill.addresses.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD -======= -defaultPref("extensions.formautofill.addresses.capture.enabled", false); ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 48fecfd (removed redundant stuff) defaultPref("extensions.formautofill.creditCards.enabled", false); defaultPref("extensions.formautofill.creditCards.available", false); defaultPref("extensions.formautofill.heuristics.enabled", false); lockPref("signon.autofillForms", false); -<<<<<<< HEAD -<<<<<<< HEAD // ----------------------- // # DRM -======= -lockPref("signon.autofillForms.http", false); -======= ->>>>>>> 48fecfd (removed redundant stuff) - -// ----------------------- -<<<<<<< HEAD -// DRM ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # DRM ->>>>>>> 01804b5 (add tags for .md rendering) // ----------------------- // includes new DRM implementation for easily re-enabling it @@ -449,58 +131,16 @@ defaultPref("media.eme.enabled", false); defaultPref("media.gmp-widevinecdm.visible", false); defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-provider.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections -<<<<<<< HEAD -<<<<<<< HEAD -defaultPref("media.gmp-gmpopenh264.enabled", false); -======= -defaultPref("media.gmp-manager.url", "data:text/plain,"); had to re-add to prevent connections ->>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) -======= -defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections ->>>>>>> f733a19 (fixed broken comment) - -// ---------------------- -// # WEBRTC -======= -defaultPref("media.gmp.trial-create.enabled", false); -======= ->>>>>>> 7887469 (reviewed and reorganized up to extensions) defaultPref("media.gmp-gmpopenh264.enabled", false); // ---------------------- -<<<<<<< HEAD -<<<<<<< HEAD -// WebRTC ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// WEBRTC ->>>>>>> 55c94dc (reorganized, revisited) -======= // # WEBRTC ->>>>>>> 01804b5 (add tags for .md rendering) // ---------------------- defaultPref("media.navigator.enabled", false); defaultPref("media.peerconnection.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD -======= -defaultPref("media.navigator.video.enabled", false); -defaultPref("media.getusermedia.browser.enabled", false); -defaultPref("media.getusermedia.screensharing.enabled", false); -defaultPref("media.getusermedia.audiocapture.enabled", false); -defaultPref("media.peerconnection.use_document_iceservers", false); -defaultPref("media.peerconnection.identity.enabled", false); -defaultPref("media.peerconnection.identity.timeout", 1); // 10000 per default -defaultPref("media.peerconnection.turn.disable", true); -defaultPref("media.peerconnection.ice.tcp", false); ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 7887469 (reviewed and reorganized up to extensions) defaultPref("media.peerconnection.ice.default_address_only", true); defaultPref("media.peerconnection.ice.no_host", true); defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); @@ -514,15 +154,7 @@ defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // defaultPref("media.peerconnection.ice.tcp", false); // ---------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # SHARING -======= -// SHARING ->>>>>>> 7887469 (reviewed and reorganized up to extensions) -======= -// # SHARING ->>>>>>> 01804b5 (add tags for .md rendering) // ---------------------- defaultPref("media.getusermedia.browser.enabled", false); @@ -530,15 +162,7 @@ defaultPref("media.getusermedia.screensharing.enabled", false); defaultPref("media.getusermedia.audiocapture.enabled", false); // ---------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # DNS -======= -// DNS ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # DNS ->>>>>>> 01804b5 (add tags for .md rendering) // ---------------------------- lockPref("network.trr.mode", 5); @@ -549,15 +173,7 @@ defaultPref("network.dns.disableIPv6", true); lockPref("network.dns.disablePrefetch", true); // ------------------------------------ -<<<<<<< HEAD -<<<<<<< HEAD // # NEW TAB PAGE -======= -// NEW TAB PAGE ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # NEW TAB PAGE ->>>>>>> 01804b5 (add tags for .md rendering) // ------------------------------------ lockPref("browser.newtab.preload", false); @@ -598,75 +214,23 @@ lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnabled", false); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); -<<<<<<< HEAD -<<<<<<< HEAD -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); -lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); -======= -lockPref("browser.newtab.preload", false); -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); -lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); - -lockPref("extensions.getAddons.discovery.api_url", ""); -lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); -lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); -lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":false}"); - -lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); -// Default Value : -// {\"id\":\"cfr\",\"enabled\":false,\"type\":\"local\",\"localProvider\":\ -// "CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}} -lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", ""); -// Default Value : -// {\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true} -lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); -// Default Value : -// {\"id\":\"snippets\",\"enabled\":false,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/ -// %STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION% -// /%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000} ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) - -// ------------------------------------------- -// # DO NOT TRACK -======= lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // ------------------------------------------- -<<<<<<< HEAD -// DO NOT TRACK ->>>>>>> a35eb4b (re-organized and reviewed) -======= // # DO NOT TRACK ->>>>>>> 01804b5 (add tags for .md rendering) // ------------------------------------------- // Unlocked as some think it increases fingerprint, they can now disable it defaultPref("privacy.donottrackheader.enabled", true); // -------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # DOM -======= -// DOM ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # DOM ->>>>>>> 01804b5 (add tags for .md rendering) // -------------------------------- lockPref("dom.disable_beforeunload", true); defaultPref("dom.disable_open_during_load", true); -<<<<<<< HEAD -<<<<<<< HEAD -======= -======= lockPref("dom.push.enabled", false); lockPref("dom.push.connection.enabled", false); lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" @@ -682,12 +246,6 @@ lockPref("dom.vr.enabled", false); lockPref("dom.vibrator.enabled", false); defaultPref("dom.storage.next_gen", true); -<<<<<<< HEAD -// lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated ->>>>>>> 55c94dc (reorganized, revisited) - -======= ->>>>>>> 7887469 (reviewed and reorganized up to extensions) // -------------------------------- // # PERMISSIONS // -------------------------------- @@ -754,128 +312,6 @@ defaultPref("intl.locale.requested", "en-US"); defaultPref("privacy.spoof_english", 2); // defaultPref("intl.regional_prefs.use_os_locales", false); // default -<<<<<<< HEAD -// -------------------------------------- -// USER AGENT AND IDENTITY -// -------------------------------------- - -// worth discussing -defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); -defaultPref("general.appname.override", "Netscape"); -defaultPref("general.appversion.override", "5.0 (Windows)"); -defaultPref("general.platform.override", "Win32"); -defaultPref("general.oscpu.override", "Windows NT 6.1"); -lockPref("general.buildID.override", "20100101"); -lockPref("browser.startup.homepage_override.buildID", "20100101"); - -<<<<<<< HEAD -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Ghacks-user Selection -// Bench Diff : +100/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -lockPref("toolkit.coverage.endpoint.base", ""); -lockPref("toolkit.coverage.opt-out", true); -lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("browser.download.hide_plugins_without_extensions", false); -lockPref("webchannel.allowObject.urlWhitelist", ""); -lockPref("browser.cache.offline.storage.enable", false); -lockPref("network.http.redirection-limit", 10); -lockPref("extensions.enabledScopes", 5); - -// Is there any reason to change the default value? -// lockPref("extensions.autoDisableScopes", 11); - -lockPref("xpinstall.whitelist.required", true); // default: true - ->>>>>>> a35eb4b (re-organized and reviewed) -lockPref("dom.push.enabled", false); -lockPref("dom.push.connection.enabled", false); -lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" -lockPref("dom.push.userAgentID", ""); -lockPref("dom.targetBlankNoOpener.enabled", true); -lockPref("dom.disable_window_move_resize", true); -defaultPref("dom.serviceWorkers.enabled", false); -defaultPref("dom.battery.enabled", false); -lockPref("dom.popup_maximum", 4); -defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -defaultPref("dom.webaudio.enabled", false); -lockPref("dom.vr.enabled", false); -lockPref("dom.vibrator.enabled", false); -defaultPref("dom.storage.next_gen", true); - -// -------------------------------- -// # PERMISSIONS -// -------------------------------- - -lockPref("permissions.delegation.enabled", false); -defaultPref("permissions.default.geo", 2); // unlocked as some think it increases fingerprint, they can now disable it -lockPref("permissions.manager.defaultsUrl", ""); - -// -------------------------------- -// # REFERERS -// -------------------------------- - -lockPref("network.http.referer.XOriginTrimmingPolicy", 2); -lockPref("network.http.referer.XOriginPolicy", 0); - -// -------------------------------- -// # PROXY -// -------------------------------- - -<<<<<<< HEAD -defaultPref("network.proxy.autoconfig_url", ""); -defaultPref("network.proxy.socks_remote_dns", true); -defaultPref("network.proxy.socks_version", 5); -======= - -lockPref("plugin.default.state", 1); -lockPref("plugin.defaultXpi.state", 1); ->>>>>>> a35eb4b (re-organized and reviewed) - -// -------------------------------------- -// # HTTP(S) -// -------------------------------------- - -lockPref("network.http.altsvc.enabled", false); -lockPref("network.http.altsvc.oe", false); -defaultPref("dom.security.https_only_mode", true); -defaultPref("dom.security.https_only_mode_pbm", true); -defaultPref("network.auth.subresource-http-auth-allow", 1); - -// -------------------------------------- -// # TLS -// -------------------------------------- - -defaultPref("security.ssl.require_safe_negotiation", true); -lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); -lockPref("security.ssl.disable_session_identifiers", true); -lockPref("browser.ssl_override_behavior", 1); -lockPref("security.tls.enable_0rtt_data", false); -lockPref("security.tls.version.enable-deprecated", false); -lockPref("security.tls.version.fallback-limit", 3); -lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos - -// to check -lockPref("network.stricttransportsecurity.preloadlist", false); - -// -------------------------------------- -// # RFP -// -------------------------------------- - -defaultPref("privacy.resistFingerprinting", true); -defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); -lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing - -// -------------------------------------- -// # LANGUAGE AND REGION -// -------------------------------------- - -defaultPref("javascript.use_us_english_locale", true); -defaultPref("intl.locale.requested", "en-US"); -defaultPref("privacy.spoof_english", 2); -// defaultPref("intl.regional_prefs.use_os_locales", false); // default - // ------------------------------------------------------- // # EXTENSIONS - check readme section "Extensions Firewall" // ------------------------------------------------------- @@ -884,24 +320,10 @@ defaultPref("privacy.spoof_english", 2); defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" -======= -======= ->>>>>>> 934010b (removed overrides for spoofing) -// ------------------------------------------------------- -// # EXTENSIONS - check readme section "Extensions Firewall" -// ------------------------------------------------------- - -// handle default restricted domains -defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" -lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" - ->>>>>>> 55c94dc (reorganized, revisited) // disable network for the extensions // Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>> defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;"); -<<<<<<< HEAD -<<<<<<< HEAD // set extensions scopes lockPref("extensions.enabledScopes", 5); lockPref("extensions.autoDisableScopes", 11); @@ -944,35 +366,12 @@ lockPref("extensions.systemAddon.update.url", ""); lockPref("extensions.systemAddon.update.enabled", false); lockPref("xpinstall.signatures.devInfoURL", ""); -<<<<<<< HEAD -<<<<<<< HEAD -======= -lockPref("extensions.webapi.testing", false); // hidden prefs // default false ->>>>>>> 48fecfd (removed redundant stuff) -======= ->>>>>>> e7a5601 (more good stuff) lockPref("extensions.webservice.discoverURL", ""); lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); lockPref("lightweightThemes.getMoreURL", ""); defaultPref("extensions.postDownloadThirdPartyPrompt", false); -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -======= -======= -lockPref("xpinstall.whitelist.required", true); // default ->>>>>>> 7732277 (imrpoved referers and language settings) -======= ->>>>>>> e7a5601 (more good stuff) -<<<<<<< HEAD -// to check -defaultPref("xpinstall.signatures.required", true); ->>>>>>> 0267245 (added some new prefs from arkenfox) - -======= ->>>>>>> 48fecfd (removed redundant stuff) // ------------------------------------------------------- // # NORMANDY // ------------------------------------------------------- @@ -1002,153 +401,8 @@ lockPref("security.mixed_content.block_active_content", true); lockPref("security.insecure_connection_text.enabled", true); lockPref("security.insecure_connection_text.pbmode.enabled", true); -<<<<<<< HEAD lockPref("security.dialog_enable_delay", 700); lockPref("security.csp.enable", true); -======= -// Remove a bunch of URLs : -lockPref("lightweightThemes.getMoreURL", ""); -lockPref("media.decoder-doctor.new-issue-endpoint", ""); -lockPref("identity.sync.tokenserver.uri", ""); -lockPref("network.trr.confirmationNS", ""); -lockPref("browser.translation.engine", ""); // default Google -lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // default Yahoo! Mail -lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail -lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.irc.0.name", ""); -lockPref("services.sync.lastversion", ""); -lockPref("browser.safebrowsing.provider.mozilla.lists.base", ""); -lockPref("browser.safebrowsing.provider.mozilla.lists.content", ""); -lockPref("browser.safebrowsing.provider.google.advisoryName", ""); -lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); -lockPref("browser.safebrowsing.provider.mozilla.lists", ""); -lockPref("identity.fxaccounts.remote.root", ""); -lockPref("services.settings.server", ""); -lockPref("services.blocklist.addons.signer", ""); -lockPref("services.blocklist.gfx.signer", ""); -lockPref("services.settings.security.onecrl.signer", ""); -lockPref("services.blocklist.pinning.signer", ""); -lockPref("services.blocklist.plugins.signer", ""); -lockPref("accessibility.support.url", ""); -lockPref("app.normandy.shieldLearnMoreUrl", ""); -lockPref("app.support.baseURL", ""); -lockPref("browser.chrome.errorReporter.infoURL", ""); -lockPref("browser.dictionaries.download.url", ""); -lockPref("browser.geolocation.warning.infoURL", ""); -lockPref("browser.search.searchEnginesURL", ""); -lockPref("browser.uitour.themeOrigin", ""); -lockPref("extensions.getAddons.compatOverides.url", ""); -lockPref("services.sync.addons.trustedSourceHostnames", ""); -lockPref("toolkit.datacollection.infoURL", ""); -lockPref("xpinstall.signatures.devInfoURL", ""); -lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); -======= -// enable Content Security Policy (CSP) -lockPref("security.csp.enable", true); - -<<<<<<< HEAD -======= ->>>>>>> 45bf63e (processed everything up to EOF) -// set extensions scopes -lockPref("extensions.enabledScopes", 5); -lockPref("extensions.autoDisableScopes", 11); ->>>>>>> 55c94dc (reorganized, revisited) -======= -// ------------------------------------------------------- -// # SAFE BROWSING -// ------------------------------------------------------- ->>>>>>> 01804b5 (add tags for .md rendering) - -// Relevant for addons and lang packs search -defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% -defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% - -// other urls -defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% -defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ -defaultPref("extensions.update.url", ""); -// Default Value -// https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= -// %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -// %ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= -// %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= -// %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% - -// ui -defaultPref("extensions.getAddons.showPane", false); -lockPref("extensions.getAddons.discovery.api_url", ""); -lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); -lockPref("extensions.webcompat-reporter.enabled", false); -lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new - -// background checking and updating -defaultPref("extensions.update.enabled", false); -defaultPref("extensions.update.autoUpdateDefault", false); -defaultPref("extensions.update.background.url", ""); -defaultPref("extensions.getAddons.cache.enabled", false); - -// blocklist -defaultPref("extensions.blocklist.enabled", false); -defaultPref("extensions.blocklist.detailsURL", ""); -defaultPref("extensions.blocklist.itemURL", ""); - -// system addons -lockPref("extensions.systemAddon.update.url", ""); -lockPref("extensions.systemAddon.update.enabled", false); - -lockPref("xpinstall.whitelist.required", true); // default: true -lockPref("xpinstall.signatures.devInfoURL", ""); -defaultPref("extensions.webextensions.background-delayed-startup", true); //default true -lockPref("extensions.webapi.testing", false); // hidden prefs // default false -lockPref("extensions.webservice.discoverURL", ""); -lockPref("webextensions.storage.sync.serverURL", ""); -lockPref("extensions.screenshots.upload-disabled", true); -lockPref("lightweightThemes.getMoreURL", ""); - -// to check -defaultPref("xpinstall.signatures.required", true); - -// ------------------------------------------------------- -// NORMANDY -// ------------------------------------------------------- - -lockPref("app.normandy.enabled", false); -lockPref("app.normandy.api_url", ""); -lockPref("app.normandy.first_run", false); -lockPref("app.normandy.user_id", ""); -lockPref("app.normandy.shieldLearnMoreUrl", ""); -lockPref("app.normandy.dev_mode", false); - -// -------------------------------- -// SECURITY -// -------------------------------- - -// certificates -lockPref("security.cert_pinning.enforcement_level", 2); -defaultPref("security.OCSP.enabled", 0); -defaultPref("security.OCSP.require", false); -lockPref("security.ssl.enable_ocsp_stapling", true); -lockPref("security.pki.sha1_enforcement_level", 1); - -// mixed content -lockPref("security.mixed_content.block_object_subrequest", true); -lockPref("security.mixed_content.block_display_content", true); -lockPref("security.mixed_content.block_active_content", true); - -// reduce breakage -defaultPref("security.remote_settings.intermediates.enabled", true); - -<<<<<<< HEAD -// Pref : -lockPref("browser.chrome.errorReporter.submitUrl", ""); -lockPref("browser.chrome.errorReporter.enabled", false); - -// Pref : -lockPref("browser.ping-centre.staging.endpoint", ""); -lockPref("browser.ping-centre.telemetry", false); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) // ------------------------------------------------------- // # SAFE BROWSING @@ -1159,29 +413,6 @@ lockPref("browser.safebrowsing.passwords.enabled", false); lockPref("browser.safebrowsing.phishing.enabled", false); // downloads and unwanted software -======= -// ui -lockPref("security.insecure_connection_icon.enabled", true); -lockPref("security.insecure_connection_icon.pbmode.enabled", true); -lockPref("security.insecure_connection_text.enabled", true); -lockPref("security.insecure_connection_text.pbmode.enabled", true); - -lockPref("security.dialog_enable_delay", 700); -lockPref("security.csp.enable", true); - -// ------------------------------------------------------- -// SAFE BROWSING -// ------------------------------------------------------- - -lockPref("browser.safebrowsing.malware.enabled", false); -lockPref("browser.safebrowsing.passwords.enabled", false); -lockPref("browser.safebrowsing.phishing.enabled", false); -<<<<<<< HEAD ->>>>>>> 55c94dc (reorganized, revisited) -======= - -// downloads and unwanted software ->>>>>>> 4041ab1 (reorganized and improved some entries) lockPref("browser.safebrowsing.downloads.enabled", false); lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false); @@ -1189,20 +420,9 @@ lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false); lockPref("browser.safebrowsing.downloads.remote.url", ""); -<<<<<<< HEAD -<<<<<<< HEAD // could try re-enabling some of these urls to see if it causes connections lockPref("browser.safebrowsing.id", ""); -======= -lockPref("browser.safebrowsing.id", ""); -lockPref("browser.safebrowsing.allowOverride", false); ->>>>>>> 55c94dc (reorganized, revisited) -======= - -// could try re-enabling some of these urls to see if it causes connections -lockPref("browser.safebrowsing.id", ""); ->>>>>>> 4041ab1 (reorganized and improved some entries) lockPref("browser.safebrowsing.blockedURIs.enabled", false); lockPref("browser.safebrowsing.provider.google4.pver", ""); lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); @@ -1239,9 +459,6 @@ lockPref("browser.safebrowsing.provider.mozilla.nextupdatetime", ""); lockPref("browser.safebrowsing.reportPhishURL", ""); // -------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD // # FONTS // -------------------------------- @@ -1257,7 +474,6 @@ lockPref("dom.ipc.plugins.reportCrashURL", false); lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); lockPref("plugin.state.flash", 0); -<<<<<<< HEAD // more important stuff lockPref("browser.shell.shortcutFavicons", false); defaultPref("alerts.showFavicons", false); @@ -1388,156 +604,6 @@ lockPref("javascript.options.shared_memory", false); // # GEO // -------------------------------- -======= -// MISC -======= -// FONTS ->>>>>>> 8b7a898 (updated and started editing external protocols) -======= -// # FONTS ->>>>>>> 01804b5 (add tags for .md rendering) -// -------------------------------- - -lockPref("gfx.font_rendering.graphite.enabled", false); -lockPref("gfx.font_rendering.opentype_svg.enabled", false); - -// -------------------------------- -// # MISC -// -------------------------------- - -======= ->>>>>>> e7a5601 (more good stuff) -// more important stuff -lockPref("browser.shell.shortcutFavicons", false); -defaultPref("alerts.showFavicons", false); -defaultPref("browser.link.open_newwindow", 3); -defaultPref("browser.link.open_newwindow.restriction", 0); -lockPref("network.file.disable_unc_paths", true); // (hidden pref) -lockPref("network.gio.supported-protocols", ""); // (hidden pref) -lockPref("plugin.default.state", 1); -lockPref("network.IDN_show_punycode", true); -defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP - -// pocket, to check if we can remove -lockPref("extensions.pocket.enabled", false); -lockPref("extensions.pocket.site", ""); -lockPref("extensions.pocket.oAuthConsumerKey", ""); -lockPref("extensions.pocket.api", ""); - -// pdf reader -defaultPref("pdfjs.disabled", false); -defaultPref("pdfjs.enableScripting", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); - -// remote agent -lockPref("remote.enabled", false); - -// settings and behavior -lockPref("browser.shell.checkDefaultBrowser", false); -lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); -defaultPref("startup.homepage_override_url", "about:blank"); -defaultPref("startup.homepage_welcome_url", "about:blank"); -defaultPref("startup.homepage_welcome_url.additional", ""); -lockPref("browser.startup.homepage_override.mstone", "ignore"); -defaultPref("privacy.userContext.enabled", true); -defaultPref("general.autoScroll", false); -defaultPref("clipboard.autocopy", false); -defaultPref("browser.tabs.loadBookmarksInTabs", true); -lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("accessibility.force_disabled", 1); -lockPref("browser.uitour.enabled", false); -lockPref("middlemouse.contentLoadURL", false); -defaultPref("accessibility.typeaheadfind", false); -lockPref("network.manage-offline-status", false); -lockPref("browser.helperApps.deleteTempFileOnExit", true); -lockPref("browser.pagethumbnails.capturing_disabled", true); -lockPref("browser.bookmarks.max_backups", 2); -defaultPref("reader.parse-on-load.enabled", false); - -// devtools -defaultPref("devtools.debugger.remote-enabled", false); -defaultPref("devtools.chrome.enabled", false); -lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com -lockPref("devtools.devices.url", ""); -lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] -lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] -defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-community/browser/linux/-/issues/80 - -// ui -defaultPref("browser.tabs.drawInTitlebar", true); -defaultPref("browser.aboutConfig.showWarning", false); -defaultPref("general.warnOnAboutConfig", false); -defaultPref("browser.download.autohideButton", false); -defaultPref("privacy.userContext.ui.enabled", true); -lockPref("browser.messaging-system.whatsNewPanel.enabled", false); - -// urls and handlers -lockPref("media.decoder-doctor.new-issue-endpoint", ""); -lockPref("identity.sync.tokenserver.uri", ""); -lockPref("network.trr.confirmationNS", ""); -lockPref("browser.translation.engine", ""); // default Google -lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // default Yahoo! Mail -lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail -lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.irc.0.name", ""); -lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.ircs.0.name", ""); -lockPref("services.settings.server", ""); -lockPref("accessibility.support.url", ""); -lockPref("app.support.baseURL", ""); -lockPref("browser.uitour.url", ""); -lockPref("webchannel.allowObject.urlWhitelist", ""); -lockPref("browser.dictionaries.download.url", ""); -lockPref("browser.geolocation.warning.infoURL", ""); -lockPref("browser.search.searchEnginesURL", ""); -lockPref("browser.uitour.themeOrigin", ""); -lockPref("toolkit.datacollection.infoURL", ""); -lockPref("identity.mobilepromo.android", ""); -lockPref("identity.mobilepromo.ios", ""); -defaultPref("identity.sendtabpromo.url", ""); -lockPref("datareporting.healthreport.infoURL", ""); -lockPref("app.feedback.baseURL", ""); -lockPref("app.releaseNotesURL", ""); -lockPref("app.releaseNotesURL.aboutDialog", ""); -lockPref("browser.chrome.errorReporter.infoURL", ""); -lockPref("datareporting.policy.firstRunURL", ""); -lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); - -// -------------------------------- -// # CACHE -// -------------------------------- - -lockPref("browser.cache.offline.storage.enable", false); -lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] -defaultPref("media.memory_cache_max_size", 65536); - -// -------------------------------- -// # WEBGL AND PERFORMANCE -// -------------------------------- - -lockPref("webgl.enable-webgl2", false); -lockPref("webgl.disable-fail-if-major-performance-caveat", true); - -// -------------------------------- -// # JS -// -------------------------------- - -// should we consider disabling WebAssembly ? -// lockPref("javascript.options.wasm", false); - -// left as it is worth considering -// lockPref("javascript.options.asmjs", false); - -lockPref("javascript.options.shared_memory", false); - -// -------------------------------- -// # GEO -// -------------------------------- - ->>>>>>> 55c94dc (reorganized, revisited) lockPref("geo.enabled", false); lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] lockPref("geo.provider.use_corelocation", false); // [MAC] @@ -1547,18 +613,9 @@ lockPref("geo.provider.network.logging.enabled", false); lockPref("browser.region.network.url", ""); lockPref("browser.region.update.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD // -------------------------------- // # PREFETCHING // -------------------------------- -======= - -// Pref : -lockPref("layout.css.visited_links_enabled", false); -lockPref("layout.css.always-repaint-on-unvisited", false); -lockPref("layout.css.layout.css.notify-of-unvisited", false); ->>>>>>> 55c94dc (reorganized, revisited) lockPref("network.predictor.enabled", false); lockPref("network.prefetch-next", false); @@ -1575,30 +632,6 @@ lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); -======= -// -------------------------------- -// # PREFETCHING -// -------------------------------- - -lockPref("network.predictor.enabled", false); -lockPref("network.prefetch-next", false); -lockPref("network.http.speculative-parallel-limit", 0); - -// -------------------------------- -// # OUTGOING CONNECTIONS -// -------------------------------- - -<<<<<<< HEAD ->>>>>>> 653a6ed (knocked out some more prefs) -======= -// updates -lockPref("app.update.auto", false); -lockPref("app.update.staging.enabled", false); -lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); -lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); -lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); - ->>>>>>> 4041ab1 (reorganized and improved some entries) // connectivity service lockPref("network.connectivity-service.enabled", false); lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0"); @@ -1606,27 +639,7 @@ lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); lockPref("network.connectivity-service.DNSv6.domain", ""); lockPref("network.connectivity-service.DNSv4.domain", ""); -<<<<<<< HEAD -<<<<<<< HEAD // telemetry -======= -// Pref : -lockPref("plugins.crash.supportUrl", ""); - -// Pref : -lockPref("sync.enabled", false); - -// Pref : -lockPref("sync.jpake.serverURL", ""); - -// Pref : -lockPref("sync.serverURL", ""); - -// Pref : ->>>>>>> 55c94dc (reorganized, revisited) -======= -// telemetry ->>>>>>> 653a6ed (knocked out some more prefs) lockPref("toolkit.crashreporter.infoURL", ""); lockPref("toolkit.telemetry.archive.enabled", false); lockPref("toolkit.telemetry.updatePing.enabled", false); @@ -1643,159 +656,27 @@ lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); lockPref("toolkit.telemetry.unified", false); lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD lockPref("security.protectionspopup.recordEventTelemetry", false); lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); -<<<<<<< HEAD -<<<<<<< HEAD lockPref("toolkit.coverage.endpoint.base", ""); lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] lockPref("toolkit.coverage.opt-out", true); lockPref("toolkit.coverage.enabled", false); lockPref("app.shield.optoutstudies.enabled", false); -======= - -// Pref : Disable right-click menu manipulation via JavaScript (disabled) -defaultPref("dom.event.contextmenu.enabled", false); - -// Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript -// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in -// JS-based web applications (Google Docs etc.) -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled -lockPref("dom.event.clipboardevents.enabled", false); - -// Pref : Force Punycode for Internationalized Domain Names -// http://kb.mozillazine.org/Network.IDN_show_punycode -// https://www.xudongz.com/blog/2017/idn-phishing/ -// https://wiki.mozilla.org/IDN_Display_Algorithm -// https://en.wikipedia.org/wiki/IDN_homograph_attack -// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 -lockPref("network.IDN_show_punycode", true); - -// Pref : Disable Pocket -// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox -// https://github.com/pyllyukko/user.js/issues/143 -======= -lockPref("security.protectionspopup.recordEventTelemetry", false) -======= -lockPref("security.protectionspopup.recordEventTelemetry", false); -lockPref("datareporting.healthreport.uploadEnabled", false); -lockPref("datareporting.policy.dataSubmissionEnabled", false); ->>>>>>> 7887469 (reviewed and reorganized up to extensions) -======= -lockPref("toolkit.coverage.endpoint.base", ""); -lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] -lockPref("toolkit.coverage.opt-out", true); -lockPref("toolkit.coverage.enabled", false); -<<<<<<< HEAD ->>>>>>> 4041ab1 (reorganized and improved some entries) - -// pocket ->>>>>>> 653a6ed (knocked out some more prefs) -lockPref("extensions.pocket.enabled", false); -lockPref("extensions.pocket.site", ""); -lockPref("extensions.pocket.oAuthConsumerKey", ""); -lockPref("extensions.pocket.api", ""); -======= -lockPref("app.shield.optoutstudies.enabled", false); lockPref("beacon.enabled", false); lockPref("browser.ping-centre.telemetry", false); -<<<<<<< HEAD -// ping -lockPref("browser.send_pings", false); -lockPref("browser.send_pings.require_same_host", true); ->>>>>>> 8b7a898 (updated and started editing external protocols) - -======= ->>>>>>> e7a5601 (more good stuff) // discovery lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); -<<<<<<< HEAD -lockPref("breakpad.reportURL", ""); -lockPref("browser.send_pings", false); -lockPref("browser.send_pings.require_same_host", true); -<<<<<<< HEAD - -// Pref : Do not download URLs for the offline cache -// http://kb.mozillazine.org/Browser.cache.offline.enable -lockPref("browser.cache.offline.enable", false); - -/* 1007: disable media cache from writing to disk in Private Browsing - * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB */ -lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] -lockPref("media.memory_cache_max_size", 16384); - -// Pref : Disable prefetching of URLs -// http://kb.mozillazine.org/Network.prefetch-next -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F -// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, -// so the browser downloads them immediately so they can be displayed immediately when the user requests it. -lockPref("network.prefetch-next", false); - -// Pref : Disable speculative pre-connections -// Disable prefetch link on hover. -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections -// https://bugzilla.mozilla.org/show_bug.cgi?id=814169 -lockPref("network.http.speculative-parallel-limit", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 3/3 -// Bench Diff : -40/5000 -// >>>>>>>>>>>>>>>>>>>>> - -// Pref : Disable DOM timing API -// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI -// https://www.w3.org/TR/navigation-timing/#privacy -lockPref("dom.enable_performance", false); //Deprecated Active -lockPref("dom.enable_performance_navigation_timing", false); - -// Pref : Make sure the User Timing API does not provide a new high resolution timestamp -// https://trac.torproject.org/projects/tor/ticket/16336 -// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security -lockPref("dom.enable_user_timing", false); - -// Pref : Disable Web Audio API -// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 -// Avoid fingerprinting -defaultPref("dom.webaudio.enabled", false); - -// Pref : When geolocation is enabled, don't log geolocation requests to the console -lockPref("geo.wifi.logging.enabled", false); - -// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics) -// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 653a6ed (knocked out some more prefs) -lockPref("beacon.enabled", false); -lockPref("browser.ping-centre.telemetry", false); - -<<<<<<< HEAD -// discovery -lockPref("browser.discovery.enabled", false); -lockPref("browser.discovery.containers.enabled", false); -lockPref("browser.discovery.sites", ""); -======= -======= // crash report lockPref("breakpad.reportURL", ""); lockPref("browser.tabs.crashReporting.sendReport", false); lockPref("browser.crashReports.unsubmittedCheck.enabled", false); lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); -<<<<<<< HEAD -<<<<<<< HEAD ->>>>>>> 8b7a898 (updated and started editing external protocols) -======= -lockPref("dom.ipc.plugins.reportCrashURL", false); -lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); ->>>>>>> 45bf63e (processed everything up to EOF) // captive portal lockPref("network.captive-portal-service.enabled", false); @@ -1805,433 +686,6 @@ lockPref("captivedetect.canonicalURL", ""); // # WINDOWS // -------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD -lockPref("network.protocol-handler.warn-external-default",true); -lockPref("network.protocol-handler.external.javascript",false); -lockPref("network.protocol-handler.external.moz-extension",false); -lockPref("network.protocol-handler.external.ftp",false); -lockPref("network.protocol-handler.external.file",false); -lockPref("network.protocol-handler.external.about",false); -lockPref("network.protocol-handler.external.chrome",false); -lockPref("network.protocol-handler.external.blob",false); -lockPref("network.protocol-handler.external.data",false); -lockPref("network.protocol-handler.expose-all",false); -lockPref("network.protocol-handler.expose.http",true); -lockPref("network.protocol-handler.expose.https",true); -lockPref("network.protocol-handler.expose.javascript",true); -lockPref("network.protocol-handler.expose.moz-extension",true); -lockPref("network.protocol-handler.expose.ftp",true); -lockPref("network.protocol-handler.expose.file",true); -lockPref("network.protocol-handler.expose.about",true); -lockPref("network.protocol-handler.expose.chrome",true); -lockPref("network.protocol-handler.expose.blob",true); -lockPref("network.protocol-handler.expose.data",true); - -// Pref : Ensure there is a security delay when installing add-ons (milliseconds) -// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox -// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ -lockPref("security.dialog_enable_delay", 700); - -// Pref : Opt-out of add-on metadata updates -// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -defaultPref("extensions.getAddons.cache.enabled", false); - -// Pref : Opt-out of theme (Persona) updates -// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 -lockPref("lightweightThemes.update.enabled", false); -lockPref("lightweightThemes.persisted.headerURL", false); -lockPref("lightweightThemes.persisted.footerURL", false); - -// Pref : Disable Flash Player NPAPI plugin -// http://kb.mozillazine.org/Flash_plugin -lockPref("plugin.state.flash", 0); - -// Pref : Disable sending Flash Player crash reports -lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); - -// Pref : When Flash Player crash reports are enabled, don't send the visited URL in the crash report -lockPref("dom.ipc.plugins.reportCrashURL", false); - -// Pref : Disable Shumway (Mozilla Flash renderer) -// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway -lockPref("shumway.disabled", true); - -// Pref : Disable Gnome Shell Integration NPAPI plugin -lockPref("plugin.state.libgnome-shell-browser-plugin", 0); - -// Pref : Enable click-to-play plugin -// https://wiki.mozilla.org/Firefox/Click_To_Play -// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ -lockPref("plugins.click_to_play", true); -lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); - -// Pref : Disable WebIDE Web Debug -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.enabled", false); -lockPref("devtools.webide.autoinstallADBExtension", false); // [FF64+] -lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] -lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] - -// Pref : Disable remote debugging -// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop -// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings -lockPref("devtools.debugger.force-local", true); - -// Pref : Disallow Necko to do A/B testing -// https://trac.torproject.org/projects/tor/ticket/13170 -lockPref("network.allow-experiments", false); ->>>>>>> 653a6ed (knocked out some more prefs) - -<<<<<<< HEAD -// crash report -lockPref("breakpad.reportURL", ""); -lockPref("browser.tabs.crashReporting.sendReport", false); -lockPref("browser.crashReports.unsubmittedCheck.enabled", false); -lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); -======= ->>>>>>> e7a5601 (more good stuff) - -// captive portal -lockPref("network.captive-portal-service.enabled", false); -lockPref("captivedetect.canonicalURL", ""); - -<<<<<<< HEAD -// -------------------------------- -// # WINDOWS -// -------------------------------- -======= -======= - -// Pref : Disable "Show search suggestions in location bar results" -lockPref("browser.urlbar.suggest.searches", false); -lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); - -// Pref : Never check for updates to search engines -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking -lockPref("browser.search.update", false); - ->>>>>>> 8b7a898 (updated and started editing external protocols) -lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); -lockPref("network.netlink.route.check.IPv6", "::1"); - -// Pref : Disallow NTLMv1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=828183 -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); -// it is still allowed through HTTPS. -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); - -// Pref : Disable formless login capture -// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947 -lockPref("signon.formlessCapture.enabled", false); - -// Pref : Delete temporary files on exit -// https://bugzilla.mozilla.org/show_bug.cgi?id=238789 -lockPref("browser.helperApps.deleteTempFileOnExit", true); - -// Pref : Do not create screenshots of visited pages (relates to the "new tab page" feature) -// https://support.mozilla.org/en-US/questions/973320 -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled -lockPref("browser.pagethumbnails.capturing_disabled", true); - -// - Disabled - Section ON ------------------------------------------------------------------ - -// Pref : Tor settings -// This browser is not meant for tor -// Enabling those settings for user torifying their whole connection -defaultPref("network.dns.blockDotOnion", true); -lockPref("network.http.referer.hideOnionSource", true); - -// Pref : 1603 : CROSS ORIGIN: control when to send a referer -// 0=always (default), 1=only if base domains match, 2=only if hosts match -// Can break some important site... (payment... ) -lockPref("network.http.referer.XOriginPolicy", 1); - -// Pref : Only allow TLS 1.[0-3] -lockPref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Disabled - Deprecated Active -// Deprecated settings but left active for various reasons -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : 0516 : disable Onboarding (FF55+) -// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time -// about:home or about:newtab is opened, the onboarding overlay is injected into it -// [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] -// [1] https://wiki.mozilla.org/Firefox/Onboarding -// [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf -// [3] https://bugzilla.mozilla.org/863246#c154 -lockPref("browser.onboarding.enabled", false); // Removed in v64 //Deprecated Active - -// Pref : Disable WebIDE Web Debug Extension -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.autoinstallADBHelper", false); -// Replaced by "devtools.webide.autoinstallADBExtension" in 64 - -// Pref : Disable raw TCP socket support (mozTCPSocket) -// https://trac.torproject.org/projects/tor/ticket/18863 -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ -// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket -// is only exposed to chrome ( https://trac.torproject.org/projects/tor/ticket/27268#comment:2 ) -// Not important -lockPref("dom.mozTCPSocket.enabled", false); - -// Pref : Enforce checking for Firefox updates -lockPref("app.update.enabled", false); - -// Pref : Disable bookmark backups (default: 15) -// http://kb.mozillazine.org/Browser.bookmarks.max_backups -lockPref("browser.bookmarks.max_backups", 2); - -// Pref : Disable SSDP -// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967 -lockPref("browser.casting.enabled", false); - -// Pref : -lockPref("browser.newtabpage.activity-stream.enabled", false); -lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); -lockPref("browser.newtabpage.directory.source", "data:text/plain,"); -lockPref("browser.newtabpage.enhanced", false); - -// Pref : -lockPref("browser.pocket.enabled", false); - -// Pref : Disable Heartbeat (Mozilla user rating telemetry) -// https://wiki.mozilla.org/Advocacy/heartbeat -// https://trac.torproject.org/projects/tor/ticket/19047 -lockPref("browser.selfsupport.url", ""); - -// Pref : Don't reveal build ID -// Value taken from Tor Browser -// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -// Already enforced with 'privacy.resistFingerprinting' ? -lockPref("browser.startup.homepage_override.mstone", "ignore"); - -// Pref : Disable face detection -lockPref("camera.control.face_detection.enabled", false); - -// Pref : -lockPref("datareporting.healthreport.about.reportUrl", "data:,"); -lockPref("datareporting.healthreport.service.enabled", false); - -// Pref : Disable WebIDE Web Debug -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.autoinstallFxdtAdapters", false); -lockPref("devtools.webide.adaptersAddonURL", ""); - -// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) -// https://wiki.mozilla.org/FlyWeb -// https://wiki.mozilla.org/FlyWeb/Security_scenarios -// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit -// http://www.ghacks.net/2016/07/26/firefox-flyweb -lockPref("dom.flyweb.enabled", false); - -// Pref : 2306: disable push notifications (FF44+) -// web apps can receive messages pushed to them from a server, whether or -// not the web app is in the foreground, or even currently loaded -// [1] https://developer.mozilla.org/docs/Web/API/Push_API -lockPref("dom.push.udp.wakeupEnabled", false); //UDP Wake-up - -// Pref : Disable telephony API -// https://wiki.mozilla.org/WebAPI/Security/WebTelephony -lockPref("dom.telephony.enabled", false); - -// Pref : Disable SHIELD -// https://support.mozilla.org/en-US/kb/shield -// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 -lockPref("extensions.shield-recipe-client.enabled", false); - -// Pref : Disable Firefox Hello metrics collection -// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion -lockPref("loop.logDomains", false); - -// Pref : WebSockets is a technology that makes it possible to open an interactive communication -// session between the user's browser and a server. (May leak IP when using proxy/VPN) -lockPref("network.websocket.enabled", false); - -// Pref : Disable Reader -// Not deprecated but useful to be located here -lockPref("reader.parse-on-load.enabled", false); - -// CIS 2.7.4 Disable Scripting of Plugins by JavaScript -// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 -lockPref("security.xpconnect.plugin.unrestricted", false); - -// Pref : -lockPref("social.directories", ""); - -// Pref : -lockPref("social.remote-install.enabled", false); - -// Pref : -lockPref("social.whitelist", ""); - -defaultPref("xpinstall.signatures.required", true); - -// https://www.ghacks.net/2019/05/24/firefox-69-userchrome-css-and-usercontent-css-disabled-by-default/ -// might increase startup time, so keep it disabled, but modifiable by default -defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); - -// to be set for the console to work, see https://gitlab.com/librewolf-community/browser/linux/-/issues/80: -defaultPref("devtools.selfxss.count", 0); -======= -// disable Windows jumplist [WINDOWS] -lockPref("browser.taskbar.lists.enabled", false); -lockPref("browser.taskbar.lists.frequent.enabled", false); -lockPref("browser.taskbar.lists.recent.enabled", false); -lockPref("browser.taskbar.lists.tasks.enabled", false); ->>>>>>> 45bf63e (processed everything up to EOF) - -// disable Windows taskbar preview [WINDOWS] -lockPref("browser.taskbar.previews.enable", false); - -======= ->>>>>>> 5b1fc33 (removed some more) -// disable links launching Windows Store [WINDOWS] -lockPref("network.protocol-handler.external.ms-windows-store", false); - -// disable background update service [WINDOWS] -lockPref("app.update.service.enabled", false); - -// disable automatic Firefox start and session restore after reboot [WINDOWS] -lockPref("toolkit.winRegisterApplicationRestart", false); - -// disable Windows 8.1 Family Safety cert [WINDOWS] -<<<<<<< HEAD -lockPref("security.family_safety.mode", 0); - -// -------------------------------- -// TESTING - unchanged -// -------------------------------- - -// Pref : -//lockPref("urlclassifier.phishTable", ""); -// Default Value -// goog-phish-proto,test-phish-simple - -// Pref : -//lockPref("urlclassifier.passwordAllowTable", ""); -// Default Value -// goog-passwordwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadAllowTable", ""); -// Default Value -// goog-downloadwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadBlockTable", ""); -// Default Value -// goog-badbinurl-proto - -// Pref : Test To Make FFox Silent -//lockPref("security.content.signature.root_hash", ""); -// Default Value -<<<<<<< HEAD -// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E - -// -------------------------------- -// WINDOWS -// -------------------------------- - -// Pref : Other webGl [WINDOWS] -lockPref("webgl.dxgl.enabled", false); - -// Pref : disable scanning for plugins [WINDOWS] -lockPref("plugin.scan.plid.all", false); - -// Pref : disable Windows jumplist [WINDOWS] -lockPref("browser.taskbar.lists.enabled", false); -lockPref("browser.taskbar.lists.frequent.enabled", false); -lockPref("browser.taskbar.lists.recent.enabled", false); -lockPref("browser.taskbar.lists.tasks.enabled", false); - -// Pref : disable Windows taskbar preview [WINDOWS] -lockPref("browser.taskbar.previews.enable", false); - -// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] -// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ -lockPref("network.protocol-handler.external.ms-windows-store", false); - -// Pref : disable background update service [WINDOWS] -// [SETTING] General>Firefox Updates>Use a background service to install updates -lockPref("app.update.service.enabled", false); - -// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) -// [1] https://bugzilla.mozilla.org/603903 -lockPref("toolkit.winRegisterApplicationRestart", false); - -// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) -// 0=disable detecting Family Safety mode and importing the root -// 1=only attempt to detect Family Safety mode (don't import the root) -// 2=detect Family Safety mode and import the root -// [1] https://trac.torproject.org/projects/tor/ticket/21686 -lockPref("security.family_safety.mode", 0); - -// -------------------------------- -// ESR -// -------------------------------- - -// Pref : Geolocation -lockPref("browser.search.countryCode", "US"); - -// Pref : Disable Mozilla telemetry/experiments -// https://wiki.mozilla.org/Platform/Features/Telemetry -// https://wiki.mozilla.org/Privacy/Reviews/Telemetry -// https://wiki.mozilla.org/Telemetry -// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry -// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 -// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry -// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html -// https://wiki.mozilla.org/Telemetry/Experiments -// https://support.mozilla.org/en-US/questions/1197144 -lockPref("experiments.activeExperiment", false); -lockPref("experiments.enabled", false); -lockPref("experiments.manifest.uri", ""); -lockPref("experiments.supported", false); - -// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+) -// [1] https://bugzilla.mozilla.org/1173171 -// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.block-remote-files", true); - -// Pref : 2613: disable JAR from opening Unsafe File Types -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.open-unsafe-types", false); - -// Pref : Disable Java NPAPI plugin -lockPref("plugin.state.java", 0); - -// Discussion at https://github.com/ghacksuserjs/ghacks-user.js/issues/743 -lockPref("trailhead.firstrun.branches", "join-privacy"); - -// Pref : 0402: enable Kinto blocklist updates (FF50+) -// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications -// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be -// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes -// [-] https://bugzilla.mozilla.org/1458917 -lockPref("services.blocklist.update_enabled", false); - -// Pref : 0503: disable "Savant" Shield study (FF61+) -// [-] https://bugzilla.mozilla.org/1457226 -lockPref("shield.savant.enabled", false); - -// Fix ESR Devtools -//lockPref("devtools.telemetry.tools.opened.version", ""); -// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} - - - - - ->>>>>>> a35eb4b (re-organized and reviewed) - // disable links launching Windows Store [WINDOWS] lockPref("network.protocol-handler.external.ms-windows-store", false); @@ -2244,52 +698,16 @@ lockPref("toolkit.winRegisterApplicationRestart", false); // disable Windows 8.1 Family Safety cert [WINDOWS] lockPref("security.family_safety.mode", 0); -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> e7a5601 (more good stuff) // Windows only? lockPref("default-browser-agent.enabled", false); // ----------------------------------- // # OVERRIDES -======= -// ----------------------------------- -<<<<<<< HEAD -// OVERRIDES ->>>>>>> 344e1e8 (moved overrides to bottom) -======= -// # OVERRIDES ->>>>>>> 01804b5 (add tags for .md rendering) // ----------------------------------- // allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` // or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD let profile_directory; if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); } -======= -// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E ->>>>>>> 45bf63e (processed everything up to EOF) -======= -lockPref("security.family_safety.mode", 0); ->>>>>>> 48fecfd (removed redundant stuff) -======= -// not yet verified to work on Windows and MacOS releases -let home_directory = getenv("HOME"); -if (home_directory) { - pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); -======= -// expected to work on both Windows and MacOS -======= ->>>>>>> d24f87c (pre MR commit) -let profile_directory; -if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { - pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); ->>>>>>> 0f5c3d5 (updated overrides to work with Win) -} ->>>>>>> 344e1e8 (moved overrides to bottom)