From b6a082f7612e267d3d0500e66b214f84dd9191fb Mon Sep 17 00:00:00 2001 From: fxbrit Date: Thu, 23 Sep 2021 12:17:54 +0200 Subject: [PATCH] improve descriptions, trim one more pref --- docs/Changelog.md | 3 ++- librewolf.cfg | 12 +++++------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 86f952a..65e6431 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -12,7 +12,7 @@ Setting versions are documented using the pref `librewolf.cfg.version`, availabl - VR access is behind a prompt and, despite being unlikely, it could be fingerprinted. with all this on the table it's just not worth and overkill. - vibrator API is so nieche that even tor does not change it. best to trim where possible. - `extensions.getAddons.link.url"` is showed only when no extension is installed and it's not a bad suggestion to get addons from addons.mozilla.org so we can remove it. -- `browser.safebrowsing.downloads.remote.*` are all controlled by the 3 prefs already in the .cfg, which is the same approach taken by tor browser. +- `browser.safebrowsing.downloads.remote.*` are all controlled by the prefs already in the .cfg, which is the same approach taken by tor browser. - graphite [is no longer as concerning](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite) and blocking it is likely fingerprintable. - the pdf prefs and the bookmark backup are not really relevant to librewolf. - as reported [here](https://bugzilla.mozilla.org/show_bug.cgi?id=1606624) the shared memory pref is no longer needed, so we can switch it back to default. @@ -108,6 +108,7 @@ lockPref("webchannel.allowObject.urlWhitelist", ""); // deprecated defaultPref("media.getusermedia.browser.enabled", false); defaultPref("media.getusermedia.screensharing.enabled", false); defaultPref("media.getusermedia.audiocapture.enabled", false); +defaultPref("dom.storage.next_gen", true); // default from v92.0 ``` #### Added preferences diff --git a/librewolf.cfg b/librewolf.cfg index 40b199d..5a963b3 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -102,8 +102,6 @@ defaultPref("dom.push.enabled", false); // disable push notifications defaultPref("dom.push.serverURL", ""); // default "wss://push.services.mozilla.com/" defaultPref("dom.serviceWorkers.enabled", false); // disable service workers, must enable for push notifications -defaultPref("dom.storage.next_gen", true); // will be default from v92.0, keep and eye on - // -------------------------------- // # CACHE AND TEMPORARY FILES // -------------------------------- @@ -124,9 +122,9 @@ defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page defaultPref("media.peerconnection.enabled", false); // master switch // limit potential IP leaks for webrtc users -defaultPref("media.peerconnection.ice.default_address_only", true); -defaultPref("media.peerconnection.ice.no_host", true); -defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); +defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates +defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users // autoplay defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked @@ -143,7 +141,7 @@ defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // prev defaultPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP -// librewolf specifc pref, prevents rfp from forcing light theme +// librewolf specifc pref that prevents rfp from forcing light theme, review lockPref("privacy.override_rfp_for_color_scheme", false); defaultPref("webgl.disabled", true); // master switch, disable webgl @@ -153,7 +151,7 @@ defaultPref("webgl.disabled", true); // master switch, disable webgl // -------------------------------- // certificates -defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, review as could be deprecated +defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching