knocked out some more prefs

Changelog.md

@@ -73,7 +73,11 @@ lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabl
 lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true
 lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true
 lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true
+<<<<<<< HEAD
 >>>>>>> 55c94dc (reorganized, revisited)
+=======
+lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false);
+>>>>>>> 653a6ed (knocked out some more prefs)
 ```
 
 #### Modified
@@ -104,6 +108,7 @@ defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.e
 #### Removed
 =======
 lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // services.sync.prefs.sync.browser.contentblocking.enabled
+defaultPref("layout.css.notify-of-unvisited", false); // layout.css.layout.css.notify-of-unvisited
 ```
 
 #### Removed
@@ -379,6 +384,7 @@ lockPref("geo.wifi.logging.enabled", false); // Deprecated
 lockPref("browser.search.geoSpecificDefaults.url", ""); // Deprecated
 lockPref("browser.search.geoSpecificDefaults", false); // Deprecated
 lockPref("browser.fixup.hide_user_pass", true); // Deprecated
+<<<<<<< HEAD
 lockPref("privacy.storagePrincipal.enabledForTrackers", false); // redundant with dFPI
 defaultPref("layout.css.visited_links_enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1632765
 defaultPref("layout.css.always-repaint-on-unvisited", false); // no benefit with RFP enabled -> https://github.com/arkenfox/user.js/issues/933
@@ -592,6 +598,8 @@ defaultPref("accessibility.typeaheadfind", false); // Already default
 defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default
 lockPref("dom.forms.datetime", false); // Deprecated
 >>>>>>> a35eb4b (re-organized and reviewed)
+=======
+>>>>>>> 653a6ed (knocked out some more prefs)
 ```
 
 #### Commented
@@ -889,7 +897,19 @@ defaultPref("security.remote_settings.intermediates.enabled", true);
 
 // Unlocked as some think it increases fingerprint, they can now disable it
 defaultPref("dom.battery.enabled", false);
+<<<<<<< HEAD
 >>>>>>> 55c94dc (reorganized, revisited)
+=======
+
+defaultPref("layout.css.visited_links_enabled", false);
+defaultPref("layout.css.always-repaint-on-unvisited", false);
+defaultPref("layout.css.notify-of-unvisited", false);
+
+defaultPref("browser.tabs.closeTabByDblclick", true);
+
+// Unlocked as known to cause breakage
+defaultPref("dom.event.clipboardevents.enabled", false);
+>>>>>>> 653a6ed (knocked out some more prefs)
 ```
 
 ## How to...
@@ -914,6 +934,7 @@ defaultPref("identity.sendtabpromo.url", "");
 ```
 #### Use video conferencing
 ```
+<<<<<<< HEAD
 media.peerconnection.enabled = true
 media.peerconnection.ice.no_host = true
 dom.webaudio.enabled = true
@@ -936,6 +957,16 @@ extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionC
 security.OCSP.enabled = 1
 ```
 you probably also want `security.OCSP.require = true`
+=======
+// This should be discussed
+defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0");
+defaultPref("general.appname.override", "Netscape");
+defaultPref("general.appversion.override", "5.0 (Windows)");
+defaultPref("general.platform.override", "Win32");
+defaultPref("general.oscpu.override", "Windows NT 6.1");
+lockPref("general.buildID.override", "20100101");
+lockPref("browser.startup.homepage_override.buildID", "20100101");
+>>>>>>> 653a6ed (knocked out some more prefs)
 
 <<<<<<< HEAD
 #### Hardened setup
@@ -990,5 +1021,16 @@ Prefs that need to be addressed and that were disabled for now
 
 // seems to be deprecated
 // lockPref("dom.registerProtocolHandler.insecure.enabled", true);
+<<<<<<< HEAD
 >>>>>>> 55c94dc (reorganized, revisited)
+=======
+
+// apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable
+// should be checked
+// lockPref("browser.cache.offline.enable", false);
+
+// redundant with RFP
+// lockPref("dom.enable_performance", false); //Deprecated Active
+// lockPref("dom.enable_performance_navigation_timing", false);
+>>>>>>> 653a6ed (knocked out some more prefs)
 ```

librewolf.cfg

@@ -265,6 +265,7 @@ lockPref("signon.formlessCapture.enabled", false);
 
 // --------------------------------
 <<<<<<< HEAD
+<<<<<<< HEAD
 // # SEARCH AND URLBAR
 // --------------------------------
 
@@ -293,11 +294,18 @@ defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid acci
 defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout
 =======
 // SEARCH
+=======
+// SEARCH AND URLBAR
+>>>>>>> 653a6ed (knocked out some more prefs)
 // --------------------------------
 
 lockPref("browser.urlbar.filter.javascript", true);
 lockPref("browser.urlbar.speculativeConnect.enabled", false);
+lockPref("browser.urlbar.trimURLs", false);
 lockPref("browser.search.suggest.enabled", false);
+lockPref("browser.search.region", "US");
+lockPref("browser.search.geoip.url", "");
+lockPref("browser.fixup.alternate.enabled", false);
 
 // --------------------------------
 // SANITIZING, COOKIES AND HISTORY
@@ -335,10 +343,17 @@ defaultPref("places.history.enabled", false);
 defaultPref("privacy.history.custom", true);
 lockPref("browser.sessionhistory.max_entries", 20);
 
+<<<<<<< HEAD
 <<<<<<< HEAD
 // --------------------------------------------------------------------
 // # SESSIONS
 =======
+=======
+defaultPref("layout.css.visited_links_enabled", false);
+defaultPref("layout.css.always-repaint-on-unvisited", false);
+defaultPref("layout.css.notify-of-unvisited", false);
+
+>>>>>>> 653a6ed (knocked out some more prefs)
 // this sets a cookie jar for 3rd party origin which is the same as dFPI
 // and probably redundant when 3rd party cookies are disabled
 // lockPref("privacy.storagePrincipal.enabledForTrackers", false);
@@ -576,6 +591,12 @@ lockPref("dom.disable_window_move_resize", true);
 defaultPref("dom.serviceWorkers.enabled", false);
 defaultPref("dom.battery.enabled", false);
 lockPref("dom.popup_maximum", 4);
+defaultPref("dom.event.contextmenu.enabled", false);
+defaultPref("dom.event.clipboardevents.enabled", false);
+defaultPref("dom.webaudio.enabled", false);
+lockPref("dom.vr.enabled", false);
+lockPref("dom.vibrator.enabled", false);
+
 // lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated
 >>>>>>> 55c94dc (reorganized, revisited)
 
@@ -595,6 +616,7 @@ defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default:
 lockPref("network.http.referer.XOriginTrimmingPolicy", 2);
 lockPref("network.http.referer.XOriginPolicy", 2);
 lockPref("network.http.referer.spoofSource", false);
+lockPref("network.http.referer.trimmingPolicy", 0);
 //defaultPref("network.http.sendRefererHeader", 1);
 
 // --------------------------------
@@ -649,7 +671,7 @@ defaultPref("intl.locale.requested", "en-US");
 defaultPref("intl.accept_languages", "en-US, en");
 
 // --------------------------------------
-// USER AGENT
+// USER AGENT AND IDENTITY
 // --------------------------------------
 
 defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0");
@@ -657,6 +679,8 @@ defaultPref("general.appname.override", "Netscape");
 defaultPref("general.appversion.override", "5.0 (Windows)");
 defaultPref("general.platform.override", "Win32");
 defaultPref("general.oscpu.override", "Windows NT 6.1");
+lockPref("general.buildID.override", "20100101");
+lockPref("browser.startup.homepage_override.buildID", "20100101");
 
 <<<<<<< HEAD
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@@ -947,7 +971,9 @@ lockPref("extensions.blocklist.itemURL", "");
 defaultPref("extensions.update.background.url", "");
 defaultPref("extensions.getAddons.showPane", false);
 lockPref("extensions.webservice.discoverURL", "");
-
+lockPref("webextensions.storage.sync.serverURL", "");
+lockPref("extensions.screenshots.upload-disabled", true);
+defaultPref("extensions.ui.experiment.hidden", false);
 
 // Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/
 // defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true
@@ -1257,13 +1283,11 @@ defaultPref("pdfjs.enabledCache.state", false);
 defaultPref("browser.tabs.loadBookmarksInTabs", true);
 defaultPref("devtools.debugger.remote-enabled", false);
 defaultPref("devtools.chrome.enabled", false);
-defaultPref("extensions.ui.experiment.hidden", false);
 lockPref("toolkit.coverage.endpoint.base", "");
 lockPref("toolkit.coverage.opt-out", true);
 lockPref("toolkit.coverage.enabled", false);
 lockPref("webchannel.allowObject.urlWhitelist", "");
 lockPref("browser.download.manager.addToRecentDocs", false);
-lockPref("browser.cache.offline.storage.enable", false);
 lockPref("network.http.redirection-limit", 10);
 lockPref("security.data_uri.block_toplevel_data_uri_navigations", true);
 lockPref("services.blocklist.onecrl.collection", ""); // could it be replaced by services.settings.security.onecrl.collection ?
@@ -1322,7 +1346,6 @@ lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true);
 lockPref("app.feedback.baseURL", "");
 lockPref("app.releaseNotesURL", "");
 lockPref("app.releaseNotesURL.aboutDialog", "");
-lockPref("breakpad.reportURL", "");
 lockPref("browser.chrome.errorReporter.infoURL", false);
 lockPref("browser.ping-centre.log", "");
 lockPref("browser.ping-centre.telemetry", false);
@@ -1338,6 +1361,21 @@ lockPref("identity.fxaccounts.service.monitorLoginUrl", "");
 lockPref("remote.enabled", false);
 lockPref("remote.force-local", true);
 lockPref("remote.log.level", "Info");
+defaultPref("browser.tabs.closeTabByDblclick", true);
+lockPref("network.IDN_show_punycode", true);
+lockPref("media.webspeech.recognition.enable", false);
+
+// --------------------------------
+// CACHE
+// --------------------------------
+
+lockPref("browser.cache.offline.storage.enable", false);
+lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+]
+lockPref("media.memory_cache_max_size", 16384);
+
+// apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable
+// should be checked
+// lockPref("browser.cache.offline.enable", false);
 
 // --------------------------------
 // SYNC
@@ -1498,6 +1536,7 @@ lockPref("geo.provider.network.logging.enabled", false);
 lockPref("browser.region.network.url", "");
 lockPref("browser.region.update.enabled", false);
 
+<<<<<<< HEAD
 <<<<<<< HEAD
 // --------------------------------
 // # PREFETCHING
@@ -1525,6 +1564,21 @@ lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0);
 lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser");
 lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser");
 
+=======
+// --------------------------------
+// PREFETCHING
+// --------------------------------
+
+lockPref("network.predictor.enabled", false);
+lockPref("network.predictor.enable-prefetch", false);
+lockPref("network.prefetch-next", false);
+lockPref("network.http.speculative-parallel-limit", 0);
+
+// --------------------------------
+// OUTGOING CONNECTIONS
+// --------------------------------
+
+>>>>>>> 653a6ed (knocked out some more prefs)
 // connectivity service
 lockPref("network.connectivity-service.enabled", false);
 lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0");
@@ -1532,6 +1586,7 @@ lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0");
 lockPref("network.connectivity-service.DNSv6.domain", "");
 lockPref("network.connectivity-service.DNSv4.domain", "");
 
+<<<<<<< HEAD
 <<<<<<< HEAD
 // telemetry
 =======
@@ -1549,6 +1604,9 @@ lockPref("sync.serverURL", "");
 
 // Pref :
 >>>>>>> 55c94dc (reorganized, revisited)
+=======
+// telemetry
+>>>>>>> 653a6ed (knocked out some more prefs)
 lockPref("toolkit.crashreporter.infoURL", "");
 lockPref("toolkit.telemetry.archive.enabled", false);
 lockPref("toolkit.telemetry.updatePing.enabled", false);
@@ -1565,6 +1623,7 @@ lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
 lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false);
 lockPref("toolkit.telemetry.unified", false);
 lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false);
+<<<<<<< HEAD
 lockPref("security.protectionspopup.recordEventTelemetry", false);
 lockPref("datareporting.healthreport.uploadEnabled", false);
 lockPref("datareporting.policy.dataSubmissionEnabled", false);
@@ -1597,30 +1656,25 @@ lockPref("network.IDN_show_punycode", true);
 // Pref : Disable Pocket
 // https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
 // https://github.com/pyllyukko/user.js/issues/143
+=======
+lockPref("security.protectionspopup.recordEventTelemetry", false)
+
+// pocket
+>>>>>>> 653a6ed (knocked out some more prefs)
 lockPref("extensions.pocket.enabled", false);
 lockPref("extensions.pocket.site", "");
 lockPref("extensions.pocket.oAuthConsumerKey", "");
 lockPref("extensions.pocket.api", "");
 
-// Pref : Disable downloading homepage snippets/messages from Mozilla
+lockPref("browser.discovery.enabled", false);
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content
+lockPref("browser.discovery.containers.enabled", false);
-// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service
+lockPref("browser.discovery.sites", "");
-lockPref("browser.aboutHomeSnippets.updateUrl", "");
+lockPref("breakpad.reportURL", "");
-
+lockPref("datareporting.healthreport.uploadEnabled", false);
-// Pref : Don't reveal build ID
+lockPref("datareporting.policy.dataSubmissionEnabled", false);
-// Value taken from Tor Browser
-// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
-// Already enforced with 'privacy.resistFingerprinting' ?
-lockPref("general.buildID.override", "20100101");
-lockPref("browser.startup.homepage_override.buildID", "20100101");
-
-// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
-// http://kb.mozillazine.org/Browser.send_pings
 lockPref("browser.send_pings", false);
-
-// Pref : When browser pings are enabled, only allow pinging the origin page's host
-// http://kb.mozillazine.org/Browser.send_pings.require_same_host
 lockPref("browser.send_pings.require_same_host", true);
+<<<<<<< HEAD
 
 // Pref : Do not download URLs for the offline cache
 // http://kb.mozillazine.org/Browser.cache.offline.enable
@@ -1671,13 +1725,127 @@ lockPref("geo.wifi.logging.enabled", false);
 // Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics)
 // https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
 >>>>>>> a35eb4b (re-organized and reviewed)
+=======
+>>>>>>> 653a6ed (knocked out some more prefs)
 lockPref("beacon.enabled", false);
 lockPref("browser.ping-centre.telemetry", false);
 
+<<<<<<< HEAD
 // discovery
 lockPref("browser.discovery.enabled", false);
 lockPref("browser.discovery.containers.enabled", false);
 lockPref("browser.discovery.sites", "");
+=======
+
+
+
+// Pref : Don't monitor OS online/offline connection state
+// https://trac.torproject.org/projects/tor/ticket/18945
+lockPref("network.manage-offline-status", false);
+
+// Pref : Set File URI Origin Policy
+// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
+// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8
+lockPref("security.fileuri.strict_origin_policy", true);
+
+// Pref : Disable SVG in OpenType fonts
+// https://wiki.mozilla.org/SVGOpenTypeFonts
+// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
+lockPref("gfx.font_rendering.opentype_svg.enabled", false);
+
+// Pref : Enable only whitelisted URL protocol handlers
+// Disabling non-essential protocols breaks all interaction with custom protocols such
+// as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/...
+// clients when clicking on links with these protocols
+lockPref("network.protocol-handler.warn-external-default",true);
+lockPref("network.protocol-handler.external.http",false);
+lockPref("network.protocol-handler.external.https",false);
+lockPref("network.protocol-handler.external.javascript",false);
+lockPref("network.protocol-handler.external.moz-extension",false);
+lockPref("network.protocol-handler.external.ftp",false);
+lockPref("network.protocol-handler.external.file",false);
+lockPref("network.protocol-handler.external.about",false);
+lockPref("network.protocol-handler.external.chrome",false);
+lockPref("network.protocol-handler.external.blob",false);
+lockPref("network.protocol-handler.external.data",false);
+lockPref("network.protocol-handler.expose-all",false);
+lockPref("network.protocol-handler.expose.http",true);
+lockPref("network.protocol-handler.expose.https",true);
+lockPref("network.protocol-handler.expose.javascript",true);
+lockPref("network.protocol-handler.expose.moz-extension",true);
+lockPref("network.protocol-handler.expose.ftp",true);
+lockPref("network.protocol-handler.expose.file",true);
+lockPref("network.protocol-handler.expose.about",true);
+lockPref("network.protocol-handler.expose.chrome",true);
+lockPref("network.protocol-handler.expose.blob",true);
+lockPref("network.protocol-handler.expose.data",true);
+
+// Pref : Ensure there is a security delay when installing add-ons (milliseconds)
+// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
+// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
+lockPref("security.dialog_enable_delay", 700);
+
+// Pref : Opt-out of add-on metadata updates
+// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
+defaultPref("extensions.getAddons.cache.enabled", false);
+
+// Pref : Opt-out of theme (Persona) updates
+// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287
+lockPref("lightweightThemes.update.enabled", false);
+lockPref("lightweightThemes.persisted.headerURL", false);
+lockPref("lightweightThemes.persisted.footerURL", false);
+
+// Pref : Disable Flash Player NPAPI plugin
+// http://kb.mozillazine.org/Flash_plugin
+lockPref("plugin.state.flash", 0);
+
+// Pref : Disable sending Flash Player crash reports
+lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
+
+// Pref : When Flash Player crash reports are enabled, don't send the visited URL in the crash report
+lockPref("dom.ipc.plugins.reportCrashURL", false);
+
+// Pref : Disable Shumway (Mozilla Flash renderer)
+// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway
+lockPref("shumway.disabled", true);
+
+// Pref : Disable Gnome Shell Integration NPAPI plugin
+lockPref("plugin.state.libgnome-shell-browser-plugin", 0);
+
+// Pref : Enable click-to-play plugin
+// https://wiki.mozilla.org/Firefox/Click_To_Play
+// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/
+lockPref("plugins.click_to_play", true);
+lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0);
+
+// Pref : Update addons automatically
+// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
+defaultPref("extensions.update.enabled", false);
+
+// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla
+// Updated at interval defined in extensions.blocklist.interval (default: 86400)
+lockPref("extensions.blocklist.enabled", false);
+
+// Pref : Disable system add-on updates (hidden & always-enabled add-ons from Mozilla)
+lockPref("extensions.systemAddon.update.enabled", false);
+
+// Pref : Disable WebIDE Web Debug
+// https://trac.torproject.org/projects/tor/ticket/16222
+// https://developer.mozilla.org/docs/Tools/WebIDE
+lockPref("devtools.webide.enabled", false);
+lockPref("devtools.webide.autoinstallADBExtension", false); // [FF64+]
+lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+]
+lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+]
+
+// Pref : Disable remote debugging
+// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
+// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
+lockPref("devtools.debugger.force-local", true);
+
+// Pref : Disallow Necko to do A/B testing
+// https://trac.torproject.org/projects/tor/ticket/13170
+lockPref("network.allow-experiments", false);
+>>>>>>> 653a6ed (knocked out some more prefs)
 
 // crash report
 lockPref("breakpad.reportURL", "");