From e7bd14cfa7bd914f3834b247eceedd57a3bfbd71 Mon Sep 17 00:00:00 2001 From: fxbrit Date: Fri, 21 May 2021 23:37:51 +0200 Subject: [PATCH] pre 89.0 cleanup + improvements --- docs/Changelog.md | 66 ++++++++++++++++++++++++ librewolf.cfg | 129 +++++++++++++++++----------------------------- 2 files changed, 113 insertions(+), 82 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 8bd48c5..e692ad4 100755 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -34,6 +34,8 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false); defaultPref("general.warnOnAboutConfig", false); defaultPref("network.auth.subresource-http-auth-allow", 1); defaultPref("browser.display.use_system_colors", false); +defaultPref("browser.cache.disk.enable", false); +defaultPref("fission.autostart", true); ``` #### Modified @@ -552,6 +554,38 @@ lockPref("browser.contentblocking.report.vpn.url", ""); lockPref("browser.contentblocking.report.vpn-promo.url", ""); lockPref("browser.contentblocking.report.vpn-ios.url", ""); lockPref("browser.contentblocking.report.vpn-android.url", ""); + +// urls that do not damage and make re-enabling TP a pain +lockPref("browser.contentblocking.reportBreakage.url", ""); +defaultPref("browser.safebrowsing.provider.mozilla.pver", ""); +defaultPref("browser.safebrowsing.provider.mozilla.lists", ""); +defaultPref("browser.safebrowsing.provider.mozilla.lists.base", ""); +defaultPref("browser.safebrowsing.provider.mozilla.lists.content", ""); +defaultPref("browser.safebrowsing.provider.mozilla.lastupdatetime", ""); +defaultPref("browser.safebrowsing.provider.mozilla.nextupdatetime", ""); +lockPref("urlclassifier.trackingTable", ""); +lockPref("browser.contentblocking.database.enabled", false); + +lockPref("privacy.trackingprotection.socialtracking.enabled", false); // default +defaultPref("network.stricttransportsecurity.preloadlist", false); // nothing wrong with hsts +lockPref("security.ssl.disable_session_identifiers", true); // covered by isolation, large performance hit +// defaultPref("intl.regional_prefs.use_os_locales", false); // default and already commented +lockPref("extensions.screenshots.upload-disabled", true); // deprecated feature +lockPref("dom.ipc.plugins.reportCrashURL", false); // flash is gone, does nothing +lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); // flash is gone, does nothing +lockPref("plugin.state.flash", 0); // flash is gone, does nothing +defaultPref("alerts.showFavicons", false); // default +lockPref("plugin.default.state", 1); // default +lockPref("extensions.pocket.enabled", false); // pocket is already disabled +lockPref("extensions.pocket.site", ""); // pocket is already disabled +lockPref("extensions.pocket.oAuthConsumerKey", ""); // pocket is already disabled +lockPref("extensions.pocket.api", ""); // pocket is already disabled +defaultPref("accessibility.typeaheadfind", false); // default +defaultPref("reader.parse-on-load.enabled", false); // no need to have it locked, even Tor Browser re-enabled it +lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); // default +defaultPref("network.proxy.socks_version", 5); // default +defaultPref("network.proxy.autoconfig_url", ""); // default +defaultPref("extensions.formautofill.section.enabled", false); // no effect ``` #### Commented Prefs that need to be addressed and that were disabled for now @@ -563,6 +597,34 @@ Prefs that need to be addressed and that were disabled for now // defaultPref("media.peerconnection.identity.timeout", 1); // defaultPref("media.peerconnection.turn.disable", true); // defaultPref("media.peerconnection.ice.tcp", false); + +// blocklist is a security feature, best left at default +// defaultPref("extensions.blocklist.enabled", false); +// defaultPref("extensions.blocklist.detailsURL", ""); +// defaultPref("extensions.blocklist.itemURL", ""); + +// commented all below as they do no harm and make enabling SB painful +// could potentially at some point +// defaultPref("browser.safebrowsing.id", ""); +// defaultPref("browser.safebrowsing.provider.google4.pver", ""); +// defaultPref("browser.safebrowsing.provider.google4.advisoryName", ""); +// defaultPref("browser.safebrowsing.provider.google4.advisoryURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.lists", ""); +// defaultPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.reportURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.lastupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google4.nextupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google.advisoryName", ""); +// defaultPref("browser.safebrowsing.provider.google.advisoryURL", ""); +// defaultPref("browser.safebrowsing.provider.google.lastupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google.lists", ""); +// defaultPref("browser.safebrowsing.provider.google.nextupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google.pver", ""); +// defaultPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google.reportURL", ""); +// defaultPref("browser.safebrowsing.reportPhishURL", ""); ``` #### Unlocked @@ -658,6 +720,10 @@ defaultPref("browser.search.suggest.enabled", false); defaultPref("browser.search.region", "US"); defaultPref("browser.urlbar.suggest.searches", false); defaultPref("browser.search.update", false); +defaultPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); // enable UI elements of TP if you want to use it +defaultPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); // enable UI elements of TP if you want to use it +defaultPref("privacy.trackingprotection.cryptomining.enabled", false); // user can manually choose what to do once he enables UI with the above prefs +defaultPref("privacy.trackingprotection.fingerprinting.enabled", false); // user can manually choose what to do once he enables UI with the above prefs ``` #### To discuss diff --git a/librewolf.cfg b/librewolf.cfg index 01628c3..bf3cfbe 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -30,19 +30,17 @@ defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more lockPref("privacy.trackingprotection.enabled", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); -lockPref("privacy.trackingprotection.socialtracking.enabled", false); -lockPref("privacy.trackingprotection.cryptomining.enabled", false); -lockPref("privacy.trackingprotection.fingerprinting.enabled", false); +defaultPref("privacy.trackingprotection.cryptomining.enabled", false); +defaultPref("privacy.trackingprotection.fingerprinting.enabled", false); lockPref("privacy.trackingprotection.annotate_channels", false); -lockPref("urlclassifier.trackingTable", ""); -lockPref("browser.contentblocking.database.enabled", false); // remove urls -lockPref("browser.contentblocking.reportBreakage.url", ""); +defaultPref("browser.safebrowsing.provider.mozilla.updateURL", ""); +defaultPref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // hide ui elements -lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); -lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); +defaultPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +defaultPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); lockPref("browser.contentblocking.report.hide_vpn_banner", true); lockPref("browser.contentblocking.report.show_mobile_app", false); lockPref("browser.contentblocking.report.lockwise.enabled", false); @@ -63,9 +61,10 @@ defaultPref("media.autoplay.blocking_policy", 2); lockPref("signon.rememberSignons", false); lockPref("signon.storeWhenAutocompleteOff", false); +lockPref("signon.formlessCapture.enabled", false); +lockPref("signon.autofillForms", false); defaultPref("signon.management.page.breach-alerts.enabled", false); defaultPref("signon.management.page.breachAlertUrl", ""); -lockPref("signon.formlessCapture.enabled", false); // -------------------------------- // # SEARCH AND URLBAR @@ -112,21 +111,16 @@ defaultPref("browser.sessionstore.interval", 60000); // # AUTOFILL // --------------------------------- -defaultPref("extensions.formautofill.section.enabled", false); defaultPref("extensions.formautofill.available", "off"); defaultPref("extensions.formautofill.addresses.enabled", false); defaultPref("extensions.formautofill.creditCards.enabled", false); defaultPref("extensions.formautofill.creditCards.available", false); defaultPref("extensions.formautofill.heuristics.enabled", false); -lockPref("signon.autofillForms", false); // ----------------------- // # DRM // ----------------------- -// includes new DRM implementation for easily re-enabling it -// following four prefs must be set to true to play DRM content -// could be further reduced to 2 or 1 prefs defaultPref("media.eme.enabled", false); defaultPref("media.gmp-widevinecdm.visible", false); defaultPref("media.gmp-widevinecdm.enabled", false); @@ -264,9 +258,7 @@ defaultPref("network.http.referer.XOriginPolicy", 0); // # PROXY // -------------------------------- -defaultPref("network.proxy.autoconfig_url", ""); defaultPref("network.proxy.socks_remote_dns", true); -defaultPref("network.proxy.socks_version", 5); // -------------------------------------- // # HTTP(S) @@ -284,16 +276,12 @@ defaultPref("network.auth.subresource-http-auth-allow", 1); defaultPref("security.ssl.require_safe_negotiation", true); lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); -lockPref("security.ssl.disable_session_identifiers", true); defaultPref("browser.ssl_override_behavior", 1); lockPref("security.tls.enable_0rtt_data", false); lockPref("security.tls.version.enable-deprecated", false); defaultPref("security.tls.version.fallback-limit", 3); defaultPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos -// to check -defaultPref("network.stricttransportsecurity.preloadlist", false); - // -------------------------------------- // # RFP // -------------------------------------- @@ -302,6 +290,12 @@ defaultPref("privacy.resistFingerprinting", true); defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing +// -------------------------------------- +// # FISSION +// -------------------------------------- + +defaultPref("fission.autostart", true); + // -------------------------------------- // # LANGUAGE AND REGION // -------------------------------------- @@ -309,7 +303,6 @@ lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing defaultPref("javascript.use_us_english_locale", true); defaultPref("intl.locale.requested", "en-US"); defaultPref("privacy.spoof_english", 2); -// defaultPref("intl.regional_prefs.use_os_locales", false); // default // ------------------------------------------------------- // # EXTENSIONS - check readme section "Extensions Firewall" @@ -334,20 +327,14 @@ defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addon // other urls defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ -defaultPref("extensions.update.url", ""); -// Default Value -// https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= -// %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -// %ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= -// %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= -// %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% +defaultPref("extensions.update.url", ""); // https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% // ui defaultPref("extensions.getAddons.showPane", false); lockPref("extensions.getAddons.discovery.api_url", ""); lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); lockPref("extensions.webcompat-reporter.enabled", false); -lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new +lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// https://webcompat.com/issues/new // background checking and updating defaultPref("extensions.update.enabled", false); @@ -355,10 +342,10 @@ defaultPref("extensions.update.autoUpdateDefault", false); defaultPref("extensions.update.background.url", ""); defaultPref("extensions.getAddons.cache.enabled", false); -// blocklist -defaultPref("extensions.blocklist.enabled", false); -defaultPref("extensions.blocklist.detailsURL", ""); -defaultPref("extensions.blocklist.itemURL", ""); +// blocklist is a security feature, best left at default +// defaultPref("extensions.blocklist.enabled", false); +// defaultPref("extensions.blocklist.detailsURL", ""); +// defaultPref("extensions.blocklist.itemURL", ""); // system addons lockPref("extensions.systemAddon.update.url", ""); @@ -367,7 +354,6 @@ lockPref("extensions.systemAddon.update.enabled", false); defaultPref("xpinstall.signatures.devInfoURL", ""); lockPref("extensions.webservice.discoverURL", ""); lockPref("webextensions.storage.sync.serverURL", ""); -lockPref("extensions.screenshots.upload-disabled", true); lockPref("lightweightThemes.getMoreURL", ""); defaultPref("extensions.postDownloadThirdPartyPrompt", false); @@ -420,42 +406,36 @@ lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", fal lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false); lockPref("browser.safebrowsing.downloads.remote.url", ""); -// could try re-enabling some of these urls to see if it causes connections -defaultPref("browser.safebrowsing.id", ""); defaultPref("browser.safebrowsing.blockedURIs.enabled", false); -defaultPref("browser.safebrowsing.provider.google4.pver", ""); -defaultPref("browser.safebrowsing.provider.google4.advisoryName", ""); -defaultPref("browser.safebrowsing.provider.google4.advisoryURL", ""); defaultPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); defaultPref("browser.safebrowsing.provider.google4.dataSharingURL", ""); defaultPref("browser.safebrowsing.provider.google4.gethashURL", ""); -defaultPref("browser.safebrowsing.provider.google4.lists", ""); -defaultPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); -defaultPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); -defaultPref("browser.safebrowsing.provider.google4.reportURL", ""); defaultPref("browser.safebrowsing.provider.google4.updateURL", ""); -defaultPref("browser.safebrowsing.provider.google4.lastupdatetime", ""); -defaultPref("browser.safebrowsing.provider.google4.nextupdatetime", ""); -defaultPref("browser.safebrowsing.provider.google.advisoryName", ""); -defaultPref("browser.safebrowsing.provider.google.advisoryURL", ""); defaultPref("browser.safebrowsing.provider.google.gethashURL", ""); -defaultPref("browser.safebrowsing.provider.google.lastupdatetime", ""); -defaultPref("browser.safebrowsing.provider.google.lists", ""); -defaultPref("browser.safebrowsing.provider.google.nextupdatetime", ""); -defaultPref("browser.safebrowsing.provider.google.pver", ""); -defaultPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); -defaultPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); -defaultPref("browser.safebrowsing.provider.google.reportURL", ""); defaultPref("browser.safebrowsing.provider.google.updateURL", ""); -defaultPref("browser.safebrowsing.provider.mozilla.pver", ""); -defaultPref("browser.safebrowsing.provider.mozilla.lists", ""); -defaultPref("browser.safebrowsing.provider.mozilla.lists.base", ""); -defaultPref("browser.safebrowsing.provider.mozilla.lists.content", ""); -defaultPref("browser.safebrowsing.provider.mozilla.updateURL", ""); -defaultPref("browser.safebrowsing.provider.mozilla.gethashURL", ""); -defaultPref("browser.safebrowsing.provider.mozilla.lastupdatetime", ""); -defaultPref("browser.safebrowsing.provider.mozilla.nextupdatetime", ""); -defaultPref("browser.safebrowsing.reportPhishURL", ""); + +// commented all below as they do no harm and make enabling SB painful +// could potentially at some point +// defaultPref("browser.safebrowsing.id", ""); +// defaultPref("browser.safebrowsing.provider.google4.pver", ""); +// defaultPref("browser.safebrowsing.provider.google4.advisoryName", ""); +// defaultPref("browser.safebrowsing.provider.google4.advisoryURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.lists", ""); +// defaultPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.reportURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.lastupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google4.nextupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google.advisoryName", ""); +// defaultPref("browser.safebrowsing.provider.google.advisoryURL", ""); +// defaultPref("browser.safebrowsing.provider.google.lastupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google.lists", ""); +// defaultPref("browser.safebrowsing.provider.google.nextupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google.pver", ""); +// defaultPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google.reportURL", ""); +// defaultPref("browser.safebrowsing.reportPhishURL", ""); // -------------------------------- // # FONTS @@ -468,28 +448,15 @@ lockPref("gfx.font_rendering.opentype_svg.enabled", false); // # MISC // -------------------------------- -// keep track of, should be useless as mozilla removed flash from source code -lockPref("dom.ipc.plugins.reportCrashURL", false); -lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); -lockPref("plugin.state.flash", 0); - // more important stuff lockPref("browser.shell.shortcutFavicons", false); -defaultPref("alerts.showFavicons", false); defaultPref("browser.link.open_newwindow", 3); defaultPref("browser.link.open_newwindow.restriction", 0); defaultPref("network.file.disable_unc_paths", true); // (hidden pref) lockPref("network.gio.supported-protocols", ""); // (hidden pref) -lockPref("plugin.default.state", 1); lockPref("network.IDN_show_punycode", true); defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP -// pocket, to check if we can remove -lockPref("extensions.pocket.enabled", false); -lockPref("extensions.pocket.site", ""); -lockPref("extensions.pocket.oAuthConsumerKey", ""); -lockPref("extensions.pocket.api", ""); - // pdf reader defaultPref("pdfjs.disabled", false); defaultPref("pdfjs.enableScripting", false); @@ -514,12 +481,10 @@ defaultPref("browser.download.manager.addToRecentDocs", false); defaultPref("accessibility.force_disabled", 1); lockPref("browser.uitour.enabled", false); lockPref("middlemouse.contentLoadURL", false); -defaultPref("accessibility.typeaheadfind", false); defaultPref("network.manage-offline-status", false); defaultPref("browser.helperApps.deleteTempFileOnExit", true); lockPref("browser.pagethumbnails.capturing_disabled", true); lockPref("browser.bookmarks.max_backups", 2); -defaultPref("reader.parse-on-load.enabled", false); // devtools defaultPref("devtools.debugger.remote-enabled", false); @@ -570,7 +535,6 @@ lockPref("app.releaseNotesURL", ""); lockPref("app.releaseNotesURL.aboutDialog", ""); lockPref("browser.chrome.errorReporter.infoURL", ""); lockPref("datareporting.policy.firstRunURL", ""); -lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); // -------------------------------- // # CACHE @@ -579,6 +543,7 @@ lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); lockPref("browser.cache.offline.storage.enable", false); lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] defaultPref("media.memory_cache_max_size", 65536); +defaultPref("browser.cache.disk.enable", false); // -------------------------------- // # WEBGL AND PERFORMANCE @@ -591,10 +556,10 @@ defaultPref("webgl.enable-webgl2", false); // # JS // -------------------------------- -// should we consider disabling WebAssembly ? +// currently in hardened setup // lockPref("javascript.options.wasm", false); -// left as it is worth considering +// currently in hardened setup // lockPref("javascript.options.asmjs", false); lockPref("javascript.options.shared_memory", false); @@ -607,7 +572,7 @@ defaultPref("geo.enabled", false); lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] lockPref("geo.provider.use_corelocation", false); // [MAC] lockPref("geo.provider.use_gpsd", false); // [LINUX] -defaultPref("geo.provider.network.url", ""); +defaultPref("geo.provider.network.url", ""); // testing defaultPref("geo.provider.network.logging.enabled", false); lockPref("browser.region.network.url", ""); lockPref("browser.region.update.enabled", false);