diff --git a/librewolf.cfg b/librewolf.cfg index 12bc23a..4f9c595 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -138,8 +138,12 @@ lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); ======= // ----------------------------------- +<<<<<<< HEAD // TRACKING PROTECTION >>>>>>> a35eb4b (re-organized and reviewed) +======= +// FILENAME +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // ----------------------------------- <<<<<<< HEAD @@ -234,7 +238,7 @@ lockPref("browser.contentblocking.report.vpn.enabled", false); lockPref("default-browser-agent.enabled", false); >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) -// to check, could be deprecated/useless +// to check, could be deprecated lockPref("pref.privacy.disable_button.change_blocklist", true); lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); @@ -278,6 +282,9 @@ lockPref("browser.fixup.alternate.enabled", false); lockPref("browser.urlbar.suggest.searches", false); lockPref("browser.search.update", false); +// to check, probably useless +lockPref("signon.storeSignons", false); + // -------------------------------- // # SANITIZING, COOKIES AND HISTORY // -------------------------------- @@ -299,6 +306,7 @@ defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid >>>>>>> 653a6ed (knocked out some more prefs) // -------------------------------- +defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); lockPref("browser.urlbar.filter.javascript", true); lockPref("browser.urlbar.speculativeConnect.enabled", false); lockPref("browser.urlbar.trimURLs", false); @@ -311,12 +319,12 @@ lockPref("browser.fixup.alternate.enabled", false); // SANITIZING, COOKIES AND HISTORY // -------------------------------- -defaultPref("network.cookie.cookieBehavior", 1); // in the future consider switching to network.cookie.cookieBehavior=5 to enable dFPI +defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 defaultPref("network.cookie.lifetimePolicy", 2); defaultPref("network.cookie.thirdparty.sessionOnly", true); lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); -// includes new cookie behavior that works with exceptions +// includes new cookie behavior that allows to stay logged with exceptions defaultPref("privacy.clearOnShutdown.siteSettings", false); defaultPref("privacy.clearOnShutdown.cache", true); defaultPref("privacy.clearOnShutdown.cookies", false); @@ -343,6 +351,7 @@ defaultPref("places.history.enabled", false); defaultPref("privacy.history.custom", true); lockPref("browser.sessionhistory.max_entries", 20); +<<<<<<< HEAD <<<<<<< HEAD <<<<<<< HEAD // -------------------------------------------------------------------- @@ -358,6 +367,8 @@ defaultPref("layout.css.notify-of-unvisited", false); // and probably redundant when 3rd party cookies are disabled // lockPref("privacy.storagePrincipal.enabledForTrackers", false); +======= +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // -------------------------------------------------------------------- // SESSIONS >>>>>>> a35eb4b (re-organized and reviewed) @@ -406,6 +417,7 @@ defaultPref("media.gmp-widevinecdm.enabled", false); defaultPref("media.gmp-provider.enabled", false); defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections +<<<<<<< HEAD <<<<<<< HEAD defaultPref("media.gmp-gmpopenh264.enabled", false); @@ -413,6 +425,8 @@ defaultPref("media.gmp-gmpopenh264.enabled", false); // # WEBRTC ======= defaultPref("media.gmp.trial-create.enabled", false); +======= +>>>>>>> 7887469 (reviewed and reorganized up to extensions) defaultPref("media.gmp-gmpopenh264.enabled", false); // ---------------------- @@ -427,6 +441,7 @@ defaultPref("media.gmp-gmpopenh264.enabled", false); defaultPref("media.navigator.enabled", false); defaultPref("media.peerconnection.enabled", false); <<<<<<< HEAD +<<<<<<< HEAD ======= defaultPref("media.navigator.video.enabled", false); defaultPref("media.getusermedia.browser.enabled", false); @@ -438,6 +453,8 @@ defaultPref("media.peerconnection.identity.timeout", 1); // 10000 per default defaultPref("media.peerconnection.turn.disable", true); defaultPref("media.peerconnection.ice.tcp", false); >>>>>>> a35eb4b (re-organized and reviewed) +======= +>>>>>>> 7887469 (reviewed and reorganized up to extensions) defaultPref("media.peerconnection.ice.default_address_only", true); defaultPref("media.peerconnection.ice.no_host", true); defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); @@ -451,7 +468,11 @@ defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // defaultPref("media.peerconnection.ice.tcp", false); // ---------------------- +<<<<<<< HEAD // # SHARING +======= +// SHARING +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // ---------------------- defaultPref("media.getusermedia.browser.enabled", false); @@ -591,33 +612,36 @@ lockPref("dom.disable_window_move_resize", true); defaultPref("dom.serviceWorkers.enabled", false); defaultPref("dom.battery.enabled", false); lockPref("dom.popup_maximum", 4); -defaultPref("dom.event.contextmenu.enabled", false); defaultPref("dom.event.clipboardevents.enabled", false); defaultPref("dom.webaudio.enabled", false); lockPref("dom.vr.enabled", false); lockPref("dom.vibrator.enabled", false); +<<<<<<< HEAD // lockPref("dom.registerProtocolHandler.insecure.enabled", true); // seems to be deprecated >>>>>>> 55c94dc (reorganized, revisited) +======= +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // -------------------------------- // PERMISSIONS // -------------------------------- lockPref("permissions.delegation.enabled", false); defaultPref("permissions.default.geo", 2); // unlocked as some think it increases fingerprint, they can now disable it +lockPref("permissions.manager.defaultsUrl", ""); // -------------------------------- // REFERERS // -------------------------------- defaultPref("network.http.referer.defaultPolicy", 2); -defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 +defaultPref("network.http.referer.defaultPolicy.pbmode", 2); lockPref("network.http.referer.XOriginTrimmingPolicy", 2); lockPref("network.http.referer.XOriginPolicy", 2); lockPref("network.http.referer.spoofSource", false); -lockPref("network.http.referer.trimmingPolicy", 0); -//defaultPref("network.http.sendRefererHeader", 1); +lockPref("network.http.referer.trimmingPolicy", 0); +// defaultPref("network.http.sendRefererHeader", 1); // -------------------------------- // PROXY @@ -635,23 +659,25 @@ defaultPref("network.proxy.socks_version", 5); lockPref("network.http.altsvc.enabled", false); lockPref("network.http.altsvc.oe", false); defaultPref("dom.security.https_only_mode", true); -defaultPref("dom.security.https_only_mode_ever_enabled", true); +defaultPref("dom.security.https_only_mode_pbm", true); // -------------------------------------- // TLS // -------------------------------------- defaultPref("security.ssl.require_safe_negotiation", true); +lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +lockPref("security.ssl.disable_session_identifiers", true); +lockPref("browser.ssl_override_behavior", 1); lockPref("security.tls.enable_0rtt_data", false); lockPref("security.tls.version.enable-deprecated", false); -lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos -lockPref("browser.ssl_override_behavior", 1); -lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); -lockPref("security.insecure_field_warning.contextual.enabled", true); -lockPref("network.stricttransportsecurity.preloadlist", false); -lockPref("security.ssl.disable_session_identifiers", true); lockPref("security.tls.version.fallback-limit", 3); lockPref("security.tls.version.min", 3); +lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos +lockPref("security.insecure_field_warning.contextual.enabled", true); + +// to check +lockPref("network.stricttransportsecurity.preloadlist", false); // -------------------------------------- // RFP @@ -664,7 +690,7 @@ defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // LANGUAGE AND REGION // -------------------------------------- -//defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale +// defaultPref("privacy.spoof_english", 2); // redudant with RFP and javascript.use_us_english_locale lockPref("javascript.use_us_english_locale", true); lockPref("intl.regional_prefs.use_os_locales", false); defaultPref("intl.locale.requested", "en-US"); @@ -674,6 +700,7 @@ defaultPref("intl.accept_languages", "en-US, en"); // USER AGENT AND IDENTITY // -------------------------------------- +// worth discussing defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); defaultPref("general.appname.override", "Netscape"); defaultPref("general.appversion.override", "5.0 (Windows)"); @@ -942,11 +969,12 @@ lockPref("extensions.autoDisableScopes", 11); >>>>>>> 55c94dc (reorganized, revisited) // Relevant for addons and lang packs search +defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% + +// other urls defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ -defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% -defaultPref("extensions.getAddons.themes.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox defaultPref("extensions.update.url", ""); // Default Value // https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= @@ -955,28 +983,34 @@ defaultPref("extensions.update.url", ""); // %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= // %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% -defaultPref("extensions.update.autoUpdateDefault", false); -lockPref("xpinstall.whitelist.required", true); // default: true -lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new -lockPref("extensions.webcompat-reporter.enabled", false); -defaultPref("extensions.webextensions.background-delayed-startup", true); //default true -lockPref("xpinstall.signatures.devInfoURL", ""); -lockPref("extensions.getAddons.compatOverides.url", ""); -lockPref("extensions.webapi.testing", false); // hidden prefs // default false +// ui +defaultPref("extensions.getAddons.showPane", false); lockPref("extensions.getAddons.discovery.api_url", ""); lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); -lockPref("extensions.systemAddon.update.url", ""); -lockPref("extensions.blocklist.detailsURL", ""); -lockPref("extensions.blocklist.itemURL", ""); +lockPref("extensions.webcompat-reporter.enabled", false); +lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new + +// background checking and updating +defaultPref("extensions.update.enabled", false); +defaultPref("extensions.update.autoUpdateDefault", false); defaultPref("extensions.update.background.url", ""); -defaultPref("extensions.getAddons.showPane", false); + +// blocklist +defaultPref("extensions.blocklist.enabled", false); +defaultPref("extensions.blocklist.detailsURL", ""); +defaultPref("extensions.blocklist.itemURL", ""); + +// system addons +lockPref("extensions.systemAddon.update.url", ""); +lockPref("extensions.systemAddon.update.enabled", false); + +lockPref("xpinstall.whitelist.required", true); // default: true +lockPref("xpinstall.signatures.devInfoURL", ""); +defaultPref("extensions.webextensions.background-delayed-startup", true); //default true +lockPref("extensions.webapi.testing", false); // hidden prefs // default false lockPref("extensions.webservice.discoverURL", ""); lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); -defaultPref("extensions.ui.experiment.hidden", false); - -// Likely deprecated https://phabricator.services.mozilla.com/D97092 or https://blog.mozilla.org/addons/2021/02/09/extensions-in-firefox-86/ -// defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true // ------------------------------------------------------- // NORMANDY @@ -1307,7 +1341,6 @@ lockPref("accessibility.force_disabled", 1); lockPref("browser.uitour.enabled", false); lockPref("browser.uitour.url", ""); lockPref("middlemouse.contentLoadURL", false); -lockPref("permissions.manager.defaultsUrl", ""); lockPref("lightweightThemes.getMoreURL", ""); lockPref("media.decoder-doctor.new-issue-endpoint", ""); lockPref("identity.sync.tokenserver.uri", ""); @@ -1504,7 +1537,6 @@ defaultPref("layers.acceleration.force-enabled", true); lockPref("webgl.enable-webgl2", false); lockPref("webgl.min_capability_mode", true); lockPref("webgl.disable-fail-if-major-performance-caveat", true); -lockPref("webgl.enable-debug-renderer-info", false); // conflicting with previous prefs? // defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] @@ -1624,6 +1656,7 @@ lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); lockPref("toolkit.telemetry.unified", false); lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); <<<<<<< HEAD +<<<<<<< HEAD lockPref("security.protectionspopup.recordEventTelemetry", false); lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); @@ -1658,6 +1691,11 @@ lockPref("network.IDN_show_punycode", true); // https://github.com/pyllyukko/user.js/issues/143 ======= lockPref("security.protectionspopup.recordEventTelemetry", false) +======= +lockPref("security.protectionspopup.recordEventTelemetry", false); +lockPref("datareporting.healthreport.uploadEnabled", false); +lockPref("datareporting.policy.dataSubmissionEnabled", false); +>>>>>>> 7887469 (reviewed and reorganized up to extensions) // pocket >>>>>>> 653a6ed (knocked out some more prefs) @@ -1670,8 +1708,6 @@ lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); lockPref("breakpad.reportURL", ""); -lockPref("datareporting.healthreport.uploadEnabled", false); -lockPref("datareporting.policy.dataSubmissionEnabled", false); lockPref("browser.send_pings", false); lockPref("browser.send_pings.require_same_host", true); <<<<<<< HEAD @@ -1818,17 +1854,6 @@ lockPref("plugin.state.libgnome-shell-browser-plugin", 0); lockPref("plugins.click_to_play", true); lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); -// Pref : Update addons automatically -// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ -defaultPref("extensions.update.enabled", false); - -// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla -// Updated at interval defined in extensions.blocklist.interval (default: 86400) -lockPref("extensions.blocklist.enabled", false); - -// Pref : Disable system add-on updates (hidden & always-enabled add-ons from Mozilla) -lockPref("extensions.systemAddon.update.enabled", false); - // Pref : Disable WebIDE Web Debug // https://trac.torproject.org/projects/tor/ticket/16222 // https://developer.mozilla.org/docs/Tools/WebIDE @@ -1967,19 +1992,12 @@ lockPref("camera.control.face_detection.enabled", false); lockPref("datareporting.healthreport.about.reportUrl", "data:,"); lockPref("datareporting.healthreport.service.enabled", false); -// Pref : -lockPref("device.sensors.enabled", false); - // Pref : Disable WebIDE Web Debug // https://trac.torproject.org/projects/tor/ticket/16222 // https://developer.mozilla.org/docs/Tools/WebIDE lockPref("devtools.webide.autoinstallFxdtAdapters", false); lockPref("devtools.webide.adaptersAddonURL", ""); -// Pref : Disable resource timing API -// https://www.w3.org/TR/resource-timing/#privacy-security -lockPref("dom.enable_resource_timing", false); - // Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) // https://wiki.mozilla.org/FlyWeb // https://wiki.mozilla.org/FlyWeb/Security_scenarios @@ -1987,16 +2005,6 @@ lockPref("dom.enable_resource_timing", false); // http://www.ghacks.net/2016/07/26/firefox-flyweb lockPref("dom.flyweb.enabled", false); -// Pref : -lockPref("dom.gamepad.enabled", false); - -// Pref : Disable leaking network/browser connection information via Javascript -// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) -// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API -// https://wicg.github.io/netinfo/#privacy-considerations -// https://bugzilla.mozilla.org/show_bug.cgi?id=960426 -lockPref("dom.netinfo.enabled", false); - // Pref : 2306: disable push notifications (FF44+) // web apps can receive messages pushed to them from a server, whether or // not the web app is in the foreground, or even currently loaded @@ -2016,12 +2024,6 @@ lockPref("extensions.shield-recipe-client.enabled", false); // https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion lockPref("loop.logDomains", false); -// Pref : Disable video stats to reduce fingerprinting threat -// https://bugzilla.mozilla.org/show_bug.cgi?id=654550 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065 -lockPref("media.video_stats.enabled", false); - // Pref : WebSockets is a technology that makes it possible to open an interactive communication // session between the user's browser and a server. (May leak IP when using proxy/VPN) lockPref("network.websocket.enabled", false);