diff --git a/Changelog.md b/Changelog.md index 2953315..4292d04 100755 --- a/Changelog.md +++ b/Changelog.md @@ -433,6 +433,7 @@ lockPref("security.ssl3.rsa_aes_256_sha", false); // known to leak and increase lockPref("security.ssl3.rsa_aes_128_sha", false); // known to leak and increase fingerprint lockPref("browser.safebrowsing.allowOverride", false); // we do not have SB enabled so we don't care if the bypass button is shown <<<<<<< HEAD +<<<<<<< HEAD defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? lockPref("services.blocklist.onecrl.collection", ""); // Deprecated lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint @@ -865,6 +866,16 @@ defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why? lockPref("services.blocklist.onecrl.collection", ""); // Deprecated >>>>>>> 4041ab1 (reorganized and improved some entries) +======= +defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? +lockPref("services.blocklist.onecrl.collection", ""); // Deprecated +lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint +lockPref("plugin.defaultXpi.state", 1); // Deprecated +lockPref("remote.log.level", "Info"); // already default and not important in any way +lockPref("webgl.min_capability_mode", true); // small to no gain according to arkenfox and TOR, breaks websites on the other side +lockPref("network.protocol-handler.external.http",false); // Deprecated or not existent +lockPref("network.protocol-handler.external.https",false); // Deprecated or not existent +>>>>>>> 8b7a898 (updated and started editing external protocols) ``` #### Unlocked @@ -1041,10 +1052,12 @@ lockPref("services.blocklist.onecrl.collection", ""); Other points: // DRM - should we make it even easier? // COOKIES - now using dFPI -// MISC - check if everything should stay, re-organize // TESTING - untouched, except two entries already addressed // WINDOWS - untouched // ESR - untouched +// MISC - check if fxaccounts need their pref +// SYNC - does it need to exist given that fxaccounts are off? +// SB - make re-enabling easier, test connections ``` #### Commented @@ -1053,6 +1066,7 @@ Prefs that need to be addressed and that were disabled for now // redudant with RFP and javascript.use_us_english_locale // defaultPref("privacy.spoof_english", 2); +<<<<<<< HEAD // conflicting with previous prefs? // defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] // defaultPref("layers.acceleration.disabled", false); @@ -1066,6 +1080,8 @@ Prefs that need to be addressed and that were disabled for now ======= >>>>>>> c16522a (added re-enabling guides) +======= +>>>>>>> 8b7a898 (updated and started editing external protocols) // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable // should be checked // lockPref("browser.cache.offline.enable", false); diff --git a/librewolf.cfg b/librewolf.cfg index 3b2c844..770c928 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1013,6 +1013,7 @@ lockPref("extensions.webapi.testing", false); // hidden prefs // default false lockPref("extensions.webservice.discoverURL", ""); lockPref("webextensions.storage.sync.serverURL", ""); lockPref("extensions.screenshots.upload-disabled", true); +lockPref("lightweightThemes.getMoreURL", ""); // ------------------------------------------------------- // NORMANDY @@ -1141,6 +1142,7 @@ lockPref("browser.safebrowsing.reportPhishURL", ""); // -------------------------------- <<<<<<< HEAD +<<<<<<< HEAD // # FONTS // -------------------------------- @@ -1288,13 +1290,17 @@ lockPref("javascript.options.shared_memory", false); ======= // MISC +======= +// FONTS +>>>>>>> 8b7a898 (updated and started editing external protocols) // -------------------------------- -// ui -defaultPref("browser.tabs.drawInTitlebar", true); -defaultPref("browser.aboutConfig.showWarning", false); -defaultPref("browser.download.autohideButton", false); -defaultPref("privacy.userContext.ui.enabled", true); +lockPref("gfx.font_rendering.graphite.enabled", false); +lockPref("gfx.font_rendering.opentype_svg.enabled", false); + +// -------------------------------- +// MISC +// -------------------------------- // more important stuff lockPref("browser.shell.shortcutFavicons", false); @@ -1302,9 +1308,43 @@ defaultPref("alerts.showFavicons", false); defaultPref("browser.link.open_newwindow", 3); defaultPref("browser.link.open_newwindow.restriction", 0); lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); +lockPref("network.file.disable_unc_paths", true); // (hidden pref) +lockPref("network.gio.supported-protocols", ""); // (hidden pref) +lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); +lockPref("plugin.default.state", 1); +lockPref("gfx.offscreencanvas.enabled", false); // default: false +lockPref("canvas.capturestream.enabled", false); +lockPref("network.IDN_show_punycode", true); +lockPref("security.fileuri.strict_origin_policy", true); -// settings +// fxaccount, to check +lockPref("identity.fxaccounts.remote.root", ""); +lockPref("identity.fxaccounts.auth.uri", ""); +lockPref("identity.fxaccounts.commands.enabled", false); +lockPref("identity.fxaccounts.remote.oauth.uri", ""); +lockPref("identity.fxaccounts.remote.profile.uri", ""); +lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); + +// pocket +lockPref("extensions.pocket.enabled", false); +lockPref("extensions.pocket.site", ""); +lockPref("extensions.pocket.oAuthConsumerKey", ""); +lockPref("extensions.pocket.api", ""); + +// pdf reader +defaultPref("pdfjs.disabled", false); +defaultPref("pdfjs.enableScripting", false); +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); + +// remote agent +lockPref("remote.enabled", false); +lockPref("remote.force-local", true); + +// settings and behavior lockPref("browser.shell.checkDefaultBrowser", false); +lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); defaultPref("startup.homepage_override_url", "about:blank"); defaultPref("startup.homepage_welcome_url", "about:blank"); defaultPref("startup.homepage_welcome_url.additional", ""); @@ -1314,35 +1354,29 @@ defaultPref("general.autoScroll", false); defaultPref("clipboard.autocopy", false); defaultPref("browser.tabs.loadBookmarksInTabs", true); lockPref("browser.download.manager.addToRecentDocs", false); -lockPref("webchannel.allowObject.urlWhitelist", ""); - -// pdf reader -defaultPref("pdfjs.disabled", false); -defaultPref("pdfjs.enableScripting", false); -defaultPref("pdfjs.enableWebGL", false); -defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); -defaultPref("pdfjs.enabledCache.state", false); - -defaultPref("devtools.debugger.remote-enabled", false); -defaultPref("devtools.chrome.enabled", false); -lockPref("services.blocklist.addons.collection", ""); -lockPref("services.blocklist.plugins.collection", ""); -lockPref("services.blocklist.gfx.collection", ""); - -lockPref("network.file.disable_unc_paths", true); // (hidden pref) -lockPref("network.gio.supported-protocols", ""); // (hidden pref) -lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); -lockPref("font.blacklist.underline_offset", ""); -lockPref("gfx.font_rendering.graphite.enabled", false); -lockPref("plugin.default.state", 1); -lockPref("plugin.defaultXpi.state", 1); -lockPref("canvas.capturestream.enabled", false); -lockPref("gfx.offscreencanvas.enabled", false); // default: false lockPref("accessibility.force_disabled", 1); lockPref("browser.uitour.enabled", false); -lockPref("browser.uitour.url", ""); lockPref("middlemouse.contentLoadURL", false); -lockPref("lightweightThemes.getMoreURL", ""); +defaultPref("accessibility.typeaheadfind", false); +lockPref("browser.bookmarks.restore_default_bookmarks", false); +defaultPref("browser.tabs.closeTabByDblclick", true); +lockPref("media.webspeech.recognition.enable", false); +lockPref("network.manage-offline-status", false); + +// devtools +defaultPref("devtools.debugger.remote-enabled", false); +defaultPref("devtools.chrome.enabled", false); +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com +lockPref("devtools.devices.url", ""); + +// ui +defaultPref("browser.tabs.drawInTitlebar", true); +defaultPref("browser.aboutConfig.showWarning", false); +defaultPref("browser.download.autohideButton", false); +defaultPref("privacy.userContext.ui.enabled", true); +lockPref("browser.messaging-system.whatsNewPanel.enabled", false); + +// urls and handlers lockPref("media.decoder-doctor.new-issue-endpoint", ""); lockPref("identity.sync.tokenserver.uri", ""); lockPref("network.trr.confirmationNS", ""); @@ -1353,51 +1387,38 @@ lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); lockPref("gecko.handlerService.schemes.irc.0.name", ""); -lockPref("identity.fxaccounts.remote.root", ""); lockPref("services.settings.server", ""); -lockPref("services.blocklist.addons.signer", ""); -lockPref("services.blocklist.gfx.signer", ""); -lockPref("services.settings.security.onecrl.signer", ""); -lockPref("services.blocklist.pinning.signer", ""); -lockPref("services.blocklist.plugins.signer", ""); lockPref("accessibility.support.url", ""); lockPref("app.support.baseURL", ""); +lockPref("browser.uitour.url", ""); +lockPref("webchannel.allowObject.urlWhitelist", ""); lockPref("browser.chrome.errorReporter.infoURL", ""); lockPref("browser.dictionaries.download.url", ""); lockPref("browser.geolocation.warning.infoURL", ""); lockPref("browser.search.searchEnginesURL", ""); lockPref("browser.uitour.themeOrigin", ""); lockPref("toolkit.datacollection.infoURL", ""); -lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com -lockPref("browser.messaging-system.whatsNewPanel.enabled", false); -defaultPref("accessibility.typeaheadfind", false); -lockPref("browser.bookmarks.restore_default_bookmarks", false); lockPref("identity.mobilepromo.android", ""); lockPref("identity.mobilepromo.ios", ""); defaultPref("identity.sendtabpromo.url", ""); lockPref("datareporting.healthreport.infoURL", ""); -lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); lockPref("app.feedback.baseURL", ""); lockPref("app.releaseNotesURL", ""); lockPref("app.releaseNotesURL.aboutDialog", ""); -lockPref("browser.chrome.errorReporter.infoURL", false); -lockPref("browser.ping-centre.log", ""); -lockPref("browser.ping-centre.telemetry", false); -lockPref("captivedetect.canonicalURL", ""); +lockPref("browser.chrome.errorReporter.infoURL", ""); lockPref("datareporting.policy.firstRunURL", ""); -lockPref("devtools.devices.url", ""); lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); -lockPref("identity.fxaccounts.auth.uri", ""); -lockPref("identity.fxaccounts.commands.enabled", false); -lockPref("identity.fxaccounts.remote.oauth.uri", ""); -lockPref("identity.fxaccounts.remote.profile.uri", ""); -lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); -lockPref("remote.enabled", false); -lockPref("remote.force-local", true); -lockPref("remote.log.level", "Info"); -defaultPref("browser.tabs.closeTabByDblclick", true); -lockPref("network.IDN_show_punycode", true); -lockPref("media.webspeech.recognition.enable", false); + + +// to check, should all be handled by lockPref("services.settings.server", "") +lockPref("services.blocklist.addons.collection", ""); +lockPref("services.blocklist.plugins.collection", ""); +lockPref("services.blocklist.gfx.collection", ""); +lockPref("services.blocklist.addons.signer", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.plugins.signer", ""); // -------------------------------- // CACHE @@ -1530,18 +1551,15 @@ lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false lockPref("services.sync.tabs.lastSync", "0"); // -------------------------------- -// WEBGL +// WEBGL AND PERFORMANCE // -------------------------------- defaultPref("webgl.force-enabled", true); defaultPref("layers.acceleration.force-enabled", true); lockPref("webgl.enable-webgl2", false); -lockPref("webgl.min_capability_mode", true); lockPref("webgl.disable-fail-if-major-performance-caveat", true); - -// conflicting with previous prefs? -// defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] -// defaultPref("layers.acceleration.disabled", false); +defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] +defaultPref("layers.acceleration.disabled", false); // -------------------------------- // JS @@ -1710,8 +1728,10 @@ lockPref("datareporting.policy.dataSubmissionEnabled", false); >>>>>>> 7887469 (reviewed and reorganized up to extensions) ======= lockPref("toolkit.coverage.endpoint.base", ""); +lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] lockPref("toolkit.coverage.opt-out", true); lockPref("toolkit.coverage.enabled", false); +<<<<<<< HEAD >>>>>>> 4041ab1 (reorganized and improved some entries) // pocket @@ -1720,10 +1740,20 @@ lockPref("extensions.pocket.enabled", false); lockPref("extensions.pocket.site", ""); lockPref("extensions.pocket.oAuthConsumerKey", ""); lockPref("extensions.pocket.api", ""); +======= +lockPref("app.shield.optoutstudies.enabled", false); +lockPref("beacon.enabled", false); +// ping +lockPref("browser.send_pings", false); +lockPref("browser.send_pings.require_same_host", true); +>>>>>>> 8b7a898 (updated and started editing external protocols) + +// discovery lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); +<<<<<<< HEAD lockPref("breakpad.reportURL", ""); lockPref("browser.send_pings", false); lockPref("browser.send_pings.require_same_host", true); @@ -1789,30 +1819,24 @@ lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); ======= +======= +// crash report +lockPref("breakpad.reportURL", ""); +lockPref("browser.tabs.crashReporting.sendReport", false); +lockPref("browser.crashReports.unsubmittedCheck.enabled", false); +lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); +>>>>>>> 8b7a898 (updated and started editing external protocols) +// captive portal +lockPref("network.captive-portal-service.enabled", false); +lockPref("captivedetect.canonicalURL", ""); -// Pref : Don't monitor OS online/offline connection state -// https://trac.torproject.org/projects/tor/ticket/18945 -lockPref("network.manage-offline-status", false); +// -------------------------------- +// EXTERNAL PROTOCOLS +// -------------------------------- -// Pref : Set File URI Origin Policy -// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 -lockPref("security.fileuri.strict_origin_policy", true); - -// Pref : Disable SVG in OpenType fonts -// https://wiki.mozilla.org/SVGOpenTypeFonts -// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle -lockPref("gfx.font_rendering.opentype_svg.enabled", false); - -// Pref : Enable only whitelisted URL protocol handlers -// Disabling non-essential protocols breaks all interaction with custom protocols such -// as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... -// clients when clicking on links with these protocols lockPref("network.protocol-handler.warn-external-default",true); -lockPref("network.protocol-handler.external.http",false); -lockPref("network.protocol-handler.external.https",false); lockPref("network.protocol-handler.external.javascript",false); lockPref("network.protocol-handler.external.moz-extension",false); lockPref("network.protocol-handler.external.ftp",false); @@ -1889,6 +1913,7 @@ lockPref("devtools.debugger.force-local", true); lockPref("network.allow-experiments", false); >>>>>>> 653a6ed (knocked out some more prefs) +<<<<<<< HEAD // crash report lockPref("breakpad.reportURL", ""); lockPref("browser.tabs.crashReporting.sendReport", false); @@ -1904,6 +1929,17 @@ lockPref("captivedetect.canonicalURL", ""); // # WINDOWS // -------------------------------- ======= +======= + +// Pref : Disable "Show search suggestions in location bar results" +lockPref("browser.urlbar.suggest.searches", false); +lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); + +// Pref : Never check for updates to search engines +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking +lockPref("browser.search.update", false); + +>>>>>>> 8b7a898 (updated and started editing external protocols) lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); lockPref("network.netlink.route.check.IPv6", "::1");