From 33a44bde53074c4bf27847fef48a316a3428c019 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 7 May 2021 16:35:49 +0200 Subject: [PATCH] rebased to latest commit from og repo --- Changelog.md | 1198 +------------------------------------ README.md | 42 +- librewolf.cfg | 1582 ------------------------------------------------- 3 files changed, 2 insertions(+), 2820 deletions(-) diff --git a/Changelog.md b/Changelog.md index 9ef2836..4febc8f 100755 --- a/Changelog.md +++ b/Changelog.md @@ -3,29 +3,7 @@ Previously missing, now added ``` defaultPref("pdfjs.enableScripting", false); -<<<<<<< HEAD -<<<<<<< HEAD lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway -======= -lockPref("privacy.trackingprotection.testing.report_blocked_node", false); -<<<<<<< HEAD -lockPref("browser.contentblocking.report.endpoint_url", ""); -lockPref("browser.contentblocking.report.monitor.home_page_url", ""); -lockPref("browser.contentblocking.report.monitor.preferences", ""); -lockPref("browser.contentblocking.report.vpn.url", ""); -lockPref("browser.contentblocking.report.vpn-promo.url", ""); -lockPref("browser.contentblocking.report.vpn-ios.url", ""); -lockPref("browser.contentblocking.report.vpn-android.url", ""); -<<<<<<< HEAD -lockPref("browser.contentblocking.category", "custom"); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -======= -======= ->>>>>>> 48fecfd (removed redundant stuff) -======= ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway ->>>>>>> a35eb4b (re-organized and reviewed) lockPref("browser.contentblocking.cfr-milestone.enabled", false); lockPref("browser.contentblocking.database.enabled", false); lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); @@ -44,8 +22,6 @@ lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); -<<<<<<< HEAD -<<<<<<< HEAD lockPref("app.normandy.dev_mode", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); @@ -58,240 +34,23 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false); defaultPref("general.warnOnAboutConfig", false); defaultPref("network.auth.subresource-http-auth-allow", 1); defaultPref("browser.display.use_system_colors", false); -<<<<<<< HEAD -======= -defaultPref("intl.accept_languages", "en-US, en"); -======= ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -lockPref("app.normandy.dev_mode", false); -<<<<<<< HEAD -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true -lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true -lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true -<<<<<<< HEAD ->>>>>>> 55c94dc (reorganized, revisited) -======= -======= ->>>>>>> 48fecfd (removed redundant stuff) -lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); -<<<<<<< HEAD ->>>>>>> 653a6ed (knocked out some more prefs) -======= -defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); -defaultPref("dom.security.https_only_mode_pbm", true); -<<<<<<< HEAD ->>>>>>> c16522a (added re-enabling guides) -======= -lockPref("browser.ping-centre.telemetry", false); -lockPref("browser.region.network.url", ""); -lockPref("browser.region.update.enabled", false); -defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -defaultPref("extensions.postDownloadThirdPartyPrompt", false); -defaultPref("general.warnOnAboutConfig", false); -defaultPref("network.auth.subresource-http-auth-allow", 1); ->>>>>>> 0267245 (added some new prefs from arkenfox) -======= ->>>>>>> e7a5601 (more good stuff) ``` #### Modified Updated some present prefs to better one ``` defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 -<<<<<<< HEAD -<<<<<<< HEAD -======= -defaultPref("network.http.referer.defaultPolicy", 2); // Previously set to 3 ->>>>>>> c16522a (added re-enabling guides) -======= ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) lockPref("browser.cache.offline.storage.enable", false); // Previously browser.cache.offline.insecure.enable lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // Previously set to 0 lockPref("network.http.referer.XOriginPolicy", 0); // Previously set to 1 defaultPref("privacy.clearOnShutdown.offlineApps", false); // For consistency with new cookie behavior defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cookie behavior -<<<<<<< HEAD -<<<<<<< HEAD lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384); -<<<<<<< HEAD -======= -lockPref("devtools.performance.recording.ui-base-url", ""); // Previously redirected to localhost -======= -lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 -<<<<<<< HEAD ->>>>>>> 45bf63e (processed everything up to EOF) -lockPref("services.settings.security.onecrl.signer", ""); // Previously services.blocklist.onecrl.signer -lockPref("browser.contentblocking.report.lockwise.howitworks.url", ""); -<<<<<<< HEAD ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -======= -defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed -<<<<<<< HEAD ->>>>>>> a35eb4b (re-organized and reviewed) ``` #### Removed -======= -lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // services.sync.prefs.sync.browser.contentblocking.enabled -======= -defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -======= ->>>>>>> e7a5601 (more good stuff) -``` - -#### Removed -<<<<<<< HEAD -Lines that were commented and are now removed -``` -// Librefox Compatibility Fix -// commented out, we're setting it differently later on -// defaultPref("extensions.autoDisableScopes", 0); - -// Removing https-everywhere adding 2 librefox addons -// keep it commented out for now, until we have more recent, properly pre-installed addons -// defaultPref("extensions.enabledAddons", ...); - -//lockPref("browser.contentblocking.global-toggle.enabled", false); -//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); -//lockPref("browser.contentblocking.fastblock.ui.enabled", false); -//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); -//lockPref("browser.contentblocking.allowlist.storage.enabled", false); -//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); -//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.ui.enabled", false); -//lockPref("browser.contentblocking.enabled", false); - -//lockPref("security.ask_for_password", 2); -//lockPref("security.password_lifetime", 5); - -//defaultPref("privacy.cpd.openWindows", true); // Clear session data -//defaultPref("privacy.clearOnShutdown.openWindows", true); -//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); -//lockPref("permissions.memory_only", true); // (hidden pref) -//lockPref("browser.formfill.expire_days", 0); - -//lockPref("browser.urlbar.autoFill", false); -//lockPref("browser.urlbar.autoFill.typed", false); - -//lockPref("media.peerconnection.video.h264", true); - -//lockPref("network.proxy.autoconfig_url.include_path", false); -//lockPref("network.proxy.socks_remote_dns", true); - -//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); -//lockPref("browser.devedition.theme.enabled", true); -//lockPref("devtools.theme", "dark"); -//lockPref("browser.devedition.theme.showCustomizeButton", true); - -//defaultPref("extensions.ui.dictionary.hidden", false); -//defaultPref("extensions.ui.locale.hidden", false); - -//lockPref("dom.indexedDB.logging.details", false); //default true -//lockPref("dom.indexedDB.logging.enabled", false); //default true -//lockPref("network.http.spdy.enabled", false); -//lockPref("network.http.spdy.enabled.deps", false); -//lockPref("network.http.spdy.enabled.http2", false); -//lockPref("network.http.spdy.websockets", false); - -// lockPref("dom.IntersectionObserver.enabled", false); - -// Pref : CSP Main Settings I/II : -// Those are default values for CSP -// Those are not meant to to be uncommented -//defaultPref("security.csp.enable", true); //This is its default value -//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value -//defaultPref("security.csp.enable_violation_events", true); //This is its default value -//defaultPref("security.csp.experimentalEnabled", false); //This is its default value -//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value -// Default Content Security Policy to apply to signed contents. -//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value - -// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature -// This value is applied after the first one (just ignore this) -//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); -// Default Value : "script-src 'self'; object-src 'self';" - -// Pref :Whether or not the installed extensions should be migrated to the -// storage.local IndexedDB backend. -//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false - -// Pref : if enabled, store execution times for API calls -//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false - -// Pref : Maximum age in milliseconds of performance counters in children -// When reached, the counters are sent to the main process and -// reset, so we reduce memory footprint. -//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.1.issuerName", ""); -// Default Value -// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.2.issuerName", ""); -// Default Value -// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US - -// Pref : Manage certificates button -//lockPref("security.disable_button.openCertManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : Manage security devices button -//lockPref("security.disable_button.openDeviceManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : The impact for this one is negligible -//defaultPref("browser.download.animateNotifications", false); -// Bench Diff : -80/5000 -// Pref : Spoof CPU Core Def 16 -// Default settings seems to be the best -//defaultPref("dom.maxHardwareConcurrency", 8); -// Bench Diff : -500/5000 -// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. -// Garbage collection releases memory back to the system. -// Default settings seems to be the best -//lockPref("javascript.options.mem.high_water_mark", 96); -// Bench Diff : -100/5000 -// Pref : Prevent font fingerprinting -// https://browserleaks.com/fonts -// https://github.com/pyllyukko/user.js/issues/120 -// Solved by extension disabled here for performance -//lockPref("browser.display.use_document_fonts", 0); - - -// Fix ESR Devtools -//lockPref("devtools.telemetry.tools.opened.version", ""); -// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} - -// defaultPref("network.http.sendRefererHeader", 1); default is better - -ALL OF Disabled - Deprecated Inactive -ALL OF Disabled - Section OFF -``` ->>>>>>> 55c94dc (reorganized, revisited) -======= ->>>>>>> 57702f8 (updated changelog) Active prefs that were removed ``` lockPref("network.cookie.same-site.enabled", true); // Deprecated @@ -347,18 +106,12 @@ lockPref("services.settings.default_signer", ""); // Deprecated lockPref("app.productInfo.baseURL", ""); // Deprecated lockPref("devtools.webide.adbAddonURL", ""); // Deprecated lockPref("lightweightThemes.recommendedThemes", ""); // Deprecated -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> a35eb4b (re-organized and reviewed) defaultPref("media.gmp-gmpopenh264.autoupdate", false); // Adroid FF only lockPref("browser.newtabpage.activity-stream.prerender", false); // Deprecated lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // Deprecated lockPref("browser.newtabpage.activity-stream.disableSnippets", true); // Deprecated lockPref("privacy.donottrackheader.value", 1); // Deprecated defaultPref("privacy.userContext.longPressBehavior", 2); // Deprecated -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default lockPref("dom.forms.datetime", false); // Deprecated lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated @@ -444,10 +197,6 @@ lockPref("geo.wifi.logging.enabled", false); // Deprecated lockPref("browser.search.geoSpecificDefaults.url", ""); // Deprecated lockPref("browser.search.geoSpecificDefaults", false); // Deprecated lockPref("browser.fixup.hide_user_pass", true); // Deprecated -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> c16522a (added re-enabling guides) lockPref("privacy.storagePrincipal.enabledForTrackers", false); // redundant with dFPI defaultPref("layout.css.visited_links_enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1632765 defaultPref("layout.css.always-repaint-on-unvisited", false); // no benefit with RFP enabled -> https://github.com/arkenfox/user.js/issues/933 @@ -467,10 +216,6 @@ defaultPref("extensions.ui.experiment.hidden", false); // Deprecated defaultPref("extensions.webextensions.tabhide.enabled", false); // Deprecated lockPref("dom.enable_performance", false); // conflicting with RFP lockPref("dom.enable_performance_navigation_timing", false); // conflicting with RFP -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> 4041ab1 (reorganized and improved some entries) lockPref("security.mixed_content.upgrade_display_content", true); // not worth having https://github.com/arkenfox/user.js/issues/754 lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // Deprecated lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // Deprecated @@ -484,8 +229,6 @@ lockPref("security.ssl3.rsa_des_ede3_sha", false); // known to leak and increase lockPref("security.ssl3.rsa_aes_256_sha", false); // known to leak and increase fingerprint lockPref("security.ssl3.rsa_aes_128_sha", false); // known to leak and increase fingerprint lockPref("browser.safebrowsing.allowOverride", false); // we do not have SB enabled so we don't care if the bypass button is shown -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? lockPref("services.blocklist.onecrl.collection", ""); // Deprecated lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint @@ -585,15 +328,7 @@ defaultPref("webgl.force-enabled", true); // out of scope, not worth defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth lockPref("privacy.trackingprotection.testing.report_blocked_node", false); // default false and we have tracking protection disabled lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); // default false and we have tracking protection disabled -<<<<<<< HEAD -<<<<<<< HEAD lockPref("privacy.trackingprotection.lower_network_priority", false); // default -======= -lockPref("privacy.trackingprotection.lower_network_priority", false); // default false and we have tracking protection disabled ->>>>>>> 48fecfd (removed redundant stuff) -======= -lockPref("privacy.trackingprotection.lower_network_priority", false); // default ->>>>>>> e7a5601 (more good stuff) lockPref("telemetry.origin_telemetry_test_mode.enabled", false); // default false and we have tracking protection disabled lockPref("signon.storeSignons", false); // Deprecated lockPref("browser.urlbar.filter.javascript", true); // default @@ -619,18 +354,12 @@ lockPref("dom.imagecapture.enabled", false); // default lockPref("dom.reporting.crash.enabled", false); // default defaultPref("network.proxy.autoconfig_url.include_path", false); // default lockPref("security.tls.version.min", 3); // default -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("extensions.webextensions.background-delayed-startup", true); //default defaultPref("xpinstall.signatures.required", true); // default lockPref("app.normandy.dev_mode", false); // default defaultPref("pdfjs.enableWebGL", false); // default lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable lockPref("network.predictor.enable-prefetch", false); // default -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> 57702f8 (updated changelog) lockPref("network.http.referer.spoofSource", false); // default defaultPref("network.http.referer.defaultPolicy", 2); // default defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default @@ -664,20 +393,8 @@ lockPref("xpinstall.whitelist.required", true); // default lockPref("browser.sessionhistory.max_entries", 20); // why? lockPref("extensions.webapi.testing", false); // hidden but default false lockPref("canvas.capturestream.enabled", false); // any real benefit? -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup -======= ->>>>>>> 57702f8 (updated changelog) -======= -lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments ->>>>>>> 3afb2b3 (removed redirect limt) -======= -lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments -defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup ->>>>>>> 0f6e184 (moved a pref to hardened setup) // fxaccounts is disabled in policies lockPref("identity.fxaccounts.enabled", false); @@ -687,29 +404,7 @@ lockPref("identity.fxaccounts.commands.enabled", false); lockPref("identity.fxaccounts.remote.oauth.uri", ""); lockPref("identity.fxaccounts.remote.profile.uri", ""); lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); -<<<<<<< HEAD -======= -======= -defaultPref("accessibility.typeaheadfind", false); // Already default -defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default -lockPref("dom.forms.datetime", false); // Deprecated ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 653a6ed (knocked out some more prefs) -``` -#### Commented -Active prefs that were commented in order to address them before removing them -``` -// this sets a cookie jar for 3rd party origin which is the same as dFPI and redundant -// when 3rd party cookies are disabled -// lockPref("privacy.storagePrincipal.enabledForTrackers", false); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) - -<<<<<<< HEAD -======= - ->>>>>>> 57702f8 (updated changelog) // all handled by lockPref("services.settings.server", "") lockPref("services.blocklist.addons.collection", ""); lockPref("services.blocklist.plugins.collection", ""); @@ -834,755 +529,6 @@ lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false) lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); lockPref("services.sync.tabs.lastSync", "0"); -<<<<<<< HEAD -======= -// redudant with RFP and javascript.use_us_english_locale -// defaultPref("privacy.spoof_english", 2); - -// Likely deprecated -// lockPref("dom.indexedDB.enabled", true); ->>>>>>> a35eb4b (re-organized and reviewed) - -// useless as ui elements are not in the report page -lockPref("browser.contentblocking.report.cookie.url", ""); -lockPref("browser.contentblocking.report.cryptominer.url", ""); -lockPref("browser.contentblocking.report.endpoint_url", ""); -lockPref("browser.contentblocking.report.fingerprinter.url", ""); -lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); -lockPref("browser.contentblocking.report.manage_devices.url", ""); -lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); -lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); -lockPref("browser.contentblocking.report.monitor.home_page_url", ""); -lockPref("browser.contentblocking.report.monitor.preferences", ""); -lockPref("browser.contentblocking.report.monitor.url", ""); -lockPref("browser.contentblocking.report.proxy.enabled", false); -lockPref("browser.contentblocking.report.proxy_extension.url", ""); -lockPref("browser.contentblocking.report.social.url", ""); -lockPref("browser.contentblocking.report.tracker.url", ""); -lockPref("browser.contentblocking.report.vpn.url", ""); -lockPref("browser.contentblocking.report.vpn-promo.url", ""); -lockPref("browser.contentblocking.report.vpn-ios.url", ""); -lockPref("browser.contentblocking.report.vpn-android.url", ""); -``` -#### Commented -Prefs that need to be addressed and that were disabled for now -``` -// all covered by previous prefs -// defaultPref("media.navigator.video.enabled", false); -// defaultPref("media.peerconnection.use_document_iceservers", false); -// defaultPref("media.peerconnection.identity.enabled", false); -// defaultPref("media.peerconnection.identity.timeout", 1); -// defaultPref("media.peerconnection.turn.disable", true); -// defaultPref("media.peerconnection.ice.tcp", false); -======= -defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default -lockPref("dom.forms.datetime", false); // Deprecated -lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated -lockPref("services.sync.clients.lastSync", "0"); // Deprecated -lockPref("services.sync.clients.lastSyncLocal", "0"); // Deprecated -lockPref("services.sync.enabled", false); // Deprecated -lockPref("services.sync.jpake.serverURL", ""); // Deprecated -lockPref("services.sync.migrated", true); // Deprecated -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.password", false); // Deprecated -lockPref("services.sync.serverURL", ""); // Deprecated -lockPref("services.sync.tabs.lastSyncLocal", "0"); // Deprecated -lockPref("services.sync.engine.bookmarks.buffer", false); // Deprecated -lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); // Deprecated -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); // Deprecated -lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); // Deprecated -lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); // Deprecated -lockPref("services.sync.prefs.sync.extensions.personas.current", false); // Deprecated -lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); // Deprecated -lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); // Deprecated -lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); // Deprecated -lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); // Deprecated -lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); // Deprecated -lockPref("services.sync.prefs.sync.security.OCSP.require", false); // Deprecated -lockPref("services.sync.prefs.sync.security.tls.version.max", false); // Deprecated -lockPref("services.sync.prefs.sync.security.tls.version.min", false); // Deprecated -lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); // Deprecated -lockPref("prio.publicKeyB", ""); // Deprecated -lockPref("prio.publicKeyA", ""); // Deprecated -lockPref("browser.chrome.errorReporter.publicKey", ""); // Deprecated -lockPref("security.insecure_password.ui.enabled", true); // Deprecated -defaultPref("network.dns.localDomains", "librefox.com"); // Doesn't make sense at all -lockPref("security.ssl.errorReporting.automatic", false); // Deprecated -lockPref("security.ssl.errorReporting.url", ""); // Deprecated -lockPref("security.ssl.errorReporting.enabled", false); // Deprecated -defaultPref("layout.frame_rate.precise", true); // Deprecated -defaultPref("layers.offmainthreadcomposition.enabled", true); // Deprecated -defaultPref("layers.async-video.enabled", true); // Deprecated -defaultPref("layers.offmainthreadcomposition.async-animations", true); // Default true and not important to set -defaultPref("html5.offmainthread", true); // Default true and not important to set -defaultPref("browser.tabs.animate", false); // Deprecated -lockPref("webgl.disable-extensions", true); // Deprecated -lockPref("browser.onboarding.notification.finished", true); // Deprecated -lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // Deprecated -lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // Deprecated -lockPref("devtools.onboarding.telemetry.logged", false); // Deprecated -lockPref("pref.general.disable_button.default_browser", false); // Deprecated -lockPref("pref.privacy.disable_button.view_passwords", false); // Deprecated -lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // Deprecated -lockPref("browser.urlbar.searchSuggestionsChoice", false); // Deprecated -lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // Deprecated -lockPref("app.update.silent", false); // Deprecated -lockPref("app.vendorURL", ""); // Deprecated -lockPref("browser.chrome.errorReporter.submitUrl", ""); // Deprecated -lockPref("browser.chrome.errorReporter.enabled", false); // Deprecated -lockPref("browser.ping-centre.staging.endpoint", ""); // Deprecated -lockPref("devtools.devedition.promo.url", ""); // Deprecated -lockPref("devtools.gcli.imgurUploadURL", ""); // Deprecated -lockPref("devtools.gcli.jquerySrc", ""); // Deprecated -lockPref("devtools.gcli.underscoreSrc", ""); // Deprecated -lockPref("devtools.telemetry.supported_performance_marks", ""); // Deprecated -lockPref("dom.permissions.enabled", false); // Deprecated -lockPref("extensions.blocklist.url", ""); // Deprecated -lockPref("geo.wifi.uri", ""); // Deprecated -lockPref("geo.provider-country.network.scan", false); // Deprecated -lockPref("geo.provider-country.network.url", ""); // Deprecated -lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated ->>>>>>> 55c94dc (reorganized, revisited) -======= ->>>>>>> c16522a (added re-enabling guides) -======= -defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why? -lockPref("services.blocklist.onecrl.collection", ""); // Deprecated - ->>>>>>> 4041ab1 (reorganized and improved some entries) -======= -defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? -lockPref("services.blocklist.onecrl.collection", ""); // Deprecated -lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint -lockPref("plugin.defaultXpi.state", 1); // Deprecated -lockPref("remote.log.level", "Info"); // already default and not important in any way -lockPref("webgl.min_capability_mode", true); // small to no gain according to arkenfox and TOR, breaks websites on the other side -<<<<<<< HEAD -lockPref("network.protocol-handler.external.http",false); // Deprecated or not existent -lockPref("network.protocol-handler.external.https",false); // Deprecated or not existent ->>>>>>> 8b7a898 (updated and started editing external protocols) -======= -lockPref("lightweightThemes.update.enabled", false); // Deprecated -lockPref("lightweightThemes.persisted.headerURL", false); // Deprecated -lockPref("lightweightThemes.persisted.footerURL", false); // Deprecated -lockPref("network.protocol-handler.warn-external-default",true); // any real benefit? -lockPref("network.protocol-handler.external.javascript",false); // any real benefit? -lockPref("network.protocol-handler.external.moz-extension",false); // any real benefit? -lockPref("network.protocol-handler.external.ftp",false);// any real benefit? -lockPref("network.protocol-handler.external.file",false);// any real benefit? -lockPref("network.protocol-handler.external.about",false);// any real benefit? -lockPref("network.protocol-handler.external.chrome",false);// any real benefit? -lockPref("network.protocol-handler.external.blob",false);// any real benefit? -lockPref("network.protocol-handler.external.data",false);// any real benefit? -lockPref("network.protocol-handler.expose-all",false);// any real benefit? -lockPref("network.protocol-handler.expose.http",true);// any real benefit? -lockPref("network.protocol-handler.expose.https",true);// any real benefit? -lockPref("network.protocol-handler.expose.javascript",true);// any real benefit? -lockPref("network.protocol-handler.expose.moz-extension",true);// any real benefit? -lockPref("network.protocol-handler.expose.ftp",true);// any real benefit? -lockPref("network.protocol-handler.expose.file",true);// any real benefit? -lockPref("network.protocol-handler.expose.about",true);// any real benefit? -lockPref("network.protocol-handler.expose.chrome",true);// any real benefit? -lockPref("network.protocol-handler.expose.blob",true);// any real benefit? -lockPref("network.protocol-handler.expose.data",true);// any real benefit? -lockPref("network.protocol-handler.external.http",false);// any real benefit? -lockPref("network.protocol-handler.external.https",false);// any real benefit? -lockPref("shumway.disabled", true); // Deprecated -lockPref("plugin.state.libgnome-shell-browser-plugin", 0); // Deprecated -lockPref("plugins.click_to_play", true); // Deprecated -lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); // Deprecated -lockPref("devtools.webide.enabled", false); // Deprecated -lockPref("devtools.webide.autoinstallADBExtension", false); // Deprecated -lockPref("network.allow-experiments", false); // Deprecated -lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // Deprecated -lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); // Deprecated -lockPref("network.netlink.route.check.IPv6", "::1"); // Deprecated -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // Deprecated -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // Deprecated -lockPref("security.tls.version.max", 4); // increases fingerprint -defaultPref("network.dns.blockDotOnion", true); // TOR is out of scope -lockPref("network.http.referer.hideOnionSource", true); // TOR is out of scope -lockPref("browser.onboarding.enabled", false); // Deprecated -lockPref("dom.mozTCPSocket.enabled", false); // Useless according to https://gitlab.torproject.org/legacy/trac/-/issues/27268#comment:2 -lockPref("devtools.webide.autoinstallADBHelper", false); // Deprecated -lockPref("app.update.enabled", false); // Deprecated -lockPref("browser.casting.enabled", false); // Deprecated, probably Android only -lockPref("browser.newtabpage.activity-stream.enabled", false); // Deprecated -lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); // Deprecated -lockPref("browser.newtabpage.directory.source", "data:text/plain,"); // Deprecated -lockPref("browser.newtabpage.enhanced", false); // Deprecated -lockPref("browser.selfsupport.url", ""); // Deprecated -lockPref("camera.control.face_detection.enabled", false); // Deprecated -lockPref("datareporting.healthreport.about.reportUrl", "data:,"); // Deprecated -lockPref("datareporting.healthreport.service.enabled", false); // Deprecated -lockPref("devtools.webide.autoinstallFxdtAdapters", false); // Deprecated -lockPref("devtools.webide.adaptersAddonURL", ""); // Deprecated -lockPref("dom.flyweb.enabled", false); // Deprecated -lockPref("dom.push.udp.wakeupEnabled", false); // Deprecated -lockPref("dom.telephony.enabled", false); // Deprecated -lockPref("extensions.shield-recipe-client.enabled", false); // Deprecated -lockPref("loop.logDomains", false); // Deprecated -lockPref("network.websocket.enabled", false); // Deprecated -lockPref("security.xpconnect.plugin.unrestricted", false); // Deprecated -lockPref("social.directories", ""); // Deprecated -lockPref("social.remote-install.enabled", false); // Deprecated -lockPref("social.whitelist", ""); // Deprecated -lockPref("pref.privacy.disable_button.change_blocklist", true); // seems to have no effect and probably deprecated -lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); // seems to have no effect and probably deprecated -lockPref("browser.pocket.enabled", false); // Deprecated -defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); // already default value and not that important, can still be flipped easily -lockPref("plugin.scan.plid.all", false); // Win-only, plugins are disabled so it's redundant -lockPref("webgl.dxgl.enabled", false); // Win-only, marked as useless https://github.com/arkenfox/user.js/issues/714 -lockPref("browser.search.countryCode", "US"); // Deprecated -lockPref("experiments.activeExperiment", false); // Deprecated -lockPref("experiments.enabled", false); // Deprecated -lockPref("experiments.manifest.uri", ""); // Deprecated -lockPref("experiments.supported", false); // Deprecated -lockPref("network.jar.block-remote-files", true); // Deprecated -lockPref("network.jar.open-unsafe-types", false); // Deprecated -lockPref("plugin.state.java", 0); // Deprecated -lockPref("trailhead.firstrun.branches", "join-privacy"); // Deprecated -lockPref("services.blocklist.update_enabled", false); // Deprecated -lockPref("shield.savant.enabled", false); // Deprecated -defaultPref("gfx.direct2d.disabled", false); // Win-only, default and probably out of scope -defaultPref("layers.acceleration.disabled", false); // default and probably out of scope -<<<<<<< HEAD ->>>>>>> 45bf63e (processed everything up to EOF) -======= -lockPref("browser.taskbar.previews.enable", false); // personal pref -lockPref("browser.taskbar.lists.enabled", false); // personal pref -lockPref("browser.taskbar.lists.frequent.enabled", false); // personal pref -lockPref("browser.taskbar.lists.recent.enabled", false); // personal pref -lockPref("browser.taskbar.lists.tasks.enabled", false); // personal pref -defaultPref("webgl.force-enabled", true); // out of scope, not worth -defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth ->>>>>>> 5b1fc33 (removed some more) -======= -defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale -======= ->>>>>>> 7732277 (imrpoved referers and language settings) -defaultPref("extensions.webextensions.background-delayed-startup", true); //default -defaultPref("xpinstall.signatures.required", true); // default -lockPref("app.normandy.dev_mode", false); // default -defaultPref("pdfjs.enableWebGL", false); // default -lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable -lockPref("network.predictor.enable-prefetch", false); // default -<<<<<<< HEAD ->>>>>>> 48fecfd (removed redundant stuff) -======= -lockPref("intl.regional_prefs.use_os_locales", false); // default -defaultPref("intl.locale.requested", "en-US"); // conflicting -defaultPref("privacy.spoof_english", 2); // automatically handled by RFP and other lang prefs -======= ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -lockPref("network.http.referer.trimmingPolicy", 0); // default -lockPref("network.http.referer.spoofSource", false); // default -defaultPref("network.http.referer.defaultPolicy", 2); // default -defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default -<<<<<<< HEAD ->>>>>>> 7732277 (imrpoved referers and language settings) -======= -defaultPref("layout.spellcheckDefault", 2); // why? -<<<<<<< HEAD ->>>>>>> 269747e (fixed lang fp, relaxed xorigin) -======= -lockPref("privacy.trackingprotection.introURL", ""); // Deprecated -defaultPref("general.appname.override", "Netscape"); // no benefit over RFP -defaultPref("general.appversion.override", "5.0 (Windows)"); // no benefit over RFP, and it doesn't spoof -defaultPref("general.platform.override", "Win32"); // no benefit over RFP, and it doesn't spoof -defaultPref("general.oscpu.override", "Windows NT 6.1"); // no benefit over RFP, and it doesn't spoof -lockPref("general.buildID.override", "20100101"); // no benefit over RFP -lockPref("browser.startup.homepage_override.buildID", "20100101"); // no benefit over RFP -defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // no benefit over RFP and without may increase FP -<<<<<<< HEAD ->>>>>>> 934010b (removed overrides for spoofing) -``` - -#### Unlocked -Locked prefs that were unlocked, more should be unlocked probably -``` -defaultPref("general.config.filename", "librewolf.cfg"); -defaultPref("privacy.donottrackheader.enabled", true); // Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("permissions.default.geo", 2); // Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("extensions.getAddons.themes.browseURL", "") -defaultPref("pdfjs.enableWebGL", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); -defaultPref("alerts.showFavicons", false); // default: false -defaultPref("security.remote_settings.intermediates.enabled", true); -defaultPref("dom.battery.enabled", false); // Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("extensions.blocklist.enabled", false); -defaultPref("extensions.blocklist.detailsURL", ""); -defaultPref("extensions.blocklist.itemURL", ""); -defaultPref("security.OCSP.enabled", 0); // someone might want to have it on for security concerns -defaultPref("security.OCSP.require", false); -defaultPref("reader.parse-on-load.enabled", false); -``` - -#### To discuss -Prefs that need to be addressed and potential roadmap -``` -Open points: -// How much should we lock? -// How in depth should we go with urls -// SB - make re-enabling easier, test connections -// GEO - review to allow easier re-enabling -// evaluate certificate handling (oscp, crlite, blocklist) - -<<<<<<< HEAD -missing from arkenfox in need of discussion: -security.pki.crlite_mode -> DISCUSS -security.remote_settings.crlite_filters.enabled -> DISCUSS -dom.security.https_only_mode_send_http_background_request -> DISCUSS -browser.download.useDownloadDir -> do we want to ask for download location each time? -======= -defaultPref("extensions.getAddons.themes.browseURL", "") - -defaultPref("pdfjs.enableWebGL", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); -<<<<<<< HEAD ->>>>>>> a35eb4b (re-organized and reviewed) -======= - -defaultPref("alerts.showFavicons", false); // default: false - -defaultPref("security.remote_settings.intermediates.enabled", true); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("dom.battery.enabled", false); -<<<<<<< HEAD ->>>>>>> 55c94dc (reorganized, revisited) -======= - -defaultPref("layout.css.visited_links_enabled", false); -defaultPref("layout.css.always-repaint-on-unvisited", false); -defaultPref("layout.css.notify-of-unvisited", false); - -defaultPref("browser.tabs.closeTabByDblclick", true); - -// Unlocked as known to cause breakage -defaultPref("dom.event.clipboardevents.enabled", false); -<<<<<<< HEAD ->>>>>>> 653a6ed (knocked out some more prefs) -======= - -// already default and no reason to lock it -lockPref("network.http.referer.trimmingPolicy", 0); - -defaultPref("extensions.blocklist.enabled", false); -defaultPref("extensions.blocklist.detailsURL", ""); -defaultPref("extensions.blocklist.itemURL", ""); -<<<<<<< HEAD ->>>>>>> c16522a (added re-enabling guides) -======= - -// someone might want to have it on for security concerns -defaultPref("security.OCSP.enabled", 0); -defaultPref("security.OCSP.require", false); ->>>>>>> 4041ab1 (reorganized and improved some entries) -``` - -## How to... -#### Stay logged -Add website to exceptions before login, both http and https link -#### Enable DRM content -``` -<<<<<<< HEAD -media.eme.enabled = true -media.gmp-widevinecdm.visible = true -media.gmp-widevinecdm.enabled = true -media.gmp-provider.enabled = true -media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml -======= -defaultPref("signon.management.page.breach-alerts.enabled", false); -defaultPref("signon.management.page.breachAlertUrl", ""); -defaultPref("startup.homepage_override_url", "about:blank"); -defaultPref("startup.homepage_welcome_url", "about:blank"); -defaultPref("startup.homepage_welcome_url.additional", ""); -defaultPref("identity.sendtabpromo.url", ""); ->>>>>>> 55c94dc (reorganized, revisited) -``` -#### Use video conferencing -``` -<<<<<<< HEAD -media.peerconnection.enabled = true -media.peerconnection.ice.no_host = true -dom.webaudio.enabled = true -``` -screensharing `media.getusermedia.screensharing.enabled = true` -#### Enable addons search -``` -<<<<<<< HEAD -extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" -``` -#### Enable addons manual updates -``` -extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= -%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= -%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= -%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" -``` -#### Enable OCSP certificate checking -``` -security.OCSP.enabled = 1 -``` -you probably also want `security.OCSP.require = true` -======= -// This should be discussed -defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); -defaultPref("general.appname.override", "Netscape"); -defaultPref("general.appversion.override", "5.0 (Windows)"); -defaultPref("general.platform.override", "Win32"); -defaultPref("general.oscpu.override", "Windows NT 6.1"); -lockPref("general.buildID.override", "20100101"); -lockPref("browser.startup.homepage_override.buildID", "20100101"); ->>>>>>> 653a6ed (knocked out some more prefs) -======= ->>>>>>> e7ed7c4 (updated changelog) - -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -#### Hardened setup -``` -defaultPref("javascript.options.asmjs", false); // disable asm.js -defaultPref("javascript.options.wasm", false); // disable web assembly -defaultPref("webgl.disabled", true); // disable webgl -defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing -defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access -======= -// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI -defaultPref("network.cookie.cookieBehavior", 1); - -======= ->>>>>>> c16522a (added re-enabling guides) -// What should we do with this pref -//defaultPref("network.http.sendRefererHeader", 1); -<<<<<<< HEAD ->>>>>>> a35eb4b (re-organized and reviewed) -======= - -<<<<<<< HEAD -======= ->>>>>>> 48fecfd (removed redundant stuff) -// should we consider disabling WebAssembly ? -//lockPref("javascript.options.wasm", false); - -// to check -defaultPref("xpinstall.signatures.required", true); - -// How much should we lock? -// How much should we care bout URLs? - -======= ->>>>>>> 7732277 (imrpoved referers and language settings) -Other points: -// How much should we lock? -// DRM - should we make it even easier? -// COOKIES - now using dFPI -// SB - make re-enabling easier, test connections - -from arkenfox: -dom.security.https_only_mode_send_http_background_request -> DISCUSS -dom.storage.next_gen -> DISCUSS -security.pki.crlite_mode -> DISCUSS -security.remote_settings.crlite_filters.enabled -> DISCUSS -``` - -#### Commented -Prefs that need to be addressed and that were disabled for now -``` -<<<<<<< HEAD -// redudant with RFP and javascript.use_us_english_locale -// defaultPref("privacy.spoof_english", 2); - -<<<<<<< HEAD -// conflicting with previous prefs? -// defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] -// defaultPref("layers.acceleration.disabled", false); - -<<<<<<< HEAD -// seems to be deprecated -// lockPref("dom.registerProtocolHandler.insecure.enabled", true); -<<<<<<< HEAD ->>>>>>> 55c94dc (reorganized, revisited) -======= - -======= ->>>>>>> c16522a (added re-enabling guides) -======= ->>>>>>> 8b7a898 (updated and started editing external protocols) -// apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable -// should be checked -// lockPref("browser.cache.offline.enable", false); - -<<<<<<< HEAD -// redundant with RFP -// lockPref("dom.enable_performance", false); //Deprecated Active -// lockPref("dom.enable_performance_navigation_timing", false); ->>>>>>> 653a6ed (knocked out some more prefs) -======= -======= ->>>>>>> 48fecfd (removed redundant stuff) -// all covered by previous prefs -// defaultPref("media.navigator.video.enabled", false); -// defaultPref("media.peerconnection.use_document_iceservers", false); -// defaultPref("media.peerconnection.identity.enabled", false); -// defaultPref("media.peerconnection.identity.timeout", 1); -// defaultPref("media.peerconnection.turn.disable", true); -// defaultPref("media.peerconnection.ice.tcp", false); -``` - -## How to... -#### Stay logged -Add website to exceptions before login, both http and https link -#### Enable DRM content -``` -media.eme.enabled = true -media.gmp-widevinecdm.visible = true -media.gmp-widevinecdm.enabled = true -media.gmp-provider.enabled = true -media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml -``` -#### Use video conferencing -``` -media.peerconnection.enabled = true -media.peerconnection.ice.no_host = true -dom.webaudio.enabled = true -``` -screensharing `media.getusermedia.screensharing.enabled = true` -#### Enable addons search -``` -extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" -``` -#### Enable addons manual updates -``` -extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= -%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= -%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= -%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" -<<<<<<< HEAD ->>>>>>> c16522a (added re-enabling guides) -``` -======= -``` -#### Enable OCSP certificate checking -``` -security.OCSP.enabled = 1 -``` -you probably also want `security.OCSP.require = true` -<<<<<<< HEAD ->>>>>>> 4041ab1 (reorganized and improved some entries) -======= - -## Missing compared to arkenfox -List of prefs missing in .cfg with reason why we do not have them -``` -browser.cache.disk.enable -> performance hit -browser.display.use_system_colors -> default -browser.download.useDownloadDir -> do we want to ask for download location each time? -browser.newtabpage.enabled -> we do not default to blank page -browser.startup.homepage -> we do not default to blank page -browser.startup.page -> we do not default to blank page -dom.allow_cut_copy -> we leave this on for usability -javascript.options.asmjs -> performance hit -keyword.enabled -> no privacy implication if trusty search engine -privacy.firstparty.isolate -> we have dFPI -privacy.resistFingerprinting.letterboxing -> usability hit -privacy.window.name.update.enabled -> default -security.ask_for_password -> disabled in librewolf -security.password_lifetime -> disabled in librewolf -ui.prefersReducedMotion -> usability hit -webgl.disabled -> usability hit -``` -ones worth discussing -``` -dom.security.https_only_mode_send_http_background_request -> DISCUSS -dom.storage.next_gen -> DISCUSS -javascript.options.wasm -> DISCUSS -security.pki.crlite_mode -> DISCUSS -security.remote_settings.crlite_filters.enabled -> DISCUSS -======= -lockPref("security.insecure_connection_icon.enabled", true); // Default -lockPref("security.insecure_connection_icon.pbmode.enabled", true); // Default -lockPref("browser.bookmarks.restore_default_bookmarks", false); // Default -lockPref("browser.contentblocking.cfr-milestone.enabled", false); // not needed with contenblocking disabled -lockPref("app.normandy.first_run", false); // default -lockPref("browser.send_pings", false); // default -lockPref("browser.send_pings.require_same_host", true); // default -defaultPref("browser.tabs.closeTabByDblclick", true); // why? -lockPref("devtools.debugger.force-local", true); // default -lockPref("gfx.offscreencanvas.enabled", false); // default -lockPref("media.webspeech.recognition.enable", false); // default -lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // default -lockPref("remote.force-local", true); // default -lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default -lockPref("security.fileuri.strict_origin_policy", true); // default -lockPref("security.insecure_field_warning.contextual.enabled", true); // default -defaultPref("security.remote_settings.intermediates.enabled", true); // default -lockPref("xpinstall.whitelist.required", true); // default -lockPref("browser.sessionhistory.max_entries", 20); // why? -lockPref("extensions.webapi.testing", false); // hidden but default false -lockPref("canvas.capturestream.enabled", false); // any real benefit? ->>>>>>> e7a5601 (more good stuff) -``` -<<<<<<< HEAD ->>>>>>> 0267245 (added some new prefs from arkenfox) -======= - -## Experimental removals -need testing, should be redundant prefs as we already disabled others -``` -/* -// fxaccount, to check -lockPref("identity.fxaccounts.enabled", false); -lockPref("identity.fxaccounts.remote.root", ""); -lockPref("identity.fxaccounts.auth.uri", ""); -lockPref("identity.fxaccounts.commands.enabled", false); -lockPref("identity.fxaccounts.remote.oauth.uri", ""); -lockPref("identity.fxaccounts.remote.profile.uri", ""); -lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); -*/ - -/* -// to check, should all be handled by lockPref("services.settings.server", "") -lockPref("services.blocklist.addons.collection", ""); -lockPref("services.blocklist.plugins.collection", ""); -lockPref("services.blocklist.gfx.collection", ""); -lockPref("services.blocklist.addons.signer", ""); -lockPref("services.blocklist.gfx.signer", ""); -lockPref("services.settings.security.onecrl.signer", ""); -lockPref("services.blocklist.pinning.signer", ""); -lockPref("services.blocklist.plugins.signer", ""); -*/ - -// -------------------------------- -// SYNC -// -------------------------------- - -/* -lockPref("services.sync.addons.trustedSourceHostnames", ""); -lockPref("services.sync.lastversion", ""); -lockPref("services.sync.maxResyncs", 0); // 1 -lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 -lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false -lockPref("services.sync.engine.addons", false); //true -lockPref("services.sync.engine.addresses", false); //false -lockPref("services.sync.engine.addresses.available", false); -lockPref("services.sync.engine.bookmarks", false); //true -lockPref("services.sync.engine.creditcards", false); //false -lockPref("services.sync.engine.creditcards.available", false); //false -lockPref("services.sync.engine.history", false); //true -lockPref("services.sync.engine.passwords", false); //true -lockPref("services.sync.engine.prefs", false); //true -lockPref("services.sync.engine.tabs", false); //true -lockPref("services.sync.log.appender.file.logOnError", false); //true -lockPref("services.sync.log.appender.file.logOnSuccess", false); //false -lockPref("services.sync.log.cryptoDebug", false); //false -lockPref("services.sync.sendVersionInfo", false); //true -lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true -lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true -lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true -lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true -lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); //true -lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true -lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true -lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true -lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true -lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true -lockPref("services.sync.prefs.sync.browser.search.update", false); //true -lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true -lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true -lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true -lockPref("services.sync.prefs.sync.browser.startup.page", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.engines", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true -lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true -lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true -lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true -lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true -lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true -lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true -lockPref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", false); //true -lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true -lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true -lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true -lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true -lockPref("services.sync.prefs.sync.permissions.default.image", false); //true -lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true -lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true -lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true -lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true -lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true -lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true -lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true -lockPref("services.sync.prefs.sync.signon.rememberSignons", false); -lockPref("services.sync.prefs.sync.signon.management.page.breach-alerts.enabled", false); -lockPref("services.sync.prefs.sync.signon.generation.enabled", false); -lockPref("services.sync.prefs.sync.signon.autofillForms", false); -lockPref("services.sync.declinedEngines", ""); -lockPref("services.sync.globalScore", 0); -lockPref("services.sync.nextSync", 0); -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); -lockPref("services.sync.tabs.lastSync", "0"); -*/ -<<<<<<< HEAD -``` ->>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) -======= -======= ->>>>>>> 57702f8 (updated changelog) // useless as ui elements are not in the report page lockPref("browser.contentblocking.report.cookie.url", ""); @@ -1616,9 +562,6 @@ Prefs that need to be addressed and that were disabled for now // defaultPref("media.peerconnection.turn.disable", true); // defaultPref("media.peerconnection.ice.tcp", false); ``` -<<<<<<< HEAD ->>>>>>> 48fecfd (removed redundant stuff) -======= #### Unlocked Locked prefs that were unlocked, more should be unlocked probably @@ -1701,143 +644,4 @@ defaultPref("javascript.options.wasm", false); // disable web assembly defaultPref("webgl.disabled", true); // disable webgl defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access -<<<<<<< HEAD -``` -<<<<<<< HEAD ->>>>>>> e7a5601 (more good stuff) -======= - -## Who cares -Prefs that were commented and are now removed -``` -// Librefox Compatibility Fix -// commented out, we're setting it differently later on -// defaultPref("extensions.autoDisableScopes", 0); - -// Removing https-everywhere adding 2 librefox addons -// keep it commented out for now, until we have more recent, properly pre-installed addons -// defaultPref("extensions.enabledAddons", ...); - -//lockPref("browser.contentblocking.global-toggle.enabled", false); -//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); -//lockPref("browser.contentblocking.fastblock.ui.enabled", false); -//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); -//lockPref("browser.contentblocking.allowlist.storage.enabled", false); -//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); -//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.ui.enabled", false); -//lockPref("browser.contentblocking.enabled", false); - -//lockPref("security.ask_for_password", 2); -//lockPref("security.password_lifetime", 5); - -//defaultPref("privacy.cpd.openWindows", true); // Clear session data -//defaultPref("privacy.clearOnShutdown.openWindows", true); -//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); -//lockPref("permissions.memory_only", true); // (hidden pref) -//lockPref("browser.formfill.expire_days", 0); - -//lockPref("browser.urlbar.autoFill", false); -//lockPref("browser.urlbar.autoFill.typed", false); - -//lockPref("media.peerconnection.video.h264", true); - -//lockPref("network.proxy.autoconfig_url.include_path", false); -//lockPref("network.proxy.socks_remote_dns", true); - -//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); -//lockPref("browser.devedition.theme.enabled", true); -//lockPref("devtools.theme", "dark"); -//lockPref("browser.devedition.theme.showCustomizeButton", true); - -//defaultPref("extensions.ui.dictionary.hidden", false); -//defaultPref("extensions.ui.locale.hidden", false); - -//lockPref("dom.indexedDB.logging.details", false); //default true -//lockPref("dom.indexedDB.logging.enabled", false); //default true -//lockPref("network.http.spdy.enabled", false); -//lockPref("network.http.spdy.enabled.deps", false); -//lockPref("network.http.spdy.enabled.http2", false); -//lockPref("network.http.spdy.websockets", false); - -// lockPref("dom.IntersectionObserver.enabled", false); - -// Pref : CSP Main Settings I/II : -// Those are default values for CSP -// Those are not meant to to be uncommented -//defaultPref("security.csp.enable", true); //This is its default value -//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value -//defaultPref("security.csp.enable_violation_events", true); //This is its default value -//defaultPref("security.csp.experimentalEnabled", false); //This is its default value -//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value -// Default Content Security Policy to apply to signed contents. -//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value - -// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature -// This value is applied after the first one (just ignore this) -//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); -// Default Value : "script-src 'self'; object-src 'self';" - -// Pref :Whether or not the installed extensions should be migrated to the -// storage.local IndexedDB backend. -//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false - -// Pref : if enabled, store execution times for API calls -//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false - -// Pref : Maximum age in milliseconds of performance counters in children -// When reached, the counters are sent to the main process and -// reset, so we reduce memory footprint. -//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.1.issuerName", ""); -// Default Value -// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.2.issuerName", ""); -// Default Value -// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US - -// Pref : Manage certificates button -//lockPref("security.disable_button.openCertManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : Manage security devices button -//lockPref("security.disable_button.openDeviceManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : The impact for this one is negligible -//defaultPref("browser.download.animateNotifications", false); -// Bench Diff : -80/5000 -// Pref : Spoof CPU Core Def 16 -// Default settings seems to be the best -//defaultPref("dom.maxHardwareConcurrency", 8); -// Bench Diff : -500/5000 -// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. -// Garbage collection releases memory back to the system. -// Default settings seems to be the best -//lockPref("javascript.options.mem.high_water_mark", 96); -// Bench Diff : -100/5000 -// Pref : Prevent font fingerprinting -// https://browserleaks.com/fonts -// https://github.com/pyllyukko/user.js/issues/120 -// Solved by extension disabled here for performance -//lockPref("browser.display.use_document_fonts", 0); - - -// Fix ESR Devtools -//lockPref("devtools.telemetry.tools.opened.version", ""); -// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} - -// defaultPref("network.http.sendRefererHeader", 1); default is better - -ALL OF Disabled - Deprecated Inactive -ALL OF Disabled - Section OFF -``` ->>>>>>> 57702f8 (updated changelog) -======= -``` ->>>>>>> d24f87c (pre MR commit) +``` \ No newline at end of file diff --git a/README.md b/README.md index dc32d6e..f63cd10 100755 --- a/README.md +++ b/README.md @@ -2,41 +2,13 @@ LibreWolf settings for all platforms. -<<<<<<< HEAD -<<<<<<< HEAD The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. The old configuration (now tagged as `legacy`) should be considered deprecated and it will no longer be maintained. -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> d79e65a (added Win location) We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides, just place your own preferences in the proper location, according to your OS and install method: - Most distros and macOS -> `~/.librewolf/librewolf.overrides.cfg` - Flatpak -> `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` - Windows -> `%USERPROFILE%\.librewolf\librewolf.overrides.cfg` -<<<<<<< HEAD -======= -The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to ovveride preferences with an external file. -======= -The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. ->>>>>>> f8a4623 (tweak) -The old configuration (now tagged as legacy) should be considered deprecated and it will no longer be maintained. -======= ->>>>>>> 131c061 (tweak) - -<<<<<<< HEAD -We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the ovverides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`. ->>>>>>> d24f87c (pre MR commit) -======= -We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`. ->>>>>>> c2f6d4e (tweaks) -======= -We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides: just place your own preferences in `~/.librewolf/librewolf.overrides.cfg`, or if you are using Flatpak `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg`. ->>>>>>> 6dbfa2e (added flatpak location) -======= ->>>>>>> d79e65a (added Win location) ## Useful links - FAQ (coming soon): to help you creating your own pref file. @@ -51,18 +23,6 @@ We encourage users to find **their own setup** and to use our default configurat This repository benefits from the knowledge and research provided by [arkenfox](https://github.com/arkenfox), their documentation was vital to this revamp, so special thanks to their project. We do not use arkenfox's user.js but we try to keep up with it, and we also consider it a great resource for users who want to find their own setup. -<<<<<<< HEAD -<<<<<<< HEAD Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home). -Thank you to the whole LibreWolf community as once again this is entirely a community effort. -======= -Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated in [bugzilla](https://bugzilla.mozilla.org/home). - -Thank you to the entire LibreWolf community as once again this is entirely a community effort. ->>>>>>> d24f87c (pre MR commit) -======= -Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home). - -Thank you to the whole LibreWolf community as once again this is entirely a community effort. ->>>>>>> c2f6d4e (tweaks) +Thank you to the whole LibreWolf community as once again this is entirely a community effort. \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index e77cbe4..cd12b9c 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1,7 +1,3 @@ -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> 55c94dc (reorganized, revisited) //---------------| // LibreWolf | //---------------| @@ -9,15 +5,6 @@ // ================================================================================================================================| // | // "Section" : Description of the settings section separated by "----" | -<<<<<<< HEAD -<<<<<<< HEAD -======= -// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance | -// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss | -// Performance can be tested here : https://chromium.github.io/octane/ | ->>>>>>> 55c94dc (reorganized, revisited) -======= ->>>>>>> 45bf63e (processed everything up to EOF) // "Pref" : Preference/Settings name and or description followed by links or documentations | // and some time explanation why the setting is commented and ignored. | // "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here | @@ -35,204 +22,17 @@ // that rely on comparing version numbers. | // | // ================================================================================================================================| -<<<<<<< HEAD -======= -// --------- -// LibreWolf -// --------- -// -// Documentation .............. : -// ============================== -// -// "Section" : Description of the settings section separated by "----" -// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance -// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss -// Performance can be tested here : https://chromium.github.io/octane/ -// "Pref" : Preference/Settings name and or description followed by links or documentations -// and some time explanation why the setting is commented and ignored. -// "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here -// lockPref is used to lock preferences so they cannot be changed through the GUI or about:config. -// In many cases the GUI will change to reflect this, graying out or removing options. Appears -// in about:config as "locked". Some config items require lockPref to be set, such as app.update.enabled. -// It will not work if it set with just pref. -// "pref" : Sets the preference as if a user had set it, every time you start the browser. So users can make changes, -// but they will be erased on restart. If you set a particular preference this way, -// it shows up in about:config as "user set". -// "defaultPref" : Defaulting : Is used to alter the default value, though users can set it normally and their changes will -// be saved between sessions. If preferences are reset to default through the GUI or some other method, -// this is what they will go back to. Appears in about:config as "default". -// "clearPref" : Can be used to "blank" certain preferences. This can be useful e.g. to disable functions -// that rely on comparing version numbers. -// -// ==================================================================================== -// Protection ................. : -// ============================== -// -// Pref : Locking librewolf.cfg itself -defaultPref("general.config.filename", "librewolf.cfg"); -// -// ===================================================================================== -// Index librewolf.cfg .......... : -// ============================== -// -// ----------------------------------------------------------------------- -// Section : User settings // Bench Diff : +0 / 5000 -// Section : Defaulting Settings // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Controversial // Bench Diff : +0 / 5000 -// Section : Firefox Fingerprint // Bench Diff : +0 / 5000 -// Section : Locale/Time // Bench Diff : +0 / 5000 -// Section : Ghacks-user Selection // Bench Diff : +100 / 5000 -// Section : Extensions Manager // Bench Diff : +0 / 5000 -// Section : IJWY To Shut Up // Bench Diff : +0 / 5000 -// Section : Microsoft Windows // Bench Diff : +0 / 5000 -// Section : Firefox ESR60.x // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Security 1/3 // Bench Diff : +0 / 5000 -// Section : Security 2/3 // Bench Diff : +0 / 5000 -// Section : Security 3/3 (Cipher) // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Performance 1/5 // Bench Diff : +650 / 5000 -// Section : Performance 2/5 // Bench Diff : -800 / 5000 -// Section : Performance 3/5 // Bench Diff : -1720 / 5000 -// Section : Performance 4/5 // Bench Diff : -200 / 5000 -// Section : Performance 5/5 // Bench Diff : -50 / 5000 -// ----------------------------------------------------------------------- -// Section : General Settings 1/3 // Bench Diff : +100 / 5000 -// Section : General Settings 2/3 // Bench Diff : +0 / 5000 -// Section : General Settings 3/3 // Bench Diff : -40 / 5000 -// ----------------------------------------------------------------------- -// Section : Disabled - ON/OFF // Bench Diff : +0 / 5000 -// Section : Disabled - Deprecated Active // Bench Diff : +0 / 5000 -// Section : Disabled - Deprecated Inactive // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// -// ----------------------------------------------------------------------- -// Index local-settings.js .... : -// ============================== -// -// ----------------------------------------------------------------------- -// Section : General Settings // Bench Diff : ++ / 5000 -// ----------------------------------------------------------------------- -// -// ----------------------------------------------------------------------- -// >>>>>>>>>>>>>>>>>>>>>>> -// Section : User Settings -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>>>>> -======= ->>>>>>> 55c94dc (reorganized, revisited) - -<<<<<<< HEAD -// -------------------------------- -// User Settings : Cookies settings -// -------------------------------- - -// In the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI -defaultPref("network.cookie.cookieBehavior", 1); -defaultPref("network.cookie.lifetimePolicy", 2); -defaultPref("network.cookie.thirdparty.sessionOnly", true); -lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) - -<<<<<<< HEAD // ----------------------------------- // # TRACKING PROTECTION -======= - -// ----------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD -// TRACKING PROTECTION ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// FILENAME ->>>>>>> 7887469 (reviewed and reorganized up to extensions) // ----------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more -======= -// set custom mode -lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway - -// disabling tracking protection ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -======= -defaultPref("general.config.filename", "librewolf.cfg"); - -======= ->>>>>>> 48fecfd (removed redundant stuff) -// ----------------------------------- -// OVERRIDES -// ----------------------------------- - -// allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` -// or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). -// not yet verified to work on Windows and MacOS releases -let home_directory = getenv("HOME"); -if (home_directory) { - pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); -} - -// ----------------------------------- -<<<<<<< HEAD -======= ->>>>>>> 344e1e8 (moved overrides to bottom) -// TRACKING PROTECTION -======= -// # TRACKING PROTECTION ->>>>>>> 01804b5 (add tags for .md rendering) -// ----------------------------------- - -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway ->>>>>>> 55c94dc (reorganized, revisited) -======= -defaultPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway ->>>>>>> 7b8bd35 (unlock content block cat as breaks cookie button) -======= -defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI ->>>>>>> 48fecfd (removed redundant stuff) -======= -defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more ->>>>>>> e7a5601 (more good stuff) lockPref("privacy.trackingprotection.enabled", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); lockPref("privacy.trackingprotection.socialtracking.enabled", false); lockPref("privacy.trackingprotection.cryptomining.enabled", false); lockPref("privacy.trackingprotection.fingerprinting.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -lockPref("privacy.trackingprotection.annotate_channels", false); -lockPref("urlclassifier.trackingTable", ""); -lockPref("browser.contentblocking.database.enabled", false); - -// remove urls -lockPref("browser.contentblocking.reportBreakage.url", ""); - -// hide ui elements -lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); -lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); -lockPref("browser.contentblocking.report.hide_vpn_banner", true); -lockPref("browser.contentblocking.report.show_mobile_app", false); -lockPref("browser.contentblocking.report.lockwise.enabled", false); -lockPref("browser.contentblocking.report.monitor.enabled", false); -lockPref("browser.contentblocking.report.proxy.enabled", false); -lockPref("browser.contentblocking.report.vpn.enabled", false); -======= - -// below are potentially useless as tracking protection is disabled -======= ->>>>>>> 55c94dc (reorganized, revisited) -lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); -======= ->>>>>>> 48fecfd (removed redundant stuff) lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("urlclassifier.trackingTable", ""); lockPref("browser.contentblocking.database.enabled", false); @@ -250,36 +50,15 @@ lockPref("browser.contentblocking.report.monitor.enabled", false); lockPref("browser.contentblocking.report.proxy.enabled", false); lockPref("browser.contentblocking.report.vpn.enabled", false); -<<<<<<< HEAD -// Windows only? -lockPref("default-browser-agent.enabled", false); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) - -// ---------------------------------- -<<<<<<< HEAD -// # AUTOPLAY -======= -// AUTOPLAY ->>>>>>> a35eb4b (re-organized and reviewed) -======= // ---------------------------------- // # AUTOPLAY ->>>>>>> e7a5601 (more good stuff) // ---------------------------------- defaultPref("media.autoplay.default", 5); defaultPref("media.autoplay.blocking_policy", 2); // ----------------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # PASSWORD MANAGER -======= -// PASSWORD MANAGER ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # PASSWORD MANAGER ->>>>>>> e7a5601 (more good stuff) // ----------------------------------------- lockPref("signon.rememberSignons", false); @@ -287,50 +66,11 @@ lockPref("signon.storeWhenAutocompleteOff", false); defaultPref("signon.management.page.breach-alerts.enabled", false); defaultPref("signon.management.page.breachAlertUrl", ""); lockPref("signon.formlessCapture.enabled", false); -<<<<<<< HEAD // -------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # SEARCH AND URLBAR // -------------------------------- -defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); -lockPref("browser.urlbar.speculativeConnect.enabled", false); -lockPref("browser.urlbar.trimURLs", false); -lockPref("browser.search.suggest.enabled", false); -lockPref("browser.search.region", "US"); -lockPref("browser.fixup.alternate.enabled", false); -lockPref("browser.urlbar.suggest.searches", false); -lockPref("browser.search.update", false); -======= ->>>>>>> 45bf63e (processed everything up to EOF) - -// -------------------------------- -<<<<<<< HEAD -// # SANITIZING, COOKIES AND HISTORY -// -------------------------------- - -defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 -defaultPref("network.cookie.lifetimePolicy", 2); -defaultPref("network.cookie.thirdparty.sessionOnly", true); -lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); - -// includes new cookie behavior that allows to stay logged with exceptions -defaultPref("privacy.clearOnShutdown.cookies", false); -defaultPref("privacy.clearOnShutdown.offlineApps", false); -defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid accidental logout -defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout -======= -// SEARCH -======= -// SEARCH AND URLBAR ->>>>>>> 653a6ed (knocked out some more prefs) -======= -// # SEARCH AND URLBAR ->>>>>>> e7a5601 (more good stuff) -// -------------------------------- - defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); lockPref("browser.urlbar.speculativeConnect.enabled", false); lockPref("browser.urlbar.trimURLs", false); @@ -354,12 +94,6 @@ defaultPref("privacy.clearOnShutdown.cookies", false); defaultPref("privacy.clearOnShutdown.offlineApps", false); defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid accidental logout defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout -<<<<<<< HEAD -defaultPref("privacy.cpd.passwords", false); -defaultPref("privacy.cpd.sessions", true); ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 48fecfd (removed redundant stuff) defaultPref("privacy.sanitize.timeSpan", 0); defaultPref("browser.formfill.enable", false); @@ -367,79 +101,27 @@ defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("places.history.enabled", false); defaultPref("privacy.history.custom", true); -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD // -------------------------------------------------------------------- // # SESSIONS -======= -======= -defaultPref("layout.css.visited_links_enabled", false); -defaultPref("layout.css.always-repaint-on-unvisited", false); -defaultPref("layout.css.notify-of-unvisited", false); - ->>>>>>> 653a6ed (knocked out some more prefs) -// this sets a cookie jar for 3rd party origin which is the same as dFPI -// and probably redundant when 3rd party cookies are disabled -// lockPref("privacy.storagePrincipal.enabledForTrackers", false); - -======= ->>>>>>> 7887469 (reviewed and reorganized up to extensions) -// -------------------------------------------------------------------- -<<<<<<< HEAD -// SESSIONS ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # SESSIONS ->>>>>>> 01804b5 (add tags for .md rendering) // -------------------------------------------------------------------- lockPref("browser.sessionstore.privacy_level", 2); lockPref("browser.sessionstore.interval", 60000); // --------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # AUTOFILL -======= -// AUTOFILL ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # AUTOFILL ->>>>>>> 01804b5 (add tags for .md rendering) // --------------------------------- defaultPref("extensions.formautofill.section.enabled", false); defaultPref("extensions.formautofill.available", "off"); defaultPref("extensions.formautofill.addresses.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD -======= -defaultPref("extensions.formautofill.addresses.capture.enabled", false); ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 48fecfd (removed redundant stuff) defaultPref("extensions.formautofill.creditCards.enabled", false); defaultPref("extensions.formautofill.creditCards.available", false); defaultPref("extensions.formautofill.heuristics.enabled", false); lockPref("signon.autofillForms", false); -<<<<<<< HEAD -<<<<<<< HEAD // ----------------------- // # DRM -======= -lockPref("signon.autofillForms.http", false); -======= ->>>>>>> 48fecfd (removed redundant stuff) - -// ----------------------- -<<<<<<< HEAD -// DRM ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # DRM ->>>>>>> 01804b5 (add tags for .md rendering) // ----------------------- // includes new DRM implementation for easily re-enabling it @@ -449,58 +131,16 @@ defaultPref("media.eme.enabled", false); defaultPref("media.gmp-widevinecdm.visible", false); defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-provider.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections -<<<<<<< HEAD -<<<<<<< HEAD -defaultPref("media.gmp-gmpopenh264.enabled", false); -======= -defaultPref("media.gmp-manager.url", "data:text/plain,"); had to re-add to prevent connections ->>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) -======= -defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections ->>>>>>> f733a19 (fixed broken comment) - -// ---------------------- -// # WEBRTC -======= -defaultPref("media.gmp.trial-create.enabled", false); -======= ->>>>>>> 7887469 (reviewed and reorganized up to extensions) defaultPref("media.gmp-gmpopenh264.enabled", false); // ---------------------- -<<<<<<< HEAD -<<<<<<< HEAD -// WebRTC ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// WEBRTC ->>>>>>> 55c94dc (reorganized, revisited) -======= // # WEBRTC ->>>>>>> 01804b5 (add tags for .md rendering) // ---------------------- defaultPref("media.navigator.enabled", false); defaultPref("media.peerconnection.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD -======= -defaultPref("media.navigator.video.enabled", false); -defaultPref("media.getusermedia.browser.enabled", false); -defaultPref("media.getusermedia.screensharing.enabled", false); -defaultPref("media.getusermedia.audiocapture.enabled", false); -defaultPref("media.peerconnection.use_document_iceservers", false); -defaultPref("media.peerconnection.identity.enabled", false); -defaultPref("media.peerconnection.identity.timeout", 1); // 10000 per default -defaultPref("media.peerconnection.turn.disable", true); -defaultPref("media.peerconnection.ice.tcp", false); ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 7887469 (reviewed and reorganized up to extensions) defaultPref("media.peerconnection.ice.default_address_only", true); defaultPref("media.peerconnection.ice.no_host", true); defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); @@ -514,15 +154,7 @@ defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // defaultPref("media.peerconnection.ice.tcp", false); // ---------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # SHARING -======= -// SHARING ->>>>>>> 7887469 (reviewed and reorganized up to extensions) -======= -// # SHARING ->>>>>>> 01804b5 (add tags for .md rendering) // ---------------------- defaultPref("media.getusermedia.browser.enabled", false); @@ -530,15 +162,7 @@ defaultPref("media.getusermedia.screensharing.enabled", false); defaultPref("media.getusermedia.audiocapture.enabled", false); // ---------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # DNS -======= -// DNS ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # DNS ->>>>>>> 01804b5 (add tags for .md rendering) // ---------------------------- lockPref("network.trr.mode", 5); @@ -549,15 +173,7 @@ defaultPref("network.dns.disableIPv6", true); lockPref("network.dns.disablePrefetch", true); // ------------------------------------ -<<<<<<< HEAD -<<<<<<< HEAD // # NEW TAB PAGE -======= -// NEW TAB PAGE ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # NEW TAB PAGE ->>>>>>> 01804b5 (add tags for .md rendering) // ------------------------------------ lockPref("browser.newtab.preload", false); @@ -598,75 +214,23 @@ lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnabled", false); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); -<<<<<<< HEAD -<<<<<<< HEAD -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); -lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); -======= -lockPref("browser.newtab.preload", false); -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); -lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); - -lockPref("extensions.getAddons.discovery.api_url", ""); -lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); -lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); -lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":false}"); - -lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); -// Default Value : -// {\"id\":\"cfr\",\"enabled\":false,\"type\":\"local\",\"localProvider\":\ -// "CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}} -lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", ""); -// Default Value : -// {\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true} -lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); -// Default Value : -// {\"id\":\"snippets\",\"enabled\":false,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/ -// %STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION% -// /%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000} ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) - -// ------------------------------------------- -// # DO NOT TRACK -======= lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // ------------------------------------------- -<<<<<<< HEAD -// DO NOT TRACK ->>>>>>> a35eb4b (re-organized and reviewed) -======= // # DO NOT TRACK ->>>>>>> 01804b5 (add tags for .md rendering) // ------------------------------------------- // Unlocked as some think it increases fingerprint, they can now disable it defaultPref("privacy.donottrackheader.enabled", true); // -------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD // # DOM -======= -// DOM ->>>>>>> a35eb4b (re-organized and reviewed) -======= -// # DOM ->>>>>>> 01804b5 (add tags for .md rendering) // -------------------------------- lockPref("dom.disable_beforeunload", true); defaultPref("dom.disable_open_during_load", true); -<<<<<<< HEAD -<<<<<<< HEAD -======= -======= lockPref("dom.push.enabled", false); lockPref("dom.push.connection.enabled", false); lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" @@ -682,12 +246,6 @@ lockPref("dom.vr.enabled", false); lockPref("dom.vibrator.enabled", false); defaultPref("dom.storage.next_gen", true); -<<<<<<< HEAD -// lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated ->>>>>>> 55c94dc (reorganized, revisited) - -======= ->>>>>>> 7887469 (reviewed and reorganized up to extensions) // -------------------------------- // # PERMISSIONS // -------------------------------- @@ -754,128 +312,6 @@ defaultPref("intl.locale.requested", "en-US"); defaultPref("privacy.spoof_english", 2); // defaultPref("intl.regional_prefs.use_os_locales", false); // default -<<<<<<< HEAD -// -------------------------------------- -// USER AGENT AND IDENTITY -// -------------------------------------- - -// worth discussing -defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); -defaultPref("general.appname.override", "Netscape"); -defaultPref("general.appversion.override", "5.0 (Windows)"); -defaultPref("general.platform.override", "Win32"); -defaultPref("general.oscpu.override", "Windows NT 6.1"); -lockPref("general.buildID.override", "20100101"); -lockPref("browser.startup.homepage_override.buildID", "20100101"); - -<<<<<<< HEAD -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Ghacks-user Selection -// Bench Diff : +100/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -lockPref("toolkit.coverage.endpoint.base", ""); -lockPref("toolkit.coverage.opt-out", true); -lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("browser.download.hide_plugins_without_extensions", false); -lockPref("webchannel.allowObject.urlWhitelist", ""); -lockPref("browser.cache.offline.storage.enable", false); -lockPref("network.http.redirection-limit", 10); -lockPref("extensions.enabledScopes", 5); - -// Is there any reason to change the default value? -// lockPref("extensions.autoDisableScopes", 11); - -lockPref("xpinstall.whitelist.required", true); // default: true - ->>>>>>> a35eb4b (re-organized and reviewed) -lockPref("dom.push.enabled", false); -lockPref("dom.push.connection.enabled", false); -lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" -lockPref("dom.push.userAgentID", ""); -lockPref("dom.targetBlankNoOpener.enabled", true); -lockPref("dom.disable_window_move_resize", true); -defaultPref("dom.serviceWorkers.enabled", false); -defaultPref("dom.battery.enabled", false); -lockPref("dom.popup_maximum", 4); -defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -defaultPref("dom.webaudio.enabled", false); -lockPref("dom.vr.enabled", false); -lockPref("dom.vibrator.enabled", false); -defaultPref("dom.storage.next_gen", true); - -// -------------------------------- -// # PERMISSIONS -// -------------------------------- - -lockPref("permissions.delegation.enabled", false); -defaultPref("permissions.default.geo", 2); // unlocked as some think it increases fingerprint, they can now disable it -lockPref("permissions.manager.defaultsUrl", ""); - -// -------------------------------- -// # REFERERS -// -------------------------------- - -lockPref("network.http.referer.XOriginTrimmingPolicy", 2); -lockPref("network.http.referer.XOriginPolicy", 0); - -// -------------------------------- -// # PROXY -// -------------------------------- - -<<<<<<< HEAD -defaultPref("network.proxy.autoconfig_url", ""); -defaultPref("network.proxy.socks_remote_dns", true); -defaultPref("network.proxy.socks_version", 5); -======= - -lockPref("plugin.default.state", 1); -lockPref("plugin.defaultXpi.state", 1); ->>>>>>> a35eb4b (re-organized and reviewed) - -// -------------------------------------- -// # HTTP(S) -// -------------------------------------- - -lockPref("network.http.altsvc.enabled", false); -lockPref("network.http.altsvc.oe", false); -defaultPref("dom.security.https_only_mode", true); -defaultPref("dom.security.https_only_mode_pbm", true); -defaultPref("network.auth.subresource-http-auth-allow", 1); - -// -------------------------------------- -// # TLS -// -------------------------------------- - -defaultPref("security.ssl.require_safe_negotiation", true); -lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); -lockPref("security.ssl.disable_session_identifiers", true); -lockPref("browser.ssl_override_behavior", 1); -lockPref("security.tls.enable_0rtt_data", false); -lockPref("security.tls.version.enable-deprecated", false); -lockPref("security.tls.version.fallback-limit", 3); -lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos - -// to check -lockPref("network.stricttransportsecurity.preloadlist", false); - -// -------------------------------------- -// # RFP -// -------------------------------------- - -defaultPref("privacy.resistFingerprinting", true); -defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); -lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing - -// -------------------------------------- -// # LANGUAGE AND REGION -// -------------------------------------- - -defaultPref("javascript.use_us_english_locale", true); -defaultPref("intl.locale.requested", "en-US"); -defaultPref("privacy.spoof_english", 2); -// defaultPref("intl.regional_prefs.use_os_locales", false); // default - // ------------------------------------------------------- // # EXTENSIONS - check readme section "Extensions Firewall" // ------------------------------------------------------- @@ -884,24 +320,10 @@ defaultPref("privacy.spoof_english", 2); defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" -======= -======= ->>>>>>> 934010b (removed overrides for spoofing) -// ------------------------------------------------------- -// # EXTENSIONS - check readme section "Extensions Firewall" -// ------------------------------------------------------- - -// handle default restricted domains -defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" -lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" - ->>>>>>> 55c94dc (reorganized, revisited) // disable network for the extensions // Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>> defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;"); -<<<<<<< HEAD -<<<<<<< HEAD // set extensions scopes lockPref("extensions.enabledScopes", 5); lockPref("extensions.autoDisableScopes", 11); @@ -944,35 +366,12 @@ lockPref("extensions.systemAddon.update.url", ""); lockPref("extensions.systemAddon.update.enabled", false); lockPref("xpinstall.signatures.devInfoURL", ""); -<<<<<<< HEAD -<<<<<<< HEAD -======= -lockPref("extensions.webapi.testing", false); // hidden prefs // default false ->>>>>>> 48fecfd (removed redundant stuff) -======= ->>>>>>> e7a5601 (more good stuff) lockPref("extensions.webservice.discoverURL", ""); lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); lockPref("lightweightThemes.getMoreURL", ""); defaultPref("extensions.postDownloadThirdPartyPrompt", false); -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD -======= -======= -lockPref("xpinstall.whitelist.required", true); // default ->>>>>>> 7732277 (imrpoved referers and language settings) -======= ->>>>>>> e7a5601 (more good stuff) -<<<<<<< HEAD -// to check -defaultPref("xpinstall.signatures.required", true); ->>>>>>> 0267245 (added some new prefs from arkenfox) - -======= ->>>>>>> 48fecfd (removed redundant stuff) // ------------------------------------------------------- // # NORMANDY // ------------------------------------------------------- @@ -1002,153 +401,8 @@ lockPref("security.mixed_content.block_active_content", true); lockPref("security.insecure_connection_text.enabled", true); lockPref("security.insecure_connection_text.pbmode.enabled", true); -<<<<<<< HEAD lockPref("security.dialog_enable_delay", 700); lockPref("security.csp.enable", true); -======= -// Remove a bunch of URLs : -lockPref("lightweightThemes.getMoreURL", ""); -lockPref("media.decoder-doctor.new-issue-endpoint", ""); -lockPref("identity.sync.tokenserver.uri", ""); -lockPref("network.trr.confirmationNS", ""); -lockPref("browser.translation.engine", ""); // default Google -lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // default Yahoo! Mail -lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail -lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.irc.0.name", ""); -lockPref("services.sync.lastversion", ""); -lockPref("browser.safebrowsing.provider.mozilla.lists.base", ""); -lockPref("browser.safebrowsing.provider.mozilla.lists.content", ""); -lockPref("browser.safebrowsing.provider.google.advisoryName", ""); -lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); -lockPref("browser.safebrowsing.provider.mozilla.lists", ""); -lockPref("identity.fxaccounts.remote.root", ""); -lockPref("services.settings.server", ""); -lockPref("services.blocklist.addons.signer", ""); -lockPref("services.blocklist.gfx.signer", ""); -lockPref("services.settings.security.onecrl.signer", ""); -lockPref("services.blocklist.pinning.signer", ""); -lockPref("services.blocklist.plugins.signer", ""); -lockPref("accessibility.support.url", ""); -lockPref("app.normandy.shieldLearnMoreUrl", ""); -lockPref("app.support.baseURL", ""); -lockPref("browser.chrome.errorReporter.infoURL", ""); -lockPref("browser.dictionaries.download.url", ""); -lockPref("browser.geolocation.warning.infoURL", ""); -lockPref("browser.search.searchEnginesURL", ""); -lockPref("browser.uitour.themeOrigin", ""); -lockPref("extensions.getAddons.compatOverides.url", ""); -lockPref("services.sync.addons.trustedSourceHostnames", ""); -lockPref("toolkit.datacollection.infoURL", ""); -lockPref("xpinstall.signatures.devInfoURL", ""); -lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); -======= -// enable Content Security Policy (CSP) -lockPref("security.csp.enable", true); - -<<<<<<< HEAD -======= ->>>>>>> 45bf63e (processed everything up to EOF) -// set extensions scopes -lockPref("extensions.enabledScopes", 5); -lockPref("extensions.autoDisableScopes", 11); ->>>>>>> 55c94dc (reorganized, revisited) -======= -// ------------------------------------------------------- -// # SAFE BROWSING -// ------------------------------------------------------- ->>>>>>> 01804b5 (add tags for .md rendering) - -// Relevant for addons and lang packs search -defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% -defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% - -// other urls -defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% -defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ -defaultPref("extensions.update.url", ""); -// Default Value -// https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= -// %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -// %ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= -// %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= -// %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% - -// ui -defaultPref("extensions.getAddons.showPane", false); -lockPref("extensions.getAddons.discovery.api_url", ""); -lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); -lockPref("extensions.webcompat-reporter.enabled", false); -lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new - -// background checking and updating -defaultPref("extensions.update.enabled", false); -defaultPref("extensions.update.autoUpdateDefault", false); -defaultPref("extensions.update.background.url", ""); -defaultPref("extensions.getAddons.cache.enabled", false); - -// blocklist -defaultPref("extensions.blocklist.enabled", false); -defaultPref("extensions.blocklist.detailsURL", ""); -defaultPref("extensions.blocklist.itemURL", ""); - -// system addons -lockPref("extensions.systemAddon.update.url", ""); -lockPref("extensions.systemAddon.update.enabled", false); - -lockPref("xpinstall.whitelist.required", true); // default: true -lockPref("xpinstall.signatures.devInfoURL", ""); -defaultPref("extensions.webextensions.background-delayed-startup", true); //default true -lockPref("extensions.webapi.testing", false); // hidden prefs // default false -lockPref("extensions.webservice.discoverURL", ""); -lockPref("webextensions.storage.sync.serverURL", ""); -lockPref("extensions.screenshots.upload-disabled", true); -lockPref("lightweightThemes.getMoreURL", ""); - -// to check -defaultPref("xpinstall.signatures.required", true); - -// ------------------------------------------------------- -// NORMANDY -// ------------------------------------------------------- - -lockPref("app.normandy.enabled", false); -lockPref("app.normandy.api_url", ""); -lockPref("app.normandy.first_run", false); -lockPref("app.normandy.user_id", ""); -lockPref("app.normandy.shieldLearnMoreUrl", ""); -lockPref("app.normandy.dev_mode", false); - -// -------------------------------- -// SECURITY -// -------------------------------- - -// certificates -lockPref("security.cert_pinning.enforcement_level", 2); -defaultPref("security.OCSP.enabled", 0); -defaultPref("security.OCSP.require", false); -lockPref("security.ssl.enable_ocsp_stapling", true); -lockPref("security.pki.sha1_enforcement_level", 1); - -// mixed content -lockPref("security.mixed_content.block_object_subrequest", true); -lockPref("security.mixed_content.block_display_content", true); -lockPref("security.mixed_content.block_active_content", true); - -// reduce breakage -defaultPref("security.remote_settings.intermediates.enabled", true); - -<<<<<<< HEAD -// Pref : -lockPref("browser.chrome.errorReporter.submitUrl", ""); -lockPref("browser.chrome.errorReporter.enabled", false); - -// Pref : -lockPref("browser.ping-centre.staging.endpoint", ""); -lockPref("browser.ping-centre.telemetry", false); ->>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) // ------------------------------------------------------- // # SAFE BROWSING @@ -1159,29 +413,6 @@ lockPref("browser.safebrowsing.passwords.enabled", false); lockPref("browser.safebrowsing.phishing.enabled", false); // downloads and unwanted software -======= -// ui -lockPref("security.insecure_connection_icon.enabled", true); -lockPref("security.insecure_connection_icon.pbmode.enabled", true); -lockPref("security.insecure_connection_text.enabled", true); -lockPref("security.insecure_connection_text.pbmode.enabled", true); - -lockPref("security.dialog_enable_delay", 700); -lockPref("security.csp.enable", true); - -// ------------------------------------------------------- -// SAFE BROWSING -// ------------------------------------------------------- - -lockPref("browser.safebrowsing.malware.enabled", false); -lockPref("browser.safebrowsing.passwords.enabled", false); -lockPref("browser.safebrowsing.phishing.enabled", false); -<<<<<<< HEAD ->>>>>>> 55c94dc (reorganized, revisited) -======= - -// downloads and unwanted software ->>>>>>> 4041ab1 (reorganized and improved some entries) lockPref("browser.safebrowsing.downloads.enabled", false); lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false); @@ -1189,20 +420,9 @@ lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false); lockPref("browser.safebrowsing.downloads.remote.url", ""); -<<<<<<< HEAD -<<<<<<< HEAD // could try re-enabling some of these urls to see if it causes connections lockPref("browser.safebrowsing.id", ""); -======= -lockPref("browser.safebrowsing.id", ""); -lockPref("browser.safebrowsing.allowOverride", false); ->>>>>>> 55c94dc (reorganized, revisited) -======= - -// could try re-enabling some of these urls to see if it causes connections -lockPref("browser.safebrowsing.id", ""); ->>>>>>> 4041ab1 (reorganized and improved some entries) lockPref("browser.safebrowsing.blockedURIs.enabled", false); lockPref("browser.safebrowsing.provider.google4.pver", ""); lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); @@ -1239,9 +459,6 @@ lockPref("browser.safebrowsing.provider.mozilla.nextupdatetime", ""); lockPref("browser.safebrowsing.reportPhishURL", ""); // -------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD // # FONTS // -------------------------------- @@ -1257,7 +474,6 @@ lockPref("dom.ipc.plugins.reportCrashURL", false); lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); lockPref("plugin.state.flash", 0); -<<<<<<< HEAD // more important stuff lockPref("browser.shell.shortcutFavicons", false); defaultPref("alerts.showFavicons", false); @@ -1388,156 +604,6 @@ lockPref("javascript.options.shared_memory", false); // # GEO // -------------------------------- -======= -// MISC -======= -// FONTS ->>>>>>> 8b7a898 (updated and started editing external protocols) -======= -// # FONTS ->>>>>>> 01804b5 (add tags for .md rendering) -// -------------------------------- - -lockPref("gfx.font_rendering.graphite.enabled", false); -lockPref("gfx.font_rendering.opentype_svg.enabled", false); - -// -------------------------------- -// # MISC -// -------------------------------- - -======= ->>>>>>> e7a5601 (more good stuff) -// more important stuff -lockPref("browser.shell.shortcutFavicons", false); -defaultPref("alerts.showFavicons", false); -defaultPref("browser.link.open_newwindow", 3); -defaultPref("browser.link.open_newwindow.restriction", 0); -lockPref("network.file.disable_unc_paths", true); // (hidden pref) -lockPref("network.gio.supported-protocols", ""); // (hidden pref) -lockPref("plugin.default.state", 1); -lockPref("network.IDN_show_punycode", true); -defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP - -// pocket, to check if we can remove -lockPref("extensions.pocket.enabled", false); -lockPref("extensions.pocket.site", ""); -lockPref("extensions.pocket.oAuthConsumerKey", ""); -lockPref("extensions.pocket.api", ""); - -// pdf reader -defaultPref("pdfjs.disabled", false); -defaultPref("pdfjs.enableScripting", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); - -// remote agent -lockPref("remote.enabled", false); - -// settings and behavior -lockPref("browser.shell.checkDefaultBrowser", false); -lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); -defaultPref("startup.homepage_override_url", "about:blank"); -defaultPref("startup.homepage_welcome_url", "about:blank"); -defaultPref("startup.homepage_welcome_url.additional", ""); -lockPref("browser.startup.homepage_override.mstone", "ignore"); -defaultPref("privacy.userContext.enabled", true); -defaultPref("general.autoScroll", false); -defaultPref("clipboard.autocopy", false); -defaultPref("browser.tabs.loadBookmarksInTabs", true); -lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("accessibility.force_disabled", 1); -lockPref("browser.uitour.enabled", false); -lockPref("middlemouse.contentLoadURL", false); -defaultPref("accessibility.typeaheadfind", false); -lockPref("network.manage-offline-status", false); -lockPref("browser.helperApps.deleteTempFileOnExit", true); -lockPref("browser.pagethumbnails.capturing_disabled", true); -lockPref("browser.bookmarks.max_backups", 2); -defaultPref("reader.parse-on-load.enabled", false); - -// devtools -defaultPref("devtools.debugger.remote-enabled", false); -defaultPref("devtools.chrome.enabled", false); -lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com -lockPref("devtools.devices.url", ""); -lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] -lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] -defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-community/browser/linux/-/issues/80 - -// ui -defaultPref("browser.tabs.drawInTitlebar", true); -defaultPref("browser.aboutConfig.showWarning", false); -defaultPref("general.warnOnAboutConfig", false); -defaultPref("browser.download.autohideButton", false); -defaultPref("privacy.userContext.ui.enabled", true); -lockPref("browser.messaging-system.whatsNewPanel.enabled", false); - -// urls and handlers -lockPref("media.decoder-doctor.new-issue-endpoint", ""); -lockPref("identity.sync.tokenserver.uri", ""); -lockPref("network.trr.confirmationNS", ""); -lockPref("browser.translation.engine", ""); // default Google -lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // default Yahoo! Mail -lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail -lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.irc.0.name", ""); -lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); -lockPref("gecko.handlerService.schemes.ircs.0.name", ""); -lockPref("services.settings.server", ""); -lockPref("accessibility.support.url", ""); -lockPref("app.support.baseURL", ""); -lockPref("browser.uitour.url", ""); -lockPref("webchannel.allowObject.urlWhitelist", ""); -lockPref("browser.dictionaries.download.url", ""); -lockPref("browser.geolocation.warning.infoURL", ""); -lockPref("browser.search.searchEnginesURL", ""); -lockPref("browser.uitour.themeOrigin", ""); -lockPref("toolkit.datacollection.infoURL", ""); -lockPref("identity.mobilepromo.android", ""); -lockPref("identity.mobilepromo.ios", ""); -defaultPref("identity.sendtabpromo.url", ""); -lockPref("datareporting.healthreport.infoURL", ""); -lockPref("app.feedback.baseURL", ""); -lockPref("app.releaseNotesURL", ""); -lockPref("app.releaseNotesURL.aboutDialog", ""); -lockPref("browser.chrome.errorReporter.infoURL", ""); -lockPref("datareporting.policy.firstRunURL", ""); -lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); - -// -------------------------------- -// # CACHE -// -------------------------------- - -lockPref("browser.cache.offline.storage.enable", false); -lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] -defaultPref("media.memory_cache_max_size", 65536); - -// -------------------------------- -// # WEBGL AND PERFORMANCE -// -------------------------------- - -lockPref("webgl.enable-webgl2", false); -lockPref("webgl.disable-fail-if-major-performance-caveat", true); - -// -------------------------------- -// # JS -// -------------------------------- - -// should we consider disabling WebAssembly ? -// lockPref("javascript.options.wasm", false); - -// left as it is worth considering -// lockPref("javascript.options.asmjs", false); - -lockPref("javascript.options.shared_memory", false); - -// -------------------------------- -// # GEO -// -------------------------------- - ->>>>>>> 55c94dc (reorganized, revisited) lockPref("geo.enabled", false); lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] lockPref("geo.provider.use_corelocation", false); // [MAC] @@ -1547,18 +613,9 @@ lockPref("geo.provider.network.logging.enabled", false); lockPref("browser.region.network.url", ""); lockPref("browser.region.update.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD // -------------------------------- // # PREFETCHING // -------------------------------- -======= - -// Pref : -lockPref("layout.css.visited_links_enabled", false); -lockPref("layout.css.always-repaint-on-unvisited", false); -lockPref("layout.css.layout.css.notify-of-unvisited", false); ->>>>>>> 55c94dc (reorganized, revisited) lockPref("network.predictor.enabled", false); lockPref("network.prefetch-next", false); @@ -1575,30 +632,6 @@ lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); -======= -// -------------------------------- -// # PREFETCHING -// -------------------------------- - -lockPref("network.predictor.enabled", false); -lockPref("network.prefetch-next", false); -lockPref("network.http.speculative-parallel-limit", 0); - -// -------------------------------- -// # OUTGOING CONNECTIONS -// -------------------------------- - -<<<<<<< HEAD ->>>>>>> 653a6ed (knocked out some more prefs) -======= -// updates -lockPref("app.update.auto", false); -lockPref("app.update.staging.enabled", false); -lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); -lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); -lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); - ->>>>>>> 4041ab1 (reorganized and improved some entries) // connectivity service lockPref("network.connectivity-service.enabled", false); lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0"); @@ -1606,27 +639,7 @@ lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); lockPref("network.connectivity-service.DNSv6.domain", ""); lockPref("network.connectivity-service.DNSv4.domain", ""); -<<<<<<< HEAD -<<<<<<< HEAD // telemetry -======= -// Pref : -lockPref("plugins.crash.supportUrl", ""); - -// Pref : -lockPref("sync.enabled", false); - -// Pref : -lockPref("sync.jpake.serverURL", ""); - -// Pref : -lockPref("sync.serverURL", ""); - -// Pref : ->>>>>>> 55c94dc (reorganized, revisited) -======= -// telemetry ->>>>>>> 653a6ed (knocked out some more prefs) lockPref("toolkit.crashreporter.infoURL", ""); lockPref("toolkit.telemetry.archive.enabled", false); lockPref("toolkit.telemetry.updatePing.enabled", false); @@ -1643,159 +656,27 @@ lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); lockPref("toolkit.telemetry.unified", false); lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); -<<<<<<< HEAD -<<<<<<< HEAD lockPref("security.protectionspopup.recordEventTelemetry", false); lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); -<<<<<<< HEAD -<<<<<<< HEAD lockPref("toolkit.coverage.endpoint.base", ""); lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] lockPref("toolkit.coverage.opt-out", true); lockPref("toolkit.coverage.enabled", false); lockPref("app.shield.optoutstudies.enabled", false); -======= - -// Pref : Disable right-click menu manipulation via JavaScript (disabled) -defaultPref("dom.event.contextmenu.enabled", false); - -// Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript -// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in -// JS-based web applications (Google Docs etc.) -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled -lockPref("dom.event.clipboardevents.enabled", false); - -// Pref : Force Punycode for Internationalized Domain Names -// http://kb.mozillazine.org/Network.IDN_show_punycode -// https://www.xudongz.com/blog/2017/idn-phishing/ -// https://wiki.mozilla.org/IDN_Display_Algorithm -// https://en.wikipedia.org/wiki/IDN_homograph_attack -// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 -lockPref("network.IDN_show_punycode", true); - -// Pref : Disable Pocket -// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox -// https://github.com/pyllyukko/user.js/issues/143 -======= -lockPref("security.protectionspopup.recordEventTelemetry", false) -======= -lockPref("security.protectionspopup.recordEventTelemetry", false); -lockPref("datareporting.healthreport.uploadEnabled", false); -lockPref("datareporting.policy.dataSubmissionEnabled", false); ->>>>>>> 7887469 (reviewed and reorganized up to extensions) -======= -lockPref("toolkit.coverage.endpoint.base", ""); -lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] -lockPref("toolkit.coverage.opt-out", true); -lockPref("toolkit.coverage.enabled", false); -<<<<<<< HEAD ->>>>>>> 4041ab1 (reorganized and improved some entries) - -// pocket ->>>>>>> 653a6ed (knocked out some more prefs) -lockPref("extensions.pocket.enabled", false); -lockPref("extensions.pocket.site", ""); -lockPref("extensions.pocket.oAuthConsumerKey", ""); -lockPref("extensions.pocket.api", ""); -======= -lockPref("app.shield.optoutstudies.enabled", false); lockPref("beacon.enabled", false); lockPref("browser.ping-centre.telemetry", false); -<<<<<<< HEAD -// ping -lockPref("browser.send_pings", false); -lockPref("browser.send_pings.require_same_host", true); ->>>>>>> 8b7a898 (updated and started editing external protocols) - -======= ->>>>>>> e7a5601 (more good stuff) // discovery lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); -<<<<<<< HEAD -lockPref("breakpad.reportURL", ""); -lockPref("browser.send_pings", false); -lockPref("browser.send_pings.require_same_host", true); -<<<<<<< HEAD - -// Pref : Do not download URLs for the offline cache -// http://kb.mozillazine.org/Browser.cache.offline.enable -lockPref("browser.cache.offline.enable", false); - -/* 1007: disable media cache from writing to disk in Private Browsing - * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB */ -lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] -lockPref("media.memory_cache_max_size", 16384); - -// Pref : Disable prefetching of URLs -// http://kb.mozillazine.org/Network.prefetch-next -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F -// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, -// so the browser downloads them immediately so they can be displayed immediately when the user requests it. -lockPref("network.prefetch-next", false); - -// Pref : Disable speculative pre-connections -// Disable prefetch link on hover. -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections -// https://bugzilla.mozilla.org/show_bug.cgi?id=814169 -lockPref("network.http.speculative-parallel-limit", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 3/3 -// Bench Diff : -40/5000 -// >>>>>>>>>>>>>>>>>>>>> - -// Pref : Disable DOM timing API -// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI -// https://www.w3.org/TR/navigation-timing/#privacy -lockPref("dom.enable_performance", false); //Deprecated Active -lockPref("dom.enable_performance_navigation_timing", false); - -// Pref : Make sure the User Timing API does not provide a new high resolution timestamp -// https://trac.torproject.org/projects/tor/ticket/16336 -// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security -lockPref("dom.enable_user_timing", false); - -// Pref : Disable Web Audio API -// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 -// Avoid fingerprinting -defaultPref("dom.webaudio.enabled", false); - -// Pref : When geolocation is enabled, don't log geolocation requests to the console -lockPref("geo.wifi.logging.enabled", false); - -// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics) -// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon ->>>>>>> a35eb4b (re-organized and reviewed) -======= ->>>>>>> 653a6ed (knocked out some more prefs) -lockPref("beacon.enabled", false); -lockPref("browser.ping-centre.telemetry", false); - -<<<<<<< HEAD -// discovery -lockPref("browser.discovery.enabled", false); -lockPref("browser.discovery.containers.enabled", false); -lockPref("browser.discovery.sites", ""); -======= -======= // crash report lockPref("breakpad.reportURL", ""); lockPref("browser.tabs.crashReporting.sendReport", false); lockPref("browser.crashReports.unsubmittedCheck.enabled", false); lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); -<<<<<<< HEAD -<<<<<<< HEAD ->>>>>>> 8b7a898 (updated and started editing external protocols) -======= -lockPref("dom.ipc.plugins.reportCrashURL", false); -lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); ->>>>>>> 45bf63e (processed everything up to EOF) // captive portal lockPref("network.captive-portal-service.enabled", false); @@ -1805,433 +686,6 @@ lockPref("captivedetect.canonicalURL", ""); // # WINDOWS // -------------------------------- -<<<<<<< HEAD -<<<<<<< HEAD -lockPref("network.protocol-handler.warn-external-default",true); -lockPref("network.protocol-handler.external.javascript",false); -lockPref("network.protocol-handler.external.moz-extension",false); -lockPref("network.protocol-handler.external.ftp",false); -lockPref("network.protocol-handler.external.file",false); -lockPref("network.protocol-handler.external.about",false); -lockPref("network.protocol-handler.external.chrome",false); -lockPref("network.protocol-handler.external.blob",false); -lockPref("network.protocol-handler.external.data",false); -lockPref("network.protocol-handler.expose-all",false); -lockPref("network.protocol-handler.expose.http",true); -lockPref("network.protocol-handler.expose.https",true); -lockPref("network.protocol-handler.expose.javascript",true); -lockPref("network.protocol-handler.expose.moz-extension",true); -lockPref("network.protocol-handler.expose.ftp",true); -lockPref("network.protocol-handler.expose.file",true); -lockPref("network.protocol-handler.expose.about",true); -lockPref("network.protocol-handler.expose.chrome",true); -lockPref("network.protocol-handler.expose.blob",true); -lockPref("network.protocol-handler.expose.data",true); - -// Pref : Ensure there is a security delay when installing add-ons (milliseconds) -// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox -// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ -lockPref("security.dialog_enable_delay", 700); - -// Pref : Opt-out of add-on metadata updates -// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -defaultPref("extensions.getAddons.cache.enabled", false); - -// Pref : Opt-out of theme (Persona) updates -// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 -lockPref("lightweightThemes.update.enabled", false); -lockPref("lightweightThemes.persisted.headerURL", false); -lockPref("lightweightThemes.persisted.footerURL", false); - -// Pref : Disable Flash Player NPAPI plugin -// http://kb.mozillazine.org/Flash_plugin -lockPref("plugin.state.flash", 0); - -// Pref : Disable sending Flash Player crash reports -lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); - -// Pref : When Flash Player crash reports are enabled, don't send the visited URL in the crash report -lockPref("dom.ipc.plugins.reportCrashURL", false); - -// Pref : Disable Shumway (Mozilla Flash renderer) -// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway -lockPref("shumway.disabled", true); - -// Pref : Disable Gnome Shell Integration NPAPI plugin -lockPref("plugin.state.libgnome-shell-browser-plugin", 0); - -// Pref : Enable click-to-play plugin -// https://wiki.mozilla.org/Firefox/Click_To_Play -// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ -lockPref("plugins.click_to_play", true); -lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); - -// Pref : Disable WebIDE Web Debug -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.enabled", false); -lockPref("devtools.webide.autoinstallADBExtension", false); // [FF64+] -lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] -lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] - -// Pref : Disable remote debugging -// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop -// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings -lockPref("devtools.debugger.force-local", true); - -// Pref : Disallow Necko to do A/B testing -// https://trac.torproject.org/projects/tor/ticket/13170 -lockPref("network.allow-experiments", false); ->>>>>>> 653a6ed (knocked out some more prefs) - -<<<<<<< HEAD -// crash report -lockPref("breakpad.reportURL", ""); -lockPref("browser.tabs.crashReporting.sendReport", false); -lockPref("browser.crashReports.unsubmittedCheck.enabled", false); -lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); -======= ->>>>>>> e7a5601 (more good stuff) - -// captive portal -lockPref("network.captive-portal-service.enabled", false); -lockPref("captivedetect.canonicalURL", ""); - -<<<<<<< HEAD -// -------------------------------- -// # WINDOWS -// -------------------------------- -======= -======= - -// Pref : Disable "Show search suggestions in location bar results" -lockPref("browser.urlbar.suggest.searches", false); -lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); - -// Pref : Never check for updates to search engines -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking -lockPref("browser.search.update", false); - ->>>>>>> 8b7a898 (updated and started editing external protocols) -lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); -lockPref("network.netlink.route.check.IPv6", "::1"); - -// Pref : Disallow NTLMv1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=828183 -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); -// it is still allowed through HTTPS. -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); - -// Pref : Disable formless login capture -// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947 -lockPref("signon.formlessCapture.enabled", false); - -// Pref : Delete temporary files on exit -// https://bugzilla.mozilla.org/show_bug.cgi?id=238789 -lockPref("browser.helperApps.deleteTempFileOnExit", true); - -// Pref : Do not create screenshots of visited pages (relates to the "new tab page" feature) -// https://support.mozilla.org/en-US/questions/973320 -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled -lockPref("browser.pagethumbnails.capturing_disabled", true); - -// - Disabled - Section ON ------------------------------------------------------------------ - -// Pref : Tor settings -// This browser is not meant for tor -// Enabling those settings for user torifying their whole connection -defaultPref("network.dns.blockDotOnion", true); -lockPref("network.http.referer.hideOnionSource", true); - -// Pref : 1603 : CROSS ORIGIN: control when to send a referer -// 0=always (default), 1=only if base domains match, 2=only if hosts match -// Can break some important site... (payment... ) -lockPref("network.http.referer.XOriginPolicy", 1); - -// Pref : Only allow TLS 1.[0-3] -lockPref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Disabled - Deprecated Active -// Deprecated settings but left active for various reasons -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : 0516 : disable Onboarding (FF55+) -// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time -// about:home or about:newtab is opened, the onboarding overlay is injected into it -// [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] -// [1] https://wiki.mozilla.org/Firefox/Onboarding -// [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf -// [3] https://bugzilla.mozilla.org/863246#c154 -lockPref("browser.onboarding.enabled", false); // Removed in v64 //Deprecated Active - -// Pref : Disable WebIDE Web Debug Extension -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.autoinstallADBHelper", false); -// Replaced by "devtools.webide.autoinstallADBExtension" in 64 - -// Pref : Disable raw TCP socket support (mozTCPSocket) -// https://trac.torproject.org/projects/tor/ticket/18863 -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ -// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket -// is only exposed to chrome ( https://trac.torproject.org/projects/tor/ticket/27268#comment:2 ) -// Not important -lockPref("dom.mozTCPSocket.enabled", false); - -// Pref : Enforce checking for Firefox updates -lockPref("app.update.enabled", false); - -// Pref : Disable bookmark backups (default: 15) -// http://kb.mozillazine.org/Browser.bookmarks.max_backups -lockPref("browser.bookmarks.max_backups", 2); - -// Pref : Disable SSDP -// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967 -lockPref("browser.casting.enabled", false); - -// Pref : -lockPref("browser.newtabpage.activity-stream.enabled", false); -lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); -lockPref("browser.newtabpage.directory.source", "data:text/plain,"); -lockPref("browser.newtabpage.enhanced", false); - -// Pref : -lockPref("browser.pocket.enabled", false); - -// Pref : Disable Heartbeat (Mozilla user rating telemetry) -// https://wiki.mozilla.org/Advocacy/heartbeat -// https://trac.torproject.org/projects/tor/ticket/19047 -lockPref("browser.selfsupport.url", ""); - -// Pref : Don't reveal build ID -// Value taken from Tor Browser -// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -// Already enforced with 'privacy.resistFingerprinting' ? -lockPref("browser.startup.homepage_override.mstone", "ignore"); - -// Pref : Disable face detection -lockPref("camera.control.face_detection.enabled", false); - -// Pref : -lockPref("datareporting.healthreport.about.reportUrl", "data:,"); -lockPref("datareporting.healthreport.service.enabled", false); - -// Pref : Disable WebIDE Web Debug -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.autoinstallFxdtAdapters", false); -lockPref("devtools.webide.adaptersAddonURL", ""); - -// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) -// https://wiki.mozilla.org/FlyWeb -// https://wiki.mozilla.org/FlyWeb/Security_scenarios -// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit -// http://www.ghacks.net/2016/07/26/firefox-flyweb -lockPref("dom.flyweb.enabled", false); - -// Pref : 2306: disable push notifications (FF44+) -// web apps can receive messages pushed to them from a server, whether or -// not the web app is in the foreground, or even currently loaded -// [1] https://developer.mozilla.org/docs/Web/API/Push_API -lockPref("dom.push.udp.wakeupEnabled", false); //UDP Wake-up - -// Pref : Disable telephony API -// https://wiki.mozilla.org/WebAPI/Security/WebTelephony -lockPref("dom.telephony.enabled", false); - -// Pref : Disable SHIELD -// https://support.mozilla.org/en-US/kb/shield -// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 -lockPref("extensions.shield-recipe-client.enabled", false); - -// Pref : Disable Firefox Hello metrics collection -// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion -lockPref("loop.logDomains", false); - -// Pref : WebSockets is a technology that makes it possible to open an interactive communication -// session between the user's browser and a server. (May leak IP when using proxy/VPN) -lockPref("network.websocket.enabled", false); - -// Pref : Disable Reader -// Not deprecated but useful to be located here -lockPref("reader.parse-on-load.enabled", false); - -// CIS 2.7.4 Disable Scripting of Plugins by JavaScript -// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 -lockPref("security.xpconnect.plugin.unrestricted", false); - -// Pref : -lockPref("social.directories", ""); - -// Pref : -lockPref("social.remote-install.enabled", false); - -// Pref : -lockPref("social.whitelist", ""); - -defaultPref("xpinstall.signatures.required", true); - -// https://www.ghacks.net/2019/05/24/firefox-69-userchrome-css-and-usercontent-css-disabled-by-default/ -// might increase startup time, so keep it disabled, but modifiable by default -defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); - -// to be set for the console to work, see https://gitlab.com/librewolf-community/browser/linux/-/issues/80: -defaultPref("devtools.selfxss.count", 0); -======= -// disable Windows jumplist [WINDOWS] -lockPref("browser.taskbar.lists.enabled", false); -lockPref("browser.taskbar.lists.frequent.enabled", false); -lockPref("browser.taskbar.lists.recent.enabled", false); -lockPref("browser.taskbar.lists.tasks.enabled", false); ->>>>>>> 45bf63e (processed everything up to EOF) - -// disable Windows taskbar preview [WINDOWS] -lockPref("browser.taskbar.previews.enable", false); - -======= ->>>>>>> 5b1fc33 (removed some more) -// disable links launching Windows Store [WINDOWS] -lockPref("network.protocol-handler.external.ms-windows-store", false); - -// disable background update service [WINDOWS] -lockPref("app.update.service.enabled", false); - -// disable automatic Firefox start and session restore after reboot [WINDOWS] -lockPref("toolkit.winRegisterApplicationRestart", false); - -// disable Windows 8.1 Family Safety cert [WINDOWS] -<<<<<<< HEAD -lockPref("security.family_safety.mode", 0); - -// -------------------------------- -// TESTING - unchanged -// -------------------------------- - -// Pref : -//lockPref("urlclassifier.phishTable", ""); -// Default Value -// goog-phish-proto,test-phish-simple - -// Pref : -//lockPref("urlclassifier.passwordAllowTable", ""); -// Default Value -// goog-passwordwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadAllowTable", ""); -// Default Value -// goog-downloadwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadBlockTable", ""); -// Default Value -// goog-badbinurl-proto - -// Pref : Test To Make FFox Silent -//lockPref("security.content.signature.root_hash", ""); -// Default Value -<<<<<<< HEAD -// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E - -// -------------------------------- -// WINDOWS -// -------------------------------- - -// Pref : Other webGl [WINDOWS] -lockPref("webgl.dxgl.enabled", false); - -// Pref : disable scanning for plugins [WINDOWS] -lockPref("plugin.scan.plid.all", false); - -// Pref : disable Windows jumplist [WINDOWS] -lockPref("browser.taskbar.lists.enabled", false); -lockPref("browser.taskbar.lists.frequent.enabled", false); -lockPref("browser.taskbar.lists.recent.enabled", false); -lockPref("browser.taskbar.lists.tasks.enabled", false); - -// Pref : disable Windows taskbar preview [WINDOWS] -lockPref("browser.taskbar.previews.enable", false); - -// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] -// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ -lockPref("network.protocol-handler.external.ms-windows-store", false); - -// Pref : disable background update service [WINDOWS] -// [SETTING] General>Firefox Updates>Use a background service to install updates -lockPref("app.update.service.enabled", false); - -// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) -// [1] https://bugzilla.mozilla.org/603903 -lockPref("toolkit.winRegisterApplicationRestart", false); - -// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) -// 0=disable detecting Family Safety mode and importing the root -// 1=only attempt to detect Family Safety mode (don't import the root) -// 2=detect Family Safety mode and import the root -// [1] https://trac.torproject.org/projects/tor/ticket/21686 -lockPref("security.family_safety.mode", 0); - -// -------------------------------- -// ESR -// -------------------------------- - -// Pref : Geolocation -lockPref("browser.search.countryCode", "US"); - -// Pref : Disable Mozilla telemetry/experiments -// https://wiki.mozilla.org/Platform/Features/Telemetry -// https://wiki.mozilla.org/Privacy/Reviews/Telemetry -// https://wiki.mozilla.org/Telemetry -// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry -// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 -// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry -// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html -// https://wiki.mozilla.org/Telemetry/Experiments -// https://support.mozilla.org/en-US/questions/1197144 -lockPref("experiments.activeExperiment", false); -lockPref("experiments.enabled", false); -lockPref("experiments.manifest.uri", ""); -lockPref("experiments.supported", false); - -// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+) -// [1] https://bugzilla.mozilla.org/1173171 -// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.block-remote-files", true); - -// Pref : 2613: disable JAR from opening Unsafe File Types -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.open-unsafe-types", false); - -// Pref : Disable Java NPAPI plugin -lockPref("plugin.state.java", 0); - -// Discussion at https://github.com/ghacksuserjs/ghacks-user.js/issues/743 -lockPref("trailhead.firstrun.branches", "join-privacy"); - -// Pref : 0402: enable Kinto blocklist updates (FF50+) -// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications -// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be -// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes -// [-] https://bugzilla.mozilla.org/1458917 -lockPref("services.blocklist.update_enabled", false); - -// Pref : 0503: disable "Savant" Shield study (FF61+) -// [-] https://bugzilla.mozilla.org/1457226 -lockPref("shield.savant.enabled", false); - -// Fix ESR Devtools -//lockPref("devtools.telemetry.tools.opened.version", ""); -// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} - - - - - ->>>>>>> a35eb4b (re-organized and reviewed) - // disable links launching Windows Store [WINDOWS] lockPref("network.protocol-handler.external.ms-windows-store", false); @@ -2244,52 +698,16 @@ lockPref("toolkit.winRegisterApplicationRestart", false); // disable Windows 8.1 Family Safety cert [WINDOWS] lockPref("security.family_safety.mode", 0); -<<<<<<< HEAD -<<<<<<< HEAD -======= ->>>>>>> e7a5601 (more good stuff) // Windows only? lockPref("default-browser-agent.enabled", false); // ----------------------------------- // # OVERRIDES -======= -// ----------------------------------- -<<<<<<< HEAD -// OVERRIDES ->>>>>>> 344e1e8 (moved overrides to bottom) -======= -// # OVERRIDES ->>>>>>> 01804b5 (add tags for .md rendering) // ----------------------------------- // allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` // or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). -<<<<<<< HEAD -<<<<<<< HEAD -<<<<<<< HEAD let profile_directory; if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); } -======= -// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E ->>>>>>> 45bf63e (processed everything up to EOF) -======= -lockPref("security.family_safety.mode", 0); ->>>>>>> 48fecfd (removed redundant stuff) -======= -// not yet verified to work on Windows and MacOS releases -let home_directory = getenv("HOME"); -if (home_directory) { - pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); -======= -// expected to work on both Windows and MacOS -======= ->>>>>>> d24f87c (pre MR commit) -let profile_directory; -if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { - pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); ->>>>>>> 0f5c3d5 (updated overrides to work with Win) -} ->>>>>>> 344e1e8 (moved overrides to bottom)