diff --git a/Changelog.md b/Changelog.md index a81a7ca..5f71fcf 100755 --- a/Changelog.md +++ b/Changelog.md @@ -73,7 +73,11 @@ lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabl lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +<<<<<<< HEAD >>>>>>> 55c94dc (reorganized, revisited) +======= +lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); +>>>>>>> 653a6ed (knocked out some more prefs) ``` #### Modified @@ -104,6 +108,7 @@ defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.e #### Removed ======= lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // services.sync.prefs.sync.browser.contentblocking.enabled +defaultPref("layout.css.notify-of-unvisited", false); // layout.css.layout.css.notify-of-unvisited ``` #### Removed @@ -379,6 +384,7 @@ lockPref("geo.wifi.logging.enabled", false); // Deprecated lockPref("browser.search.geoSpecificDefaults.url", ""); // Deprecated lockPref("browser.search.geoSpecificDefaults", false); // Deprecated lockPref("browser.fixup.hide_user_pass", true); // Deprecated +<<<<<<< HEAD lockPref("privacy.storagePrincipal.enabledForTrackers", false); // redundant with dFPI defaultPref("layout.css.visited_links_enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1632765 defaultPref("layout.css.always-repaint-on-unvisited", false); // no benefit with RFP enabled -> https://github.com/arkenfox/user.js/issues/933 @@ -592,6 +598,8 @@ defaultPref("accessibility.typeaheadfind", false); // Already default defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default lockPref("dom.forms.datetime", false); // Deprecated >>>>>>> a35eb4b (re-organized and reviewed) +======= +>>>>>>> 653a6ed (knocked out some more prefs) ``` #### Commented @@ -889,7 +897,19 @@ defaultPref("security.remote_settings.intermediates.enabled", true); // Unlocked as some think it increases fingerprint, they can now disable it defaultPref("dom.battery.enabled", false); +<<<<<<< HEAD >>>>>>> 55c94dc (reorganized, revisited) +======= + +defaultPref("layout.css.visited_links_enabled", false); +defaultPref("layout.css.always-repaint-on-unvisited", false); +defaultPref("layout.css.notify-of-unvisited", false); + +defaultPref("browser.tabs.closeTabByDblclick", true); + +// Unlocked as known to cause breakage +defaultPref("dom.event.clipboardevents.enabled", false); +>>>>>>> 653a6ed (knocked out some more prefs) ``` ## How to... @@ -914,6 +934,7 @@ defaultPref("identity.sendtabpromo.url", ""); ``` #### Use video conferencing ``` +<<<<<<< HEAD media.peerconnection.enabled = true media.peerconnection.ice.no_host = true dom.webaudio.enabled = true @@ -936,6 +957,16 @@ extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionC security.OCSP.enabled = 1 ``` you probably also want `security.OCSP.require = true` +======= +// This should be discussed +defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); +defaultPref("general.appname.override", "Netscape"); +defaultPref("general.appversion.override", "5.0 (Windows)"); +defaultPref("general.platform.override", "Win32"); +defaultPref("general.oscpu.override", "Windows NT 6.1"); +lockPref("general.buildID.override", "20100101"); +lockPref("browser.startup.homepage_override.buildID", "20100101"); +>>>>>>> 653a6ed (knocked out some more prefs) <<<<<<< HEAD #### Hardened setup @@ -990,5 +1021,16 @@ Prefs that need to be addressed and that were disabled for now // seems to be deprecated // lockPref("dom.registerProtocolHandler.insecure.enabled", true); +<<<<<<< HEAD >>>>>>> 55c94dc (reorganized, revisited) +======= + +// apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable +// should be checked +// lockPref("browser.cache.offline.enable", false); + +// redundant with RFP +// lockPref("dom.enable_performance", false); //Deprecated Active +// lockPref("dom.enable_performance_navigation_timing", false); +>>>>>>> 653a6ed (knocked out some more prefs) ``` \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index bb300e0..12bc23a 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -265,6 +265,7 @@ lockPref("signon.formlessCapture.enabled", false); // -------------------------------- <<<<<<< HEAD +<<<<<<< HEAD // # SEARCH AND URLBAR // -------------------------------- @@ -293,11 +294,18 @@ defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid acci defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout ======= // SEARCH +======= +// SEARCH AND URLBAR +>>>>>>> 653a6ed (knocked out some more prefs) // -------------------------------- lockPref("browser.urlbar.filter.javascript", true); lockPref("browser.urlbar.speculativeConnect.enabled", false); +lockPref("browser.urlbar.trimURLs", false); lockPref("browser.search.suggest.enabled", false); +lockPref("browser.search.region", "US"); +lockPref("browser.search.geoip.url", ""); +lockPref("browser.fixup.alternate.enabled", false); // -------------------------------- // SANITIZING, COOKIES AND HISTORY @@ -335,10 +343,17 @@ defaultPref("places.history.enabled", false); defaultPref("privacy.history.custom", true); lockPref("browser.sessionhistory.max_entries", 20); +<<<<<<< HEAD <<<<<<< HEAD // -------------------------------------------------------------------- // # SESSIONS ======= +======= +defaultPref("layout.css.visited_links_enabled", false); +defaultPref("layout.css.always-repaint-on-unvisited", false); +defaultPref("layout.css.notify-of-unvisited", false); + +>>>>>>> 653a6ed (knocked out some more prefs) // this sets a cookie jar for 3rd party origin which is the same as dFPI // and probably redundant when 3rd party cookies are disabled // lockPref("privacy.storagePrincipal.enabledForTrackers", false); @@ -576,6 +591,12 @@ lockPref("dom.disable_window_move_resize", true); defaultPref("dom.serviceWorkers.enabled", false); defaultPref("dom.battery.enabled", false); lockPref("dom.popup_maximum", 4); +defaultPref("dom.event.contextmenu.enabled", false); +defaultPref("dom.event.clipboardevents.enabled", false); +defaultPref("dom.webaudio.enabled", false); +lockPref("dom.vr.enabled", false); +lockPref("dom.vibrator.enabled", false); + // lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated >>>>>>> 55c94dc (reorganized, revisited) @@ -595,6 +616,7 @@ defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: lockPref("network.http.referer.XOriginTrimmingPolicy", 2); lockPref("network.http.referer.XOriginPolicy", 2); lockPref("network.http.referer.spoofSource", false); +lockPref("network.http.referer.trimmingPolicy", 0); //defaultPref("network.http.sendRefererHeader", 1); // -------------------------------- @@ -649,7 +671,7 @@ defaultPref("intl.locale.requested", "en-US"); defaultPref("intl.accept_languages", "en-US, en"); // -------------------------------------- -// USER AGENT +// USER AGENT AND IDENTITY // -------------------------------------- defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); @@ -657,6 +679,8 @@ defaultPref("general.appname.override", "Netscape"); defaultPref("general.appversion.override", "5.0 (Windows)"); defaultPref("general.platform.override", "Win32"); defaultPref("general.oscpu.override", "Windows NT 6.1"); +lockPref("general.buildID.override", "20100101"); +lockPref("browser.startup.homepage_override.buildID", "20100101"); <<<<<<< HEAD // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> @@ -947,7 +971,9 @@ lockPref("extensions.blocklist.itemURL", ""); defaultPref("extensions.update.background.url", ""); defaultPref("extensions.getAddons.showPane", false); lockPref("extensions.webservice.discoverURL", ""); - +lockPref("webextensions.storage.sync.serverURL", ""); +lockPref("extensions.screenshots.upload-disabled", true); +defaultPref("extensions.ui.experiment.hidden", false); // Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/ // defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true @@ -1257,13 +1283,11 @@ defaultPref("pdfjs.enabledCache.state", false); defaultPref("browser.tabs.loadBookmarksInTabs", true); defaultPref("devtools.debugger.remote-enabled", false); defaultPref("devtools.chrome.enabled", false); -defaultPref("extensions.ui.experiment.hidden", false); lockPref("toolkit.coverage.endpoint.base", ""); lockPref("toolkit.coverage.opt-out", true); lockPref("toolkit.coverage.enabled", false); lockPref("webchannel.allowObject.urlWhitelist", ""); lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("browser.cache.offline.storage.enable", false); lockPref("network.http.redirection-limit", 10); lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); lockPref("services.blocklist.onecrl.collection", ""); // could it be replaced by services.settings.security.onecrl.collection ? @@ -1322,7 +1346,6 @@ lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); lockPref("app.feedback.baseURL", ""); lockPref("app.releaseNotesURL", ""); lockPref("app.releaseNotesURL.aboutDialog", ""); -lockPref("breakpad.reportURL", ""); lockPref("browser.chrome.errorReporter.infoURL", false); lockPref("browser.ping-centre.log", ""); lockPref("browser.ping-centre.telemetry", false); @@ -1338,6 +1361,21 @@ lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); lockPref("remote.enabled", false); lockPref("remote.force-local", true); lockPref("remote.log.level", "Info"); +defaultPref("browser.tabs.closeTabByDblclick", true); +lockPref("network.IDN_show_punycode", true); +lockPref("media.webspeech.recognition.enable", false); + +// -------------------------------- +// CACHE +// -------------------------------- + +lockPref("browser.cache.offline.storage.enable", false); +lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] +lockPref("media.memory_cache_max_size", 16384); + +// apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable +// should be checked +// lockPref("browser.cache.offline.enable", false); // -------------------------------- // SYNC @@ -1498,6 +1536,7 @@ lockPref("geo.provider.network.logging.enabled", false); lockPref("browser.region.network.url", ""); lockPref("browser.region.update.enabled", false); +<<<<<<< HEAD <<<<<<< HEAD // -------------------------------- // # PREFETCHING @@ -1525,6 +1564,21 @@ lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); +======= +// -------------------------------- +// PREFETCHING +// -------------------------------- + +lockPref("network.predictor.enabled", false); +lockPref("network.predictor.enable-prefetch", false); +lockPref("network.prefetch-next", false); +lockPref("network.http.speculative-parallel-limit", 0); + +// -------------------------------- +// OUTGOING CONNECTIONS +// -------------------------------- + +>>>>>>> 653a6ed (knocked out some more prefs) // connectivity service lockPref("network.connectivity-service.enabled", false); lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0"); @@ -1532,6 +1586,7 @@ lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); lockPref("network.connectivity-service.DNSv6.domain", ""); lockPref("network.connectivity-service.DNSv4.domain", ""); +<<<<<<< HEAD <<<<<<< HEAD // telemetry ======= @@ -1549,6 +1604,9 @@ lockPref("sync.serverURL", ""); // Pref : >>>>>>> 55c94dc (reorganized, revisited) +======= +// telemetry +>>>>>>> 653a6ed (knocked out some more prefs) lockPref("toolkit.crashreporter.infoURL", ""); lockPref("toolkit.telemetry.archive.enabled", false); lockPref("toolkit.telemetry.updatePing.enabled", false); @@ -1565,6 +1623,7 @@ lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); lockPref("toolkit.telemetry.unified", false); lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); +<<<<<<< HEAD lockPref("security.protectionspopup.recordEventTelemetry", false); lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); @@ -1597,30 +1656,25 @@ lockPref("network.IDN_show_punycode", true); // Pref : Disable Pocket // https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox // https://github.com/pyllyukko/user.js/issues/143 +======= +lockPref("security.protectionspopup.recordEventTelemetry", false) + +// pocket +>>>>>>> 653a6ed (knocked out some more prefs) lockPref("extensions.pocket.enabled", false); lockPref("extensions.pocket.site", ""); lockPref("extensions.pocket.oAuthConsumerKey", ""); lockPref("extensions.pocket.api", ""); -// Pref : Disable downloading homepage snippets/messages from Mozilla -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content -// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service -lockPref("browser.aboutHomeSnippets.updateUrl", ""); - -// Pref : Don't reveal build ID -// Value taken from Tor Browser -// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -// Already enforced with 'privacy.resistFingerprinting' ? -lockPref("general.buildID.override", "20100101"); -lockPref("browser.startup.homepage_override.buildID", "20100101"); - -// Pref : Disable pinging URIs specified in HTML ping= attributes -// http://kb.mozillazine.org/Browser.send_pings +lockPref("browser.discovery.enabled", false); +lockPref("browser.discovery.containers.enabled", false); +lockPref("browser.discovery.sites", ""); +lockPref("breakpad.reportURL", ""); +lockPref("datareporting.healthreport.uploadEnabled", false); +lockPref("datareporting.policy.dataSubmissionEnabled", false); lockPref("browser.send_pings", false); - -// Pref : When browser pings are enabled, only allow pinging the origin page's host -// http://kb.mozillazine.org/Browser.send_pings.require_same_host lockPref("browser.send_pings.require_same_host", true); +<<<<<<< HEAD // Pref : Do not download URLs for the offline cache // http://kb.mozillazine.org/Browser.cache.offline.enable @@ -1671,13 +1725,127 @@ lockPref("geo.wifi.logging.enabled", false); // Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics) // https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon >>>>>>> a35eb4b (re-organized and reviewed) +======= +>>>>>>> 653a6ed (knocked out some more prefs) lockPref("beacon.enabled", false); lockPref("browser.ping-centre.telemetry", false); +<<<<<<< HEAD // discovery lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); +======= + + + +// Pref : Don't monitor OS online/offline connection state +// https://trac.torproject.org/projects/tor/ticket/18945 +lockPref("network.manage-offline-status", false); + +// Pref : Set File URI Origin Policy +// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy +// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 +lockPref("security.fileuri.strict_origin_policy", true); + +// Pref : Disable SVG in OpenType fonts +// https://wiki.mozilla.org/SVGOpenTypeFonts +// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle +lockPref("gfx.font_rendering.opentype_svg.enabled", false); + +// Pref : Enable only whitelisted URL protocol handlers +// Disabling non-essential protocols breaks all interaction with custom protocols such +// as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... +// clients when clicking on links with these protocols +lockPref("network.protocol-handler.warn-external-default",true); +lockPref("network.protocol-handler.external.http",false); +lockPref("network.protocol-handler.external.https",false); +lockPref("network.protocol-handler.external.javascript",false); +lockPref("network.protocol-handler.external.moz-extension",false); +lockPref("network.protocol-handler.external.ftp",false); +lockPref("network.protocol-handler.external.file",false); +lockPref("network.protocol-handler.external.about",false); +lockPref("network.protocol-handler.external.chrome",false); +lockPref("network.protocol-handler.external.blob",false); +lockPref("network.protocol-handler.external.data",false); +lockPref("network.protocol-handler.expose-all",false); +lockPref("network.protocol-handler.expose.http",true); +lockPref("network.protocol-handler.expose.https",true); +lockPref("network.protocol-handler.expose.javascript",true); +lockPref("network.protocol-handler.expose.moz-extension",true); +lockPref("network.protocol-handler.expose.ftp",true); +lockPref("network.protocol-handler.expose.file",true); +lockPref("network.protocol-handler.expose.about",true); +lockPref("network.protocol-handler.expose.chrome",true); +lockPref("network.protocol-handler.expose.blob",true); +lockPref("network.protocol-handler.expose.data",true); + +// Pref : Ensure there is a security delay when installing add-ons (milliseconds) +// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox +// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ +lockPref("security.dialog_enable_delay", 700); + +// Pref : Opt-out of add-on metadata updates +// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ +defaultPref("extensions.getAddons.cache.enabled", false); + +// Pref : Opt-out of theme (Persona) updates +// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 +lockPref("lightweightThemes.update.enabled", false); +lockPref("lightweightThemes.persisted.headerURL", false); +lockPref("lightweightThemes.persisted.footerURL", false); + +// Pref : Disable Flash Player NPAPI plugin +// http://kb.mozillazine.org/Flash_plugin +lockPref("plugin.state.flash", 0); + +// Pref : Disable sending Flash Player crash reports +lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); + +// Pref : When Flash Player crash reports are enabled, don't send the visited URL in the crash report +lockPref("dom.ipc.plugins.reportCrashURL", false); + +// Pref : Disable Shumway (Mozilla Flash renderer) +// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway +lockPref("shumway.disabled", true); + +// Pref : Disable Gnome Shell Integration NPAPI plugin +lockPref("plugin.state.libgnome-shell-browser-plugin", 0); + +// Pref : Enable click-to-play plugin +// https://wiki.mozilla.org/Firefox/Click_To_Play +// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ +lockPref("plugins.click_to_play", true); +lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); + +// Pref : Update addons automatically +// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ +defaultPref("extensions.update.enabled", false); + +// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla +// Updated at interval defined in extensions.blocklist.interval (default: 86400) +lockPref("extensions.blocklist.enabled", false); + +// Pref : Disable system add-on updates (hidden & always-enabled add-ons from Mozilla) +lockPref("extensions.systemAddon.update.enabled", false); + +// Pref : Disable WebIDE Web Debug +// https://trac.torproject.org/projects/tor/ticket/16222 +// https://developer.mozilla.org/docs/Tools/WebIDE +lockPref("devtools.webide.enabled", false); +lockPref("devtools.webide.autoinstallADBExtension", false); // [FF64+] +lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] +lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] + +// Pref : Disable remote debugging +// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop +// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings +lockPref("devtools.debugger.force-local", true); + +// Pref : Disallow Necko to do A/B testing +// https://trac.torproject.org/projects/tor/ticket/13170 +lockPref("network.allow-experiments", false); +>>>>>>> 653a6ed (knocked out some more prefs) // crash report lockPref("breakpad.reportURL", "");