From 2a6070ae1b561c6c7ed206da72db1e371f62c99c Mon Sep 17 00:00:00 2001 From: fxbrit Date: Tue, 27 Apr 2021 01:53:34 +0200 Subject: [PATCH] reorganized, revisited --- Changelog.md | 277 ++++++++++++ librewolf.cfg | 1165 ++++++++++++++++++++++++------------------------- 2 files changed, 842 insertions(+), 600 deletions(-) diff --git a/Changelog.md b/Changelog.md index e9d3184..a81a7ca 100755 --- a/Changelog.md +++ b/Changelog.md @@ -38,6 +38,7 @@ lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); +<<<<<<< HEAD lockPref("app.normandy.dev_mode", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); @@ -50,6 +51,29 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false); defaultPref("general.warnOnAboutConfig", false); defaultPref("network.auth.subresource-http-auth-allow", 1); defaultPref("browser.display.use_system_colors", false); +======= +defaultPref("intl.accept_languages", "en-US, en"); +lockPref("app.normandy.dev_mode", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true +lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true +lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +>>>>>>> 55c94dc (reorganized, revisited) ``` #### Modified @@ -73,10 +97,136 @@ lockPref("browser.contentblocking.report.lockwise.howitworks.url", ""); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) ======= defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed +<<<<<<< HEAD >>>>>>> a35eb4b (re-organized and reviewed) ``` #### Removed +======= +lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // services.sync.prefs.sync.browser.contentblocking.enabled +``` + +#### Removed +Lines that were commented and are now removed +``` +// Librefox Compatibility Fix +// commented out, we're setting it differently later on +// defaultPref("extensions.autoDisableScopes", 0); + +// Removing https-everywhere adding 2 librefox addons +// keep it commented out for now, until we have more recent, properly pre-installed addons +// defaultPref("extensions.enabledAddons", ...); + +//lockPref("browser.contentblocking.global-toggle.enabled", false); +//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); +//lockPref("browser.contentblocking.fastblock.ui.enabled", false); +//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); +//lockPref("browser.contentblocking.allowlist.storage.enabled", false); +//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); +//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.ui.enabled", false); +//lockPref("browser.contentblocking.enabled", false); + +//lockPref("security.ask_for_password", 2); +//lockPref("security.password_lifetime", 5); + +//defaultPref("privacy.cpd.openWindows", true); // Clear session data +//defaultPref("privacy.clearOnShutdown.openWindows", true); +//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); +//lockPref("permissions.memory_only", true); // (hidden pref) +//lockPref("browser.formfill.expire_days", 0); + +//lockPref("browser.urlbar.autoFill", false); +//lockPref("browser.urlbar.autoFill.typed", false); + +//lockPref("media.peerconnection.video.h264", true); + +//lockPref("network.proxy.autoconfig_url.include_path", false); +//lockPref("network.proxy.socks_remote_dns", true); + +//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); +//lockPref("browser.devedition.theme.enabled", true); +//lockPref("devtools.theme", "dark"); +//lockPref("browser.devedition.theme.showCustomizeButton", true); + +//defaultPref("extensions.ui.dictionary.hidden", false); +//defaultPref("extensions.ui.locale.hidden", false); + +//lockPref("dom.indexedDB.logging.details", false); //default true +//lockPref("dom.indexedDB.logging.enabled", false); //default true +//lockPref("network.http.spdy.enabled", false); +//lockPref("network.http.spdy.enabled.deps", false); +//lockPref("network.http.spdy.enabled.http2", false); +//lockPref("network.http.spdy.websockets", false); + +// lockPref("dom.IntersectionObserver.enabled", false); + +// Pref : CSP Main Settings I/II : +// Those are default values for CSP +// Those are not meant to to be uncommented +//defaultPref("security.csp.enable", true); //This is its default value +//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value +//defaultPref("security.csp.enable_violation_events", true); //This is its default value +//defaultPref("security.csp.experimentalEnabled", false); //This is its default value +//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value +// Default Content Security Policy to apply to signed contents. +//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value + +// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature +// This value is applied after the first one (just ignore this) +//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); +// Default Value : "script-src 'self'; object-src 'self';" + +// Pref :Whether or not the installed extensions should be migrated to the +// storage.local IndexedDB backend. +//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false + +// Pref : if enabled, store execution times for API calls +//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false + +// Pref : Maximum age in milliseconds of performance counters in children +// When reached, the counters are sent to the main process and +// reset, so we reduce memory footprint. +//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.1.issuerName", ""); +// Default Value +// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.2.issuerName", ""); +// Default Value +// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US + +// Pref : Manage certificates button +//lockPref("security.disable_button.openCertManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : Manage security devices button +//lockPref("security.disable_button.openDeviceManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : The impact for this one is negligible +//defaultPref("browser.download.animateNotifications", false); +// Bench Diff : -80/5000 +// Pref : Spoof CPU Core Def 16 +// Default settings seems to be the best +//defaultPref("dom.maxHardwareConcurrency", 8); +// Bench Diff : -500/5000 +// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. +// Garbage collection releases memory back to the system. +// Default settings seems to be the best +//lockPref("javascript.options.mem.high_water_mark", 96); +// Bench Diff : -100/5000 +// Pref : Prevent font fingerprinting +// https://browserleaks.com/fonts +// https://github.com/pyllyukko/user.js/issues/120 +// Solved by extension disabled here for performance +//lockPref("browser.display.use_document_fonts", 0); +``` +>>>>>>> 55c94dc (reorganized, revisited) Active prefs that were removed ``` lockPref("network.cookie.same-site.enabled", true); // Deprecated @@ -143,6 +293,7 @@ lockPref("browser.newtabpage.activity-stream.disableSnippets", true); // Depreca lockPref("privacy.donottrackheader.value", 1); // Deprecated defaultPref("privacy.userContext.longPressBehavior", 2); // Deprecated <<<<<<< HEAD +<<<<<<< HEAD defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default lockPref("dom.forms.datetime", false); // Deprecated lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated @@ -615,6 +766,74 @@ Prefs that need to be addressed and that were disabled for now // defaultPref("media.peerconnection.identity.timeout", 1); // defaultPref("media.peerconnection.turn.disable", true); // defaultPref("media.peerconnection.ice.tcp", false); +======= +defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default +lockPref("dom.forms.datetime", false); // Deprecated +lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated +lockPref("services.sync.clients.lastSync", "0"); // Deprecated +lockPref("services.sync.clients.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.enabled", false); // Deprecated +lockPref("services.sync.jpake.serverURL", ""); // Deprecated +lockPref("services.sync.migrated", true); // Deprecated +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.password", false); // Deprecated +lockPref("services.sync.serverURL", ""); // Deprecated +lockPref("services.sync.tabs.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.engine.bookmarks.buffer", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.extensions.personas.current", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.require", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.max", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.min", false); // Deprecated +lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); // Deprecated +lockPref("prio.publicKeyB", ""); // Deprecated +lockPref("prio.publicKeyA", ""); // Deprecated +lockPref("browser.chrome.errorReporter.publicKey", ""); // Deprecated +lockPref("security.insecure_password.ui.enabled", true); // Deprecated +defaultPref("network.dns.localDomains", "librefox.com"); // Doesn't make sense at all +lockPref("security.ssl.errorReporting.automatic", false); // Deprecated +lockPref("security.ssl.errorReporting.url", ""); // Deprecated +lockPref("security.ssl.errorReporting.enabled", false); // Deprecated +defaultPref("layout.frame_rate.precise", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.enabled", true); // Deprecated +defaultPref("layers.async-video.enabled", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.async-animations", true); // Default true and not important to set +defaultPref("html5.offmainthread", true); // Default true and not important to set +defaultPref("browser.tabs.animate", false); // Deprecated +lockPref("webgl.disable-extensions", true); // Deprecated +lockPref("browser.onboarding.notification.finished", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // Deprecated +lockPref("devtools.onboarding.telemetry.logged", false); // Deprecated +lockPref("pref.general.disable_button.default_browser", false); // Deprecated +lockPref("pref.privacy.disable_button.view_passwords", false); // Deprecated +lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // Deprecated +lockPref("browser.urlbar.searchSuggestionsChoice", false); // Deprecated +lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // Deprecated +lockPref("app.update.silent", false); // Deprecated +lockPref("app.vendorURL", ""); // Deprecated +lockPref("browser.chrome.errorReporter.submitUrl", ""); // Deprecated +lockPref("browser.chrome.errorReporter.enabled", false); // Deprecated +lockPref("browser.ping-centre.staging.endpoint", ""); // Deprecated +lockPref("devtools.devedition.promo.url", ""); // Deprecated +lockPref("devtools.gcli.imgurUploadURL", ""); // Deprecated +lockPref("devtools.gcli.jquerySrc", ""); // Deprecated +lockPref("devtools.gcli.underscoreSrc", ""); // Deprecated +lockPref("devtools.telemetry.supported_performance_marks", ""); // Deprecated +lockPref("dom.permissions.enabled", false); // Deprecated +lockPref("extensions.blocklist.url", ""); // Deprecated +lockPref("geo.wifi.uri", ""); // Deprecated +lockPref("geo.provider-country.network.scan", false); // Deprecated +lockPref("geo.provider-country.network.url", ""); // Deprecated +lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated +>>>>>>> 55c94dc (reorganized, revisited) ``` #### Unlocked @@ -660,7 +879,17 @@ defaultPref("extensions.getAddons.themes.browseURL", "") defaultPref("pdfjs.enableWebGL", false); defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); defaultPref("pdfjs.enabledCache.state", false); +<<<<<<< HEAD >>>>>>> a35eb4b (re-organized and reviewed) +======= + +defaultPref("alerts.showFavicons", false); // default: false + +defaultPref("security.remote_settings.intermediates.enabled", true); + +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("dom.battery.enabled", false); +>>>>>>> 55c94dc (reorganized, revisited) ``` ## How to... @@ -668,11 +897,20 @@ defaultPref("pdfjs.enabledCache.state", false); Add website to exceptions before login, both http and https link #### Enable DRM content ``` +<<<<<<< HEAD media.eme.enabled = true media.gmp-widevinecdm.visible = true media.gmp-widevinecdm.enabled = true media.gmp-provider.enabled = true media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml +======= +defaultPref("signon.management.page.breach-alerts.enabled", false); +defaultPref("signon.management.page.breachAlertUrl", ""); +defaultPref("startup.homepage_override_url", "about:blank"); +defaultPref("startup.homepage_welcome_url", "about:blank"); +defaultPref("startup.homepage_welcome_url.additional", ""); +defaultPref("identity.sendtabpromo.url", ""); +>>>>>>> 55c94dc (reorganized, revisited) ``` #### Use video conferencing ``` @@ -713,5 +951,44 @@ defaultPref("network.cookie.cookieBehavior", 1); // What should we do with this pref //defaultPref("network.http.sendRefererHeader", 1); +<<<<<<< HEAD >>>>>>> a35eb4b (re-organized and reviewed) +======= + +// could it be replaced by services.settings.security.onecrl.collection ? +lockPref("services.blocklist.onecrl.collection", ""); + +// should we consider disabling WebAssembly ? +//lockPref("javascript.options.wasm", false); + +// How much should we lock? +// MISC - check if everything should stay, re-organize +// TESTING - untouched, except two entries already addressed +// WINDOWS - untouched +// ESR - untouched +``` + +#### Commented +Prefs that need to be addressed and that were disabled for now +``` +// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant +// when 3rd party cookies are disabled +// lockPref("privacy.storagePrincipal.enabledForTrackers", false); + +// redudant with RFP and javascript.use_us_english_locale +// defaultPref("privacy.spoof_english", 2); + +// Likely deprecated +// lockPref("dom.indexedDB.enabled", true); + +// Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/ +// defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true + +// conflicting with previous prefs? +// defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] +// defaultPref("layers.acceleration.disabled", false); + +// seems to be deprecated +// lockPref("dom.registerProtocolHandler.insecure.enabled", true); +>>>>>>> 55c94dc (reorganized, revisited) ``` \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index f8c45ae..bb300e0 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1,4 +1,7 @@ <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> 55c94dc (reorganized, revisited) //---------------| // LibreWolf | //---------------| @@ -6,6 +9,12 @@ // ================================================================================================================================| // | // "Section" : Description of the settings section separated by "----" | +<<<<<<< HEAD +======= +// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance | +// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss | +// Performance can be tested here : https://chromium.github.io/octane/ | +>>>>>>> 55c94dc (reorganized, revisited) // "Pref" : Preference/Settings name and or description followed by links or documentations | // and some time explanation why the setting is commented and ignored. | // "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here | @@ -23,6 +32,7 @@ // that rely on comparing version numbers. | // | // ================================================================================================================================| +<<<<<<< HEAD ======= // --------- // LibreWolf @@ -108,6 +118,8 @@ defaultPref("general.config.filename", "librewolf.cfg"); // Section : User Settings // Bench Diff : +0/5000 // >>>>>>>>>>>>>>>>>>>>>>> +======= +>>>>>>> 55c94dc (reorganized, revisited) <<<<<<< HEAD // -------------------------------- @@ -130,6 +142,7 @@ lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); >>>>>>> a35eb4b (re-organized and reviewed) // ----------------------------------- +<<<<<<< HEAD <<<<<<< HEAD defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more ======= @@ -138,12 +151,22 @@ lockPref("browser.contentblocking.category", "custom"); // changing to other opt // disabling tracking protection >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) +======= +defaultPref("general.config.filename", "librewolf.cfg"); + +// ----------------------------------- +// TRACKING PROTECTION +// ----------------------------------- + +lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway +>>>>>>> 55c94dc (reorganized, revisited) lockPref("privacy.trackingprotection.enabled", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); lockPref("privacy.trackingprotection.socialtracking.enabled", false); lockPref("privacy.trackingprotection.cryptomining.enabled", false); lockPref("privacy.trackingprotection.fingerprinting.enabled", false); <<<<<<< HEAD +<<<<<<< HEAD lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("urlclassifier.trackingTable", ""); lockPref("browser.contentblocking.database.enabled", false); @@ -163,6 +186,8 @@ lockPref("browser.contentblocking.report.vpn.enabled", false); ======= // below are potentially useless as tracking protection is disabled +======= +>>>>>>> 55c94dc (reorganized, revisited) lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("privacy.trackingprotection.lower_network_priority", false); @@ -171,15 +196,9 @@ lockPref("telemetry.origin_telemetry_test_mode.enabled", false); lockPref("urlclassifier.trackingTable", ""); lockPref("browser.contentblocking.database.enabled", false); -// remove urls for/from tracking protection +// remove urls lockPref("browser.contentblocking.reportBreakage.url", ""); - -// hide ui elements for tracking protection -lockPref("browser.contentblocking.cfr-milestone.enabled", false); -lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); -lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); - -// remove urls for/from protection report +lockPref("privacy.trackingprotection.introURL", ""); lockPref("browser.contentblocking.report.cookie.url", ""); lockPref("browser.contentblocking.report.cryptominer.url", ""); lockPref("browser.contentblocking.report.endpoint_url", ""); @@ -200,7 +219,10 @@ lockPref("browser.contentblocking.report.vpn-promo.url", ""); lockPref("browser.contentblocking.report.vpn-ios.url", ""); lockPref("browser.contentblocking.report.vpn-android.url", ""); -// hide ui elements from protection report +// hide ui elements +lockPref("browser.contentblocking.cfr-milestone.enabled", false); +lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); lockPref("browser.contentblocking.report.hide_vpn_banner", true); lockPref("browser.contentblocking.report.show_mobile_app", false); lockPref("browser.contentblocking.report.lockwise.enabled", false); @@ -208,11 +230,11 @@ lockPref("browser.contentblocking.report.monitor.enabled", false); lockPref("browser.contentblocking.report.proxy.enabled", false); lockPref("browser.contentblocking.report.vpn.enabled", false); -// Windows only +// Windows only? lockPref("default-browser-agent.enabled", false); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -// to check, likely deprecated +// to check, could be deprecated/useless lockPref("pref.privacy.disable_button.change_blocklist", true); lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); @@ -274,6 +296,8 @@ defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid // -------------------------------- lockPref("browser.urlbar.filter.javascript", true); +lockPref("browser.urlbar.speculativeConnect.enabled", false); +lockPref("browser.search.suggest.enabled", false); // -------------------------------- // SANITIZING, COOKIES AND HISTORY @@ -377,8 +401,12 @@ defaultPref("media.gmp.trial-create.enabled", false); defaultPref("media.gmp-gmpopenh264.enabled", false); // ---------------------- +<<<<<<< HEAD // WebRTC >>>>>>> a35eb4b (re-organized and reviewed) +======= +// WEBRTC +>>>>>>> 55c94dc (reorganized, revisited) // ---------------------- defaultPref("media.navigator.enabled", false); @@ -513,6 +541,7 @@ lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); ======= lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); +lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // ------------------------------------------- // DO NOT TRACK @@ -533,7 +562,22 @@ defaultPref("privacy.donottrackheader.enabled", true); lockPref("dom.disable_beforeunload", true); defaultPref("dom.disable_open_during_load", true); <<<<<<< HEAD +<<<<<<< HEAD ======= +======= +lockPref("dom.push.enabled", false); +lockPref("dom.push.connection.enabled", false); +lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" +lockPref("dom.push.userAgentID", ""); +lockPref("dom.targetBlankNoOpener.enabled", true); +lockPref("dom.reporting.crash.enabled", false); +lockPref("dom.imagecapture.enabled", false); +lockPref("dom.disable_window_move_resize", true); +defaultPref("dom.serviceWorkers.enabled", false); +defaultPref("dom.battery.enabled", false); +lockPref("dom.popup_maximum", 4); +// lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated +>>>>>>> 55c94dc (reorganized, revisited) // -------------------------------- // PERMISSIONS @@ -562,34 +606,30 @@ defaultPref("network.proxy.autoconfig_url.include_path", false); defaultPref("network.proxy.socks_remote_dns", true); defaultPref("network.proxy.socks_version", 5); -// -------------------------------- -// MISC -// -------------------------------- +// -------------------------------------- +// HTTP(S) +// -------------------------------------- -defaultPref("browser.tabs.drawInTitlebar", true); -lockPref("browser.shell.checkDefaultBrowser", false); -defaultPref("startup.homepage_override_url", "about:blank"); -defaultPref("startup.homepage_welcome_url", "about:blank"); -defaultPref("startup.homepage_welcome_url.additional", ""); -defaultPref("privacy.userContext.ui.enabled", true); -defaultPref("privacy.userContext.enabled", true); -defaultPref("browser.aboutConfig.showWarning", false); -defaultPref("browser.download.autohideButton", false); -defaultPref("browser.ctrlTab.recentlyUsedOrder", false); -defaultPref("browser.link.open_newwindow", 3); -defaultPref("browser.link.open_newwindow.restriction", 0); -defaultPref("layout.spellcheckDefault", 2); -defaultPref("general.autoScroll", false); -defaultPref("clipboard.autocopy", false); -defaultPref("pdfjs.disabled", false); -defaultPref("pdfjs.enableScripting", false); -defaultPref("pdfjs.enableWebGL", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); -defaultPref("browser.tabs.loadBookmarksInTabs", true); -defaultPref("devtools.debugger.remote-enabled", false); -defaultPref("devtools.chrome.enabled", false); -defaultPref("extensions.ui.experiment.hidden", false); +lockPref("network.http.altsvc.enabled", false); +lockPref("network.http.altsvc.oe", false); +defaultPref("dom.security.https_only_mode", true); +defaultPref("dom.security.https_only_mode_ever_enabled", true); + +// -------------------------------------- +// TLS +// -------------------------------------- + +defaultPref("security.ssl.require_safe_negotiation", true); +lockPref("security.tls.enable_0rtt_data", false); +lockPref("security.tls.version.enable-deprecated", false); +lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos +lockPref("browser.ssl_override_behavior", 1); +lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +lockPref("security.insecure_field_warning.contextual.enabled", true); +lockPref("network.stricttransportsecurity.preloadlist", false); +lockPref("security.ssl.disable_session_identifiers", true); +lockPref("security.tls.version.fallback-limit", 3); +lockPref("security.tls.version.min", 3); // -------------------------------------- // RFP @@ -618,6 +658,7 @@ defaultPref("general.appversion.override", "5.0 (Windows)"); defaultPref("general.platform.override", "Win32"); defaultPref("general.oscpu.override", "Windows NT 6.1"); +<<<<<<< HEAD // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Ghacks-user Selection // Bench Diff : +100/5000 @@ -733,10 +774,21 @@ defaultPref("privacy.spoof_english", 2); defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" +======= +// ------------------------------------------------------- +// EXTENSIONS - check readme section "Extensions Firewall" +// ------------------------------------------------------- + +// handle default restriced domains +defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" +lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" + +>>>>>>> 55c94dc (reorganized, revisited) // disable network for the extensions // Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>> defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;"); +<<<<<<< HEAD // set extensions scopes lockPref("extensions.enabledScopes", 5); lockPref("extensions.autoDisableScopes", 11); @@ -856,8 +908,16 @@ lockPref("services.sync.addons.trustedSourceHostnames", ""); lockPref("toolkit.datacollection.infoURL", ""); lockPref("xpinstall.signatures.devInfoURL", ""); lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); +======= +// enable Content Security Policy (CSP) +lockPref("security.csp.enable", true); -// Relevant for addons and lang packs +// set extensions scopes +lockPref("extensions.enabledScopes", 5); +lockPref("extensions.autoDisableScopes", 11); +>>>>>>> 55c94dc (reorganized, revisited) + +// Relevant for addons and lang packs search defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ @@ -871,588 +931,67 @@ defaultPref("extensions.update.url", ""); // %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= // %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% +defaultPref("extensions.update.autoUpdateDefault", false); +lockPref("xpinstall.whitelist.required", true); // default: true +lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new +lockPref("extensions.webcompat-reporter.enabled", false); +defaultPref("extensions.webextensions.background-delayed-startup", true); //default true +lockPref("xpinstall.signatures.devInfoURL", ""); +lockPref("extensions.getAddons.compatOverides.url", ""); +lockPref("extensions.webapi.testing", false); // hidden prefs // default false lockPref("extensions.getAddons.discovery.api_url", ""); lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); +lockPref("extensions.systemAddon.update.url", ""); +lockPref("extensions.blocklist.detailsURL", ""); +lockPref("extensions.blocklist.itemURL", ""); +defaultPref("extensions.update.background.url", ""); +defaultPref("extensions.getAddons.showPane", false); +lockPref("extensions.webservice.discoverURL", ""); -// Other Sync Settings - Disabling By Prevention --------------------------------------------------------- -lockPref("services.sync.maxResyncs", 0); //5 -lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 -lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false -lockPref("services.sync.engine.addons", false); //true -lockPref("services.sync.engine.addresses", false); //false -lockPref("services.sync.engine.bookmarks", false); //true -lockPref("services.sync.engine.bookmarks.buffer", false); //false -lockPref("services.sync.engine.creditcards", false); //false -lockPref("services.sync.engine.creditcards.available", false); //false -lockPref("services.sync.engine.history", false); //true -lockPref("services.sync.engine.passwords", false); //true -lockPref("services.sync.engine.prefs", false); //true -lockPref("services.sync.engine.tabs", false); //true -lockPref("services.sync.log.appender.file.logOnError", false); //true -lockPref("services.sync.log.appender.file.logOnSuccess", false); //false -lockPref("services.sync.log.cryptoDebug", false); //false -lockPref("services.sync.sendVersionInfo", false); //true -lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true -lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true -lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true -lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true -lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true -lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true -lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true -lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true -lockPref("services.sync.prefs.sync.browser.search.update", false); //true -lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); //true -lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true -lockPref("services.sync.prefs.sync.browser.startup.page", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true -lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true -lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true -lockPref("services.sync.prefs.sync.extensions.personas.current", false); //true -lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true -lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true -lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true -lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); //true -lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); //true -lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true -lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true -lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true -lockPref("services.sync.prefs.sync.permissions.default.image", false); //true -lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); //true -lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); //true -lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true -lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true -lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true -lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true -lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); //true -lockPref("services.sync.prefs.sync.security.OCSP.require", false); //true -lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true -lockPref("services.sync.prefs.sync.security.tls.version.max", false); //true -lockPref("services.sync.prefs.sync.security.tls.version.min", false); //true -lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true -lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true -lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); //true -lockPref("services.sync.prefs.sync.signon.rememberSignons", false); +// Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/ +// defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true -// Testing ----------------------------------------------------------------------------------------------- +// ------------------------------------------------------- +// NORMANDY +// ------------------------------------------------------- -// Pref : Test To Make FFox Silent -lockPref("browser.chrome.errorReporter.publicKey", ""); -// Default Value -// c709cb7a2c0b4f0882fcc84a5af161ec +lockPref("app.normandy.enabled", false); +lockPref("app.normandy.api_url", ""); +lockPref("app.normandy.first_run", false); +lockPref("app.normandy.user_id", ""); +lockPref("app.normandy.shieldLearnMoreUrl", ""); +lockPref("app.normandy.dev_mode", false); -// Pref : Test To Make FFox Silent -lockPref("prio.publicKeyA", ""); -// Default Value -// 35AC1C7576C7C6EDD7FED6BCFC337B34D48CB4EE45C86BEEFB40BD8875707733 -lockPref("prio.publicKeyB", ""); -// Default Value -// 26E6674E65425B823F1F1D5F96E3BB3EF9E406EC7FBA7DEF8B08A35DD135AF50 +// -------------------------------- +// SECURITY +// -------------------------------- -// Alpha Settings Not Needed At The Moment -------------------------------------------------------------- - -// Pref : -//lockPref("urlclassifier.phishTable", ""); -// Default Value -// goog-phish-proto,test-phish-simple - -// Pref : -//lockPref("urlclassifier.passwordAllowTable", ""); -// Default Value -// goog-passwordwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadAllowTable", ""); -// Default Value -// goog-downloadwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadBlockTable", ""); -// Default Value -// goog-badbinurl-proto - -// Pref : Test To Make FFox Silent -//lockPref("security.content.signature.root_hash", ""); -// Default Value -// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.1.issuerName", ""); -// Default Value -// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.2.issuerName", ""); -// Default Value -// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US - -// Disabled ---------------------------------------------------------------------------------------------- - -// Pref : New page default sites -//lockPref("browser.newtabpage.activity-stream.default.sites", ""); -// Default Value -// https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/, -// https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Microsoft Windows -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Other webGl [WINDOWS] -lockPref("webgl.dxgl.enabled", false); - -// Pref : disable scanning for plugins [WINDOWS] -lockPref("plugin.scan.plid.all", false); - -// Pref : disable Windows jumplist [WINDOWS] -lockPref("browser.taskbar.lists.enabled", false); -lockPref("browser.taskbar.lists.frequent.enabled", false); -lockPref("browser.taskbar.lists.recent.enabled", false); -lockPref("browser.taskbar.lists.tasks.enabled", false); - -// Pref : disable Windows taskbar preview [WINDOWS] -lockPref("browser.taskbar.previews.enable", false); - -// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] -// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ -lockPref("network.protocol-handler.external.ms-windows-store", false); - -// Pref : disable background update service [WINDOWS] -// [SETTING] General>Firefox Updates>Use a background service to install updates -lockPref("app.update.service.enabled", false); - -// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) -// [1] https://bugzilla.mozilla.org/603903 -lockPref("toolkit.winRegisterApplicationRestart", false); - -// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) -// 0=disable detecting Family Safety mode and importing the root -// 1=only attempt to detect Family Safety mode (don't import the root) -// 2=detect Family Safety mode and import the root -// [1] https://trac.torproject.org/projects/tor/ticket/21686 -lockPref("security.family_safety.mode", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Firefox ESR60.x -// Deprecated Active For ESR -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Geolocation -lockPref("browser.search.countryCode", "US"); - -// Pref : Disable Mozilla telemetry/experiments -// https://wiki.mozilla.org/Platform/Features/Telemetry -// https://wiki.mozilla.org/Privacy/Reviews/Telemetry -// https://wiki.mozilla.org/Telemetry -// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry -// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 -// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry -// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html -// https://wiki.mozilla.org/Telemetry/Experiments -// https://support.mozilla.org/en-US/questions/1197144 -lockPref("experiments.activeExperiment", false); -lockPref("experiments.enabled", false); -lockPref("experiments.manifest.uri", ""); -lockPref("experiments.supported", false); - -// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+) -// [1] https://bugzilla.mozilla.org/1173171 -// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.block-remote-files", true); - -// Pref : 2613: disable JAR from opening Unsafe File Types -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.open-unsafe-types", false); - -// Pref : Disable Java NPAPI plugin -lockPref("plugin.state.java", 0); - -// Discussion at https://github.com/ghacksuserjs/ghacks-user.js/issues/743 -lockPref("trailhead.firstrun.branches", "join-privacy"); - -// Pref : 0402: enable Kinto blocklist updates (FF50+) -// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications -// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be -// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes -// [-] https://bugzilla.mozilla.org/1458917 -lockPref("services.blocklist.update_enabled", false); - -// Pref : 0503: disable "Savant" Shield study (FF61+) -// [-] https://bugzilla.mozilla.org/1457226 -lockPref("shield.savant.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 1/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Enable insecure password warnings (login forms in non-HTTPS pages) -// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ -// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 -lockPref("security.insecure_password.ui.enabled", true); - -// Pref : Show in-content login form warning UI for insecure login fields -// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 -lockPref("security.insecure_field_warning.contextual.enabled", true); - -// Pref : Disable HSTS preload list (pre-set HSTS sites list provided by Mozilla) -// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ -// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List -// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security -lockPref("network.stricttransportsecurity.preloadlist", false); - -// Pref : Disable TLS Session Tickets -// https://www.blackhat.com/us-13/briefings.html#NextGen -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf -// https://bugzilla.mozilla.org/show_bug.cgi?id=917049 -// https://bugzilla.mozilla.org/show_bug.cgi?id=967977 -// SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. -// Since the ID is unique, web servers can (and do) use it for tracking. If set to true, -// this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking -lockPref("security.ssl.disable_session_identifiers", true); - -// Pref : Blocking GD Parking Scam Site -// TODO: do we still need this? librefox.com isn't relevant anymore and this pretty much -// only tells LibreWolf to look for librefox.com locally -defaultPref("network.dns.localDomains", "librefox.com"); - -// Pref : Disable insecure TLS version fallback -// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 -// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645 -lockPref("security.tls.version.fallback-limit", 3); - -// Pref : Only allow TLS 1.2+ -// http://kb.mozillazine.org/Security.tls.version.* -lockPref("security.tls.version.min", 3); - -// enforce TLS 1.0 and 1.1 downgrades as session only -lockPref("security.tls.version.enable-deprecated", false); - -// Pref : Enfore Public Key Pinning -// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning -// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning -// "2. Strict. Pinning is always enforced." +// certs lockPref("security.cert_pinning.enforcement_level", 2); - -// Pref : Disallow SHA-1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 -// https://shattered.io/ -lockPref("security.pki.sha1_enforcement_level", 1); - -// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) -// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 -lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); - -// Pref : Pre-populate the current URL but do not pre-fetch the certificate in the -// "Add Security Exception" dialog -// http://kb.mozillazine.org/Browser.ssl_override_behavior -// https://github.com/pyllyukko/user.js/issues/210 -lockPref("browser.ssl_override_behavior", 1); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 2/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : -lockPref("security.ssl.errorReporting.automatic", false); -lockPref("security.ssl.errorReporting.url", ""); - -// Pref : Check disabled section -// OCSP leaks the visited sites. Exactly same issue as with safebrowsing. -// Stapling forces the site to prove that its certificate is good -// through the CA, so apparently nothing is leaked in this case. -// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ lockPref("security.OCSP.enabled", 0); lockPref("security.OCSP.require", false); lockPref("security.ssl.enable_ocsp_stapling", true); -// Pref : -lockPref("security.ssl.errorReporting.enabled", false); -lockPref("security.remote_settings.intermediates.enabled", true); - -// Pref : Manage certificates button -//lockPref("security.disable_button.openCertManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : Manage security devices button -//lockPref("security.disable_button.openDeviceManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : +// mixed content lockPref("security.mixed_content.upgrade_display_content", true); lockPref("security.mixed_content.block_object_subrequest", true); lockPref("security.mixed_content.block_display_content", true); lockPref("security.mixed_content.block_active_content", true); -// Pref : -lockPref("security.insecure_connection_icon.enabled", true); -lockPref("security.insecure_connection_icon.pbmode.enabled", true); -lockPref("security.insecure_connection_text.enabled", true); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 3/3 (Cipher) -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : +// ciphers +lockPref("security.pki.sha1_enforcement_level", 1); lockPref("security.ssl3.rsa_des_ede3_sha", false); lockPref("security.ssl3.rsa_aes_256_sha", false); lockPref("security.ssl3.rsa_aes_128_sha", false); - -// Pref : Disable RC4 -// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security -// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 -// https://rc4.io/ -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); - -// Pref : Disable SEED cipher -// https://en.wikipedia.org/wiki/SEED lockPref("security.ssl3.rsa_seed_sha", false); -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 1/5 -// Defaulting settings - HW Settings can be checked under about:support -// Bench Diff : +650/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : +100/5000 -// Pref : Increases animation speed. May mitigate choppy scrolling. -defaultPref("layout.frame_rate.precise", true); - -// Bench Diff : +500/5000 -// Pref : Enable Hardware Acceleration and Off Main Thread Compositing (OMTC). -// It's likely your browser is already set to use these features. -// May introduce instability on some hardware. -// Tor compatibility - have inverted values in tor. -defaultPref("webgl.force-enabled", true); -defaultPref("layers.acceleration.force-enabled", true); - -// Pref : 2508: disable hardware acceleration to reduce graphics fingerprinting -// [SETTING] General>Performance>Custom>Use hardware acceleration when available -// [SETUP-PERF] Affects text rendering (fonts will look different) and impacts video performance. -// Parts of Quantum that utilize the GPU will also be affected as they are rolled out -// [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration -// Resolved by extension -defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] -defaultPref("layers.acceleration.disabled", false); - -// Bench Diff : 0/5000 -// Pref : -defaultPref("html5.offmainthread", true); //default true -defaultPref("layers.offmainthreadcomposition.enabled", true); -defaultPref("layers.offmainthreadcomposition.async-animations", true); -defaultPref("layers.async-video.enabled", true); - -// Bench Diff : +50/5000 -// Pref : Deprecated Active -defaultPref("browser.tabs.animate", false); - -// Pref : The impact for this one is negligible -//defaultPref("browser.download.animateNotifications", false); - -// Bench Diff : -80/5000 -// Pref : Spoof CPU Core Def 16 -// Default settings seems to be the best -//defaultPref("dom.maxHardwareConcurrency", 8); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 2/5 -// Bench Diff : -800/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -500/5000 -// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. -// Garbage collection releases memory back to the system. -// Default settings seems to be the best -//lockPref("javascript.options.mem.high_water_mark", 96); - -// Bench Diff : -200/5000 -// Pref : Disable WebAssembly -// https://webassembly.org/ -// https://en.wikipedia.org/wiki/WebAssembly -// https://trac.torproject.org/projects/tor/ticket/21549 -// Solved by extension disabled here for performance -//lockPref("javascript.options.wasm", false); - -// Bench Diff : -100/5000 -// Pref : Prevent font fingerprinting -// https://browserleaks.com/fonts -// https://github.com/pyllyukko/user.js/issues/120 -// Solved by extension disabled here for performance -//lockPref("browser.display.use_document_fonts", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 3/5 -// Bench Diff : -1720/5000 -// >>>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -220/5000 -// Pref : Disable webGL I/II -// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) -defaultPref("webgl.disabled", false); // Tor have it false but the rest is the same (webgl) -// This does not leak -lockPref("webgl.enable-webgl2", false); -lockPref("webgl.min_capability_mode", true); - -// Bench Diff : 0/5000 -// Pref : Disable webGL II/II -// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) - -lockPref("webgl.disable-extensions", true); -lockPref("webgl.disable-fail-if-major-performance-caveat", true); -lockPref("webgl.enable-debug-renderer-info", false); //Deprecated Active - -// Bench Diff : -1500/5000 -// Pref : Disable asm.js -// http://asmjs.org/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ -// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 -// Solved by extension disabled here for performance -// Tor enforce this -//lockPref("javascript.options.asmjs", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 4/5 -// Bench Diff : -200/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -200/5000 -// Pref : JS Shared Memory - Default false -// https://github.com/MrAlex94/Waterfox/issues/356 -lockPref("javascript.options.shared_memory", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 5/5 -// Bench Diff : -50/5000 -// >>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -50/5000 -// Pref : 2302 : disable service workers -// Service workers essentially act as proxy servers that sit between web apps, and the browser -// and network. They are event-driven, and can control the web page/site it is associated with, -// intercepting and modifying navigation and resource requests, and caching resources. -// SW may decrease performance depending on the script that is running in background. -// So overall, disabling SW should enhance performance because it blocks SW Scripts. -// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. -// [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. -defaultPref("dom.serviceWorkers.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 1/3 -// Bench Diff : +100/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Pref : Onboarding tour disabled because of included telemetry -// This extension has already been removed. This setting is here to disable it just in case it -// comes back or for users using the script outside the bundle. -lockPref("browser.onboarding.notification.finished", true); -lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); -lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); - -// Pref : -lockPref("devtools.onboarding.telemetry.logged", false); - -// Pref : -lockPref("services.sync.engine.addresses.available", false); - -// Pref : -lockPref("browser.bookmarks.restore_default_bookmarks", false); - -// Pref : -lockPref("pref.general.disable_button.default_browser", false); -lockPref("pref.privacy.disable_button.view_passwords", false); - -// Pref : -lockPref("identity.mobilepromo.android", ""); -pref("identity.sendtabpromo.url", ""); - -// Pref : -lockPref("extensions.systemAddon.update.url", ""); - -// Pref : -lockPref("datareporting.healthreport.infoURL", ""); - -// Pref : -lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); -lockPref("browser.urlbar.searchSuggestionsChoice", false); -lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); - -// Pref : -lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); - -// Pref : -lockPref("app.feedback.baseURL", ""); - -// Pref : -lockPref("app.normandy.enabled", false); -lockPref("app.normandy.api_url", ""); -lockPref("app.normandy.first_run", false); -lockPref("app.normandy.user_id", ""); - -// Pref : -lockPref("app.releaseNotesURL", ""); - -// Pref : -lockPref("app.update.auto", false); -defaultPref("extensions.update.autoUpdateDefault", false); -lockPref("app.update.staging.enabled", false); -lockPref("app.update.silent", false); -lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); -lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); -lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); - -// Pref : -lockPref("app.vendorURL", ""); - -// Pref : -lockPref("breakpad.reportURL", ""); +// reduce breakage +defaultPref("security.remote_settings.intermediates.enabled", true); +<<<<<<< HEAD // Pref : lockPref("browser.chrome.errorReporter.submitUrl", ""); lockPref("browser.chrome.errorReporter.enabled", false); @@ -1471,6 +1010,21 @@ lockPref("browser.safebrowsing.passwords.enabled", false); lockPref("browser.safebrowsing.phishing.enabled", false); // downloads and unwanted software +======= +// ui +lockPref("security.insecure_connection_icon.enabled", true); +lockPref("security.insecure_connection_icon.pbmode.enabled", true); +lockPref("security.insecure_connection_text.enabled", true); +lockPref("security.insecure_connection_text.pbmode.enabled", true); + +// ------------------------------------------------------- +// SAFE BROWSING +// ------------------------------------------------------- + +lockPref("browser.safebrowsing.malware.enabled", false); +lockPref("browser.safebrowsing.passwords.enabled", false); +lockPref("browser.safebrowsing.phishing.enabled", false); +>>>>>>> 55c94dc (reorganized, revisited) lockPref("browser.safebrowsing.downloads.enabled", false); lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false); @@ -1478,9 +1032,14 @@ lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false); lockPref("browser.safebrowsing.downloads.remote.url", ""); +<<<<<<< HEAD // could try re-enabling some of these urls to see if it causes connections lockPref("browser.safebrowsing.id", ""); +======= +lockPref("browser.safebrowsing.id", ""); +lockPref("browser.safebrowsing.allowOverride", false); +>>>>>>> 55c94dc (reorganized, revisited) lockPref("browser.safebrowsing.blockedURIs.enabled", false); lockPref("browser.safebrowsing.provider.google4.pver", ""); lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); @@ -1517,6 +1076,7 @@ lockPref("browser.safebrowsing.provider.mozilla.nextupdatetime", ""); lockPref("browser.safebrowsing.reportPhishURL", ""); // -------------------------------- +<<<<<<< HEAD // # FONTS // -------------------------------- @@ -1662,6 +1222,273 @@ lockPref("javascript.options.shared_memory", false); // # GEO // -------------------------------- +======= +// MISC +// -------------------------------- + +lockPref("app.update.auto", false); +lockPref("app.update.staging.enabled", false); +lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); +lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); +lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); +defaultPref("browser.tabs.drawInTitlebar", true); +lockPref("browser.shell.checkDefaultBrowser", false); +lockPref("browser.shell.shortcutFavicons", false); +defaultPref("alerts.showFavicons", false); // default: false +defaultPref("startup.homepage_override_url", "about:blank"); +defaultPref("startup.homepage_welcome_url", "about:blank"); +defaultPref("startup.homepage_welcome_url.additional", ""); +lockPref("browser.startup.blankWindow", false); +defaultPref("privacy.userContext.ui.enabled", true); +defaultPref("privacy.userContext.enabled", true); +defaultPref("browser.aboutConfig.showWarning", false); +defaultPref("browser.download.autohideButton", false); +defaultPref("browser.ctrlTab.recentlyUsedOrder", false); +defaultPref("browser.link.open_newwindow", 3); +defaultPref("browser.link.open_newwindow.restriction", 0); +defaultPref("layout.spellcheckDefault", 2); +defaultPref("general.autoScroll", false); +defaultPref("clipboard.autocopy", false); +defaultPref("pdfjs.disabled", false); +defaultPref("pdfjs.enableScripting", false); +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); +defaultPref("browser.tabs.loadBookmarksInTabs", true); +defaultPref("devtools.debugger.remote-enabled", false); +defaultPref("devtools.chrome.enabled", false); +defaultPref("extensions.ui.experiment.hidden", false); +lockPref("toolkit.coverage.endpoint.base", ""); +lockPref("toolkit.coverage.opt-out", true); +lockPref("toolkit.coverage.enabled", false); +lockPref("webchannel.allowObject.urlWhitelist", ""); +lockPref("browser.download.manager.addToRecentDocs", false); +lockPref("browser.cache.offline.storage.enable", false); +lockPref("network.http.redirection-limit", 10); +lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); +lockPref("services.blocklist.onecrl.collection", ""); // could it be replaced by services.settings.security.onecrl.collection ? +lockPref("services.blocklist.addons.collection", ""); +lockPref("services.blocklist.plugins.collection", ""); +lockPref("services.blocklist.gfx.collection", ""); +lockPref("network.file.disable_unc_paths", true); // (hidden pref) +lockPref("network.gio.supported-protocols", ""); // (hidden pref) +lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); +lockPref("font.blacklist.underline_offset", ""); +lockPref("gfx.font_rendering.graphite.enabled", false); +lockPref("plugin.default.state", 1); +lockPref("plugin.defaultXpi.state", 1); +lockPref("canvas.capturestream.enabled", false); +lockPref("gfx.offscreencanvas.enabled", false); // default: false +lockPref("accessibility.force_disabled", 1); +lockPref("browser.uitour.enabled", false); +lockPref("browser.uitour.url", ""); +lockPref("middlemouse.contentLoadURL", false); +lockPref("permissions.manager.defaultsUrl", ""); +lockPref("lightweightThemes.getMoreURL", ""); +lockPref("media.decoder-doctor.new-issue-endpoint", ""); +lockPref("identity.sync.tokenserver.uri", ""); +lockPref("network.trr.confirmationNS", ""); +lockPref("browser.translation.engine", ""); // default Google +lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // default Yahoo! Mail +lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail +lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.irc.0.name", ""); +lockPref("identity.fxaccounts.remote.root", ""); +lockPref("services.settings.server", ""); +lockPref("services.blocklist.addons.signer", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.plugins.signer", ""); +lockPref("accessibility.support.url", ""); +lockPref("app.support.baseURL", ""); +lockPref("browser.chrome.errorReporter.infoURL", ""); +lockPref("browser.dictionaries.download.url", ""); +lockPref("browser.geolocation.warning.infoURL", ""); +lockPref("browser.search.searchEnginesURL", ""); +lockPref("browser.uitour.themeOrigin", ""); +lockPref("toolkit.datacollection.infoURL", ""); +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com +lockPref("browser.messaging-system.whatsNewPanel.enabled", false); +defaultPref("accessibility.typeaheadfind", false); +lockPref("browser.bookmarks.restore_default_bookmarks", false); +lockPref("identity.mobilepromo.android", ""); +lockPref("identity.mobilepromo.ios", ""); +defaultPref("identity.sendtabpromo.url", ""); +lockPref("datareporting.healthreport.infoURL", ""); +lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); +lockPref("app.feedback.baseURL", ""); +lockPref("app.releaseNotesURL", ""); +lockPref("app.releaseNotesURL.aboutDialog", ""); +lockPref("breakpad.reportURL", ""); +lockPref("browser.chrome.errorReporter.infoURL", false); +lockPref("browser.ping-centre.log", ""); +lockPref("browser.ping-centre.telemetry", false); +lockPref("captivedetect.canonicalURL", ""); +lockPref("datareporting.policy.firstRunURL", ""); +lockPref("devtools.devices.url", ""); +lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); +lockPref("identity.fxaccounts.auth.uri", ""); +lockPref("identity.fxaccounts.commands.enabled", false); +lockPref("identity.fxaccounts.remote.oauth.uri", ""); +lockPref("identity.fxaccounts.remote.profile.uri", ""); +lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); +lockPref("remote.enabled", false); +lockPref("remote.force-local", true); +lockPref("remote.log.level", "Info"); + +// -------------------------------- +// SYNC +// -------------------------------- + +lockPref("services.sync.addons.trustedSourceHostnames", ""); +lockPref("services.sync.lastversion", ""); +lockPref("services.sync.maxResyncs", 0); // 1 +lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 +lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false +lockPref("services.sync.engine.addons", false); //true +lockPref("services.sync.engine.addresses", false); //false +lockPref("services.sync.engine.addresses.available", false); +lockPref("services.sync.engine.bookmarks", false); //true +lockPref("services.sync.engine.creditcards", false); //false +lockPref("services.sync.engine.creditcards.available", false); //false +lockPref("services.sync.engine.history", false); //true +lockPref("services.sync.engine.passwords", false); //true +lockPref("services.sync.engine.prefs", false); //true +lockPref("services.sync.engine.tabs", false); //true +lockPref("services.sync.log.appender.file.logOnError", false); //true +lockPref("services.sync.log.appender.file.logOnSuccess", false); //false +lockPref("services.sync.log.cryptoDebug", false); //false +lockPref("services.sync.sendVersionInfo", false); //true +lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true +lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true +lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true +lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true +lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); //true +lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true +lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true +lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true +lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true +lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true +lockPref("services.sync.prefs.sync.browser.search.update", false); //true +lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true +lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true +lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true +lockPref("services.sync.prefs.sync.browser.startup.page", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.engines", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true +lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true +lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true +lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true +lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true +lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true +lockPref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", false); //true +lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true +lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true +lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true +lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true +lockPref("services.sync.prefs.sync.permissions.default.image", false); //true +lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true +lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true +lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true +lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true +lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true +lockPref("services.sync.prefs.sync.signon.rememberSignons", false); +lockPref("services.sync.prefs.sync.signon.management.page.breach-alerts.enabled", false); +lockPref("services.sync.prefs.sync.signon.generation.enabled", false); +lockPref("services.sync.prefs.sync.signon.autofillForms", false); +lockPref("services.sync.declinedEngines", ""); +lockPref("services.sync.globalScore", 0); +lockPref("services.sync.nextSync", 0); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); +lockPref("services.sync.tabs.lastSync", "0"); + +// -------------------------------- +// WEBGL +// -------------------------------- + +defaultPref("webgl.force-enabled", true); +defaultPref("layers.acceleration.force-enabled", true); +lockPref("webgl.enable-webgl2", false); +lockPref("webgl.min_capability_mode", true); +lockPref("webgl.disable-fail-if-major-performance-caveat", true); +lockPref("webgl.enable-debug-renderer-info", false); + +// conflicting with previous prefs? +// defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] +// defaultPref("layers.acceleration.disabled", false); + +// -------------------------------- +// JS +// -------------------------------- + +// should we consider disabling WebAssembly ? +// lockPref("javascript.options.wasm", false); + +// left as it is worth considering +// lockPref("javascript.options.asmjs", false); + +lockPref("javascript.options.shared_memory", false); + +// -------------------------------- +// GEO +// -------------------------------- + +>>>>>>> 55c94dc (reorganized, revisited) lockPref("geo.enabled", false); lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] lockPref("geo.provider.use_corelocation", false); // [MAC] @@ -1671,9 +1498,17 @@ lockPref("geo.provider.network.logging.enabled", false); lockPref("browser.region.network.url", ""); lockPref("browser.region.update.enabled", false); +<<<<<<< HEAD // -------------------------------- // # PREFETCHING // -------------------------------- +======= + +// Pref : +lockPref("layout.css.visited_links_enabled", false); +lockPref("layout.css.always-repaint-on-unvisited", false); +lockPref("layout.css.layout.css.notify-of-unvisited", false); +>>>>>>> 55c94dc (reorganized, revisited) lockPref("network.predictor.enabled", false); lockPref("network.prefetch-next", false); @@ -1697,7 +1532,23 @@ lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); lockPref("network.connectivity-service.DNSv6.domain", ""); lockPref("network.connectivity-service.DNSv4.domain", ""); +<<<<<<< HEAD // telemetry +======= +// Pref : +lockPref("plugins.crash.supportUrl", ""); + +// Pref : +lockPref("sync.enabled", false); + +// Pref : +lockPref("sync.jpake.serverURL", ""); + +// Pref : +lockPref("sync.serverURL", ""); + +// Pref : +>>>>>>> 55c94dc (reorganized, revisited) lockPref("toolkit.crashreporter.infoURL", ""); lockPref("toolkit.telemetry.archive.enabled", false); lockPref("toolkit.telemetry.updatePing.enabled", false); @@ -2046,16 +1897,130 @@ defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); // to be set for the console to work, see https://gitlab.com/librewolf-community/browser/linux/-/issues/80: defaultPref("devtools.selfxss.count", 0); -// enable HTTPS only mode by default -defaultPref("dom.security.https_only_mode", true); -defaultPref("dom.security.https_only_mode_ever_enabled", true); - -// JS in PDF +// -------------------------------- +// TESTING +// -------------------------------- + +// Pref : +//lockPref("urlclassifier.phishTable", ""); +// Default Value +// goog-phish-proto,test-phish-simple + +// Pref : +//lockPref("urlclassifier.passwordAllowTable", ""); +// Default Value +// goog-passwordwhite-proto + +// Pref : +//lockPref("urlclassifier.downloadAllowTable", ""); +// Default Value +// goog-downloadwhite-proto + +// Pref : +//lockPref("urlclassifier.downloadBlockTable", ""); +// Default Value +// goog-badbinurl-proto + +// Pref : Test To Make FFox Silent +//lockPref("security.content.signature.root_hash", ""); +// Default Value +// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E + +// -------------------------------- +// WINDOWS +// -------------------------------- + +// Pref : Other webGl [WINDOWS] +lockPref("webgl.dxgl.enabled", false); + +// Pref : disable scanning for plugins [WINDOWS] +lockPref("plugin.scan.plid.all", false); + +// Pref : disable Windows jumplist [WINDOWS] +lockPref("browser.taskbar.lists.enabled", false); +lockPref("browser.taskbar.lists.frequent.enabled", false); +lockPref("browser.taskbar.lists.recent.enabled", false); +lockPref("browser.taskbar.lists.tasks.enabled", false); + +// Pref : disable Windows taskbar preview [WINDOWS] +lockPref("browser.taskbar.previews.enable", false); + +// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] +// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ +lockPref("network.protocol-handler.external.ms-windows-store", false); + +// Pref : disable background update service [WINDOWS] +// [SETTING] General>Firefox Updates>Use a background service to install updates +lockPref("app.update.service.enabled", false); + +// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) +// [1] https://bugzilla.mozilla.org/603903 +lockPref("toolkit.winRegisterApplicationRestart", false); + +// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) +// 0=disable detecting Family Safety mode and importing the root +// 1=only attempt to detect Family Safety mode (don't import the root) +// 2=detect Family Safety mode and import the root +// [1] https://trac.torproject.org/projects/tor/ticket/21686 +lockPref("security.family_safety.mode", 0); + +// -------------------------------- +// ESR +// -------------------------------- + +// Pref : Geolocation +lockPref("browser.search.countryCode", "US"); + +// Pref : Disable Mozilla telemetry/experiments +// https://wiki.mozilla.org/Platform/Features/Telemetry +// https://wiki.mozilla.org/Privacy/Reviews/Telemetry +// https://wiki.mozilla.org/Telemetry +// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry +// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 +// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry +// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html +// https://wiki.mozilla.org/Telemetry/Experiments +// https://support.mozilla.org/en-US/questions/1197144 +lockPref("experiments.activeExperiment", false); +lockPref("experiments.enabled", false); +lockPref("experiments.manifest.uri", ""); +lockPref("experiments.supported", false); + +// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+) +// [1] https://bugzilla.mozilla.org/1173171 +// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ +// [-] https://bugzilla.mozilla.org/1427726 +lockPref("network.jar.block-remote-files", true); + +// Pref : 2613: disable JAR from opening Unsafe File Types +// [-] https://bugzilla.mozilla.org/1427726 +lockPref("network.jar.open-unsafe-types", false); + +// Pref : Disable Java NPAPI plugin +lockPref("plugin.state.java", 0); + +// Discussion at https://github.com/ghacksuserjs/ghacks-user.js/issues/743 +lockPref("trailhead.firstrun.branches", "join-privacy"); + +// Pref : 0402: enable Kinto blocklist updates (FF50+) +// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications +// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be +// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes +// [-] https://bugzilla.mozilla.org/1458917 +lockPref("services.blocklist.update_enabled", false); + +// Pref : 0503: disable "Savant" Shield study (FF61+) +// [-] https://bugzilla.mozilla.org/1457226 +lockPref("shield.savant.enabled", false); + +// Fix ESR Devtools +//lockPref("devtools.telemetry.tools.opened.version", ""); +// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"}