diff --git a/Changelog.md b/Changelog.md index 0065ffc..080fa28 100755 --- a/Changelog.md +++ b/Changelog.md @@ -159,6 +159,7 @@ defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.e ``` #### Removed +<<<<<<< HEAD Lines that were commented and are now removed ``` // Librefox Compatibility Fix @@ -289,6 +290,8 @@ ALL OF Disabled - Deprecated Inactive ALL OF Disabled - Section OFF ``` >>>>>>> 55c94dc (reorganized, revisited) +======= +>>>>>>> 57702f8 (updated changelog) Active prefs that were removed ``` lockPref("network.cookie.same-site.enabled", true); // Deprecated @@ -625,6 +628,9 @@ defaultPref("pdfjs.enableWebGL", false); // default lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable lockPref("network.predictor.enable-prefetch", false); // default <<<<<<< HEAD +<<<<<<< HEAD +======= +>>>>>>> 57702f8 (updated changelog) lockPref("network.http.referer.spoofSource", false); // default defaultPref("network.http.referer.defaultPolicy", 2); // default defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default @@ -658,8 +664,11 @@ lockPref("xpinstall.whitelist.required", true); // default lockPref("browser.sessionhistory.max_entries", 20); // why? lockPref("extensions.webapi.testing", false); // hidden but default false lockPref("canvas.capturestream.enabled", false); // any real benefit? +<<<<<<< HEAD lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup +======= +>>>>>>> 57702f8 (updated changelog) // fxaccounts is disabled in policies lockPref("identity.fxaccounts.enabled", false); @@ -669,6 +678,7 @@ lockPref("identity.fxaccounts.commands.enabled", false); lockPref("identity.fxaccounts.remote.oauth.uri", ""); lockPref("identity.fxaccounts.remote.profile.uri", ""); lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); +<<<<<<< HEAD ======= ======= defaultPref("accessibility.typeaheadfind", false); // Already default @@ -688,6 +698,9 @@ Active prefs that were commented in order to address them before removing them >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes) <<<<<<< HEAD +======= + +>>>>>>> 57702f8 (updated changelog) // all handled by lockPref("services.settings.server", "") lockPref("services.blocklist.addons.collection", ""); lockPref("services.blocklist.plugins.collection", ""); @@ -812,6 +825,7 @@ lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false) lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); lockPref("services.sync.tabs.lastSync", "0"); +<<<<<<< HEAD ======= // redudant with RFP and javascript.use_us_english_locale // defaultPref("privacy.spoof_english", 2); @@ -1558,8 +1572,10 @@ lockPref("services.sync.tabs.lastSync", "0"); ``` >>>>>>> 814a479 (reviewed DRM, removed ircs hand, moved exp prefs) ======= +======= +>>>>>>> 57702f8 (updated changelog) -/* +// useless as ui elements are not in the report page lockPref("browser.contentblocking.report.cookie.url", ""); lockPref("browser.contentblocking.report.cryptominer.url", ""); lockPref("browser.contentblocking.report.endpoint_url", ""); @@ -1579,7 +1595,17 @@ lockPref("browser.contentblocking.report.vpn.url", ""); lockPref("browser.contentblocking.report.vpn-promo.url", ""); lockPref("browser.contentblocking.report.vpn-ios.url", ""); lockPref("browser.contentblocking.report.vpn-android.url", ""); -*/ +``` +#### Commented +Prefs that need to be addressed and that were disabled for now +``` +// all covered by previous prefs +// defaultPref("media.navigator.video.enabled", false); +// defaultPref("media.peerconnection.use_document_iceservers", false); +// defaultPref("media.peerconnection.identity.enabled", false); +// defaultPref("media.peerconnection.identity.timeout", 1); +// defaultPref("media.peerconnection.turn.disable", true); +// defaultPref("media.peerconnection.ice.tcp", false); ``` <<<<<<< HEAD >>>>>>> 48fecfd (removed redundant stuff) @@ -1588,56 +1614,25 @@ lockPref("browser.contentblocking.report.vpn-android.url", ""); #### Unlocked Locked prefs that were unlocked, more should be unlocked probably ``` -lockPref("general.config.filename", "librewolf.cfg"); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("privacy.donottrackheader.enabled", true); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("permissions.default.geo", 2); - +defaultPref("general.config.filename", "librewolf.cfg"); +defaultPref("privacy.donottrackheader.enabled", true); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("permissions.default.geo", 2); // Unlocked as some think it increases fingerprint, they can now disable it defaultPref("extensions.getAddons.themes.browseURL", "") - defaultPref("pdfjs.enableWebGL", false); defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); defaultPref("pdfjs.enabledCache.state", false); - defaultPref("alerts.showFavicons", false); // default: false - defaultPref("security.remote_settings.intermediates.enabled", true); - -// Unlocked as some think it increases fingerprint, they can now disable it -defaultPref("dom.battery.enabled", false); - -defaultPref("browser.tabs.closeTabByDblclick", true); - -// Unlocked as known to cause breakage -defaultPref("dom.event.clipboardevents.enabled", false); - -// already default and no reason to lock it -lockPref("network.http.referer.trimmingPolicy", 0); - +defaultPref("dom.battery.enabled", false); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("dom.event.clipboardevents.enabled", false); // Unlocked as known to cause breakage defaultPref("extensions.blocklist.enabled", false); defaultPref("extensions.blocklist.detailsURL", ""); defaultPref("extensions.blocklist.itemURL", ""); - -// someone might want to have it on for security concerns -defaultPref("security.OCSP.enabled", 0); +defaultPref("security.OCSP.enabled", 0); // someone might want to have it on for security concerns defaultPref("security.OCSP.require", false); - defaultPref("reader.parse-on-load.enabled", false); ``` -#### Made default -Prefs that were user set and are now default -``` -defaultPref("signon.management.page.breach-alerts.enabled", false); -defaultPref("signon.management.page.breachAlertUrl", ""); -defaultPref("startup.homepage_override_url", "about:blank"); -defaultPref("startup.homepage_welcome_url", "about:blank"); -defaultPref("startup.homepage_welcome_url.additional", ""); -defaultPref("identity.sendtabpromo.url", ""); -``` #### To discuss Prefs that need to be addressed and potential roadmap ``` @@ -1655,18 +1650,6 @@ dom.security.https_only_mode_send_http_background_request -> DISCUSS browser.download.useDownloadDir -> do we want to ask for download location each time? ``` -#### Commented -Prefs that need to be addressed and that were disabled for now -``` -// all covered by previous prefs -// defaultPref("media.navigator.video.enabled", false); -// defaultPref("media.peerconnection.use_document_iceservers", false); -// defaultPref("media.peerconnection.identity.enabled", false); -// defaultPref("media.peerconnection.identity.timeout", 1); -// defaultPref("media.peerconnection.turn.disable", true); -// defaultPref("media.peerconnection.ice.tcp", false); -``` - ## How to... #### Stay logged Add website to exceptions before login, both http and https link @@ -1709,4 +1692,138 @@ defaultPref("javascript.options.asmjs", false); defaultPref("webgl.disabled", true); defaultPref("privacy.resistFingerprinting.letterboxing", true); ``` +<<<<<<< HEAD >>>>>>> e7a5601 (more good stuff) +======= + +## Who cares +Prefs that were commented and are now removed +``` +// Librefox Compatibility Fix +// commented out, we're setting it differently later on +// defaultPref("extensions.autoDisableScopes", 0); + +// Removing https-everywhere adding 2 librefox addons +// keep it commented out for now, until we have more recent, properly pre-installed addons +// defaultPref("extensions.enabledAddons", ...); + +//lockPref("browser.contentblocking.global-toggle.enabled", false); +//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); +//lockPref("browser.contentblocking.fastblock.ui.enabled", false); +//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); +//lockPref("browser.contentblocking.allowlist.storage.enabled", false); +//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); +//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); +//lockPref("browser.contentblocking.ui.enabled", false); +//lockPref("browser.contentblocking.enabled", false); + +//lockPref("security.ask_for_password", 2); +//lockPref("security.password_lifetime", 5); + +//defaultPref("privacy.cpd.openWindows", true); // Clear session data +//defaultPref("privacy.clearOnShutdown.openWindows", true); +//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); +//lockPref("permissions.memory_only", true); // (hidden pref) +//lockPref("browser.formfill.expire_days", 0); + +//lockPref("browser.urlbar.autoFill", false); +//lockPref("browser.urlbar.autoFill.typed", false); + +//lockPref("media.peerconnection.video.h264", true); + +//lockPref("network.proxy.autoconfig_url.include_path", false); +//lockPref("network.proxy.socks_remote_dns", true); + +//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); +//lockPref("browser.devedition.theme.enabled", true); +//lockPref("devtools.theme", "dark"); +//lockPref("browser.devedition.theme.showCustomizeButton", true); + +//defaultPref("extensions.ui.dictionary.hidden", false); +//defaultPref("extensions.ui.locale.hidden", false); + +//lockPref("dom.indexedDB.logging.details", false); //default true +//lockPref("dom.indexedDB.logging.enabled", false); //default true +//lockPref("network.http.spdy.enabled", false); +//lockPref("network.http.spdy.enabled.deps", false); +//lockPref("network.http.spdy.enabled.http2", false); +//lockPref("network.http.spdy.websockets", false); + +// lockPref("dom.IntersectionObserver.enabled", false); + +// Pref : CSP Main Settings I/II : +// Those are default values for CSP +// Those are not meant to to be uncommented +//defaultPref("security.csp.enable", true); //This is its default value +//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value +//defaultPref("security.csp.enable_violation_events", true); //This is its default value +//defaultPref("security.csp.experimentalEnabled", false); //This is its default value +//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value +// Default Content Security Policy to apply to signed contents. +//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value + +// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature +// This value is applied after the first one (just ignore this) +//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); +// Default Value : "script-src 'self'; object-src 'self';" + +// Pref :Whether or not the installed extensions should be migrated to the +// storage.local IndexedDB backend. +//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false + +// Pref : if enabled, store execution times for API calls +//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false + +// Pref : Maximum age in milliseconds of performance counters in children +// When reached, the counters are sent to the main process and +// reset, so we reduce memory footprint. +//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.1.issuerName", ""); +// Default Value +// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US + +// Pref : Test To Make FFox Silent +//lockPref("media.gmp-manager.certs.2.issuerName", ""); +// Default Value +// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US + +// Pref : Manage certificates button +//lockPref("security.disable_button.openCertManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : Manage security devices button +//lockPref("security.disable_button.openDeviceManager", false); +// Disabled because of a bug that disables the button regardless of its value + +// Pref : The impact for this one is negligible +//defaultPref("browser.download.animateNotifications", false); +// Bench Diff : -80/5000 +// Pref : Spoof CPU Core Def 16 +// Default settings seems to be the best +//defaultPref("dom.maxHardwareConcurrency", 8); +// Bench Diff : -500/5000 +// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. +// Garbage collection releases memory back to the system. +// Default settings seems to be the best +//lockPref("javascript.options.mem.high_water_mark", 96); +// Bench Diff : -100/5000 +// Pref : Prevent font fingerprinting +// https://browserleaks.com/fonts +// https://github.com/pyllyukko/user.js/issues/120 +// Solved by extension disabled here for performance +//lockPref("browser.display.use_document_fonts", 0); + + +// Fix ESR Devtools +//lockPref("devtools.telemetry.tools.opened.version", ""); +// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} + +// defaultPref("network.http.sendRefererHeader", 1); default is better + +ALL OF Disabled - Deprecated Inactive +ALL OF Disabled - Section OFF +``` +>>>>>>> 57702f8 (updated changelog)