diff --git a/docs/Changelog.md b/docs/Changelog.md index 927ca9c..a8d8a83 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -1,6 +1,23 @@ This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version. Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config. +# 5.5 + +#### Removed preferences +``` +defaultPref("security.insecure_connection_text.enabled", true); // display http websites as insecure in the ui +``` + +#### Added preferences +``` +defaultPref("browser.places.speculativeConnect.enabled", false); +``` + +### Changed preferences +``` +pref("security.tls.version.enable-deprecated", false); // make TLS downgrades session only +``` + ## 5.4 **target commit**: diff --git a/librewolf.cfg b/librewolf.cfg index 8381641..99d6712 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -7,12 +7,32 @@ defaultPref("librewolf.cfg.version", "5.5"); /** - * the file is organized in categories, and each one has a number of sections + * the file is organized in categories, and each one has a number of sections: + * * - PRIVACY * - ISOLATION * - SANITIZING + * - CACHE AND STORAGE * - HISTORY AND SESSION RESTORE * - QUERY STRIPPING + * + * - NETWORKING + * - HTTPS + * - IPv6 + * - REFERERS + * - WEBRTC + * - PROXY + * - DNS + * - PREFETCHING + * + * - FINGERPRINTING + * - RFP + * - WEBGL + * + * - SECURITY + * - SITE ISOLATION + * - CERTIFICATES + * - TLS/SSL */ @@ -44,6 +64,16 @@ defaultPref("privacy.clearOnShutdown.cookies", false); defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("privacy.sanitize.timeSpan", 0); +/** [SECTION] CACHE AND STORAGE */ +defaultPref("browser.cache.disk.enable", false); // disable disk cache +/** prevent media cache from being written to disk in pb, but increase max cache size to avoid playback issues */ +defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true); +defaultPref("media.memory_cache_max_size", 65536); +// disable favicons in profile folder and page thumbnail capturing +defaultPref("browser.shell.shortcutFavicons", false); +defaultPref("browser.pagethumbnails.capturing_disabled", true); +defaultPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps + /** [SECTION] HISTORY AND SESSION RESTORE */ defaultPref("browser.formfill.enable", false); // disable form history defaultPref("browser.sessionstore.privacy_level", 2); // prevent websites from storing session data like cookies and forms @@ -62,138 +92,123 @@ defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hse */ defaultPref("librewolf.uBO.assetsBootstrapLocation", "https://gitlab.com/librewolf-community/browser/source/-/raw/main/assets/uBOAssets.json"); -// ---------------------- -// # NETWORKING -// ---------------------- -// https and mixed content +/** [CATEGORY] NETWORKING */ + +/** [SECTION] HTTPS */ defaultPref("dom.security.https_only_mode", true); // only allow https in all windows, including private browsing -defaultPref("network.auth.subresource-http-auth-allow", 1); // stop cross-origin resources from using HTTP authentication -defaultPref("security.insecure_connection_text.enabled", true); // display http websites as insecure in the ui +defaultPref("network.auth.subresource-http-auth-allow", 1); // block HTTP authentication credential dialogs defaultPref("security.mixed_content.block_display_content", true); // block insecure passive content -defaultPref("network.dns.disableIPv6", true); // disable ipv6 +/** [SECTION] IPv6 + * privacy extension isn't the default for all linux distros, so we disable ipv6. + */ +defaultPref("network.dns.disableIPv6", true); -// always send xorigin referer but trim them -defaultPref("network.http.referer.XOriginPolicy", 0); // default, might be worth changing to 2 +/** [SECTION] REFERERS + * to enhance privacy but keep a certain level of usability we trim cross-origin + * referers, instead of completely avoid sending them. + * as a general rule, the behavior of referes which are not cross-origin should not + * be changed. + */ +defaultPref("network.http.referer.XOriginPolicy", 0); // default, might be worth changing to 2 to stop sending them completely defaultPref("network.http.referer.XOriginTrimmingPolicy", 2); // trim referer to only send scheme, host and port -defaultPref("network.file.disable_unc_paths", true); // hidden, disable using uniform naming convention -defaultPref("network.IDN_show_punycode", true); // use punycode in idn to prevent spoofing - -// proxy -defaultPref("network.proxy.socks_remote_dns", true); // forces dns query through the proxy when using one -defaultPref("network.gio.supported-protocols", ""); // disable gio as it could bypass proxy - -// doh -defaultPref("network.trr.confirmationNS", "skip"); // skip undesired doh test connection -/** - 0 = default - 1 = browser picks faster - 2 = DoH with system dns fallback - 3 = DoH without fallback - 5 = DoH is off, default currently - - below prefs must be applied with pref in order to work -*/ -// pref("network.trr.mode", 2); -// pref("network.trr.uri", "https://dns.quad9.net/dns-query"); - -// prefetching -defaultPref("network.dns.disablePrefetch", true); // disable dns prefetching -lockPref("network.predictor.enabled", false); // disable predictor -lockPref("network.prefetch-next", false); // disable link prefetching -lockPref("network.http.speculative-parallel-limit", 0); // disable prefetching on mouse over - -defaultPref("network.manage-offline-status", false); // let user control the offline behavior - -// ------------ -// # DOM -// ------------ - -// pop-ups and window related preferences -defaultPref("dom.disable_beforeunload", true); // disable "confirm you want to leave" pop-ups on close -defaultPref("dom.disable_open_during_load", true); // block pop-ups windows -defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); // limit events that cause pop-ups -defaultPref("dom.disable_window_move_resize", true); // block scripts from resizing windows -defaultPref("browser.link.open_newwindow", 3); // open 'new windows' targeted links in 'new tab' -defaultPref("browser.link.open_newwindow.restriction", 0); // ignore the size when applying the above pref - -// -------------------------------- -// # CACHE AND TEMPORARY FILES -// -------------------------------- - -defaultPref("browser.cache.disk.enable", false); // disable disk cache -defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true); // block media cache from writing to disk in pb mode -defaultPref("media.memory_cache_max_size", 65536); // increase max cache size to avoid playback issues caused by above setting - -defaultPref("browser.shell.shortcutFavicons", false); // disable shortcut favicons from being stored in profile -defaultPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps -defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page thumbnails capturing - -// ---------------------- -// # MEDIA -// ---------------------- - -/** - * limit potential private IP leaks for webrtc users. - * mDNS protects the value on linux, osx and win10+. - * these prefs protect the value when allowing mic and camera access, and for win7/8.x. - * */ +/** [SECTION] WEBRTC + * there's no point in disabling webrtc as mDNS protects the private IP on linux, osx and win10+. + * with the below preference we protect the value even in trusted environments and for win7/8 users, + * although this will likely cause breakage. + */ defaultPref("media.peerconnection.ice.no_host", true); // don't use any private IPs for ICE candidate defaultPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used -defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy, when one is used -// autoplay -defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked -defaultPref("media.autoplay.default", 5); // personal preference, currently apply blocking policy to all autplay including muted +/** [SECTION] PROXY */ +defaultPref("network.gio.supported-protocols", ""); // disable gio as it could bypass proxy +defaultPref("network.file.disable_unc_paths", true); // hidden, disable using uniform naming convention to prevent proxy bypass +defaultPref("network.proxy.socks_remote_dns", true); // forces dns query through the proxy when using one +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy when one is used -// -------------------------------------- -// # FINGERPRINTING -// -------------------------------------- +/** [SECTION] DNS */ +defaultPref("network.trr.confirmationNS", "skip"); // skip undesired doh test connection +defaultPref("network.dns.disablePrefetch", true); // disable dns prefetching +/** + * librewolf doesn't use DoH, but it can be enabled with the following prefs: + * pref("network.trr.mode", 2); + * pref("network.trr.uri", "https://dns.quad9.net/dns-query"); + * + * the possible modes are: + * 0 = default + * 1 = browser picks faster + * 2 = DoH with system dns fallback + * 3 = DoH without fallback + * 5 = DoH is off, default currently + */ -defaultPref("privacy.resistFingerprinting", true); // master switch +/** [SECTION] PREFETCHING + * disable prefecthing for different things such as links, bookmarks and predictors. + */ +lockPref("network.predictor.enabled", false); +lockPref("network.prefetch-next", false); +lockPref("network.http.speculative-parallel-limit", 0); +defaultPref("browser.places.speculativeConnect.enabled", false); -// rfp compatibility settings +// TODO +defaultPref("network.manage-offline-status", false); // let user control the offline behavior + + +/** [CATEGORY] FINGERPRINTING */ + +/** [SECTION] RFP + * librewolf should stick to RFP for fingerprinting. we should not set prefs that interfere with it + * and disabling API for no good reason will be counter productive, so it should also be avoided. + */ +defaultPref("privacy.resistFingerprinting", true); +// rfp related settings defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // prevents rfp from breaking AMO defaultPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP - -defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default - /** * increase the size of new RFP windows for better usability, while still using a rounded value. * if the screen resolution is lower it will stretch to the biggest possible rounded value. - * */ + * also, expose hidden letterboxing pref but do not enable it for now. + */ defaultPref("privacy.window.maxInnerWidth", 1600); defaultPref("privacy.window.maxInnerHeight", 900); +defaultPref("privacy.resistFingerprinting.letterboxing", false); -defaultPref("webgl.disabled", true); // master switch, disable webgl +/** [SECTION] WEBGL */ +defaultPref("webgl.disabled", true); -// -------------------------------- -// # SECURITY -// -------------------------------- -defaultPref("fission.autostart", true); // enable fission by default +/** [CATEGORY] SECURITY */ -// certificates -defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning +/** [SECTION] SITE ISOLATION + * https://wiki.mozilla.org/Project_Fission + */ +defaultPref("fission.autostart", true); + +/** [SECTION] CERTIFICATES */ +defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates +/** + * enable safe negotiation and show warning when it is not supported. might cause breakage. + */ +defaultPref("security.ssl.require_safe_negotiation", true); +defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +/** + * our strategy with revocation is to disable OCSP as it is slower and less privacy minded, and to use + * CRL instead, particularly the CRLite solution with no OCSP fallback. + */ defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching - -// crl with no ocsp fallback defaultPref("security.remote_settings.crlite_filters.enabled", true); -defaultPref("security.pki.crlite_mode", 2); +defaultPref("security.pki.crlite_mode", 2); // mode 2 means no fallback -// safe negotiation -defaultPref("security.ssl.require_safe_negotiation", true); // block websites that do not support safe negotiation, occasional breakage -defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); // show warning when safe negotiation is not enable and website is accessed - -// tls behavior -lockPref("security.tls.enable_0rtt_data", false); // disable 0 round trip time to improve tls 1.3 security -defaultPref("security.tls.version.enable-deprecated", false); // default but helps resetting the preference -defaultPref("browser.ssl_override_behavior", 1); // prepopulate url on ssl warning screens -defaultPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos for broken connections +/** [SECTION] TLS/SSL */ +lockPref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security +pref("security.tls.version.enable-deprecated", false); // make TLS downgrades session only +// show relevant and advanced issues on warnings and error screens +defaultPref("browser.ssl_override_behavior", 1); +defaultPref("browser.xul.error_pages.expert_bad_cert", true); // permissions lockPref("permissions.delegation.enabled", false); // force permission request to show the real origin @@ -204,6 +219,7 @@ defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg ope defaultPref("browser.download.useDownloadDir", false); // force user interaction on downloads, by always asking location lockPref("security.csp.enable", true); // default +defaultPref("network.IDN_show_punycode", true); // use punycode in idn to prevent spoofing // --------------------------------- // # SAFE BROWSING @@ -230,6 +246,28 @@ lockPref("browser.safebrowsing.passwords.enabled", false); lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); lockPref("browser.safebrowsing.provider.google4.dataSharingURL", ""); +// ------------ +// # DOM - TODO +// ------------ + +// pop-ups and window related preferences +defaultPref("dom.disable_beforeunload", true); // disable "confirm you want to leave" pop-ups on close +defaultPref("dom.disable_open_during_load", true); // block pop-ups windows +defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); // limit events that cause pop-ups +defaultPref("dom.disable_window_move_resize", true); // block scripts from resizing windows +defaultPref("browser.link.open_newwindow", 3); // open 'new windows' targeted links in 'new tab' +defaultPref("browser.link.open_newwindow.restriction", 0); // ignore the size when applying the above pref + + +// ---------------------- +// # MEDIA - TODO +// ---------------------- + +// autoplay +defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked +defaultPref("media.autoplay.default", 5); // personal preference, currently apply blocking policy to all autplay including muted + + // ----------------------- // # DRM // ----------------------- @@ -287,8 +325,6 @@ defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); defaultPref("browser.urlbar.speculativeConnect.enabled", false); lockPref("browser.fixup.alternate.enabled", false); -defaultPref("browser.places.speculativeConnect.enabled", false); // speculative connections for history and bookmarks - // ---------------------------------- // # BROWSER BEHAVIOR // ----------------------------------