2019-08-17 14:09:56 +02:00
|
|
|
// ---------
|
2019-08-17 02:49:17 +02:00
|
|
|
// LibreWolf
|
2019-08-17 14:09:56 +02:00
|
|
|
// ---------
|
2019-08-17 02:49:17 +02:00
|
|
|
//
|
|
|
|
|
// Documentation .............. :
|
|
|
|
|
// ==============================
|
|
|
|
|
//
|
|
|
|
|
// "Section" : Description of the settings section separated by "----"
|
|
|
|
|
// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance
|
|
|
|
|
// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss
|
|
|
|
|
// Performance can be tested here : https://intika.github.io/octane/
|
|
|
|
|
// "Pref" : Preference/Settings name and or description followed by links or documentations
|
|
|
|
|
// and some time explanation why the setting is commented and ignored.
|
|
|
|
|
// "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here
|
|
|
|
|
// lockPref is used to lock preferences so they cannot be changed through the GUI or about:config.
|
|
|
|
|
// In many cases the GUI will change to reflect this, graying out or removing options. Appears
|
|
|
|
|
// in about:config as "locked". Some config items require lockPref to be set, such as app.update.enabled.
|
|
|
|
|
// It will not work if it set with just pref.
|
|
|
|
|
// "pref" : Sets the preference as if a user had set it, every time you start the browser. So users can make changes,
|
|
|
|
|
// but they will be erased on restart. If you set a particular preference this way,
|
|
|
|
|
// it shows up in about:config as "user set".
|
|
|
|
|
// "defaultPref" : Defaulting : Is used to alter the default value, though users can set it normally and their changes will
|
|
|
|
|
// be saved between sessions. If preferences are reset to default through the GUI or some other method,
|
|
|
|
|
// this is what they will go back to. Appears in about:config as "default".
|
|
|
|
|
// "clearPref" : Can be used to "blank" certain preferences. This can be useful e.g. to disable functions
|
|
|
|
|
// that rely on comparing version numbers.
|
|
|
|
|
//
|
|
|
|
|
// ====================================================================================
|
|
|
|
|
// Protection ................. :
|
|
|
|
|
// ==============================
|
|
|
|
|
//
|
|
|
|
|
// Pref : Locking librewolf.cfg itself
|
|
|
|
|
lockPref("general.config.filename", "librewolf.cfg");
|
|
|
|
|
//
|
|
|
|
|
// =====================================================================================
|
|
|
|
|
// Index librewolf.cfg .......... :
|
|
|
|
|
// ==============================
|
|
|
|
|
//
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
// Section : User settings // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Defaulting Settings // Bench Diff : +0 / 5000
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
// Section : Controversial // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Firefox Fingerprint // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Locale/Time // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Ghacks-user Selection // Bench Diff : +100 / 5000
|
|
|
|
|
// Section : Extensions Manager // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : IJWY To Shut Up // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Microsoft Windows // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Firefox ESR60.x // Bench Diff : +0 / 5000
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
// Section : Security 1/3 // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Security 2/3 // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Security 3/3 (Cipher) // Bench Diff : +0 / 5000
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
// Section : Performance 1/5 // Bench Diff : +650 / 5000
|
|
|
|
|
// Section : Performance 2/5 // Bench Diff : -800 / 5000
|
|
|
|
|
// Section : Performance 3/5 // Bench Diff : -1720 / 5000
|
|
|
|
|
// Section : Performance 4/5 // Bench Diff : -200 / 5000
|
|
|
|
|
// Section : Performance 5/5 // Bench Diff : -50 / 5000
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
// Section : General Settings 1/3 // Bench Diff : +100 / 5000
|
|
|
|
|
// Section : General Settings 2/3 // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : General Settings 3/3 // Bench Diff : -40 / 5000
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
// Section : Disabled - ON/OFF // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Disabled - Deprecated Active // Bench Diff : +0 / 5000
|
|
|
|
|
// Section : Disabled - Deprecated Inactive // Bench Diff : +0 / 5000
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
//
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
// Index local-settings.js .... :
|
|
|
|
|
// ==============================
|
|
|
|
|
//
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
// Section : General Settings // Bench Diff : ++ / 5000
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
//
|
|
|
|
|
// -----------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : User Settings
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Librefox Compatibility Fix
|
2020-04-10 12:02:42 +02:00
|
|
|
// commented out, we're setting it differently later on
|
|
|
|
|
// defaultPref("extensions.autoDisableScopes", 0);
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
// Removing https-everywhere adding 2 librefox addons
|
2020-03-22 13:12:27 +01:00
|
|
|
// keep it commented out for now, until we have more recent, properly pre-installed addons
|
|
|
|
|
// defaultPref("extensions.enabledAddons", "librefox.http.watcher.tor%40intika.be:2.8,%7Befd1ce61-97d1-4b4f-a378-67d0d41d858d%7D:1.2,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,tor-launcher%40torproject.org:0.1.1pre-alpha,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5");
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
// --------------------------------
|
|
|
|
|
// User Settings : Cookies settings
|
|
|
|
|
// --------------------------------
|
|
|
|
|
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("network.cookie.cookieBehavior", 1);
|
|
|
|
|
defaultPref("network.cookie.lifetimePolicy", 2);
|
2019-08-17 02:49:17 +02:00
|
|
|
lockPref("network.cookie.same-site.enabled", true);
|
|
|
|
|
lockPref("network.cookie.leave-secure-alone", true);
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("network.cookie.thirdparty.sessionOnly", true);
|
2019-08-17 02:49:17 +02:00
|
|
|
lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true);
|
|
|
|
|
|
|
|
|
|
// -----------------------------------
|
|
|
|
|
// User Settings : Tracking protection
|
|
|
|
|
// -----------------------------------
|
|
|
|
|
|
|
|
|
|
lockPref("privacy.trackingprotection.enabled", false);
|
|
|
|
|
lockPref("privacy.trackingprotection.annotate_channels", false);
|
|
|
|
|
lockPref("privacy.trackingprotection.lower_network_priority", false);
|
|
|
|
|
lockPref("privacy.trackingprotection.pbmode.enabled", false);
|
|
|
|
|
lockPref("urlclassifier.trackingTable", "");
|
|
|
|
|
lockPref("pref.privacy.disable_button.change_blocklist", true);
|
|
|
|
|
lockPref("browser.contentblocking.reportBreakage.enabled", false);
|
|
|
|
|
lockPref("browser.contentblocking.reportBreakage.url", "");
|
|
|
|
|
lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false);
|
|
|
|
|
lockPref("browser.contentblocking.rejecttrackers.ui.enabled", false);
|
|
|
|
|
lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false);
|
|
|
|
|
lockPref("browser.contentblocking.trackingprotection.ui.enabled", false);
|
|
|
|
|
//lockPref("browser.contentblocking.global-toggle.enabled", false);
|
|
|
|
|
//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false);
|
|
|
|
|
//lockPref("browser.contentblocking.fastblock.ui.enabled", false);
|
|
|
|
|
//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false);
|
|
|
|
|
//lockPref("browser.contentblocking.allowlist.annotations.enabled", false);
|
|
|
|
|
//lockPref("browser.contentblocking.allowlist.storage.enabled", false);
|
|
|
|
|
//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false);
|
|
|
|
|
//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false);
|
|
|
|
|
//lockPref("browser.contentblocking.ui.enabled", false);
|
|
|
|
|
//lockPref("browser.contentblocking.enabled", false);
|
|
|
|
|
|
|
|
|
|
// ----------------------------------
|
|
|
|
|
// User Settings : Auto-play settings
|
|
|
|
|
// ----------------------------------
|
|
|
|
|
|
|
|
|
|
lockPref("media.autoplay.default", 2);
|
|
|
|
|
|
|
|
|
|
// -----------------------------------------
|
|
|
|
|
// User Settings : Password manager settings
|
|
|
|
|
// -----------------------------------------
|
|
|
|
|
|
|
|
|
|
lockPref("signon.rememberSignons", false);
|
|
|
|
|
lockPref("services.sync.prefs.sync.signon.rememberSignons", false);
|
|
|
|
|
lockPref("signon.storeWhenAutocompleteOff", false);
|
|
|
|
|
//lockPref("security.ask_for_password", 2);
|
|
|
|
|
//lockPref("security.password_lifetime", 5);
|
|
|
|
|
|
|
|
|
|
// --------------------------------
|
|
|
|
|
// User Settings : History settings
|
|
|
|
|
// --------------------------------
|
|
|
|
|
|
|
|
|
|
lockPref("browser.sessionhistory.max_entries", 20);
|
|
|
|
|
lockPref("browser.urlbar.filter.javascript", true);
|
|
|
|
|
defaultPref("browser.uiCustomization.state", '{"placements":{"widget-overflow-fixed-list":[],"nav-bar":["home-button","downloads-button","back-button","forward-button","stop-reload-button","urlbar-container","add-ons-button","preferences-button","fxa-toolbar-menu-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["personal-bookmarks"]},"seen":["developer-button"],"dirtyAreaCache":["nav-bar","toolbar-menubar","TabsToolbar","PersonalToolbar"],"currentVersion":16,"newElementCount":3}');
|
|
|
|
|
defaultPref("browser.uidensity", 2);
|
|
|
|
|
defaultPref("browser.tabs.drawInTitlebar", true);
|
|
|
|
|
pref("startup.homepage_override_url", "about:blank");
|
|
|
|
|
pref("startup.homepage_welcome_url", "about:blank");
|
|
|
|
|
pref("startup.homepage_welcome_url.additional", "");
|
|
|
|
|
defaultPref("privacy.clearOnShutdown.offlineApps", true);
|
|
|
|
|
defaultPref("privacy.cpd.offlineApps", true); // Offline Website Data
|
|
|
|
|
defaultPref("privacy.sanitize.timeSpan", 0);
|
|
|
|
|
defaultPref("browser.formfill.enable", false);
|
|
|
|
|
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
|
|
|
|
|
defaultPref("places.history.enabled", false);
|
2020-03-10 15:34:59 +01:00
|
|
|
// the following can be safely set here, as it should not have any effect,
|
|
|
|
|
// the above defaultPref("places.history.enabled", false); is set to true
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("places.history.expiration.max_pages", 2147483647);
|
2019-08-17 02:49:17 +02:00
|
|
|
defaultPref("privacy.history.custom", true);
|
|
|
|
|
//defaultPref("privacy.cpd.openWindows", true); // Clear session data
|
|
|
|
|
//defaultPref("privacy.clearOnShutdown.openWindows", true);
|
|
|
|
|
//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]');
|
|
|
|
|
//lockPref("permissions.memory_only", true); // (hidden pref)
|
|
|
|
|
//lockPref("browser.formfill.expire_days", 0);
|
|
|
|
|
|
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
|
// User Settings : Session : Other session settings on disabled section
|
|
|
|
|
// --------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
lockPref("browser.sessionstore.privacy_level", 2);
|
|
|
|
|
lockPref("browser.sessionstore.interval", 60000);
|
|
|
|
|
|
|
|
|
|
// ---------------------------------
|
|
|
|
|
// User Settings : Autofill settings
|
|
|
|
|
// ---------------------------------
|
|
|
|
|
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.formautofill.addresses.enabled", false);
|
|
|
|
|
defaultPref("extensions.formautofill.available", "off");
|
|
|
|
|
defaultPref("extensions.formautofill.creditCards.enabled", false);
|
|
|
|
|
defaultPref("extensions.formautofill.heuristics.enabled", false);
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
lockPref("signon.autofillForms", false);
|
|
|
|
|
lockPref("signon.autofillForms.http", false);
|
|
|
|
|
//lockPref("browser.urlbar.autoFill", false);
|
|
|
|
|
//lockPref("browser.urlbar.autoFill.typed", false);
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------
|
|
|
|
|
// User Settings : Check default browser Settings
|
|
|
|
|
// ----------------------------------------------
|
|
|
|
|
|
|
|
|
|
lockPref("browser.shell.checkDefaultBrowser", false);
|
|
|
|
|
|
|
|
|
|
// -----------------------
|
|
|
|
|
// User Settings : DRM/CDM
|
|
|
|
|
// -----------------------
|
|
|
|
|
|
|
|
|
|
lockPref("media.eme.enabled", false);
|
|
|
|
|
lockPref("media.gmp-provider.enabled", false);
|
|
|
|
|
lockPref("media.gmp-manager.url", "data:text/plain,");
|
|
|
|
|
lockPref("media.gmp-manager.url.override", "data:text/plain,");
|
|
|
|
|
lockPref("media.gmp-manager.updateEnabled", false);
|
|
|
|
|
lockPref("media.gmp.trial-create.enabled", false);
|
|
|
|
|
|
|
|
|
|
lockPref("media.gmp-widevinecdm.visible", false);
|
|
|
|
|
lockPref("media.gmp-widevinecdm.enabled", false);
|
|
|
|
|
lockPref("media.gmp-widevinecdm.autoupdate", false);
|
|
|
|
|
|
|
|
|
|
lockPref("media.gmp-gmpopenh264.enabled", false);
|
|
|
|
|
lockPref("media.gmp-gmpopenh264.autoupdate", false);
|
2020-04-01 17:03:16 +02:00
|
|
|
defaultPref("media.peerconnection.video.enabled", false);
|
2019-08-17 02:49:17 +02:00
|
|
|
//lockPref("media.peerconnection.video.h264", true);
|
|
|
|
|
lockPref("media.gmp-eme-adobe.enabled", false);
|
|
|
|
|
lockPref("media.gmp-manager.certs.2.commonName", "");
|
|
|
|
|
lockPref("media.gmp-manager.certs.1.commonName", "");
|
|
|
|
|
|
2019-08-17 14:09:56 +02:00
|
|
|
// ----------------------
|
|
|
|
|
// User Settings : WebRTC
|
|
|
|
|
// ----------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
|
2020-04-01 17:03:16 +02:00
|
|
|
defaultPref("media.navigator.enabled", false);
|
|
|
|
|
defaultPref("media.navigator.video.enabled", false);
|
|
|
|
|
defaultPref("media.getusermedia.browser.enabled", false);
|
|
|
|
|
defaultPref("media.getusermedia.screensharing.enabled", false);
|
|
|
|
|
defaultPref("media.getusermedia.audiocapture.enabled", false);
|
|
|
|
|
defaultPref("media.peerconnection.use_document_iceservers", false);
|
|
|
|
|
defaultPref("media.peerconnection.identity.enabled", false);
|
|
|
|
|
// 10000 per default
|
|
|
|
|
defaultPref("media.peerconnection.identity.timeout", 1);
|
|
|
|
|
defaultPref("media.peerconnection.turn.disable", true);
|
|
|
|
|
defaultPref("media.peerconnection.ice.tcp", false);
|
|
|
|
|
defaultPref("media.peerconnection.ice.default_address_only", true);
|
|
|
|
|
defaultPref("media.peerconnection.ice.no_host", true);
|
2019-08-17 14:09:56 +02:00
|
|
|
|
|
|
|
|
// ------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
// User Settings : Proxy settings
|
2019-08-17 14:09:56 +02:00
|
|
|
// ------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
|
2019-08-17 14:09:56 +02:00
|
|
|
//lockPref("network.proxy.autoconfig_url.include_path", false);
|
2019-08-17 02:49:17 +02:00
|
|
|
//lockPref("network.proxy.socks_remote_dns", true);
|
|
|
|
|
|
2019-08-17 14:09:56 +02:00
|
|
|
// ----------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
// User Settings : DNS settings
|
2019-08-17 14:09:56 +02:00
|
|
|
// ----------------------------
|
|
|
|
|
|
2019-08-17 02:49:17 +02:00
|
|
|
lockPref("network.trr.mode", 5);
|
|
|
|
|
lockPref("network.trr.bootstrapAddress", "");
|
|
|
|
|
lockPref("network.trr.uri", "");
|
|
|
|
|
lockPref("network.dns.disableIPv6", true);
|
|
|
|
|
lockPref("network.dns.disablePrefetch", true);
|
|
|
|
|
lockPref("network.dns.disablePrefetchFromHTTPS", true);
|
|
|
|
|
|
2019-08-17 14:09:56 +02:00
|
|
|
// ------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
// User Settings : Start page highlight
|
2019-08-17 14:09:56 +02:00
|
|
|
// ------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.prerender", false);
|
|
|
|
|
|
2019-08-17 14:09:56 +02:00
|
|
|
// -------------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
// Defaulting Settings : Do not track settings
|
2019-08-17 14:09:56 +02:00
|
|
|
// -------------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
lockPref("privacy.donottrackheader.enabled", true);
|
|
|
|
|
lockPref("privacy.donottrackheader.value", 1);
|
|
|
|
|
|
2019-08-17 14:09:56 +02:00
|
|
|
// --------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
// User Settings : Other theming settings
|
2019-08-17 14:09:56 +02:00
|
|
|
// --------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
//lockPref("widget.content.gtk-theme-override", "Adwaita:light");
|
|
|
|
|
//lockPref("browser.devedition.theme.enabled", true);
|
|
|
|
|
//lockPref("devtools.theme", "dark");
|
|
|
|
|
//lockPref("browser.devedition.theme.showCustomizeButton", true);
|
|
|
|
|
|
2019-08-17 14:09:56 +02:00
|
|
|
// --------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
// User Settings : Miscellaneous settings
|
2019-08-17 14:09:56 +02:00
|
|
|
// --------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
lockPref("dom.disable_beforeunload", true);
|
|
|
|
|
lockPref("permissions.default.geo", 2);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Defaulting Settings
|
|
|
|
|
// Those settings are not locked this section purpose is to change default setting...
|
|
|
|
|
// Modifications can still be done within firefox
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
2019-08-17 14:09:56 +02:00
|
|
|
// --------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
// Defaulting Settings : Other Defaulting
|
2019-08-17 14:09:56 +02:00
|
|
|
// --------------------------------------
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
defaultPref("privacy.spoof_english", 2);
|
|
|
|
|
//defaultPref("intl.accept_languages", "en-US, en"); //This make lang windows unusable
|
|
|
|
|
defaultPref("network.http.referer.defaultPolicy", 3); // (FF59+) default: 3
|
|
|
|
|
defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2
|
|
|
|
|
defaultPref("privacy.userContext.ui.enabled", true);
|
|
|
|
|
defaultPref("privacy.userContext.enabled", true);
|
|
|
|
|
defaultPref("privacy.userContext.longPressBehavior", 2);
|
|
|
|
|
defaultPref("browser.download.autohideButton", false);
|
|
|
|
|
defaultPref("accessibility.typeaheadfind", true);
|
|
|
|
|
defaultPref("clipboard.autocopy", false);
|
|
|
|
|
defaultPref("layout.spellcheckDefault", 2);
|
|
|
|
|
defaultPref("browser.tabs.closeWindowWithLastTab", false);
|
|
|
|
|
defaultPref("general.autoScroll", false);
|
|
|
|
|
//defaultPref("network.http.sendRefererHeader", 1);
|
|
|
|
|
defaultPref("pdfjs.disabled", false);
|
|
|
|
|
defaultPref("dom.disable_open_during_load", true);
|
|
|
|
|
defaultPref("browser.link.open_newwindow", 3);
|
|
|
|
|
defaultPref("browser.link.open_newwindow.restriction", 0);
|
|
|
|
|
defaultPref("network.proxy.autoconfig_url", "");
|
|
|
|
|
defaultPref("network.proxy.autoconfig_url.include_path", false);
|
|
|
|
|
defaultPref("network.proxy.socks_remote_dns", true);
|
|
|
|
|
defaultPref("network.proxy.socks_version", 5);
|
|
|
|
|
defaultPref("browser.tabs.loadBookmarksInTabs", true);
|
|
|
|
|
defaultPref("devtools.debugger.remote-enabled", false);
|
|
|
|
|
defaultPref("devtools.chrome.enabled", false);
|
|
|
|
|
defaultPref("general.useragent.site_specific_overrides", false);
|
|
|
|
|
defaultPref("extensions.ui.experiment.hidden", false);
|
|
|
|
|
//defaultPref("extensions.ui.dictionary.hidden", false);
|
|
|
|
|
//defaultPref("extensions.ui.locale.hidden", false);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Controversial
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
lockPref("dom.indexedDB.enabled", true); //default true
|
|
|
|
|
//lockPref("dom.indexedDB.logging.details", false); //default true
|
|
|
|
|
//lockPref("dom.indexedDB.logging.enabled", false); //default true
|
|
|
|
|
lockPref("dom.w3c_pointer_events.enabled", false);
|
|
|
|
|
//lockPref("network.http.spdy.enabled", false);
|
|
|
|
|
//lockPref("network.http.spdy.enabled.deps", false);
|
|
|
|
|
//lockPref("network.http.spdy.enabled.http2", false);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Firefox Fingerprint
|
|
|
|
|
// ResistFingerprinting : Overriden by 'privacy.resistFingerprinting'
|
|
|
|
|
// This needs to be kept disabled to make resistFingerprinting efficient
|
|
|
|
|
// https://wiki.mozilla.org/Security/Fingerprinting
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("privacy.resistFingerprinting", true);
|
|
|
|
|
defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true);
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Locale/Time/UserAgent
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
lockPref("dom.forms.datetime", false);
|
|
|
|
|
lockPref("javascript.use_us_english_locale", true);
|
|
|
|
|
lockPref("intl.regional_prefs.use_os_locales", false);
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("intl.locale.requested", "en-US");
|
|
|
|
|
defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0, 45");
|
|
|
|
|
defaultPref("general.appname.override", "Netscape");
|
|
|
|
|
defaultPref("general.appversion.override", "5.0 (Windows)");
|
|
|
|
|
defaultPref("general.platform.override", "Win32");
|
|
|
|
|
defaultPref("general.oscpu.override", "Windows NT 6.1");
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Ghacks-user Selection
|
|
|
|
|
// Bench Diff : +100/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
lockPref("toolkit.coverage.endpoint.base", "");
|
|
|
|
|
lockPref("toolkit.coverage.opt-out", true); // [HIDDEN PREF]
|
|
|
|
|
lockPref("browser.download.manager.addToRecentDocs", false); //do not disable
|
|
|
|
|
lockPref("browser.download.hide_plugins_without_extensions", false); //do not disable
|
|
|
|
|
lockPref("webchannel.allowObject.urlWhitelist", "");
|
|
|
|
|
lockPref("browser.cache.offline.insecure.enable", false); // default: false in FF62+
|
|
|
|
|
lockPref("network.http.redirection-limit", 10);
|
|
|
|
|
lockPref("offline-apps.allow_by_default", false);
|
|
|
|
|
lockPref("extensions.enabledScopes", 5); // (hidden pref)
|
2020-03-15 02:05:09 +01:00
|
|
|
lockPref("extensions.autoDisableScopes", 11); //Tor value must be 0
|
2019-08-17 02:49:17 +02:00
|
|
|
lockPref("xpinstall.whitelist.required", true); // default: true
|
|
|
|
|
lockPref("dom.push.enabled", false);
|
|
|
|
|
lockPref("dom.push.connection.enabled", false);
|
|
|
|
|
lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/"
|
|
|
|
|
lockPref("dom.push.userAgentID", "");
|
|
|
|
|
lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default: true in FF59+
|
|
|
|
|
lockPref("ui.use_standins_for_native_colors", true); // (hidden pref)
|
|
|
|
|
lockPref("services.blocklist.onecrl.collection", ""); // revoked certificates
|
|
|
|
|
lockPref("services.blocklist.addons.collection", "");
|
|
|
|
|
lockPref("services.blocklist.plugins.collection", "");
|
|
|
|
|
lockPref("services.blocklist.gfx.collection", "");
|
|
|
|
|
lockPref("browser.startup.blankWindow", false);
|
|
|
|
|
lockPref("dom.event.highrestimestamp.enabled", true); // default: true
|
|
|
|
|
lockPref("privacy.trackingprotection.introURL", "");
|
|
|
|
|
lockPref("network.http.altsvc.enabled", false);
|
|
|
|
|
lockPref("network.http.altsvc.oe", false);
|
|
|
|
|
lockPref("network.file.disable_unc_paths", true); // (hidden pref)
|
|
|
|
|
lockPref("network.gio.supported-protocols", ""); // (hidden pref)
|
|
|
|
|
lockPref("browser.urlbar.usepreloadedtopurls.enabled", false);
|
|
|
|
|
lockPref("browser.urlbar.speculativeConnect.enabled", false);
|
|
|
|
|
lockPref("browser.urlbar.oneOffSearches", false);
|
|
|
|
|
lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); //Deprecated Active
|
|
|
|
|
lockPref("browser.shell.shortcutFavicons", false);
|
|
|
|
|
lockPref("alerts.showFavicons", false); // default: false
|
|
|
|
|
lockPref("security.ssl.require_safe_negotiation", true);
|
|
|
|
|
lockPref("security.tls.enable_0rtt_data", false); // (FF55+ default true)
|
|
|
|
|
lockPref("browser.xul.error_pages.expert_bad_cert", true);
|
|
|
|
|
lockPref("font.blacklist.underline_offset", "");
|
|
|
|
|
lockPref("gfx.font_rendering.graphite.enabled", false);
|
|
|
|
|
lockPref("network.http.referer.XOriginTrimmingPolicy", 0);
|
|
|
|
|
lockPref("network.http.referer.spoofSource", false);
|
|
|
|
|
lockPref("plugin.default.state", 1);
|
|
|
|
|
lockPref("plugin.defaultXpi.state", 1);
|
|
|
|
|
lockPref("canvas.capturestream.enabled", false);
|
|
|
|
|
lockPref("dom.imagecapture.enabled", false); // default: false
|
|
|
|
|
lockPref("gfx.offscreencanvas.enabled", false); // default: false
|
|
|
|
|
lockPref("dom.disable_window_open_feature.close", true);
|
|
|
|
|
lockPref("dom.disable_window_open_feature.location", true); // default: true
|
|
|
|
|
lockPref("dom.disable_window_open_feature.menubar", true);
|
|
|
|
|
lockPref("dom.disable_window_open_feature.minimizable", true);
|
|
|
|
|
lockPref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar
|
|
|
|
|
lockPref("dom.disable_window_open_feature.resizable", true); // default: true
|
|
|
|
|
lockPref("dom.disable_window_open_feature.status", true); // status bar - default: true
|
|
|
|
|
lockPref("dom.disable_window_open_feature.titlebar", true);
|
|
|
|
|
lockPref("dom.disable_window_open_feature.toolbar", true);
|
|
|
|
|
lockPref("dom.disable_window_move_resize", true);
|
|
|
|
|
lockPref("dom.IntersectionObserver.enabled", false);
|
|
|
|
|
lockPref("accessibility.force_disabled", 1);
|
|
|
|
|
lockPref("browser.uitour.enabled", false);
|
|
|
|
|
lockPref("browser.uitour.url", "");
|
|
|
|
|
lockPref("middlemouse.contentLoadURL", false);
|
|
|
|
|
lockPref("permissions.manager.defaultsUrl", "");
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Extensions Manager
|
|
|
|
|
// Extensions settings and experimental tentative to firewall extensions
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------------
|
|
|
|
|
// Extensions Firewalling - Blocking Domains :
|
|
|
|
|
// -------------------------------------------
|
|
|
|
|
|
|
|
|
|
// !!!!!!!!!!!!!!!!!!! Important !!!!!!!!!!!!!!!!!!!
|
|
|
|
|
// Please check readme section "Extensions Firewall"
|
|
|
|
|
|
|
|
|
|
// Pref : Restricted Domains I/II
|
|
|
|
|
// This will allow extensions to work everywhere
|
|
|
|
|
defaultPref("extensions.webextensions.restrictedDomains", "");
|
|
|
|
|
// Default Value : available in "debug-notes.log"
|
|
|
|
|
|
|
|
|
|
// Pref : Restricted Domains II/II
|
|
|
|
|
// Old restrictedDomains implementation
|
|
|
|
|
// Redirect basedomain used by identity api
|
|
|
|
|
lockPref("extensions.webextensions.identity.redirectDomain", "");
|
|
|
|
|
// Default Value : "extensions.allizom.org"
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------------
|
|
|
|
|
// Extensions Firewalling - Blocking The Network :
|
|
|
|
|
// -----------------------------------------------
|
|
|
|
|
|
|
|
|
|
// !!!!!!!!!!!!!!!!!!! Important !!!!!!!!!!!!!!!!!!!
|
|
|
|
|
// Please check readme section "Extensions Firewall"
|
|
|
|
|
|
|
|
|
|
// Pref : CSP Settings For Extensions I/II : Extension Firewall Feature
|
|
|
|
|
// Uncomment to disable network for the extensions
|
|
|
|
|
// Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>>
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;");
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature
|
|
|
|
|
// This value is applied after the first one (just ignore this)
|
|
|
|
|
//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';");
|
|
|
|
|
// Default Value : "script-src 'self'; object-src 'self';"
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------------
|
|
|
|
|
// Extensions Firewalling - CSP Main Settings :
|
|
|
|
|
// ---------------------------------------------
|
|
|
|
|
|
|
|
|
|
// !!!!!!!!!!!!!!!!!!! Important !!!!!!!!!!!!!!!!!!!
|
|
|
|
|
// Please check readme section "Extensions Firewall"
|
|
|
|
|
|
|
|
|
|
// Pref : CSP Main Settings I/II :
|
|
|
|
|
// Those are default values for CSP
|
|
|
|
|
// Those are not meant to to be uncommented
|
|
|
|
|
//defaultPref("security.csp.enable", true); //This is its default value
|
|
|
|
|
//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value
|
|
|
|
|
//defaultPref("security.csp.enable_violation_events", true); //This is its default value
|
|
|
|
|
//defaultPref("security.csp.experimentalEnabled", false); //This is its default value
|
|
|
|
|
//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value
|
|
|
|
|
// Default Content Security Policy to apply to signed contents.
|
|
|
|
|
//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value
|
|
|
|
|
|
|
|
|
|
// Pref : Enable Content Security Policy (CSP)
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
|
|
|
|
|
lockPref("security.csp.enable", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Enable CSP 1.1 script-nonce directive support
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=855326
|
|
|
|
|
lockPref("security.csp.experimentalEnabled", true);
|
|
|
|
|
|
|
|
|
|
// Pref : CSP Main Settings II/II : Pref : 2681 : Disable CSP Violation Events [FF59+]
|
|
|
|
|
// [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1488165
|
|
|
|
|
// Setting removed in firefox v64
|
|
|
|
|
lockPref("security.csp.enable_violation_events", false); //Deprecated Active
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------------
|
|
|
|
|
// Extensions Security :
|
|
|
|
|
// ---------------------
|
|
|
|
|
|
|
|
|
|
// Pref : Enable tab-hiding API by default.
|
|
|
|
|
defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------------
|
|
|
|
|
// Extensions IJWY :
|
|
|
|
|
// -----------------
|
|
|
|
|
|
|
|
|
|
// Pref : Report Site Issue button
|
|
|
|
|
lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://webcompat.com/issues/new
|
|
|
|
|
|
|
|
|
|
// Pref : 0518 : disable Web Compatibility Reporter (FF56+)
|
|
|
|
|
// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
|
|
|
|
|
// Report Site Issue button
|
|
|
|
|
// Note that on enabling the button in other release channels, make sure to
|
|
|
|
|
// disable it in problematic tests, see disableNonReleaseActions() inside
|
|
|
|
|
// browser/modules/test/browser/head.js
|
|
|
|
|
lockPref("extensions.webcompat-reporter.enabled", false); // Default true
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------------
|
|
|
|
|
// Extensions Performance :
|
|
|
|
|
// ------------------------
|
|
|
|
|
|
|
|
|
|
// Pref : Delaying extensions background script startup
|
|
|
|
|
defaultPref("extensions.webextensions.background-delayed-startup", true); //default true
|
|
|
|
|
|
|
|
|
|
// Pref :Whether or not the installed extensions should be migrated to the
|
|
|
|
|
// storage.local IndexedDB backend.
|
|
|
|
|
//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false
|
|
|
|
|
|
|
|
|
|
// Pref : if enabled, store execution times for API calls
|
|
|
|
|
//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false
|
|
|
|
|
|
|
|
|
|
// Pref : Maximum age in milliseconds of performance counters in children
|
|
|
|
|
// When reached, the counters are sent to the main process and
|
|
|
|
|
// reset, so we reduce memory footprint.
|
|
|
|
|
//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : IJWY To Shut Up
|
|
|
|
|
// I Just Want You To Shut Up : Closing all non necessary communication to mozilla.org etc.
|
|
|
|
|
// These settings are not used in gHacks at the moment.
|
|
|
|
|
// Will be upstreamed once stable in final version.
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref : Disabling performance addon url [FF64+]
|
|
|
|
|
lockPref("devtools.performance.recording.ui-base-url", "");
|
|
|
|
|
// Default Value : https://perf-html.io
|
|
|
|
|
|
|
|
|
|
// Pref : The default set of protocol handlers for irc [FF64+]
|
|
|
|
|
lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
|
|
|
|
|
// Default Value : https://www.mibbit.com/?url=%s
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); // Deprecated Active
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://www.mibbit.com/?url=%s
|
|
|
|
|
|
|
|
|
|
// Pref : "coverage" ping [FF64+]
|
|
|
|
|
// This ping is not enabled by default. When enabled, a ping is generated a total of once
|
|
|
|
|
//per profile, as a diagnostic tool to determine whether Telemetry is working for users.
|
|
|
|
|
lockPref("toolkit.coverage.enabled", false); //default false
|
|
|
|
|
|
|
|
|
|
// Pref : Allow extensions access to list of sites
|
|
|
|
|
// https://github.com/mozilla/gecko/blob/central/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp
|
|
|
|
|
lockPref("extensions.webapi.testing", false); // hidden prefs // default false
|
|
|
|
|
|
|
|
|
|
// Pref : Disable recommended extensions [FF64+]
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // disable CFR
|
2019-10-14 14:30:06 +02:00
|
|
|
|
|
|
|
|
// Disable recommended extensions on the add-ons page.
|
|
|
|
|
lockPref("extensions.htmlaboutaddons.recommendations.enabled", false);
|
|
|
|
|
|
2019-08-17 02:49:17 +02:00
|
|
|
// [SETTING] General>Browsing>Recommend extensions as you browse
|
|
|
|
|
// [1] https://support.mozilla.org/en-US/kb/extension-recommendations
|
|
|
|
|
|
|
|
|
|
// Pref : [FF64+]
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "");
|
2020-03-14 13:56:32 +01:00
|
|
|
lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "");
|
2019-08-17 02:49:17 +02:00
|
|
|
// Default Value :
|
|
|
|
|
// {\"id\":\"cfr\",\"enabled\":false,\"type\":\"local\",\"localProvider\":\
|
|
|
|
|
// "CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}
|
|
|
|
|
|
|
|
|
|
// Pref : [FF64+]
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", "");
|
|
|
|
|
// Default Value :
|
|
|
|
|
// {\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true}
|
|
|
|
|
|
|
|
|
|
// Pref : [FF64+]
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "");
|
|
|
|
|
// Default Value :
|
|
|
|
|
// {\"id\":\"snippets\",\"enabled\":false,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/
|
|
|
|
|
// %STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%
|
|
|
|
|
// /%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000}
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.onboarding.notification.tour-ids-queue", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("lightweightThemes.getMoreURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://addons.mozilla.org/%LOCALE%/firefox/themes
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("devtools.gcli.lodashSrc", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.6.1/lodash.min.js
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("media.decoder-doctor.new-issue-endpoint", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://webcompat.com/issues/new
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("identity.sync.tokenserver.uri", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://token.services.mozilla.com/1.0/sync/1.5
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("devtools.webide.templatesURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://code.cdn.mozilla.net/templates/list.json
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.ping-centre.production.endpoint", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://tiles.services.mozilla.com/v3/links/ping-centre
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.translation.engine", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// Google
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("network.trr.confirmationNS", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// example.com
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("gecko.handlerService.schemes.mailto.1.name", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// Gmail
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("gecko.handlerService.schemes.irc.0.name", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// Mibbit
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("gecko.handlerService.schemes.ircs.0.name", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// Mibbit
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("gecko.handlerService.schemes.mailto.0.name", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// Yahoo! Mail
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.sync.lastversion", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// firstrun
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.safebrowsing.provider.mozilla.lists.base", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// moz-std
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.safebrowsing.provider.mozilla.lists.content", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// moz-full
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.advisoryName", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// Google Safe Browsing
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.advisoryName", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// Google Safe Browsing
|
|
|
|
|
|
|
|
|
|
// Pref : Test To Make FFox Silent
|
|
|
|
|
lockPref("browser.safebrowsing.provider.mozilla.lists", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,
|
|
|
|
|
// mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,
|
|
|
|
|
// except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,
|
|
|
|
|
// block-flashsubdoc-digest256,except-flashsubdoc-digest256,
|
|
|
|
|
// except-flashinfobar-digest256,ads-track-digest256,social-track-digest256,
|
|
|
|
|
// analytics-track-digest256,fastblock1-track-digest256,fastblock1-trackwhite-digest256,
|
|
|
|
|
// fastblock2-track-digest256,fastblock2-trackwhite-digest256,fastblock3-track-digest256
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("identity.fxaccounts.remote.root", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://accounts.firefox.com/
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.settings.server", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://firefox.settings.services.mozilla.com/v1
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.sync.fxa.privacyURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://accounts.firefox.com/legal/privacy
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.sync.fxa.termsURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://accounts.firefox.com/legal/terms
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.blocklist.addons.signer", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// remote-settings.content-signature.mozilla.org
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.blocklist.gfx.signer", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// remote-settings.content-signature.mozilla.org
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.blocklist.onecrl.signer", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// onecrl.content-signature.mozilla.org
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.blocklist.pinning.signer", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// pinning-preload.content-signature.mozilla.org
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.blocklist.plugins.signer", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// remote-settings.content-signature.mozilla.org
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.settings.default_signer", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// remote-settings.content-signature.mozilla.org
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("accessibility.support.url", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://support.mozilla.org/%LOCALE%/kb/accessibility-services
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("app.normandy.shieldLearnMoreUrl", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("app.productInfo.baseURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://www.mozilla.org/firefox/features/
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("app.support.baseURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.chrome.errorReporter.infoURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/nightly-error-collection
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.dictionaries.download.url", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://addons.mozilla.org/%LOCALE%/firefox/dictionaries/
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.geolocation.warning.infoURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://www.mozilla.org/%LOCALE%/firefox/geolocation/
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.search.searchEnginesURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.uitour.themeOrigin", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://addons.mozilla.org/%LOCALE%/firefox/themes/
|
|
|
|
|
|
|
|
|
|
// Pref : Disable WebIDE ADB Dxtension Downloads
|
|
|
|
|
// Pref : 2608 : gHacks Deprecated Active
|
|
|
|
|
lockPref("devtools.webide.adbAddonURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://ftp.mozilla.org/pub/mozilla.org/labs/fxos-simulator/adb-helper/#OS#/adbhelper-#OS#-latest.xpi
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("extensions.getAddons.compatOverides.url", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=%LOCALE%
|
|
|
|
|
|
|
|
|
|
// Pref :
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.getAddons.get.url", "");
|
2019-08-17 02:49:17 +02:00
|
|
|
// Default Value
|
|
|
|
|
// https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE%
|
|
|
|
|
|
|
|
|
|
// Pref :
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.getAddons.langpacks.url", "");
|
2019-08-17 02:49:17 +02:00
|
|
|
// Default Value
|
|
|
|
|
// https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION%
|
|
|
|
|
|
|
|
|
|
// Pref :
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.getAddons.link.url", "");
|
2019-08-17 02:49:17 +02:00
|
|
|
// Default Value
|
|
|
|
|
// https://addons.mozilla.org/%LOCALE%/firefox/
|
|
|
|
|
|
|
|
|
|
// Pref :
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.getAddons.search.browseURL", "");
|
2019-08-17 02:49:17 +02:00
|
|
|
// Default Value
|
|
|
|
|
// https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("extensions.getAddons.themes.browseURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.sync.addons.trustedSourceHostnames", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// addons.mozilla.org
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("toolkit.datacollection.infoURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://www.mozilla.org/legal/privacy/firefox.html
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("xpinstall.signatures.devInfoURL", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://wiki.mozilla.org/Addons/Extension_Signing
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// google,amazon
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://accounts.firefox.com/
|
|
|
|
|
|
|
|
|
|
// Pref :
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.update.url", "");
|
2019-08-17 02:49:17 +02:00
|
|
|
// Default Value
|
|
|
|
|
// https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=
|
|
|
|
|
// %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=
|
|
|
|
|
// %ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=
|
|
|
|
|
// %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion=
|
|
|
|
|
// %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// {"api_key_pref":"extensions.pocket.oAuthConsumerKey","hidden":false,"provider_icon":
|
|
|
|
|
// "pocket","provider_name":"Pocket","read_more_endpoint":"https://getpocket.com/explore/
|
|
|
|
|
// trending?src=fx_new_tab","stories_endpoint":"https://getpocket.cdn.mozilla.net/v3/
|
|
|
|
|
// firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=en-US&feed_variant=
|
|
|
|
|
// default_spocs_on","stories_referrer":"https://getpocket.com/recommendations",
|
|
|
|
|
// "topics_endpoint":"https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?
|
|
|
|
|
// version=2&consumer_key=$apiKey&locale_lang=en-US","show_spocs":true,"personalized":true}
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("lightweightThemes.recommendedThemes", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// [{"id":"recommended-1","homepageURL":"https://addons.mozilla.org/firefox/addon/a-web-browser-renaissance/",
|
|
|
|
|
// "headerURL":"resource:///chrome/browser/content/browser/defaultthemes/1.header.jpg",
|
|
|
|
|
// "textcolor":"#000000","accentcolor":"#834d29","iconURL":"resource:///chrome/browser/content/browser/
|
|
|
|
|
// defaultthemes/1.icon.jpg","previewURL":"resource:///chrome/browser/content/browser/defaultthemes/1.
|
|
|
|
|
// preview.jpg","author":"Sean.Martell","version":"0"},{"id":"recommended-2","homepageURL":
|
|
|
|
|
// "https://addons.mozilla.org/firefox/addon/space-fantasy/","headerURL":
|
|
|
|
|
// "resource:///chrome/browser/content/browser/defaultthemes/2.header.jpg",
|
|
|
|
|
// "textcolor":"#ffffff","accentcolor":"#d9d9d9","iconURL":"resource:///chrome/browser/content/browser/
|
|
|
|
|
// defaultthemes/2.icon.jpg","previewURL":"resource:///chrome/browser/content/browser/defaultthemes/
|
|
|
|
|
// 2.preview.jpg","author":"fx5800p","version":"1.0"},{"id":"recommended-4","homepageURL":
|
|
|
|
|
// "https://addons.mozilla.org/firefox/addon/pastel-gradient/","headerURL":
|
|
|
|
|
// "resource:///chrome/browser/content/browser/defaultthemes/4.header.png",
|
|
|
|
|
// "textcolor":"#000000","accentcolor":"#000000","iconURL":
|
|
|
|
|
// "resource:///chrome/browser/content/browser/defaultthemes/4.icon.png","previewURL":
|
|
|
|
|
// "resource:///chrome/browser/content/browser/defaultthemes/4.preview.png",
|
|
|
|
|
// "author":"darrinhenein","version":"1.0"}]
|
|
|
|
|
|
|
|
|
|
// Other Sync Settings - Disabling By Prevention ---------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
lockPref("services.sync.maxResyncs", 0); //5
|
|
|
|
|
lockPref("services.sync.telemetry.maxPayloadCount", 0); //500
|
|
|
|
|
lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false
|
|
|
|
|
lockPref("services.sync.engine.addons", false); //true
|
|
|
|
|
lockPref("services.sync.engine.addresses", false); //false
|
|
|
|
|
lockPref("services.sync.engine.bookmarks", false); //true
|
|
|
|
|
lockPref("services.sync.engine.bookmarks.buffer", false); //false
|
|
|
|
|
lockPref("services.sync.engine.creditcards", false); //false
|
|
|
|
|
lockPref("services.sync.engine.creditcards.available", false); //false
|
|
|
|
|
lockPref("services.sync.engine.history", false); //true
|
|
|
|
|
lockPref("services.sync.engine.passwords", false); //true
|
|
|
|
|
lockPref("services.sync.engine.prefs", false); //true
|
|
|
|
|
lockPref("services.sync.engine.tabs", false); //true
|
|
|
|
|
lockPref("services.sync.log.appender.file.logOnError", false); //true
|
|
|
|
|
lockPref("services.sync.log.appender.file.logOnSuccess", false); //false
|
|
|
|
|
lockPref("services.sync.log.cryptoDebug", false); //false
|
|
|
|
|
lockPref("services.sync.sendVersionInfo", false); //true
|
|
|
|
|
lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.contentblocking.enabled", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true
|
2020-03-14 13:56:32 +01:00
|
|
|
lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true
|
2019-08-17 02:49:17 +02:00
|
|
|
lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.search.update", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.startup.page", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.extensions.personas.current", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.permissions.default.image", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.security.OCSP.require", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.security.tls.version.max", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.security.tls.version.min", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true
|
|
|
|
|
lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); //true
|
|
|
|
|
|
|
|
|
|
// Testing -----------------------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
// Pref : Test To Make FFox Silent
|
|
|
|
|
lockPref("browser.chrome.errorReporter.publicKey", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// c709cb7a2c0b4f0882fcc84a5af161ec
|
|
|
|
|
|
|
|
|
|
// Pref : Test To Make FFox Silent
|
|
|
|
|
lockPref("prio.publicKeyA", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// 35AC1C7576C7C6EDD7FED6BCFC337B34D48CB4EE45C86BEEFB40BD8875707733
|
|
|
|
|
lockPref("prio.publicKeyB", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// 26E6674E65425B823F1F1D5F96E3BB3EF9E406EC7FBA7DEF8B08A35DD135AF50
|
|
|
|
|
|
|
|
|
|
// Alpha Settings Not Needed At The Moment --------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
//lockPref("urlclassifier.phishTable", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// goog-phish-proto,test-phish-simple
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
//lockPref("urlclassifier.passwordAllowTable", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// goog-passwordwhite-proto
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
//lockPref("urlclassifier.downloadAllowTable", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// goog-downloadwhite-proto
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
//lockPref("urlclassifier.downloadBlockTable", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// goog-badbinurl-proto
|
|
|
|
|
|
|
|
|
|
// Pref : Test To Make FFox Silent
|
|
|
|
|
//lockPref("security.content.signature.root_hash", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
|
|
|
|
|
|
|
|
|
|
// Pref : Test To Make FFox Silent
|
|
|
|
|
//lockPref("media.gmp-manager.certs.1.issuerName", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US
|
|
|
|
|
|
|
|
|
|
// Pref : Test To Make FFox Silent
|
|
|
|
|
//lockPref("media.gmp-manager.certs.2.issuerName", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US
|
|
|
|
|
|
|
|
|
|
// Disabled ----------------------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
// Pref : New page default sites
|
|
|
|
|
//lockPref("browser.newtabpage.activity-stream.default.sites", "");
|
|
|
|
|
// Default Value
|
|
|
|
|
// https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,
|
|
|
|
|
// https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Microsoft Windows
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref : Other webGl [WINDOWS]
|
|
|
|
|
lockPref("webgl.dxgl.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : disable scanning for plugins [WINDOWS]
|
|
|
|
|
lockPref("plugin.scan.plid.all", false);
|
|
|
|
|
|
|
|
|
|
// Pref : disable Windows jumplist [WINDOWS]
|
|
|
|
|
lockPref("browser.taskbar.lists.enabled", false);
|
|
|
|
|
lockPref("browser.taskbar.lists.frequent.enabled", false);
|
|
|
|
|
lockPref("browser.taskbar.lists.recent.enabled", false);
|
|
|
|
|
lockPref("browser.taskbar.lists.tasks.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : disable Windows taskbar preview [WINDOWS]
|
|
|
|
|
lockPref("browser.taskbar.previews.enable", false);
|
|
|
|
|
|
|
|
|
|
// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS]
|
|
|
|
|
// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/
|
|
|
|
|
lockPref("network.protocol-handler.external.ms-windows-store", false);
|
|
|
|
|
|
|
|
|
|
// Pref : disable background update service [WINDOWS]
|
|
|
|
|
// [SETTING] General>Firefox Updates>Use a background service to install updates
|
|
|
|
|
lockPref("app.update.service.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+)
|
|
|
|
|
// [1] https://bugzilla.mozilla.org/603903
|
|
|
|
|
lockPref("toolkit.winRegisterApplicationRestart", false);
|
|
|
|
|
|
|
|
|
|
// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
|
|
|
|
|
// 0=disable detecting Family Safety mode and importing the root
|
|
|
|
|
// 1=only attempt to detect Family Safety mode (don't import the root)
|
|
|
|
|
// 2=detect Family Safety mode and import the root
|
|
|
|
|
// [1] https://trac.torproject.org/projects/tor/ticket/21686
|
|
|
|
|
lockPref("security.family_safety.mode", 0);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Firefox ESR60.x
|
|
|
|
|
// Deprecated Active For ESR
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref : Geolocation
|
|
|
|
|
lockPref("browser.search.countryCode", "US");
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Mozilla telemetry/experiments
|
|
|
|
|
// https://wiki.mozilla.org/Platform/Features/Telemetry
|
|
|
|
|
// https://wiki.mozilla.org/Privacy/Reviews/Telemetry
|
|
|
|
|
// https://wiki.mozilla.org/Telemetry
|
|
|
|
|
// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry
|
|
|
|
|
// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715
|
|
|
|
|
// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry
|
|
|
|
|
// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html
|
|
|
|
|
// https://wiki.mozilla.org/Telemetry/Experiments
|
|
|
|
|
// https://support.mozilla.org/en-US/questions/1197144
|
|
|
|
|
lockPref("experiments.activeExperiment", false);
|
|
|
|
|
lockPref("experiments.enabled", false);
|
|
|
|
|
lockPref("experiments.manifest.uri", "");
|
|
|
|
|
lockPref("experiments.supported", false);
|
|
|
|
|
|
|
|
|
|
// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+)
|
|
|
|
|
// [1] https://bugzilla.mozilla.org/1173171
|
|
|
|
|
// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1427726
|
|
|
|
|
lockPref("network.jar.block-remote-files", true);
|
|
|
|
|
|
|
|
|
|
// Pref : 2613: disable JAR from opening Unsafe File Types
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1427726
|
|
|
|
|
lockPref("network.jar.open-unsafe-types", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Java NPAPI plugin
|
|
|
|
|
lockPref("plugin.state.java", 0);
|
|
|
|
|
|
|
|
|
|
// Pref : 0402: enable Kinto blocklist updates (FF50+)
|
|
|
|
|
// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications
|
|
|
|
|
// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be
|
|
|
|
|
// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1458917
|
|
|
|
|
lockPref("services.blocklist.update_enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : 0503: disable "Savant" Shield study (FF61+)
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1457226
|
|
|
|
|
lockPref("shield.savant.enabled", false);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Security 1/3
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref : Enable insecure password warnings (login forms in non-HTTPS pages)
|
|
|
|
|
// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156
|
|
|
|
|
lockPref("security.insecure_password.ui.enabled", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Show in-content login form warning UI for insecure login fields
|
|
|
|
|
// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317
|
|
|
|
|
lockPref("security.insecure_field_warning.contextual.enabled", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable HSTS preload list (pre-set HSTS sites list provided by Mozilla)
|
|
|
|
|
// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
|
|
|
|
|
// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
|
|
|
|
|
// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
|
|
|
|
|
lockPref("network.stricttransportsecurity.preloadlist", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable TLS Session Tickets
|
|
|
|
|
// https://www.blackhat.com/us-13/briefings.html#NextGen
|
|
|
|
|
// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf
|
|
|
|
|
// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=917049
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=967977
|
|
|
|
|
// SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs.
|
|
|
|
|
// Since the ID is unique, web servers can (and do) use it for tracking. If set to true,
|
|
|
|
|
// this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking
|
|
|
|
|
lockPref("security.ssl.disable_session_identifiers", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Blocking GD Parking Scam Site
|
2020-03-22 13:12:27 +01:00
|
|
|
// TODO: do we still need this? librefox.com isn't relevant anymore and this pretty much
|
|
|
|
|
// only tells LibreWolf to look for librefox.com locally
|
2019-08-17 02:49:17 +02:00
|
|
|
defaultPref("network.dns.localDomains", "librefox.com");
|
|
|
|
|
|
|
|
|
|
// Pref : Disable insecure TLS version fallback
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
|
|
|
|
|
// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
|
|
|
|
|
lockPref("security.tls.version.fallback-limit", 3);
|
|
|
|
|
|
|
|
|
|
// Pref : Only allow TLS 1.[0-3]
|
|
|
|
|
// http://kb.mozillazine.org/Security.tls.version.*
|
|
|
|
|
lockPref("security.tls.version.min", 2);
|
|
|
|
|
|
|
|
|
|
// Pref : Enfore Public Key Pinning
|
|
|
|
|
// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
|
|
|
|
|
// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
|
|
|
|
|
// "2. Strict. Pinning is always enforced."
|
|
|
|
|
lockPref("security.cert_pinning.enforcement_level", 2);
|
|
|
|
|
|
|
|
|
|
// Pref : Disallow SHA-1
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
|
|
|
|
|
// https://shattered.io/
|
|
|
|
|
lockPref("security.pki.sha1_enforcement_level", 1);
|
|
|
|
|
|
|
|
|
|
// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
|
|
|
|
|
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
|
|
|
|
|
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
|
|
|
|
|
lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Pre-populate the current URL but do not pre-fetch the certificate in the
|
|
|
|
|
// "Add Security Exception" dialog
|
|
|
|
|
// http://kb.mozillazine.org/Browser.ssl_override_behavior
|
|
|
|
|
// https://github.com/pyllyukko/user.js/issues/210
|
|
|
|
|
lockPref("browser.ssl_override_behavior", 1);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Security 2/3
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("security.ssl.errorReporting.automatic", false);
|
|
|
|
|
lockPref("security.ssl.errorReporting.url", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Check disabled section
|
|
|
|
|
// OCSP leaks the visited sites. Exactly same issue as with safebrowsing.
|
|
|
|
|
// Stapling forces the site to prove that its certificate is good
|
|
|
|
|
// through the CA, so apparently nothing is leaked in this case.
|
|
|
|
|
// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
|
|
|
|
|
lockPref("security.OCSP.enabled", 0);
|
|
|
|
|
lockPref("security.OCSP.require", false);
|
|
|
|
|
lockPref("security.ssl.enable_ocsp_stapling", true);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("security.ssl.errorReporting.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Manage certificates button
|
|
|
|
|
//lockPref("security.disable_button.openCertManager", false);
|
|
|
|
|
// Disabled because of a bug that disables the button regardless of its value
|
|
|
|
|
|
|
|
|
|
// Pref : Manage security devices button
|
|
|
|
|
//lockPref("security.disable_button.openDeviceManager", false);
|
|
|
|
|
// Disabled because of a bug that disables the button regardless of its value
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("security.mixed_content.upgrade_display_content", true);
|
|
|
|
|
lockPref("security.mixed_content.block_object_subrequest", true);
|
|
|
|
|
lockPref("security.mixed_content.block_display_content", true);
|
|
|
|
|
lockPref("security.mixed_content.block_active_content", true);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("security.insecure_connection_icon.enabled", true);
|
|
|
|
|
lockPref("security.insecure_connection_icon.pbmode.enabled", true);
|
|
|
|
|
lockPref("security.insecure_connection_text.enabled", true);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Security 3/3 (Cipher)
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("security.ssl3.rsa_des_ede3_sha", false);
|
|
|
|
|
lockPref("security.ssl3.rsa_aes_256_sha", false);
|
|
|
|
|
lockPref("security.ssl3.rsa_aes_128_sha", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable RC4
|
|
|
|
|
// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
|
|
|
|
|
// https://rc4.io/
|
|
|
|
|
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
|
|
|
|
|
lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false);
|
|
|
|
|
lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable SEED cipher
|
|
|
|
|
// https://en.wikipedia.org/wiki/SEED
|
|
|
|
|
lockPref("security.ssl3.rsa_seed_sha", false);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Performance 1/5
|
|
|
|
|
// Defaulting settings - HW Settings can be checked under about:support
|
|
|
|
|
// Bench Diff : +650/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Bench Diff : +100/5000
|
|
|
|
|
// Pref : Increases animation speed. May mitigate choppy scrolling.
|
|
|
|
|
defaultPref("layout.frame_rate.precise", true);
|
|
|
|
|
|
|
|
|
|
// Bench Diff : +500/5000
|
|
|
|
|
// Pref : Enable Hardware Acceleration and Off Main Thread Compositing (OMTC).
|
|
|
|
|
// It's likely your browser is already set to use these features.
|
|
|
|
|
// May introduce instability on some hardware.
|
|
|
|
|
// Tor compatibility - have inverted values in tor.
|
|
|
|
|
defaultPref("webgl.force-enabled", true);
|
|
|
|
|
defaultPref("layers.acceleration.force-enabled", true);
|
|
|
|
|
|
|
|
|
|
// Pref : 2508: disable hardware acceleration to reduce graphics fingerprinting
|
|
|
|
|
// [SETTING] General>Performance>Custom>Use hardware acceleration when available
|
|
|
|
|
// [SETUP-PERF] Affects text rendering (fonts will look different) and impacts video performance.
|
|
|
|
|
// Parts of Quantum that utilize the GPU will also be affected as they are rolled out
|
|
|
|
|
// [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration
|
|
|
|
|
// Resolved by extension
|
|
|
|
|
defaultPref("gfx.direct2d.disabled", false); // [WINDOWS]
|
|
|
|
|
defaultPref("layers.acceleration.disabled", false);
|
|
|
|
|
|
|
|
|
|
// Bench Diff : 0/5000
|
|
|
|
|
// Pref :
|
|
|
|
|
defaultPref("html5.offmainthread", true); //default true
|
|
|
|
|
defaultPref("layers.offmainthreadcomposition.enabled", true);
|
|
|
|
|
defaultPref("layers.offmainthreadcomposition.async-animations", true);
|
|
|
|
|
defaultPref("layers.async-video.enabled", true);
|
|
|
|
|
|
|
|
|
|
// Bench Diff : +50/5000
|
|
|
|
|
// Pref : Deprecated Active
|
|
|
|
|
defaultPref("browser.tabs.animate", false);
|
|
|
|
|
|
|
|
|
|
// Pref : The impact for this one is negligible
|
|
|
|
|
//defaultPref("browser.download.animateNotifications", false);
|
|
|
|
|
|
|
|
|
|
// Bench Diff : -80/5000
|
|
|
|
|
// Pref : Spoof CPU Core Def 16
|
|
|
|
|
// Default settings seems to be the best
|
|
|
|
|
//defaultPref("dom.maxHardwareConcurrency", 8);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Performance 2/5
|
|
|
|
|
// Bench Diff : -800/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Bench Diff : -500/5000
|
|
|
|
|
// Pref : Tell garbage collector to start running when javascript is using xx MB of memory.
|
|
|
|
|
// Garbage collection releases memory back to the system.
|
|
|
|
|
// Default settings seems to be the best
|
|
|
|
|
//lockPref("javascript.options.mem.high_water_mark", 96);
|
|
|
|
|
|
|
|
|
|
// Bench Diff : -200/5000
|
|
|
|
|
// Pref : Disable WebAssembly
|
|
|
|
|
// https://webassembly.org/
|
|
|
|
|
// https://en.wikipedia.org/wiki/WebAssembly
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/21549
|
|
|
|
|
// Solved by extension disabled here for performance
|
|
|
|
|
//lockPref("javascript.options.wasm", false);
|
|
|
|
|
|
|
|
|
|
// Bench Diff : -100/5000
|
|
|
|
|
// Pref : Prevent font fingerprinting
|
|
|
|
|
// https://browserleaks.com/fonts
|
|
|
|
|
// https://github.com/pyllyukko/user.js/issues/120
|
|
|
|
|
// Solved by extension disabled here for performance
|
|
|
|
|
//lockPref("browser.display.use_document_fonts", 0);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Performance 3/5
|
|
|
|
|
// Bench Diff : -1720/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Bench Diff : -220/5000
|
|
|
|
|
// Pref : Disable webGL I/II
|
|
|
|
|
// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware)
|
|
|
|
|
defaultPref("webgl.disabled", false); // Tor have it false but the rest is the same (webgl)
|
|
|
|
|
// This does not leak
|
|
|
|
|
lockPref("webgl.enable-webgl2", false);
|
|
|
|
|
lockPref("webgl.min_capability_mode", true);
|
|
|
|
|
|
|
|
|
|
// Bench Diff : 0/5000
|
|
|
|
|
// Pref : Disable webGL II/II
|
|
|
|
|
// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware)
|
|
|
|
|
lockPref("pdfjs.enableWebGL", false);
|
|
|
|
|
lockPref("webgl.disable-extensions", true);
|
|
|
|
|
lockPref("webgl.disable-fail-if-major-performance-caveat", true);
|
|
|
|
|
lockPref("webgl.enable-debug-renderer-info", false); //Deprecated Active
|
|
|
|
|
|
|
|
|
|
// Bench Diff : -1500/5000
|
|
|
|
|
// Pref : Disable asm.js
|
|
|
|
|
// http://asmjs.org/
|
|
|
|
|
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
|
|
|
|
|
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/
|
|
|
|
|
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712
|
|
|
|
|
// Solved by extension disabled here for performance
|
|
|
|
|
// Tor enforce this
|
|
|
|
|
//lockPref("javascript.options.asmjs", false);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Performance 4/5
|
|
|
|
|
// Bench Diff : -200/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Bench Diff : -200/5000
|
|
|
|
|
// Pref : JS Shared Memory - Default false
|
|
|
|
|
// https://github.com/MrAlex94/Waterfox/issues/356
|
|
|
|
|
lockPref("javascript.options.shared_memory", false);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Performance 5/5
|
|
|
|
|
// Bench Diff : -50/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Bench Diff : -50/5000
|
|
|
|
|
// Pref : 2302 : disable service workers
|
|
|
|
|
// Service workers essentially act as proxy servers that sit between web apps, and the browser
|
|
|
|
|
// and network. They are event-driven, and can control the web page/site it is associated with,
|
|
|
|
|
// intercepting and modifying navigation and resource requests, and caching resources.
|
|
|
|
|
// SW may decrease performance depending on the script that is running in background.
|
|
|
|
|
// So overall, disabling SW should enhance performance because it blocks SW Scripts.
|
|
|
|
|
// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode.
|
|
|
|
|
// [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access.
|
|
|
|
|
lockPref("dom.serviceWorkers.enabled", false);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : General Settings 1/3
|
|
|
|
|
// Bench Diff : +100/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref : Onboarding tour disabled because of included telemetry
|
|
|
|
|
// This extension has already been removed. This setting is here to disable it just in case it
|
|
|
|
|
// comes back or for users using the script outside the bundle.
|
|
|
|
|
lockPref("browser.onboarding.notification.finished", true);
|
|
|
|
|
lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true);
|
|
|
|
|
lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("devtools.onboarding.telemetry.logged", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("services.sync.engine.addresses.available", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.bookmarks.restore_default_bookmarks", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Caching for integrated PDF
|
|
|
|
|
lockPref("pdfjs.enabledCache.state", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("pref.general.disable_button.default_browser", false);
|
|
|
|
|
lockPref("pref.privacy.disable_button.view_passwords", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("identity.mobilepromo.android", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("extensions.systemAddon.update.url", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("datareporting.healthreport.infoURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0);
|
|
|
|
|
lockPref("browser.urlbar.searchSuggestionsChoice", false);
|
|
|
|
|
lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("app.feedback.baseURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("app.normandy.enabled", false);
|
|
|
|
|
lockPref("app.normandy.api_url", "");
|
|
|
|
|
lockPref("app.normandy.first_run", false);
|
|
|
|
|
lockPref("app.normandy.user_id", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("app.releaseNotesURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("app.update.auto", false);
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.update.autoUpdateDefault", false);
|
2019-08-17 02:49:17 +02:00
|
|
|
lockPref("app.update.staging.enabled", false);
|
|
|
|
|
lockPref("app.update.silent", false);
|
|
|
|
|
lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0);
|
|
|
|
|
lockPref("app.update.url.details", "");
|
|
|
|
|
lockPref("app.update.url.manual", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("app.vendorURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("breakpad.reportURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.chrome.errorReporter.submitUrl", "");
|
|
|
|
|
lockPref("browser.chrome.errorReporter.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.ping-centre.staging.endpoint", "");
|
|
|
|
|
lockPref("browser.ping-centre.telemetry", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Google Safe Browsing (Blocks dangerous and deceptive contents)
|
|
|
|
|
|
|
|
|
|
// browser.safebrowsing.downloads.enabled true
|
|
|
|
|
// browser.safebrowsing.downloads.remote.block_potentially_unwanted true
|
|
|
|
|
// browser.safebrowsing.downloads.remote.block_uncommon true
|
|
|
|
|
// browser.safebrowsing.malware.enabled true
|
|
|
|
|
// browser.safebrowsing.phishing.enabled true
|
|
|
|
|
|
|
|
|
|
lockPref("browser.safebrowsing.id", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.pver", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.mozilla.pver", "");
|
|
|
|
|
lockPref("browser.safebrowsing.allowOverride", false);
|
|
|
|
|
lockPref("browser.safebrowsing.blockedURIs.enabled", false);
|
|
|
|
|
lockPref("browser.safebrowsing.downloads.enabled", false);
|
|
|
|
|
lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false);
|
|
|
|
|
lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
|
|
|
|
|
lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
|
|
|
|
|
lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false);
|
|
|
|
|
lockPref("browser.safebrowsing.downloads.remote.enabled", false);
|
|
|
|
|
lockPref("browser.safebrowsing.downloads.remote.url", "");
|
|
|
|
|
lockPref("browser.safebrowsing.malware.enabled", false);
|
|
|
|
|
lockPref("browser.safebrowsing.passwords.enabled", false);
|
|
|
|
|
lockPref("browser.safebrowsing.phishing.enabled", false);
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.advisoryURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.gethashURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.lists", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.reportURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.updateURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.lastupdatetime", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google4.nextupdatetime", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.advisoryURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.gethashURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.lastupdatetime", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.lists", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.nextupdatetime", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.pver", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.reportURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.google.updateURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.mozilla.gethashURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.mozilla.lastupdatetime", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.mozilla.nextupdatetime", "");
|
|
|
|
|
lockPref("browser.safebrowsing.provider.mozilla.updateURL", "");
|
|
|
|
|
lockPref("browser.safebrowsing.reportPhishURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.search.suggest.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("captivedetect.canonicalURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("datareporting.policy.firstRunURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("devtools.devedition.promo.url", "");
|
|
|
|
|
lockPref("devtools.devices.url", "");
|
|
|
|
|
lockPref("devtools.gcli.imgurUploadURL", "");
|
|
|
|
|
lockPref("devtools.gcli.jquerySrc", "");
|
|
|
|
|
lockPref("devtools.gcli.underscoreSrc", "");
|
|
|
|
|
lockPref("devtools.telemetry.supported_performance_marks", "");
|
|
|
|
|
// Fix ESR Devtools
|
|
|
|
|
//lockPref("devtools.telemetry.tools.opened.version", "");
|
|
|
|
|
// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"}
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("dom.battery.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("dom.permissions.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Maximum popups that may be launched at the same time
|
|
|
|
|
lockPref("dom.popup_maximum", 4);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("dom.registerProtocolHandler.insecure.enabled", true);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("extensions.blocklist.detailsURL", "");
|
|
|
|
|
lockPref("extensions.blocklist.itemURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Block list url disabled
|
|
|
|
|
// gHacks tunes this to minimize privacy issues. its complitely disabled here
|
|
|
|
|
// Disabled complitely
|
|
|
|
|
lockPref("extensions.blocklist.url", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.update.background.url", "");
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
// Pref :
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.getAddons.showPane", false);
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("extensions.webservice.discoverURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
|
|
|
|
|
lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", "");
|
|
|
|
|
lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("geo.enabled", false);
|
|
|
|
|
lockPref("geo.wifi.uri", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("identity.fxaccounts.auth.uri", "");
|
|
|
|
|
lockPref("identity.fxaccounts.remote.oauth.uri", "");
|
|
|
|
|
lockPref("identity.fxaccounts.remote.profile.uri", "");
|
|
|
|
|
lockPref("identity.mobilepromo.ios", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("layout.css.visited_links_enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("lpbmode.enabled", true);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("mailnews.messageid_browser.url", "");
|
|
|
|
|
lockPref("mailnews.mx_service_url", "");
|
|
|
|
|
|
|
|
|
|
// Pref : 0608 : disable predictor / prefetching (FF48+)
|
|
|
|
|
// Network predictor load pages before they are opened
|
|
|
|
|
// with mouse hover for example
|
|
|
|
|
lockPref("network.predictor.enabled", false);
|
|
|
|
|
lockPref("network.predictor.cleaned-up", true);
|
|
|
|
|
lockPref("network.predictor.enable-prefetch", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("plugins.crash.supportUrl", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Sync prefs
|
|
|
|
|
lockPref("services.sync.clients.lastSync", "0");
|
|
|
|
|
lockPref("services.sync.clients.lastSyncLocal", "0");
|
|
|
|
|
lockPref("services.sync.declinedEngines", "");
|
|
|
|
|
lockPref("services.sync.enabled", false);
|
|
|
|
|
lockPref("services.sync.globalScore", 0);
|
|
|
|
|
lockPref("services.sync.jpake.serverURL", "");
|
|
|
|
|
lockPref("services.sync.migrated", true);
|
|
|
|
|
lockPref("services.sync.nextSync", 0);
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false);
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false);
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.safebrowsing.passwords.enabled", false);
|
|
|
|
|
lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false);
|
|
|
|
|
lockPref("services.sync.serverURL", "");
|
|
|
|
|
lockPref("services.sync.tabs.lastSync", "0");
|
|
|
|
|
lockPref("services.sync.tabs.lastSyncLocal", "0");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("sync.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("sync.jpake.serverURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("sync.serverURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("toolkit.crashreporter.infoURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Disable telemetry
|
|
|
|
|
lockPref("toolkit.telemetry.archive.enabled", false);
|
|
|
|
|
lockPref("toolkit.telemetry.updatePing.enabled", false);
|
|
|
|
|
lockPref("toolkit.telemetry.bhrPing.enabled", false);
|
|
|
|
|
lockPref("toolkit.telemetry.cachedClientID", "");
|
|
|
|
|
lockPref("toolkit.telemetry.enabled", false);
|
|
|
|
|
lockPref("toolkit.telemetry.firstShutdownPing.enabled", false);
|
|
|
|
|
lockPref("toolkit.telemetry.hybridContent.enabled", false);
|
|
|
|
|
lockPref("toolkit.telemetry.infoURL", "");
|
|
|
|
|
lockPref("toolkit.telemetry.newProfilePing.enabled", false);
|
|
|
|
|
lockPref("toolkit.telemetry.previousBuildID", "");
|
|
|
|
|
lockPref("toolkit.telemetry.prompted", 2); //Setting seems to still exist
|
|
|
|
|
lockPref("toolkit.telemetry.rejected", true);
|
|
|
|
|
lockPref("toolkit.telemetry.reportingpolicy.firstRun", false);
|
|
|
|
|
lockPref("toolkit.telemetry.server", "data:,");
|
|
|
|
|
lockPref("toolkit.telemetry.server_owner", "");
|
|
|
|
|
lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
|
|
|
|
|
lockPref("toolkit.telemetry.unified", false);
|
|
|
|
|
lockPref("toolkit.telemetry.coverage.opt-out", true);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("webextensions.storage.sync.serverURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("extensions.screenshots.upload-disabled", true);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : General Settings 2/3
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref : Referer: ALL: control the amount of information to send
|
|
|
|
|
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
|
|
|
|
|
lockPref("network.http.referer.trimmingPolicy", 0);
|
|
|
|
|
|
|
|
|
|
// Pref : Close tab
|
|
|
|
|
lockPref("browser.tabs.closeTabByDblclick", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable collection/sending of the health report (healthreport.sqlite*)
|
|
|
|
|
// https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf
|
|
|
|
|
// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html
|
|
|
|
|
lockPref("datareporting.healthreport.uploadEnabled", false);
|
|
|
|
|
lockPref("datareporting.policy.dataSubmissionEnabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable right-click menu manipulation via JavaScript (disabled)
|
|
|
|
|
lockPref("dom.event.contextmenu.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript
|
|
|
|
|
// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in
|
|
|
|
|
// JS-based web applications (Google Docs etc.)
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
|
|
|
|
|
lockPref("dom.event.clipboardevents.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Force Punycode for Internationalized Domain Names
|
|
|
|
|
// http://kb.mozillazine.org/Network.IDN_show_punycode
|
|
|
|
|
// https://www.xudongz.com/blog/2017/idn-phishing/
|
|
|
|
|
// https://wiki.mozilla.org/IDN_Display_Algorithm
|
|
|
|
|
// https://en.wikipedia.org/wiki/IDN_homograph_attack
|
|
|
|
|
// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
|
|
|
|
|
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6
|
|
|
|
|
lockPref("network.IDN_show_punycode", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Pocket
|
|
|
|
|
// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
|
|
|
|
|
// https://github.com/pyllyukko/user.js/issues/143
|
|
|
|
|
lockPref("extensions.pocket.enabled", false);
|
|
|
|
|
lockPref("extensions.pocket.site", "");
|
|
|
|
|
lockPref("extensions.pocket.oAuthConsumerKey", "");
|
|
|
|
|
lockPref("extensions.pocket.api", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Disable downloading homepage snippets/messages from Mozilla
|
|
|
|
|
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content
|
|
|
|
|
// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service
|
|
|
|
|
lockPref("browser.aboutHomeSnippets.updateUrl", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Don't reveal build ID
|
|
|
|
|
// Value taken from Tor Browser
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
|
|
|
|
|
// Already enforced with 'privacy.resistFingerprinting' ?
|
|
|
|
|
lockPref("general.buildID.override", "20100101");
|
|
|
|
|
lockPref("browser.startup.homepage_override.buildID", "20100101");
|
|
|
|
|
|
|
|
|
|
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
|
|
|
|
|
// http://kb.mozillazine.org/Browser.send_pings
|
|
|
|
|
lockPref("browser.send_pings", false);
|
|
|
|
|
|
|
|
|
|
// Pref : When browser pings are enabled, only allow pinging the origin page's host
|
|
|
|
|
// http://kb.mozillazine.org/Browser.send_pings.require_same_host
|
|
|
|
|
lockPref("browser.send_pings.require_same_host", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Do not download URLs for the offline cache
|
|
|
|
|
// http://kb.mozillazine.org/Browser.cache.offline.enable
|
|
|
|
|
lockPref("browser.cache.offline.enable", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable prefetching of <link rel="next"> URLs
|
|
|
|
|
// http://kb.mozillazine.org/Network.prefetch-next
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
|
|
|
|
|
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited,
|
|
|
|
|
// so the browser downloads them immediately so they can be displayed immediately when the user requests it.
|
|
|
|
|
lockPref("network.prefetch-next", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable speculative pre-connections
|
|
|
|
|
// Disable prefetch link on hover.
|
|
|
|
|
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
|
|
|
|
|
lockPref("network.http.speculative-parallel-limit", 0);
|
|
|
|
|
|
|
|
|
|
// Pref : WebSockets is a technology that makes it possible to open an interactive communication
|
|
|
|
|
// session between the user's browser and a server. (May leak IP when using proxy/VPN)
|
|
|
|
|
lockPref("media.peerconnection.enabled", false);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : General Settings 3/3
|
|
|
|
|
// Bench Diff : -40/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref : Disable DOM timing API
|
|
|
|
|
// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
|
|
|
|
|
// https://www.w3.org/TR/navigation-timing/#privacy
|
|
|
|
|
lockPref("dom.enable_performance", false); //Deprecated Active
|
|
|
|
|
lockPref("dom.enable_performance_navigation_timing", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Make sure the User Timing API does not provide a new high resolution timestamp
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/16336
|
|
|
|
|
// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security
|
|
|
|
|
lockPref("dom.enable_user_timing", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Web Audio API
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
|
|
|
|
|
// Avoid fingerprinting
|
|
|
|
|
lockPref("dom.webaudio.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : When geolocation is enabled, don't log geolocation requests to the console
|
|
|
|
|
lockPref("geo.wifi.logging.enabled", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics)
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
|
|
|
|
|
lockPref("beacon.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable speech recognition
|
|
|
|
|
// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
|
|
|
|
|
// https://wiki.mozilla.org/HTML5_Speech_API
|
|
|
|
|
lockPref("media.webspeech.recognition.enable", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable virtual reality devices APIs
|
|
|
|
|
// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API
|
|
|
|
|
lockPref("dom.vr.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable vibrator API
|
|
|
|
|
lockPref("dom.vibrator.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable GeoIP lookup on your address to set default search engine region
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/16254
|
|
|
|
|
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
|
|
|
|
|
lockPref("browser.search.region", "US");
|
|
|
|
|
lockPref("browser.search.geoip.url", "");
|
|
|
|
|
lockPref("browser.search.geoSpecificDefaults.url", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Don't use Mozilla-provided location-specific search engines
|
|
|
|
|
lockPref("browser.search.geoSpecificDefaults", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Don't trim HTTP from URLs in the address bar.
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
|
|
|
|
|
lockPref("browser.urlbar.trimURLs", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar
|
|
|
|
|
// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
|
|
|
|
|
lockPref("browser.fixup.alternate.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs
|
|
|
|
|
// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851
|
|
|
|
|
lockPref("browser.fixup.hide_user_pass", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Don't monitor OS online/offline connection state
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/18945
|
|
|
|
|
lockPref("network.manage-offline-status", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Set File URI Origin Policy
|
|
|
|
|
// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
|
|
|
|
|
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8
|
|
|
|
|
lockPref("security.fileuri.strict_origin_policy", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable SVG in OpenType fonts
|
|
|
|
|
// https://wiki.mozilla.org/SVGOpenTypeFonts
|
|
|
|
|
// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
|
|
|
|
|
lockPref("gfx.font_rendering.opentype_svg.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Enable only whitelisted URL protocol handlers
|
|
|
|
|
// Disabling non-essential protocols breaks all interaction with custom protocols such
|
|
|
|
|
// as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/...
|
|
|
|
|
// clients when clicking on links with these protocols
|
|
|
|
|
lockPref("network.protocol-handler.warn-external-default",true);
|
|
|
|
|
lockPref("network.protocol-handler.external.http",false);
|
|
|
|
|
lockPref("network.protocol-handler.external.https",false);
|
|
|
|
|
lockPref("network.protocol-handler.external.javascript",false);
|
|
|
|
|
lockPref("network.protocol-handler.external.moz-extension",false);
|
|
|
|
|
lockPref("network.protocol-handler.external.ftp",false);
|
|
|
|
|
lockPref("network.protocol-handler.external.file",false);
|
|
|
|
|
lockPref("network.protocol-handler.external.about",false);
|
|
|
|
|
lockPref("network.protocol-handler.external.chrome",false);
|
|
|
|
|
lockPref("network.protocol-handler.external.blob",false);
|
|
|
|
|
lockPref("network.protocol-handler.external.data",false);
|
|
|
|
|
lockPref("network.protocol-handler.expose-all",false);
|
|
|
|
|
lockPref("network.protocol-handler.expose.http",true);
|
|
|
|
|
lockPref("network.protocol-handler.expose.https",true);
|
|
|
|
|
lockPref("network.protocol-handler.expose.javascript",true);
|
|
|
|
|
lockPref("network.protocol-handler.expose.moz-extension",true);
|
|
|
|
|
lockPref("network.protocol-handler.expose.ftp",true);
|
|
|
|
|
lockPref("network.protocol-handler.expose.file",true);
|
|
|
|
|
lockPref("network.protocol-handler.expose.about",true);
|
|
|
|
|
lockPref("network.protocol-handler.expose.chrome",true);
|
|
|
|
|
lockPref("network.protocol-handler.expose.blob",true);
|
|
|
|
|
lockPref("network.protocol-handler.expose.data",true);
|
|
|
|
|
|
|
|
|
|
// Pref : Ensure there is a security delay when installing add-ons (milliseconds)
|
|
|
|
|
// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
|
|
|
|
|
// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
|
|
|
|
|
lockPref("security.dialog_enable_delay", 700);
|
|
|
|
|
|
|
|
|
|
// Pref : Opt-out of add-on metadata updates
|
|
|
|
|
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.getAddons.cache.enabled", false);
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
// Pref : Opt-out of theme (Persona) updates
|
|
|
|
|
// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287
|
|
|
|
|
lockPref("lightweightThemes.update.enabled", false);
|
|
|
|
|
lockPref("lightweightThemes.persisted.headerURL", false);
|
|
|
|
|
lockPref("lightweightThemes.persisted.footerURL", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Flash Player NPAPI plugin
|
|
|
|
|
// http://kb.mozillazine.org/Flash_plugin
|
|
|
|
|
lockPref("plugin.state.flash", 0);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable sending Flash Player crash reports
|
|
|
|
|
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : When Flash Player crash reports are enabled, don't send the visited URL in the crash report
|
|
|
|
|
lockPref("dom.ipc.plugins.reportCrashURL", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Shumway (Mozilla Flash renderer)
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway
|
|
|
|
|
lockPref("shumway.disabled", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Gnome Shell Integration NPAPI plugin
|
|
|
|
|
lockPref("plugin.state.libgnome-shell-browser-plugin", 0);
|
|
|
|
|
|
|
|
|
|
// Pref : Enable click-to-play plugin
|
|
|
|
|
// https://wiki.mozilla.org/Firefox/Click_To_Play
|
|
|
|
|
// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/
|
|
|
|
|
lockPref("plugins.click_to_play", true);
|
|
|
|
|
lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0);
|
|
|
|
|
|
|
|
|
|
// Pref : Update addons automatically
|
|
|
|
|
// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
defaultPref("extensions.update.enabled", false);
|
2019-08-17 02:49:17 +02:00
|
|
|
|
|
|
|
|
// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla
|
|
|
|
|
// Updated at interval defined in extensions.blocklist.interval (default: 86400)
|
|
|
|
|
lockPref("extensions.blocklist.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable system add-on updates (hidden & always-enabled add-ons from Mozilla)
|
|
|
|
|
lockPref("extensions.systemAddon.update.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable WebIDE Web Debug
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/16222
|
|
|
|
|
// https://developer.mozilla.org/docs/Tools/WebIDE
|
|
|
|
|
lockPref("devtools.webide.enabled", false);
|
|
|
|
|
lockPref("devtools.webide.autoinstallADBExtension", false); // [FF64+]
|
|
|
|
|
lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+]
|
|
|
|
|
lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+]
|
|
|
|
|
|
|
|
|
|
// Pref : Disable remote debugging
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
|
|
|
|
|
lockPref("devtools.debugger.force-local", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Disallow Necko to do A/B testing
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/13170
|
|
|
|
|
lockPref("network.allow-experiments", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't
|
|
|
|
|
// nag user about unsent crash reports
|
|
|
|
|
// https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js
|
|
|
|
|
lockPref("browser.tabs.crashReporting.sendReport", false);
|
|
|
|
|
lockPref("browser.crashReports.unsubmittedCheck.enabled", false);
|
|
|
|
|
lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable SHIELD
|
|
|
|
|
// https://support.mozilla.org/en-US/kb/shield
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801
|
|
|
|
|
lockPref("app.shield.optoutstudies.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable new tab tile ads, preload, and Activity Stream
|
|
|
|
|
// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox
|
|
|
|
|
// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331
|
|
|
|
|
// https://wiki.mozilla.org/Firefox/Activity_Stream
|
|
|
|
|
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
|
|
|
|
|
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
|
|
|
|
|
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.showSponsored", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.asrouter.messageProviders", "");
|
2020-03-14 13:56:32 +01:00
|
|
|
lockPref("browser.newtabpage.activity-stream.asrouter.devtoolsEnableds", true);
|
2019-08-17 02:49:17 +02:00
|
|
|
lockPref("browser.newtabpage.activity-stream.telemetry", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.snippets", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.disableSnippets", true);
|
2020-03-14 13:56:32 +01:00
|
|
|
lockPref("browser.newtabpage.activity-stream.default.sites", "");
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.discoverystream.config", "");
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", "");
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.newtabinit", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.places", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false);
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false);
|
2019-08-17 02:49:17 +02:00
|
|
|
lockPref("browser.newtab.preload", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable "Show search suggestions in location bar results"
|
|
|
|
|
lockPref("browser.urlbar.suggest.searches", false);
|
|
|
|
|
lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Never check for updates to search engines
|
|
|
|
|
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
|
|
|
|
|
lockPref("browser.search.update", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable automatic captive portal detection (Firefox >= 52.0)
|
|
|
|
|
// https://support.mozilla.org/en-US/questions/1157121
|
|
|
|
|
lockPref("network.captive-portal-service.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disallow NTLMv1
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=828183
|
|
|
|
|
lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false);
|
|
|
|
|
// it is still allowed through HTTPS.
|
|
|
|
|
lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable formless login capture
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
|
|
|
|
|
lockPref("signon.formlessCapture.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Delete temporary files on exit
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=238789
|
|
|
|
|
lockPref("browser.helperApps.deleteTempFileOnExit", true);
|
|
|
|
|
|
|
|
|
|
// Pref : Do not create screenshots of visited pages (relates to the "new tab page" feature)
|
|
|
|
|
// https://support.mozilla.org/en-US/questions/973320
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled
|
|
|
|
|
lockPref("browser.pagethumbnails.capturing_disabled", true);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Disabled - ON/OFF
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// - Disabled - Section OFF -----------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
// Pref : Don't remember browsing history
|
|
|
|
|
// MIGRATED to defaulting section, this setting does not need to be enforced
|
|
|
|
|
//lockPref("places.history.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Clear all history on shutdown
|
|
|
|
|
// MIGRATED to defaulting section, this setting does not need to be enforced
|
|
|
|
|
// This setting may be enforced here if preferred
|
|
|
|
|
//lockPref("privacy.sanitize.sanitizeOnShutdown", true);
|
|
|
|
|
|
|
|
|
|
// Pref : 2804: reset default history items to clear with Ctrl-Shift-Del (to match above)
|
|
|
|
|
// This dialog can also be accessed from the menu History>Clear Recent History
|
|
|
|
|
// Firefox remembers your last choices. This will reset them when you start Firefox.
|
|
|
|
|
// [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog
|
|
|
|
|
// for "Clear Recent History" is opened, it is synced with 'privacy.cpd.history'
|
|
|
|
|
//defaultPref("privacy.cpd.siteSettings", false); // Site Preferences
|
|
|
|
|
//defaultPref("privacy.cpd.downloads", true); // not used, see note above
|
|
|
|
|
//defaultPref("privacy.cpd.cache", true);
|
|
|
|
|
//defaultPref("privacy.cpd.cookies", true);
|
|
|
|
|
//defaultPref("privacy.cpd.formdata", true); // Form & Search History
|
|
|
|
|
//defaultPref("privacy.cpd.history", true); // Browsing & Download History
|
|
|
|
|
//defaultPref("privacy.cpd.offlineApps", true); // Offline Website Data
|
|
|
|
|
//defaultPref("privacy.cpd.passwords", false); // this is not listed
|
|
|
|
|
//defaultPref("privacy.cpd.sessions", true); // Active Logins
|
|
|
|
|
// Not needed // replaced by //defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
|
|
|
|
|
// Also default value are already good
|
|
|
|
|
|
|
|
|
|
// Pref : 2803: set which history items are to be cleared on shutdown
|
|
|
|
|
// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings
|
|
|
|
|
// [NOTE] If 'history' is true, downloads will also be cleared regardless of the value
|
|
|
|
|
// but if 'history' is false, downloads can still be cleared independently
|
|
|
|
|
// However, this may not always be the case. The interface combines and syncs these
|
|
|
|
|
// prefs when set from there, and the sanitize code may change at any time
|
|
|
|
|
//defaultPref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences
|
|
|
|
|
//defaultPref("privacy.clearOnShutdown.cache", true);
|
|
|
|
|
//defaultPref("privacy.clearOnShutdown.cookies", true);
|
|
|
|
|
//defaultPref("privacy.clearOnShutdown.downloads", true); // see note above
|
|
|
|
|
//defaultPref("privacy.clearOnShutdown.formdata", true); // Form & Search History
|
|
|
|
|
//defaultPref("privacy.clearOnShutdown.history", true); // Browsing & Download History
|
|
|
|
|
//defaultPref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data
|
|
|
|
|
//defaultPref("privacy.clearOnShutdown.sessions", true); // Active Logins
|
|
|
|
|
// Make panel locked (bug)
|
|
|
|
|
// replaced by //defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
|
|
|
|
|
|
|
|
|
|
// Pref : 0801: disable location bar using search - PRIVACY
|
|
|
|
|
// don't leak typos to a search engine; give an error message instead
|
|
|
|
|
//lockPref("keyword.enabled", false);
|
|
|
|
|
// Beak search from url bar
|
|
|
|
|
// After other settings, this does not send any data to search.
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Firefox Account
|
|
|
|
|
//lockPref("identity.fxaccounts.enabled", false); //Deprecated Active
|
|
|
|
|
// Already disabled in policies.json
|
|
|
|
|
|
|
|
|
|
// Pref : 2609: disable MathML (Mathematical Markup Language) (FF51+)
|
|
|
|
|
// [TEST] http://browserspy.dk/mathml.php
|
|
|
|
|
// [1] https://bugzilla.mozilla.org/1173199
|
|
|
|
|
//lockPref("mathml.disabled", true);
|
|
|
|
|
// This setting is a fingerprint in itself
|
|
|
|
|
|
|
|
|
|
// Pref : 2304: disable web notifications
|
|
|
|
|
// [1] https://developer.mozilla.org/docs/Web/API/Notifications_API
|
|
|
|
|
//lockPref("dom.webnotifications.enabled", false); // (FF22+)
|
|
|
|
|
//lockPref("dom.webnotifications.serviceworker.enabled", false); // (FF44+)
|
|
|
|
|
// After tuning, this is no longer a privacy issue but a feature
|
|
|
|
|
|
|
|
|
|
// Pref : History sessionhistory
|
|
|
|
|
//lockPref("browser.sessionhistory.max_total_viewers", 0);
|
|
|
|
|
|
|
|
|
|
// Pref : 0850f: disable location bar suggesting local search history (FF57+)
|
|
|
|
|
// [1] https://bugzilla.mozilla.org/1181644
|
|
|
|
|
//lockPref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions
|
|
|
|
|
// No privacy issue here
|
|
|
|
|
|
|
|
|
|
// Pref : 1020: disable the Session Restore service completely
|
|
|
|
|
// [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature
|
|
|
|
|
// It does not affect "Recently Closed Windows" or any history.
|
|
|
|
|
//lockPref("browser.sessionstore.max_tabs_undo", 0);
|
|
|
|
|
//lockPref("browser.sessionstore.max_windows_undo", 0);
|
|
|
|
|
// Not really a privacy issue, but it's useful to have this feature
|
|
|
|
|
|
|
|
|
|
// Pref : Disable URL bar autocomplete and history/bookmark suggestion dropdown
|
|
|
|
|
//lockPref("browser.urlbar.autocomplete.enabled", false);
|
|
|
|
|
//lockPref("browser.urlbar.suggest.history", false);
|
|
|
|
|
//lockPref("browser.urlbar.suggest.bookmark", false);
|
|
|
|
|
//lockPref("browser.urlbar.suggest.openpage", false);
|
|
|
|
|
// This does not cause privacy/leaking issues
|
|
|
|
|
|
|
|
|
|
// Pref : 2605: block web content in file processes (FF55+)
|
|
|
|
|
// [SETUP-WEB] You may want to disable this for corporate or developer environments
|
|
|
|
|
// [1] https://bugzilla.mozilla.org/1343184
|
|
|
|
|
//lockPref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
|
|
|
|
|
// Not an issue
|
|
|
|
|
|
|
|
|
|
// DOWNLOADS
|
|
|
|
|
// Pref : 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used)
|
|
|
|
|
// [SETTING] To set your default "downloads", set General>Downloads>Save files to
|
|
|
|
|
//lockPref("browser.download.folderList", 2);
|
|
|
|
|
// Pref : 2651: enforce user interaction for security by always asking the user where to download
|
|
|
|
|
// [SETTING] General>Downloads>Always ask you where to save files
|
|
|
|
|
//lockPref("browser.download.useDownloadDir", false);
|
|
|
|
|
// Pref : 2654: disable "open with" in download dialog (FF50+)
|
|
|
|
|
// This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
|
|
|
|
|
// in such a way that it is forbidden to run external applications.
|
|
|
|
|
// [SETUP-CHROME] This may interfere with some users' workflow or methods
|
|
|
|
|
// [1] https://bugzilla.mozilla.org/1281959
|
|
|
|
|
//lockPref("browser.download.forbid_open_with", true);
|
|
|
|
|
// Not an issue
|
|
|
|
|
|
|
|
|
|
// OCSP (Online Certificate Status Protocol)
|
|
|
|
|
// OCSP leaks the visited sites. Exactly same issue as with safebrowsing.
|
|
|
|
|
// Stapling forces the site to prove that its certificate is good
|
|
|
|
|
// through the CA, so apparently nothing is leaked in this case.
|
|
|
|
|
// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
|
|
|
|
|
// Pref : 1211: control when to use OCSP fetching (to confirm current validity of certificates)
|
|
|
|
|
// 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
|
|
|
|
|
// OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority)
|
|
|
|
|
// It's a trade-off between security (checking) and privacy (leaking info to the CA)
|
|
|
|
|
// [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling
|
|
|
|
|
// [1] https://en.wikipedia.org/wiki/Ocsp
|
|
|
|
|
//lockPref("security.OCSP.enabled", 1);
|
|
|
|
|
|
|
|
|
|
// Pref : 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB]
|
|
|
|
|
// When a CA cannot be reached to validate a cert, Firefox just continues with the connection (=soft-fail)
|
|
|
|
|
// Setting this pref to true tells Firefox to terminate the connection instead (=hard-fail)
|
|
|
|
|
// It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm that the cert is still valid (it
|
|
|
|
|
// could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
|
|
|
|
|
// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
|
|
|
|
|
// [2] https://www.imperialviolet.org/2014/04/19/revchecking.html
|
|
|
|
|
//lockPref("security.OCSP.require", true);
|
|
|
|
|
|
|
|
|
|
// Pref : 1022: disable resuming session from crash [SETUP-CHROME]
|
|
|
|
|
//lockPref("browser.sessionstore.resume_from_crash", false);
|
|
|
|
|
// Not really a privacy issue, but it's useful to have this feature
|
|
|
|
|
|
|
|
|
|
// Pref : 0103: set HOME+NEWWINDOW page
|
|
|
|
|
// about:home=Activity Stream (default, see 0105), custom URL, about:blank
|
|
|
|
|
// [SETTING] Home>New Windows and Tabs>Homepage and new windows
|
|
|
|
|
//lockPref("browser.startup.homepage", "about:blank");
|
|
|
|
|
// Let the user have the choice, and easily change it
|
|
|
|
|
|
|
|
|
|
// Pref : 2740: disable service workers cache and cache storage
|
|
|
|
|
// [1] https://w3c.github.io/ServiceWorker/#privacy
|
|
|
|
|
//lockPref("dom.caches.enabled", false);
|
|
|
|
|
// Not really a privacy issue, but it's useful to have this feature
|
|
|
|
|
// Other settings solve privacy issues related to this
|
|
|
|
|
|
|
|
|
|
// Pref : First-party isolation
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1299996
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1260931
|
|
|
|
|
// https://wiki.mozilla.org/Security/FirstPartyIsolation
|
|
|
|
|
// First-party isolation breaks Microsoft Teams
|
|
|
|
|
// First-party isolation causes HTTP basic auth to ask for credentials for every new tab (see #425)
|
|
|
|
|
// Solved by extension
|
|
|
|
|
// Pref : 4001: enable First Party Isolation (FF51+)
|
|
|
|
|
// [SETUP-WEB] May break cross-domain logins and site functionality until perfected
|
|
|
|
|
// [1] https://bugzilla.mozilla.org/1260931
|
|
|
|
|
// enabled via addons
|
|
|
|
|
//lockPref("privacy.firstparty.isolate", true);
|
|
|
|
|
// Pref : 4002: enforce FPI restriction for window.opener (FF54+)
|
|
|
|
|
// [NOTE] Setting this to false may reduce the breakage in 4001
|
|
|
|
|
// [FF65+] blocks postMessage with targetOrigin "*" if originAttributes don't match. But
|
|
|
|
|
// to reduce breakage it ignores the 1st-party domain (FPD) originAttribute. (see [2],[3])
|
|
|
|
|
// The 2nd pref removes that limitation and will only allow communication if FPDs also match.
|
|
|
|
|
// [1] https://bugzilla.mozilla.org/1319773#c22
|
|
|
|
|
// [2] https://bugzilla.mozilla.org/1492607
|
|
|
|
|
// [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
|
|
|
|
|
//lockPref("privacy.firstparty.isolate.restrict_opener_access", true); // default: true
|
|
|
|
|
// lockPref("privacy.firstparty.isolate.block_post_message", true); // (hidden pref)
|
|
|
|
|
// Enforced with addon
|
|
|
|
|
|
|
|
|
|
// Pref : 0102: set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session)
|
|
|
|
|
// [SETTING] General>Startup>Restore previous session
|
|
|
|
|
//lockPref("browser.startup.page", 0);
|
|
|
|
|
// Let the user choose over settings page
|
|
|
|
|
|
|
|
|
|
// Pref : 1001: disable disk cache
|
|
|
|
|
//lockPref("browser.cache.disk.enable", false);
|
|
|
|
|
//lockPref("browser.cache.disk.capacity", 0);
|
|
|
|
|
//lockPref("browser.cache.disk.smart_size.enabled", false);
|
|
|
|
|
//lockPref("browser.cache.disk.smart_size.first_run", false);
|
|
|
|
|
// Pref : 1003: disable memory cache
|
|
|
|
|
// [NOTE] Not recommended due to performance issues
|
|
|
|
|
// lockPref("browser.cache.memory.enable", false);
|
|
|
|
|
// lockPref("browser.cache.memory.capacity", 0); // (hidden pref)
|
|
|
|
|
// This is overkill. Disabled for performance.
|
|
|
|
|
// Firefox should be run in a container: sandbox or otherwise
|
|
|
|
|
|
|
|
|
|
// Pref : New tab page
|
|
|
|
|
//lockPref("browser.newtabpage.enabled", false);
|
|
|
|
|
// New page site shortcuts does not spy after tunning. May be enabled if preferred.
|
|
|
|
|
|
|
|
|
|
// Pref : Disable in-content SVG rendering (Firefox >= 53) (disabled)
|
|
|
|
|
// Disabling SVG support breaks many UI elements on many sites
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893
|
|
|
|
|
//lockPref("svg.disabled", true);
|
|
|
|
|
// Solved by extension
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Caching of SSL Pages
|
|
|
|
|
// CIS Version 1.2.0 October 21st, 2011 2.5.8
|
|
|
|
|
// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
|
|
|
|
|
//lockPref("browser.cache.disk_cache_ssl", false);
|
|
|
|
|
|
|
|
|
|
// Pref : 2212 : limit events that can cause a popup
|
|
|
|
|
// default is "change click dblclick mouseup pointerup notificationclick reset submit touchend"
|
|
|
|
|
// [1] http://kb.mozillazine.org/Dom.popup_allowed_events
|
|
|
|
|
//lockPref("dom.popup_allowed_events", "click dblclick");
|
|
|
|
|
// This does not cause privacy/leaking issues
|
|
|
|
|
// Also already set in "dom.popup_maximum"
|
|
|
|
|
|
|
|
|
|
// Pref : 2031 : disable audio auto-play in non-active tabs (FF51+)
|
|
|
|
|
// [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
|
|
|
|
|
//lockPref("media.block-autoplay-until-in-foreground", true);
|
|
|
|
|
// Not privacy/security related
|
|
|
|
|
|
|
|
|
|
// Pref : 2403 : disable clipboard commands (cut/copy) from "non-privileged" content (FF41+)
|
|
|
|
|
// this disables document.execCommand("cut"/"copy") to protect your clipboard
|
|
|
|
|
// [1] https://bugzilla.mozilla.org/1170911
|
|
|
|
|
//lockPref("dom.allow_cut_copy", false); // (hidden pref)
|
|
|
|
|
// Not an issue
|
|
|
|
|
|
|
|
|
|
// Pref : 1405 : disable WOFF2 (Web Open Font Format) (FF35+)
|
|
|
|
|
//lockPref("gfx.downloadable_fonts.woff2.enabled", false);
|
|
|
|
|
// Solved by extension
|
|
|
|
|
|
|
|
|
|
// Pref : 1406 : disable CSS Font Loading API
|
|
|
|
|
// Disabling fonts can uglify the web a fair bit.
|
|
|
|
|
//lockPref("layout.css.font-loading-api.enabled", false);
|
|
|
|
|
// Solved by extension
|
|
|
|
|
|
|
|
|
|
// - Disabled - Dumped Disabled From (gHacks, Check user.js for description) ----------------
|
|
|
|
|
|
|
|
|
|
//lockPref("browser.chrome.site_icons", false);
|
|
|
|
|
//lockPref("browser.library.activity-stream.enabled", false);
|
|
|
|
|
//lockPref("browser.privatebrowsing.autostart", true);
|
|
|
|
|
//lockPref("browser.urlbar.maxRichResults", 0);
|
|
|
|
|
//lockPref("dom.storage.enabled", false);
|
|
|
|
|
//lockPref("dom.storageManager.enabled", false);
|
|
|
|
|
//lockPref("extensions.screenshots.disabled", true);
|
|
|
|
|
//lockPref("extensions.webextensions.restrictedDomains", "");
|
|
|
|
|
//lockPref("font.name.monospace.x-unicode", "Lucida Console");
|
|
|
|
|
//lockPref("font.name.monospace.x-western", "Lucida Console");
|
|
|
|
|
//lockPref("font.name.sans-serif.x-unicode", "Arial");
|
|
|
|
|
//lockPref("font.name.sans-serif.x-western", "Arial");
|
|
|
|
|
//lockPref("font.name.serif.x-unicode", "Georgia");
|
|
|
|
|
//lockPref("font.name.serif.x-western", "Georgia");
|
|
|
|
|
//lockPref("font.system.whitelist", "");
|
|
|
|
|
//lockPref("full-screen-api.enabled", false);
|
|
|
|
|
//lockPref("gfx.downloadable_fonts.enabled", false);
|
|
|
|
|
//lockPref("gfx.downloadable_fonts.fallback_delay", -1);
|
|
|
|
|
//lockPref("javascript.options.baselinejit", false);
|
|
|
|
|
//lockPref("javascript.options.ion", false);
|
|
|
|
|
//lockPref("media.media-capabilities.enabled", false);
|
|
|
|
|
//lockPref("network.dnsCacheEntries", 400);
|
|
|
|
|
//lockPref("network.dnsCacheExpiration", 60);
|
|
|
|
|
//lockPref("network.ftp.enabled", false);
|
|
|
|
|
//lockPref("permissions.default.camera", 2);
|
|
|
|
|
//lockPref("permissions.default.desktop-notification", 2);
|
|
|
|
|
//lockPref("permissions.default.microphone", 2);
|
|
|
|
|
//lockPref("permissions.default.shortcuts", 2);
|
|
|
|
|
//lockPref("privacy.window.maxInnerHeight", 900);
|
|
|
|
|
//lockPref("privacy.window.maxInnerWidth", 1600);
|
|
|
|
|
//lockPref("security.insecure_connection_text.pbmode.enabled", true);
|
|
|
|
|
//lockPref("security.nocertdb", true);
|
|
|
|
|
//lockPref("security.ssl3.dhe_rsa_aes_128_sha", false);
|
|
|
|
|
//lockPref("security.ssl3.dhe_rsa_aes_256_sha", false);
|
|
|
|
|
//lockPref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
|
|
|
|
|
//lockPref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
|
|
|
|
|
//lockPref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256");
|
|
|
|
|
|
|
|
|
|
// - Disabled - Section ON ------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
// Pref : Tor settings
|
|
|
|
|
// This browser is not meant for tor
|
|
|
|
|
// Enabling those settings for user torifying their whole connection
|
|
|
|
|
lockPref("network.dns.blockDotOnion", true);
|
|
|
|
|
lockPref("network.http.referer.hideOnionSource", true);
|
|
|
|
|
|
|
|
|
|
// Pref : 1603 : CROSS ORIGIN: control when to send a referer
|
|
|
|
|
// 0=always (default), 1=only if base domains match, 2=only if hosts match
|
|
|
|
|
// Can break some important site... (payment... )
|
|
|
|
|
lockPref("network.http.referer.XOriginPolicy", 1);
|
|
|
|
|
|
|
|
|
|
// Pref : Only allow TLS 1.[0-3]
|
|
|
|
|
lockPref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Disabled - Deprecated Active
|
|
|
|
|
// Deprecated settings but left active for various reasons
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// Pref : 0516 : disable Onboarding (FF55+)
|
|
|
|
|
// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time
|
|
|
|
|
// about:home or about:newtab is opened, the onboarding overlay is injected into it
|
|
|
|
|
// [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3]
|
|
|
|
|
// [1] https://wiki.mozilla.org/Firefox/Onboarding
|
|
|
|
|
// [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf
|
|
|
|
|
// [3] https://bugzilla.mozilla.org/863246#c154
|
|
|
|
|
lockPref("browser.onboarding.enabled", false); // Removed in v64 //Deprecated Active
|
|
|
|
|
|
|
|
|
|
// Pref : Disable WebIDE Web Debug Extension
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/16222
|
|
|
|
|
// https://developer.mozilla.org/docs/Tools/WebIDE
|
|
|
|
|
lockPref("devtools.webide.autoinstallADBHelper", false);
|
|
|
|
|
// Replaced by "devtools.webide.autoinstallADBExtension" in 64
|
|
|
|
|
|
|
|
|
|
// Pref : Disable raw TCP socket support (mozTCPSocket)
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/18863
|
|
|
|
|
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
|
|
|
|
|
// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
|
|
|
|
|
// is only exposed to chrome ( https://trac.torproject.org/projects/tor/ticket/27268#comment:2 )
|
|
|
|
|
// Not important
|
|
|
|
|
lockPref("dom.mozTCPSocket.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Enforce checking for Firefox updates
|
|
|
|
|
lockPref("app.update.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable bookmark backups (default: 15)
|
|
|
|
|
// http://kb.mozillazine.org/Browser.bookmarks.max_backups
|
|
|
|
|
lockPref("browser.bookmarks.max_backups", 2);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable SSDP
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
|
|
|
|
|
lockPref("browser.casting.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.newtabpage.activity-stream.enabled", false);
|
|
|
|
|
lockPref("browser.newtabpage.directory.ping", "data:text/plain,");
|
|
|
|
|
lockPref("browser.newtabpage.directory.source", "data:text/plain,");
|
|
|
|
|
lockPref("browser.newtabpage.enhanced", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("browser.pocket.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Heartbeat (Mozilla user rating telemetry)
|
|
|
|
|
// https://wiki.mozilla.org/Advocacy/heartbeat
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/19047
|
|
|
|
|
lockPref("browser.selfsupport.url", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Don't reveal build ID
|
|
|
|
|
// Value taken from Tor Browser
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
|
|
|
|
|
// Already enforced with 'privacy.resistFingerprinting' ?
|
|
|
|
|
lockPref("browser.startup.homepage_override.mstone", "ignore");
|
|
|
|
|
|
|
|
|
|
// Pref : Disable face detection
|
|
|
|
|
lockPref("camera.control.face_detection.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("datareporting.healthreport.about.reportUrl", "data:,");
|
|
|
|
|
lockPref("datareporting.healthreport.service.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("device.sensors.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable WebIDE Web Debug
|
|
|
|
|
// https://trac.torproject.org/projects/tor/ticket/16222
|
|
|
|
|
// https://developer.mozilla.org/docs/Tools/WebIDE
|
|
|
|
|
lockPref("devtools.webide.autoinstallFxdtAdapters", false);
|
|
|
|
|
lockPref("devtools.webide.adaptersAddonURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Disable resource timing API
|
|
|
|
|
// https://www.w3.org/TR/resource-timing/#privacy-security
|
|
|
|
|
lockPref("dom.enable_resource_timing", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface)
|
|
|
|
|
// https://wiki.mozilla.org/FlyWeb
|
|
|
|
|
// https://wiki.mozilla.org/FlyWeb/Security_scenarios
|
|
|
|
|
// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit
|
|
|
|
|
// http://www.ghacks.net/2016/07/26/firefox-flyweb
|
|
|
|
|
lockPref("dom.flyweb.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("dom.gamepad.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable leaking network/browser connection information via Javascript
|
|
|
|
|
// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.)
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API
|
|
|
|
|
// https://wicg.github.io/netinfo/#privacy-considerations
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=960426
|
|
|
|
|
lockPref("dom.netinfo.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : 2306: disable push notifications (FF44+)
|
|
|
|
|
// web apps can receive messages pushed to them from a server, whether or
|
|
|
|
|
// not the web app is in the foreground, or even currently loaded
|
|
|
|
|
// [1] https://developer.mozilla.org/docs/Web/API/Push_API
|
|
|
|
|
lockPref("dom.push.udp.wakeupEnabled", false); //UDP Wake-up
|
|
|
|
|
|
|
|
|
|
// Pref : Disable telephony API
|
|
|
|
|
// https://wiki.mozilla.org/WebAPI/Security/WebTelephony
|
|
|
|
|
lockPref("dom.telephony.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable SHIELD
|
|
|
|
|
// https://support.mozilla.org/en-US/kb/shield
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801
|
|
|
|
|
lockPref("extensions.shield-recipe-client.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Firefox Hello metrics collection
|
|
|
|
|
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
|
|
|
|
|
lockPref("loop.logDomains", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable video stats to reduce fingerprinting threat
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=654550
|
|
|
|
|
// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785
|
|
|
|
|
// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065
|
|
|
|
|
lockPref("media.video_stats.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : WebSockets is a technology that makes it possible to open an interactive communication
|
|
|
|
|
// session between the user's browser and a server. (May leak IP when using proxy/VPN)
|
|
|
|
|
lockPref("network.websocket.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Disable Reader
|
|
|
|
|
// Not deprecated but useful to be located here
|
|
|
|
|
lockPref("reader.parse-on-load.enabled", false);
|
|
|
|
|
|
|
|
|
|
// CIS 2.7.4 Disable Scripting of Plugins by JavaScript
|
|
|
|
|
// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889
|
|
|
|
|
lockPref("security.xpconnect.plugin.unrestricted", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("social.directories", "");
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("social.remote-install.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref :
|
|
|
|
|
lockPref("social.whitelist", "");
|
|
|
|
|
|
|
|
|
|
// Pref : Disable RC4
|
|
|
|
|
// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
|
|
|
|
|
// https://rc4.io/
|
|
|
|
|
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
|
|
|
|
|
lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
|
|
|
|
|
lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
|
|
|
|
|
lockPref("security.ssl3.rsa_rc4_128_md5", false);
|
|
|
|
|
lockPref("security.ssl3.rsa_rc4_128_sha", false);
|
|
|
|
|
lockPref("security.tls.unrestricted_rc4_fallback", false);
|
|
|
|
|
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
// Section : Disabled - Deprecated Inactive
|
|
|
|
|
// Bench Diff : +0/5000
|
|
|
|
|
// >>>>>>>>>>>>>>>>>>>>
|
|
|
|
|
|
|
|
|
|
// - Disabled - Deprecated Main -------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
// Pref : Other old safebrowsing not used
|
|
|
|
|
//lockPref("browser.safebrowsing.appRepURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.enabled", false);
|
|
|
|
|
//lockPref("browser.safebrowsing.gethashURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.malware.reportURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.provider.google.appRepURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.reportErrorURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.reportGenericURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.reportMalwareErrorURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.reportMalwareMistakeURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.reportMalwareURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.reportPhishMistakeURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.reportURL", "");
|
|
|
|
|
//lockPref("browser.safebrowsing.updateURL", "");
|
|
|
|
|
|
|
|
|
|
// Pref : 1031: disable favicons in tabs and new bookmarks - merged with browser.chrome.site_icons
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1453751
|
|
|
|
|
// lockPref("browser.chrome.favicons", false);
|
|
|
|
|
|
|
|
|
|
// Pref : Don't use OS values to determine locale, force using Firefox locale setting
|
|
|
|
|
// http://kb.mozillazine.org/Intl.locale.matchOS
|
|
|
|
|
// Disabled to make resistFingerprinting efficient
|
|
|
|
|
//lockPref("intl.locale.matchOS", false);
|
|
|
|
|
|
|
|
|
|
// Pref : 1601: disable referer from SSL Websites
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1308725
|
|
|
|
|
//lockPref("network.http.sendSecureXSiteReferrer", false);
|
|
|
|
|
|
|
|
|
|
// Pref : 2030: disable auto-play of HTML5 media - replaced by media.autoplay.default
|
|
|
|
|
// [WARNING] This may break video playback on various sites
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1470082
|
|
|
|
|
// Still active for ESR60.x but not important
|
|
|
|
|
//lockPref("media.autoplay.enabled", false);
|
|
|
|
|
|
|
|
|
|
// Pref : 1007: disable randomized FF HTTP cache decay experiments
|
|
|
|
|
// [1] https://trac.torproject.org/projects/tor/ticket/13575
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1430197
|
|
|
|
|
//lockPref("browser.cache.frecency_experiment", -1);
|
|
|
|
|
|
|
|
|
|
// Pref : 1606: set the default Referrer Policy - replaced by network.http.referer.defaultPolicy
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/587523
|
|
|
|
|
//lockPref("network.http.referer.userControlPolicy", 3); // (FF53-FF58) default: 3
|
|
|
|
|
|
|
|
|
|
// Pref : 2704: set cookie lifetime in days (see 2703)
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/1457170
|
|
|
|
|
// lockPref("network.cookie.lifetime.days", 90); // default: 90
|
|
|
|
|
|
|
|
|
|
// Pref : 2604: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled
|
|
|
|
|
// [-] https://bugzilla.mozilla.org/897811
|
|
|
|
|
//lockPref("pageThumbs.enabled", false);
|
|
|
|
|
|
|
|
|
|
// - Disabled - Default is same -------------------------------------------------------------------
|
|
|
|
|
// This is generally a bad idea: if FF disables something due to a security concern, the
|
|
|
|
|
// end user who doesn't keep up to date with changes (IF they do update) would be screwed over
|
|
|
|
|
// Thanks to @Thorin-Oakenpants
|
|
|
|
|
|
|
|
|
|
// Pref : Display a notification bar when websites offer data for offline use
|
|
|
|
|
// http://kb.mozillazine.org/Browser.offline-apps.notify
|
|
|
|
|
//lockPref("browser.offline-apps.notify", true); //Default true
|
|
|
|
|
|
|
|
|
|
// Pref : Enable Subresource Integrity
|
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
|
|
|
|
|
// https://wiki.mozilla.org/Security/Subresource_Integrity
|
|
|
|
|
//lockPref("security.sri.enable", true); //Default true
|
|
|
|
|
|
|
|
|
|
// Pref : Enable GCM ciphers (TLSv1.2 only)
|
|
|
|
|
// https://en.wikipedia.org/wiki/Galois/Counter_Mode
|
|
|
|
|
//lockPref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // Pref : 0xc02b //Default true
|
|
|
|
|
|
|
|
|
|
// Pref : Enable ciphers with ECDHE and key size > 128bits
|
|
|
|
|
//lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // Pref : 0xc00a //Default true
|
|
|
|
|
|
|
|
|
|
// Pref : Enable ChaCha20 and Poly1305 (Firefox >= 47)
|
|
|
|
|
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
|
|
|
|
|
// https://tools.ietf.org/html/rfc7905
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=917571
|
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860
|
|
|
|
|
// https://cr.yp.to/chacha.html
|
|
|
|
|
//lockPref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true); //Default true
|
|
|
|
|
//lockPref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true); //Default true
|
|
|
|
|
|
|
|
|
|
// Pref : Enable GCM ciphers (TLSv1.2 only)
|
|
|
|
|
// https://en.wikipedia.org/wiki/Galois/Counter_Mode
|
|
|
|
|
//lockPref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // Pref : 0xc02f //Default true
|
|
|
|
|
|
|
|
|
|
// Pref : Enable ciphers with ECDHE and key size > 128bits
|
|
|
|
|
//lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // Pref : 0xc014 //Default true
|
|
|
|
|
|
|
|
|
|
// - Disabled - Dumped Deprecated From (gHacks, Check user.js for description) --------------------
|
|
|
|
|
|
|
|
|
|
//lockPref("general.useragent.locale", "en-US");
|
|
|
|
|
//lockPref("browser.backspace_action", 2);
|
|
|
|
|
//lockPref("browser.bookmarks.showRecentlyBookmarked", false);
|
|
|
|
|
//lockPref("browser.crashReports.unsubmittedCheck.autoSubmit", false);
|
|
|
|
|
//lockPref("browser.ctrlTab.previews", true);
|
|
|
|
|
//lockPref("browser.formautofill.enabled", false);
|
|
|
|
|
//lockPref("browser.formfill.saveHttpsForms", false);
|
|
|
|
|
//lockPref("browser.fullscreen.animate", false);
|
|
|
|
|
//lockPref("browser.history.allowPopState", false);
|
|
|
|
|
//lockPref("browser.history.allowPushState", false);
|
|
|
|
|
//lockPref("browser.history.allowReplaceState", false);
|
|
|
|
|
//lockPref("browser.newtabpage.introShown", true);
|
|
|
|
|
//lockPref("browser.pocket.api", "");
|
|
|
|
|
//lockPref("browser.pocket.oAuthConsumerKey", "");
|
|
|
|
|
//lockPref("browser.pocket.site", "");
|
|
|
|
|
//lockPref("browser.polaris.enabled", false);
|
|
|
|
|
//lockPref("browser.search.showOneOffButtons", false);
|
|
|
|
|
//lockPref("browser.selfsupport.enabled", false);
|
|
|
|
|
//lockPref("browser.sessionstore.privacy_level_deferred", 2);
|
|
|
|
|
//lockPref("browser.tabs.warnOnClose", false);
|
|
|
|
|
//lockPref("browser.tabs.warnOnCloseOtherTabs", false);
|
|
|
|
|
//lockPref("browser.tabs.warnOnOpen", false);
|
|
|
|
|
//lockPref("browser.trackingprotection.gethashURL", "");
|
|
|
|
|
//lockPref("browser.trackingprotection.updateURL", "");
|
|
|
|
|
//lockPref("browser.urlbar.decodeURLsOnCopy", true);
|
|
|
|
|
//lockPref("browser.urlbar.unifiedcomplete", false);
|
|
|
|
|
//lockPref("browser.usedOnWindows10.introURL", "");
|
|
|
|
|
//lockPref("browser.zoom.siteSpecific", false);
|
|
|
|
|
//lockPref("camera.control.autofocus_moving_callback.enabled", false);
|
|
|
|
|
//lockPref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,");
|
|
|
|
|
//lockPref("datareporting.healthreport.documentServerURI", "");
|
|
|
|
|
//lockPref("datareporting.policy.dataSubmissionEnabled.v2", false);
|
|
|
|
|
//lockPref("dom.archivereader.enabled", false);
|
|
|
|
|
//lockPref("dom.beforeAfterKeyboardEvent.enabled", false);
|
|
|
|
|
//lockPref("dom.disable_image_src_set", true);
|
|
|
|
|
//lockPref("dom.disable_window_open_feature.scrollbars", true);
|
|
|
|
|
//lockPref("dom.disable_window_status_change", true);
|
|
|
|
|
//lockPref("dom.idle-observers-api.enabled", false);
|
|
|
|
|
//lockPref("dom.keyboardevent.code.enabled", false);
|
|
|
|
|
//lockPref("dom.network.enabled", false);
|
|
|
|
|
//lockPref("dom.vr.oculus050.enabled", false);
|
|
|
|
|
//lockPref("dom.w3c_touch_events.enabled", 0);
|
|
|
|
|
//lockPref("dom.workers.enabled", false);
|
|
|
|
|
//lockPref("dom.workers.sharedWorkers.enabled", false);
|
|
|
|
|
//lockPref("extensions.formautofill.experimental", false);
|
|
|
|
|
//lockPref("extensions.screenshots.system-disabled", true);
|
|
|
|
|
//lockPref("extensions.shield-recipe-client.api_url", "");
|
|
|
|
|
//lockPref("full-screen-api.approval-required", false);
|
|
|
|
|
//lockPref("full-screen-api.warning.delay", 0);
|
|
|
|
|
//lockPref("full-screen-api.warning.timeout", 0);
|
|
|
|
|
//lockPref("general.warnOnAboutConfig", false);
|
|
|
|
|
//lockPref("geo.security.allowinsecure", false);
|
|
|
|
|
//lockPref("loop.enabled", false);
|
|
|
|
|
//lockPref("loop.facebook.appId", "");
|
|
|
|
|
//lockPref("loop.facebook.enabled", false);
|
|
|
|
|
//lockPref("loop.facebook.fallbackUrl", "");
|
|
|
|
|
//lockPref("loop.facebook.shareUrl", "");
|
|
|
|
|
//lockPref("loop.feedback.formURL", "");
|
|
|
|
|
//lockPref("loop.feedback.manualFormURL", "");
|
|
|
|
|
//lockPref("loop.server", "");
|
|
|
|
|
//lockPref("media.block-play-until-visible", true);
|
|
|
|
|
//lockPref("media.eme.apiVisible", false);
|
|
|
|
|
//lockPref("media.eme.chromium-api.enabled", false);
|
|
|
|
|
//lockPref("media.getusermedia.screensharing.allow_on_old_platforms", false);
|
|
|
|
|
//lockPref("media.getusermedia.screensharing.allowed_domains", "");
|
|
|
|
|
//lockPref("media.gmp-eme-adobe.autoupdate", false);
|
|
|
|
|
//lockPref("media.gmp-eme-adobe.visible", false);
|
|
|
|
|
//lockPref("media.ondevicechange.enabled", false);
|
|
|
|
|
//lockPref("media.webspeech.synth.enabled", false);
|
|
|
|
|
//lockPref("network.http.spdy.enabled.http2draft", false);
|
|
|
|
|
//lockPref("network.http.spdy.enabled.v3-1", false);
|
|
|
|
|
//lockPref("pfs.datasource.url", "");
|
|
|
|
|
//lockPref("plugin.scan.Acrobat", "99999");
|
|
|
|
|
//lockPref("plugin.scan.Quicktime", "99999");
|
|
|
|
|
//lockPref("plugin.scan.WindowsMediaPlayer", "99999");
|
|
|
|
|
//lockPref("plugins.enumerable_names", "");
|
|
|
|
|
//lockPref("plugins.update.notifyUser", false);
|
|
|
|
|
//lockPref("plugins.update.url", "");
|
|
|
|
|
//lockPref("privacy.clearOnShutdown.passwords", false);
|
|
|
|
|
//lockPref("security.mixed_content.send_hsts_priming", false);
|
|
|
|
|
//lockPref("security.mixed_content.use_hsts", true);
|
|
|
|
|
//lockPref("security.tls.insecure_fallback_hosts.use_static_list", false);
|
|
|
|
|
//lockPref("social.enabled", false);
|
|
|
|
|
//lockPref("social.share.activationPanelEnabled", false);
|
|
|
|
|
//lockPref("social.shareDirectory", "");
|
|
|
|
|
//lockPref("social.toast-notifications.enabled", false);
|
|
|
|
|
//lockPref("startup.homepage_override_url", "");
|
|
|
|
|
//lockPref("startup.homepage_welcome_url", "");
|
|
|
|
|
//lockPref("startup.homepage_welcome_url.additional", "");
|
|
|
|
|
//lockPref("toolkit.cosmeticAnimations.enabled", false);
|
|
|
|
|
//lockPref("toolkit.telemetry.unifiedIsOptIn", true);
|
|
|
|
|
//lockPref("ui.key.menuAccessKey", 0);
|
|
|
|
|
//lockPref("view_source.tab", false);
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
|
2020-04-10 12:02:42 +02:00
|
|
|
defaultPref("xpinstall.signatures.required", true);
|
Relax/unlock some preferences
This is basically backporting some changes that have been already
implemented with my earlier Arch builds.
Mostly it's about keeping some of the settings most often causing
"issues" unlocked, to make it easier to change them once needed.
Cookie handling, for example, can be handled via
[Cookie AutoDelete](https://addons.mozilla.org/de/firefox/addon/cookie-autodelete/)
more comfortably, allowing exceptions for websites and a more granular
retention / rejection.
Having the option to actually keep a history or autofill forms can also
be desired, when the tradeoff with regards to privacy implications is
understood and accepted, so while keeping those options off by default,
it might be helpful to have them easily modifiable.
`resistFingerprinting` can cause issues (rarely), so it might be desired
to at least temporarily disable it in some cases.
The predefined useragent and other overrides sometimes cause issues with
certain websites, so being able to modify can be required as well.
The webextensions-CSP needs to be slightly modified to allow some addons
(especially μBlock Origin) to function.
Furthermore, options to allow re-enabling installing (and, optionally,
updating) extensions from the official extension store might be a good
thing, albeit somewhat of a tradeoff between privacy and security:
Basically keeping extensions up to date is crucial from a security point
of view, and the official extension store is at least a somewhat trusted
source of extensions. This also indirectly can be a good thing for
privacy, as in keeping relevant addons current with regards to privacy
enhancing techniques.
Of course, extensions can be kept up to date separately as well, but
from my experience this is often not taken care of properly and quite a
lot of extra work.
In a comparable vein, the `xpinstall.signatures.required` option might
be a good thing, but also undesired – so it's just kept unlocked.
2020-03-07 16:20:10 +01:00
|
|
|
|
|
|
|
|
// https://www.ghacks.net/2019/05/24/firefox-69-userchrome-css-and-usercontent-css-disabled-by-default/
|
|
|
|
|
// might increase startup time, so keep it disabled, but modifiable by default
|
|
|
|
|
defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false);
|
2020-03-07 16:51:29 +01:00
|
|
|
|
2020-03-10 15:34:59 +01:00
|
|
|
// to be set for the console to work, see https://gitlab.com/librewolf-community/browser/linux/-/issues/80:
|
2020-03-07 16:51:29 +01:00
|
|
|
defaultPref("devtools.selfxss.count", 0);
|
