From eac7585b211bf11bf60ee6548213be5c43cdff3b Mon Sep 17 00:00:00 2001 From: fabrizio Date: Mon, 10 May 2021 08:55:27 +0000 Subject: [PATCH] Settings revamp --- Changelog.md | 647 +++++++++++ README.md | 27 +- librewolf.cfg | 3039 ++++++++----------------------------------------- 3 files changed, 1158 insertions(+), 2555 deletions(-) create mode 100755 Changelog.md mode change 100644 => 100755 README.md mode change 100644 => 100755 librewolf.cfg diff --git a/Changelog.md b/Changelog.md new file mode 100755 index 0000000..4febc8f --- /dev/null +++ b/Changelog.md @@ -0,0 +1,647 @@ +## Changelog +#### Added +Previously missing, now added +``` +defaultPref("pdfjs.enableScripting", false); +lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway +lockPref("browser.contentblocking.cfr-milestone.enabled", false); +lockPref("browser.contentblocking.database.enabled", false); +lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); +lockPref("browser.contentblocking.report.hide_vpn_banner", true); +lockPref("browser.contentblocking.report.show_mobile_app", false); +defaultPref("extensions.formautofill.creditCards.available", false); +defaultPref("extensions.formautofill.addresses.capture.enabled", false); +defaultPref("extensions.formautofill.section.enabled", false); // hide formautofill section in settings, which is useless and buggy atm +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); +lockPref("network.trr.send_empty_accept-encoding_headers", false); +lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); +lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); +lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); +lockPref("app.normandy.dev_mode", false); +lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); +defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); +defaultPref("dom.security.https_only_mode_pbm", true); +lockPref("browser.ping-centre.telemetry", false); +lockPref("browser.region.network.url", ""); +lockPref("browser.region.update.enabled", false); +defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +defaultPref("extensions.postDownloadThirdPartyPrompt", false); +defaultPref("general.warnOnAboutConfig", false); +defaultPref("network.auth.subresource-http-auth-allow", 1); +defaultPref("browser.display.use_system_colors", false); +``` + +#### Modified +Updated some present prefs to better one +``` +defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 +lockPref("browser.cache.offline.storage.enable", false); // Previously browser.cache.offline.insecure.enable +lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // Previously set to 0 +lockPref("network.http.referer.XOriginPolicy", 0); // Previously set to 1 +defaultPref("privacy.clearOnShutdown.offlineApps", false); // For consistency with new cookie behavior +defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cookie behavior +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 +defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed +defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384); +``` + +#### Removed +Active prefs that were removed +``` +lockPref("network.cookie.same-site.enabled", true); // Deprecated +lockPref("network.cookie.leave-secure-alone", true); // Deprecated +lockPref("browser.contentblocking.reportBreakage.enabled", false); // Deprecated +lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false); // Deprecated +lockPref("browser.contentblocking.rejecttrackers.ui.enabled", false); // Deprecated +lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); // Deprecated +lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); // Deprecated +pref("signon.management.page.mobileAndroidURL", ""); // Deprecated +pref("signon.management.page.mobileAppleURL", ""); // Deprecated +lockPref("browser.urlbar.openViewOnFocus", false); // Handled through patch +lockPref("browser.urlbar.update1", false); // Handled through patch +lockPref("browser.urlbar.update1.interventions", false); // Handled through patch +lockPref("browser.urlbar.update1.searchTips", false); // Handled through patch +defaultPref("places.history.expiration.max_pages", 2147483647); // Useless +defaultPref("media.gmp-manager.url.override", "data:text/plain,"); // To easily enable DRM +defaultPref("media.gmp-manager.updateEnabled", false); // Deprecated +defaultPref("media.gmp-widevinecdm.autoupdate", false); // Deprecated +defaultPref("media.gmp-eme-adobe.enabled", false); // Deprecated +defaultPref("media.gmp-manager.certs.2.commonName", ""); // To easily enable DRM +defaultPref("media.gmp-manager.certs.1.commonName", ""); // To easily enable DRM +defaultPref("media.gmp.trial-create.enabled", false); // To easily enable DRM +lockPref("dom.indexedDB.enabled", true); // Deprecated +lockPref("dom.w3c_pointer_events.enabled", false); // Deprecated +lockPref("offline-apps.allow_by_default", false); // Deprecated +lockPref("ui.use_standins_for_native_colors", true); // Interferes with RFP +lockPref("dom.event.highrestimestamp.enabled", true); // Deprecated +lockPref("browser.urlbar.usepreloadedtopurls.enabled", false); // Deprecated +lockPref("browser.urlbar.oneOffSearches", false); // Deprecated +lockPref("dom.disable_window_open_feature.close", true); // Deprecated +lockPref("dom.disable_window_open_feature.location", true); // Deprecated +lockPref("dom.disable_window_open_feature.menubar", true); // Deprecated +lockPref("dom.disable_window_open_feature.minimizable", true); // Deprecated +lockPref("dom.disable_window_open_feature.personalbar", true); // Deprecated +lockPref("dom.disable_window_open_feature.resizable", true); // Deprecated +lockPref("dom.disable_window_open_feature.status", true); // Deprecated +lockPref("dom.disable_window_open_feature.titlebar", true); // Deprecated +lockPref("dom.disable_window_open_feature.toolbar", true); // Deprecated +lockPref("security.csp.experimentalEnabled", true); // Deprecated +lockPref("security.csp.enable_violation_events", false); // Deprecated +lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); // Duplicated in the file +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // Deprecated +lockPref("extensions.htmlaboutaddons.discover.enabled", false); // Deprecated +lockPref("browser.messaging-system.fxatoolbarbadge.enabled", false); // Deprecated +lockPref("browser.onboarding.notification.tour-ids-queue", ""); // Deprecated +lockPref("devtools.gcli.lodashSrc", ""); // Deprecated +lockPref("devtools.webide.templatesURL", ""); // Deprecated +lockPref("browser.ping-centre.production.endpoint", ""); // Deprecated +lockPref("gecko.handlerService.schemes.ircs.0.name", ""); // Duplicated in the file +lockPref("services.sync.fxa.privacyURL", ""); // Deprecated +lockPref("services.settings.default_signer", ""); // Deprecated +lockPref("app.productInfo.baseURL", ""); // Deprecated +lockPref("devtools.webide.adbAddonURL", ""); // Deprecated +lockPref("lightweightThemes.recommendedThemes", ""); // Deprecated +defaultPref("media.gmp-gmpopenh264.autoupdate", false); // Adroid FF only +lockPref("browser.newtabpage.activity-stream.prerender", false); // Deprecated +lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // Deprecated +lockPref("browser.newtabpage.activity-stream.disableSnippets", true); // Deprecated +lockPref("privacy.donottrackheader.value", 1); // Deprecated +defaultPref("privacy.userContext.longPressBehavior", 2); // Deprecated +defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default +lockPref("dom.forms.datetime", false); // Deprecated +lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated +lockPref("services.sync.clients.lastSync", "0"); // Deprecated +lockPref("services.sync.clients.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.enabled", false); // Deprecated +lockPref("services.sync.jpake.serverURL", ""); // Deprecated +lockPref("services.sync.migrated", true); // Deprecated +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.password", false); // Deprecated +lockPref("services.sync.serverURL", ""); // Deprecated +lockPref("services.sync.tabs.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.engine.bookmarks.buffer", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.extensions.personas.current", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.require", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.max", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.min", false); // Deprecated +lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); // Deprecated +lockPref("prio.publicKeyB", ""); // Deprecated +lockPref("prio.publicKeyA", ""); // Deprecated +lockPref("browser.chrome.errorReporter.publicKey", ""); // Deprecated +lockPref("security.insecure_password.ui.enabled", true); // Deprecated +defaultPref("network.dns.localDomains", "librefox.com"); // Doesn't make sense at all +lockPref("security.ssl.errorReporting.automatic", false); // Deprecated +lockPref("security.ssl.errorReporting.url", ""); // Deprecated +lockPref("security.ssl.errorReporting.enabled", false); // Deprecated +defaultPref("layout.frame_rate.precise", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.enabled", true); // Deprecated +defaultPref("layers.async-video.enabled", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.async-animations", true); // Default true and not important to set +defaultPref("html5.offmainthread", true); // Default true and not important to set +defaultPref("browser.tabs.animate", false); // Deprecated +lockPref("webgl.disable-extensions", true); // Deprecated +lockPref("browser.onboarding.notification.finished", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // Deprecated +lockPref("devtools.onboarding.telemetry.logged", false); // Deprecated +lockPref("pref.general.disable_button.default_browser", false); // Deprecated +lockPref("pref.privacy.disable_button.view_passwords", false); // Deprecated +lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // Deprecated +lockPref("browser.urlbar.searchSuggestionsChoice", false); // Deprecated +lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // Deprecated +lockPref("app.update.silent", false); // Deprecated +lockPref("app.vendorURL", ""); // Deprecated +lockPref("browser.chrome.errorReporter.submitUrl", ""); // Deprecated +lockPref("browser.chrome.errorReporter.enabled", false); // Deprecated +lockPref("browser.ping-centre.staging.endpoint", ""); // Deprecated +lockPref("devtools.devedition.promo.url", ""); // Deprecated +lockPref("devtools.gcli.imgurUploadURL", ""); // Deprecated +lockPref("devtools.gcli.jquerySrc", ""); // Deprecated +lockPref("devtools.gcli.underscoreSrc", ""); // Deprecated +lockPref("devtools.telemetry.supported_performance_marks", ""); // Deprecated +lockPref("dom.permissions.enabled", false); // Deprecated +lockPref("extensions.blocklist.url", ""); // Deprecated +lockPref("geo.wifi.uri", ""); // Deprecated +lockPref("geo.provider-country.network.scan", false); // Deprecated +lockPref("geo.provider-country.network.url", ""); // Deprecated +lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated +lockPref("lpbmode.enabled", true); // Deprecated +lockPref("mailnews.messageid_browser.url", ""); // Deprecated +lockPref("mailnews.mx_service_url", ""); // Deprecated +lockPref("network.predictor.cleaned-up", true); // Deprecated +lockPref("plugins.crash.supportUrl", ""); // Deprecated +lockPref("sync.enabled", false); // Deprecated +lockPref("sync.jpake.serverURL", ""); // Deprecated +lockPref("sync.serverURL", ""); // Deprecated +lockPref("toolkit.telemetry.hybridContent.enabled", false); // Deprecated +lockPref("toolkit.telemetry.infoURL", ""); // Deprecated +lockPref("toolkit.telemetry.prompted", 2); // Deprecated +lockPref("toolkit.telemetry.rejected", true); // Deprecated +lockPref("toolkit.telemetry.coverage.opt-out", true); // Deprecated +lockPref("browser.aboutHomeSnippets.updateUrl", ""); // Deprecated +lockPref("dom.enable_user_timing", false); // Deprecated +lockPref("geo.wifi.logging.enabled", false); // Deprecated +lockPref("browser.search.geoSpecificDefaults.url", ""); // Deprecated +lockPref("browser.search.geoSpecificDefaults", false); // Deprecated +lockPref("browser.fixup.hide_user_pass", true); // Deprecated +lockPref("privacy.storagePrincipal.enabledForTrackers", false); // redundant with dFPI +defaultPref("layout.css.visited_links_enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1632765 +defaultPref("layout.css.always-repaint-on-unvisited", false); // no benefit with RFP enabled -> https://github.com/arkenfox/user.js/issues/933 +defaultPref("layout.css.notify-of-unvisited", false); // no benefit with RFP enabled +defaultPref("dom.event.contextmenu.enabled", false); // causes breakage with no demonstrated privacy benefit +lockPref("dom.registerProtocolHandler.insecure.enabled", true); // Deprecated +defaultPref("dom.security.https_only_mode_ever_enabled", true); // Triggered by dom.security.https_only_mode = true +lockPref("dom.enable_resource_timing", false); // conflicting with RFP +lockPref("device.sensors.enabled", false); // conflicting with RFP +lockPref("dom.gamepad.enabled", false); // conflicting with RFP +lockPref("dom.netinfo.enabled", false); // conflicting with RFP +lockPref("media.video_stats.enabled", false); // conflicting with RFP +lockPref("webgl.enable-debug-renderer-info", false); // conflicting with RFP +defaultPref("extensions.getAddons.themes.browseURL", ""); // Deprecated +lockPref("extensions.getAddons.compatOverides.url", ""); // Used for tests on localhost:8888 +defaultPref("extensions.ui.experiment.hidden", false); // Deprecated +defaultPref("extensions.webextensions.tabhide.enabled", false); // Deprecated +lockPref("dom.enable_performance", false); // conflicting with RFP +lockPref("dom.enable_performance_navigation_timing", false); // conflicting with RFP +lockPref("security.mixed_content.upgrade_display_content", true); // not worth having https://github.com/arkenfox/user.js/issues/754 +lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.rsa_rc4_128_md5", false); // Deprecated +lockPref("security.ssl3.rsa_rc4_128_sha", false); // Deprecated +lockPref("security.tls.unrestricted_rc4_fallback", false); // Deprecated +lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.rsa_seed_sha", false); // Deprecated +lockPref("security.ssl3.rsa_des_ede3_sha", false); // known to leak and increase fingerprint +lockPref("security.ssl3.rsa_aes_256_sha", false); // known to leak and increase fingerprint +lockPref("security.ssl3.rsa_aes_128_sha", false); // known to leak and increase fingerprint +lockPref("browser.safebrowsing.allowOverride", false); // we do not have SB enabled so we don't care if the bypass button is shown +defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? +lockPref("services.blocklist.onecrl.collection", ""); // Deprecated +lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint +lockPref("plugin.defaultXpi.state", 1); // Deprecated +lockPref("remote.log.level", "Info"); // already default and not important in any way +lockPref("webgl.min_capability_mode", true); // small to no gain according to arkenfox and TOR, breaks websites on the other side +lockPref("lightweightThemes.update.enabled", false); // Deprecated +lockPref("lightweightThemes.persisted.headerURL", false); // Deprecated +lockPref("lightweightThemes.persisted.footerURL", false); // Deprecated +lockPref("network.protocol-handler.warn-external-default",true); // any real benefit? +lockPref("network.protocol-handler.external.javascript",false); // any real benefit? +lockPref("network.protocol-handler.external.moz-extension",false); // any real benefit? +lockPref("network.protocol-handler.external.ftp",false);// any real benefit? +lockPref("network.protocol-handler.external.file",false);// any real benefit? +lockPref("network.protocol-handler.external.about",false);// any real benefit? +lockPref("network.protocol-handler.external.chrome",false);// any real benefit? +lockPref("network.protocol-handler.external.blob",false);// any real benefit? +lockPref("network.protocol-handler.external.data",false);// any real benefit? +lockPref("network.protocol-handler.expose-all",false);// any real benefit? +lockPref("network.protocol-handler.expose.http",true);// any real benefit? +lockPref("network.protocol-handler.expose.https",true);// any real benefit? +lockPref("network.protocol-handler.expose.javascript",true);// any real benefit? +lockPref("network.protocol-handler.expose.moz-extension",true);// any real benefit? +lockPref("network.protocol-handler.expose.ftp",true);// any real benefit? +lockPref("network.protocol-handler.expose.file",true);// any real benefit? +lockPref("network.protocol-handler.expose.about",true);// any real benefit? +lockPref("network.protocol-handler.expose.chrome",true);// any real benefit? +lockPref("network.protocol-handler.expose.blob",true);// any real benefit? +lockPref("network.protocol-handler.expose.data",true);// any real benefit? +lockPref("network.protocol-handler.external.http",false);// any real benefit? +lockPref("network.protocol-handler.external.https",false);// any real benefit? +lockPref("shumway.disabled", true); // Deprecated +lockPref("plugin.state.libgnome-shell-browser-plugin", 0); // Deprecated +lockPref("plugins.click_to_play", true); // Deprecated +lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); // Deprecated +lockPref("devtools.webide.enabled", false); // Deprecated +lockPref("devtools.webide.autoinstallADBExtension", false); // Deprecated +lockPref("network.allow-experiments", false); // Deprecated +lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // Deprecated +lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); // Deprecated +lockPref("network.netlink.route.check.IPv6", "::1"); // Deprecated +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // Deprecated +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // Deprecated +lockPref("security.tls.version.max", 4); // increases fingerprint +defaultPref("network.dns.blockDotOnion", true); // TOR is out of scope +lockPref("network.http.referer.hideOnionSource", true); // TOR is out of scope +lockPref("browser.onboarding.enabled", false); // Deprecated +lockPref("dom.mozTCPSocket.enabled", false); // Useless according to https://gitlab.torproject.org/legacy/trac/-/issues/27268#comment:2 +lockPref("devtools.webide.autoinstallADBHelper", false); // Deprecated +lockPref("app.update.enabled", false); // Deprecated +lockPref("browser.casting.enabled", false); // Deprecated, probably Android only +lockPref("browser.newtabpage.activity-stream.enabled", false); // Deprecated +lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); // Deprecated +lockPref("browser.newtabpage.directory.source", "data:text/plain,"); // Deprecated +lockPref("browser.newtabpage.enhanced", false); // Deprecated +lockPref("browser.selfsupport.url", ""); // Deprecated +lockPref("camera.control.face_detection.enabled", false); // Deprecated +lockPref("datareporting.healthreport.about.reportUrl", "data:,"); // Deprecated +lockPref("datareporting.healthreport.service.enabled", false); // Deprecated +lockPref("devtools.webide.autoinstallFxdtAdapters", false); // Deprecated +lockPref("devtools.webide.adaptersAddonURL", ""); // Deprecated +lockPref("dom.flyweb.enabled", false); // Deprecated +lockPref("dom.push.udp.wakeupEnabled", false); // Deprecated +lockPref("dom.telephony.enabled", false); // Deprecated +lockPref("extensions.shield-recipe-client.enabled", false); // Deprecated +lockPref("loop.logDomains", false); // Deprecated +lockPref("network.websocket.enabled", false); // Deprecated +lockPref("security.xpconnect.plugin.unrestricted", false); // Deprecated +lockPref("social.directories", ""); // Deprecated +lockPref("social.remote-install.enabled", false); // Deprecated +lockPref("social.whitelist", ""); // Deprecated +lockPref("pref.privacy.disable_button.change_blocklist", true); // seems to have no effect and probably deprecated +lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); // seems to have no effect and probably deprecated +lockPref("browser.pocket.enabled", false); // Deprecated +defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); // already default value and not that important, can still be flipped easily +lockPref("plugin.scan.plid.all", false); // Win-only, plugins are disabled so it's redundant +lockPref("webgl.dxgl.enabled", false); // Win-only, marked as useless https://github.com/arkenfox/user.js/issues/714 +lockPref("browser.search.countryCode", "US"); // Deprecated +lockPref("experiments.activeExperiment", false); // Deprecated +lockPref("experiments.enabled", false); // Deprecated +lockPref("experiments.manifest.uri", ""); // Deprecated +lockPref("experiments.supported", false); // Deprecated +lockPref("network.jar.block-remote-files", true); // Deprecated +lockPref("network.jar.open-unsafe-types", false); // Deprecated +lockPref("plugin.state.java", 0); // Deprecated +lockPref("trailhead.firstrun.branches", "join-privacy"); // Deprecated +lockPref("services.blocklist.update_enabled", false); // Deprecated +lockPref("shield.savant.enabled", false); // Deprecated +defaultPref("gfx.direct2d.disabled", false); // Win-only, default and probably out of scope +defaultPref("layers.acceleration.disabled", false); // default and probably out of scope +lockPref("browser.taskbar.previews.enable", false); // personal pref +lockPref("browser.taskbar.lists.enabled", false); // personal pref +lockPref("browser.taskbar.lists.frequent.enabled", false); // personal pref +lockPref("browser.taskbar.lists.recent.enabled", false); // personal pref +lockPref("browser.taskbar.lists.tasks.enabled", false); // personal pref +defaultPref("webgl.force-enabled", true); // out of scope, not worth +defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth +lockPref("privacy.trackingprotection.testing.report_blocked_node", false); // default false and we have tracking protection disabled +lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); // default false and we have tracking protection disabled +lockPref("privacy.trackingprotection.lower_network_priority", false); // default +lockPref("telemetry.origin_telemetry_test_mode.enabled", false); // default false and we have tracking protection disabled +lockPref("signon.storeSignons", false); // Deprecated +lockPref("browser.urlbar.filter.javascript", true); // default +lockPref("browser.search.geoip.url", ""); // Deprecated +defaultPref("privacy.clearOnShutdown.siteSettings", false); // default +defaultPref("privacy.clearOnShutdown.cache", true); // default +defaultPref("privacy.clearOnShutdown.sessions", true); // default +defaultPref("privacy.clearOnShutdown.downloads", true); // default +defaultPref("privacy.clearOnShutdown.formdata", true); // default +defaultPref("privacy.clearOnShutdown.history", true); // default +defaultPref("privacy.cpd.siteSettings", false); // default +defaultPref("privacy.cpd.downloads", true); // default +defaultPref("privacy.cpd.cache", true); // default +defaultPref("privacy.cpd.formdata", true); // default +defaultPref("privacy.cpd.history", true); // default +defaultPref("privacy.cpd.passwords", false); // default +defaultPref("privacy.cpd.sessions", true); // default +defaultPref("extensions.formautofill.addresses.capture.enabled", false); // default +lockPref("signon.autofillForms.http", false); // default +lockPref("network.trr.send_user-agent_headers", false); // default +lockPref("network.dns.disablePrefetchFromHTTPS", true); // default +lockPref("dom.imagecapture.enabled", false); // default +lockPref("dom.reporting.crash.enabled", false); // default +defaultPref("network.proxy.autoconfig_url.include_path", false); // default +lockPref("security.tls.version.min", 3); // default +defaultPref("extensions.webextensions.background-delayed-startup", true); //default +defaultPref("xpinstall.signatures.required", true); // default +lockPref("app.normandy.dev_mode", false); // default +defaultPref("pdfjs.enableWebGL", false); // default +lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable +lockPref("network.predictor.enable-prefetch", false); // default +lockPref("network.http.referer.spoofSource", false); // default +defaultPref("network.http.referer.defaultPolicy", 2); // default +defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default +defaultPref("layout.spellcheckDefault", 2); // why? +lockPref("privacy.trackingprotection.introURL", ""); // Deprecated +defaultPref("general.appname.override", "Netscape"); // no benefit over RFP +defaultPref("general.appversion.override", "5.0 (Windows)"); // no benefit over RFP, and it doesn't spoof +defaultPref("general.platform.override", "Win32"); // no benefit over RFP, and it doesn't spoof +defaultPref("general.oscpu.override", "Windows NT 6.1"); // no benefit over RFP, and it doesn't spoof +lockPref("general.buildID.override", "20100101"); // no benefit over RFP +lockPref("browser.startup.homepage_override.buildID", "20100101"); // no benefit over RFP +defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // no benefit over RFP and without may increase FP +lockPref("security.insecure_connection_icon.enabled", true); // Default +lockPref("security.insecure_connection_icon.pbmode.enabled", true); // Default +lockPref("browser.bookmarks.restore_default_bookmarks", false); // Default +lockPref("browser.contentblocking.cfr-milestone.enabled", false); // not needed with contenblocking disabled +lockPref("app.normandy.first_run", false); // default +lockPref("browser.send_pings", false); // default +lockPref("browser.send_pings.require_same_host", true); // default +defaultPref("browser.tabs.closeTabByDblclick", true); // why? +lockPref("devtools.debugger.force-local", true); // default +lockPref("gfx.offscreencanvas.enabled", false); // default +lockPref("media.webspeech.recognition.enable", false); // default +lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // default +lockPref("remote.force-local", true); // default +lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default +lockPref("security.fileuri.strict_origin_policy", true); // default +lockPref("security.insecure_field_warning.contextual.enabled", true); // default +defaultPref("security.remote_settings.intermediates.enabled", true); // default +lockPref("xpinstall.whitelist.required", true); // default +lockPref("browser.sessionhistory.max_entries", 20); // why? +lockPref("extensions.webapi.testing", false); // hidden but default false +lockPref("canvas.capturestream.enabled", false); // any real benefit? +lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments +defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup + +// fxaccounts is disabled in policies +lockPref("identity.fxaccounts.enabled", false); +lockPref("identity.fxaccounts.remote.root", ""); +lockPref("identity.fxaccounts.auth.uri", ""); +lockPref("identity.fxaccounts.commands.enabled", false); +lockPref("identity.fxaccounts.remote.oauth.uri", ""); +lockPref("identity.fxaccounts.remote.profile.uri", ""); +lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); + +// all handled by lockPref("services.settings.server", "") +lockPref("services.blocklist.addons.collection", ""); +lockPref("services.blocklist.plugins.collection", ""); +lockPref("services.blocklist.gfx.collection", ""); +lockPref("services.blocklist.addons.signer", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.plugins.signer", ""); + +// useless as fxaccounts are off +lockPref("services.sync.addons.trustedSourceHostnames", ""); +lockPref("services.sync.lastversion", ""); +lockPref("services.sync.maxResyncs", 0); // 1 +lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 +lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false +lockPref("services.sync.engine.addons", false); //true +lockPref("services.sync.engine.addresses", false); //false +lockPref("services.sync.engine.addresses.available", false); +lockPref("services.sync.engine.bookmarks", false); //true +lockPref("services.sync.engine.creditcards", false); //false +lockPref("services.sync.engine.creditcards.available", false); //false +lockPref("services.sync.engine.history", false); //true +lockPref("services.sync.engine.passwords", false); //true +lockPref("services.sync.engine.prefs", false); //true +lockPref("services.sync.engine.tabs", false); //true +lockPref("services.sync.log.appender.file.logOnError", false); //true +lockPref("services.sync.log.appender.file.logOnSuccess", false); //false +lockPref("services.sync.log.cryptoDebug", false); //false +lockPref("services.sync.sendVersionInfo", false); //true +lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true +lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true +lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true +lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true +lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); //true +lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true +lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true +lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true +lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true +lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true +lockPref("services.sync.prefs.sync.browser.search.update", false); //true +lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true +lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true +lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true +lockPref("services.sync.prefs.sync.browser.startup.page", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.engines", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true +lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true +lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true +lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true +lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true +lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true +lockPref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", false); //true +lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true +lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true +lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true +lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true +lockPref("services.sync.prefs.sync.permissions.default.image", false); //true +lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true +lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true +lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true +lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true +lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true +lockPref("services.sync.prefs.sync.signon.rememberSignons", false); +lockPref("services.sync.prefs.sync.signon.management.page.breach-alerts.enabled", false); +lockPref("services.sync.prefs.sync.signon.generation.enabled", false); +lockPref("services.sync.prefs.sync.signon.autofillForms", false); +lockPref("services.sync.declinedEngines", ""); +lockPref("services.sync.globalScore", 0); +lockPref("services.sync.nextSync", 0); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); +lockPref("services.sync.tabs.lastSync", "0"); + +// useless as ui elements are not in the report page +lockPref("browser.contentblocking.report.cookie.url", ""); +lockPref("browser.contentblocking.report.cryptominer.url", ""); +lockPref("browser.contentblocking.report.endpoint_url", ""); +lockPref("browser.contentblocking.report.fingerprinter.url", ""); +lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); +lockPref("browser.contentblocking.report.manage_devices.url", ""); +lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); +lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); +lockPref("browser.contentblocking.report.monitor.home_page_url", ""); +lockPref("browser.contentblocking.report.monitor.preferences", ""); +lockPref("browser.contentblocking.report.monitor.url", ""); +lockPref("browser.contentblocking.report.proxy.enabled", false); +lockPref("browser.contentblocking.report.proxy_extension.url", ""); +lockPref("browser.contentblocking.report.social.url", ""); +lockPref("browser.contentblocking.report.tracker.url", ""); +lockPref("browser.contentblocking.report.vpn.url", ""); +lockPref("browser.contentblocking.report.vpn-promo.url", ""); +lockPref("browser.contentblocking.report.vpn-ios.url", ""); +lockPref("browser.contentblocking.report.vpn-android.url", ""); +``` +#### Commented +Prefs that need to be addressed and that were disabled for now +``` +// all covered by previous prefs +// defaultPref("media.navigator.video.enabled", false); +// defaultPref("media.peerconnection.use_document_iceservers", false); +// defaultPref("media.peerconnection.identity.enabled", false); +// defaultPref("media.peerconnection.identity.timeout", 1); +// defaultPref("media.peerconnection.turn.disable", true); +// defaultPref("media.peerconnection.ice.tcp", false); +``` + +#### Unlocked +Locked prefs that were unlocked, more should be unlocked probably +``` +defaultPref("general.config.filename", "librewolf.cfg"); +defaultPref("privacy.donottrackheader.enabled", true); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("permissions.default.geo", 2); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("extensions.getAddons.themes.browseURL", "") +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); +defaultPref("alerts.showFavicons", false); // default: false +defaultPref("security.remote_settings.intermediates.enabled", true); +defaultPref("dom.battery.enabled", false); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("extensions.blocklist.enabled", false); +defaultPref("extensions.blocklist.detailsURL", ""); +defaultPref("extensions.blocklist.itemURL", ""); +defaultPref("security.OCSP.enabled", 0); // someone might want to have it on for security concerns +defaultPref("security.OCSP.require", false); +defaultPref("reader.parse-on-load.enabled", false); +``` + +#### To discuss +Prefs that need to be addressed and potential roadmap +``` +Open points: +// How much should we lock? +// How in depth should we go with urls +// SB - make re-enabling easier, test connections +// GEO - review to allow easier re-enabling +// evaluate certificate handling (oscp, crlite, blocklist) + +missing from arkenfox in need of discussion: +security.pki.crlite_mode -> DISCUSS +security.remote_settings.crlite_filters.enabled -> DISCUSS +dom.security.https_only_mode_send_http_background_request -> DISCUSS +browser.download.useDownloadDir -> do we want to ask for download location each time? +``` + +## How to... +#### Stay logged +Add website to exceptions before login, both http and https link +#### Enable DRM content +``` +media.eme.enabled = true +media.gmp-widevinecdm.visible = true +media.gmp-widevinecdm.enabled = true +media.gmp-provider.enabled = true +media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml +``` +#### Use video conferencing +``` +media.peerconnection.enabled = true +media.peerconnection.ice.no_host = true +dom.webaudio.enabled = true +``` +screensharing `media.getusermedia.screensharing.enabled = true` +#### Enable addons search +``` +extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" +``` +#### Enable addons manual updates +``` +extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= +%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= +%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= +%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= +%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" +``` +#### Enable OCSP certificate checking +``` +security.OCSP.enabled = 1 +``` +you probably also want `security.OCSP.require = true` + +#### Hardened setup +``` +defaultPref("javascript.options.asmjs", false); // disable asm.js +defaultPref("javascript.options.wasm", false); // disable web assembly +defaultPref("webgl.disabled", true); // disable webgl +defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing +defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access +``` \ No newline at end of file diff --git a/README.md b/README.md old mode 100644 new mode 100755 index 9b16249..f63cd10 --- a/README.md +++ b/README.md @@ -1,3 +1,28 @@ # LibreWolf settings -Heavily borrowed from [ghacks-user.js](https://github.com/ghacksuserjs/ghacks-user.js) and [pyllyukko/user.js](https://github.com/pyllyukko/user.js). Not affiliated with either. +LibreWolf settings for all platforms. + +The configuration file was revamped and it includes improvements in usability, a more curated and focused selection of privacy settings, as well as the ability to override preferences with an external file. +The old configuration (now tagged as `legacy`) should be considered deprecated and it will no longer be maintained. + +We encourage users to find **their own setup** and to use our default configuration as something to build on top of. This is now easier thanks to the overrides, just place your own preferences in the proper location, according to your OS and install method: +- Most distros and macOS -> `~/.librewolf/librewolf.overrides.cfg` +- Flatpak -> `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` +- Windows -> `%USERPROFILE%\.librewolf\librewolf.overrides.cfg` + +## Useful links +- FAQ (coming soon): to help you creating your own pref file. +- [LibreWolf distributions](https://gitlab.com/librewolf-community/browser) +- [Issue tracker](https://gitlab.com/librewolf-community/settings/-/issues) +- Our community on [gitter](https://gitter.im/librewolf-community/librewolf) +- [Website](https://librewolf-community.gitlab.io/) +- [Docs](https://librewolf.readthedocs.io/en/latest/) +- [r/LibreWolf](https://www.reddit.com/r/LibreWolf/) + +## Notes and thanks +This repository benefits from the knowledge and research provided by [arkenfox](https://github.com/arkenfox), their documentation was vital to this revamp, so special thanks to their project. +We do not use arkenfox's user.js but we try to keep up with it, and we also consider it a great resource for users who want to find their own setup. + +Some of the older prefs in this project are taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home). + +Thank you to the whole LibreWolf community as once again this is entirely a community effort. \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg old mode 100644 new mode 100755 index 645c6e0..cd12b9c --- a/librewolf.cfg +++ b/librewolf.cfg @@ -1,936 +1,340 @@ -// --------- -// LibreWolf -// --------- -// -// Documentation .............. : -// ============================== -// -// "Section" : Description of the settings section separated by "----" -// "Bench Diff" : Impact on the performance of firefox can be a gain or loss of performance -// +100/5000 stand for 2% gained performance and -1500/5000 stand for -30% performance loss -// Performance can be tested here : https://chromium.github.io/octane/ -// "Pref" : Preference/Settings name and or description followed by links or documentations -// and some time explanation why the setting is commented and ignored. -// "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here -// lockPref is used to lock preferences so they cannot be changed through the GUI or about:config. -// In many cases the GUI will change to reflect this, graying out or removing options. Appears -// in about:config as "locked". Some config items require lockPref to be set, such as app.update.enabled. -// It will not work if it set with just pref. -// "pref" : Sets the preference as if a user had set it, every time you start the browser. So users can make changes, -// but they will be erased on restart. If you set a particular preference this way, -// it shows up in about:config as "user set". -// "defaultPref" : Defaulting : Is used to alter the default value, though users can set it normally and their changes will -// be saved between sessions. If preferences are reset to default through the GUI or some other method, -// this is what they will go back to. Appears in about:config as "default". -// "clearPref" : Can be used to "blank" certain preferences. This can be useful e.g. to disable functions -// that rely on comparing version numbers. -// -// ==================================================================================== -// Protection ................. : -// ============================== -// -// Pref : Locking librewolf.cfg itself -lockPref("general.config.filename", "librewolf.cfg"); -// -// ===================================================================================== -// Index librewolf.cfg .......... : -// ============================== -// -// ----------------------------------------------------------------------- -// Section : User settings // Bench Diff : +0 / 5000 -// Section : Defaulting Settings // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Controversial // Bench Diff : +0 / 5000 -// Section : Firefox Fingerprint // Bench Diff : +0 / 5000 -// Section : Locale/Time // Bench Diff : +0 / 5000 -// Section : Ghacks-user Selection // Bench Diff : +100 / 5000 -// Section : Extensions Manager // Bench Diff : +0 / 5000 -// Section : IJWY To Shut Up // Bench Diff : +0 / 5000 -// Section : Microsoft Windows // Bench Diff : +0 / 5000 -// Section : Firefox ESR60.x // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Security 1/3 // Bench Diff : +0 / 5000 -// Section : Security 2/3 // Bench Diff : +0 / 5000 -// Section : Security 3/3 (Cipher) // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// Section : Performance 1/5 // Bench Diff : +650 / 5000 -// Section : Performance 2/5 // Bench Diff : -800 / 5000 -// Section : Performance 3/5 // Bench Diff : -1720 / 5000 -// Section : Performance 4/5 // Bench Diff : -200 / 5000 -// Section : Performance 5/5 // Bench Diff : -50 / 5000 -// ----------------------------------------------------------------------- -// Section : General Settings 1/3 // Bench Diff : +100 / 5000 -// Section : General Settings 2/3 // Bench Diff : +0 / 5000 -// Section : General Settings 3/3 // Bench Diff : -40 / 5000 -// ----------------------------------------------------------------------- -// Section : Disabled - ON/OFF // Bench Diff : +0 / 5000 -// Section : Disabled - Deprecated Active // Bench Diff : +0 / 5000 -// Section : Disabled - Deprecated Inactive // Bench Diff : +0 / 5000 -// ----------------------------------------------------------------------- -// -// ----------------------------------------------------------------------- -// Index local-settings.js .... : -// ============================== -// -// ----------------------------------------------------------------------- -// Section : General Settings // Bench Diff : ++ / 5000 -// ----------------------------------------------------------------------- -// -// ----------------------------------------------------------------------- - -// >>>>>>>>>>>>>>>>>>>>>>> -// Section : User Settings -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>>>>> - -// Librefox Compatibility Fix -// commented out, we're setting it differently later on -// defaultPref("extensions.autoDisableScopes", 0); - -// Removing https-everywhere adding 2 librefox addons -// keep it commented out for now, until we have more recent, properly pre-installed addons -// defaultPref("extensions.enabledAddons", "librefox.http.watcher.tor%40intika.be:2.8,%7Befd1ce61-97d1-4b4f-a378-67d0d41d858d%7D:1.2,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,tor-launcher%40torproject.org:0.1.1pre-alpha,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5"); - -// -------------------------------- -// User Settings : Cookies settings -// -------------------------------- - -defaultPref("network.cookie.cookieBehavior", 1); -defaultPref("network.cookie.lifetimePolicy", 2); -lockPref("network.cookie.same-site.enabled", true); -lockPref("network.cookie.leave-secure-alone", true); -defaultPref("network.cookie.thirdparty.sessionOnly", true); -lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); +//---------------| +// LibreWolf | +//---------------| +// Glossary: | +// ================================================================================================================================| +// | +// "Section" : Description of the settings section separated by "----" | +// "Pref" : Preference/Settings name and or description followed by links or documentations | +// and some time explanation why the setting is commented and ignored. | +// "lockPref" : Locked preference can not be changed on firefox, nor by extensions, can only be changed here | +// lockPref is used to lock preferences so they cannot be changed through the GUI or about:config. | +// In many cases the GUI will change to reflect this, graying out or removing options. Appears | +// in about:config as "locked". Some config items require lockPref to be set, such as app.update.enabled. | +// It will not work if it set with just pref. | +// "pref" : Sets the preference as if a user had set it, every time you start the browser. So users can make changes, | +// but they will be erased on restart. If you set a particular preference this way, | +// it shows up in about:config as "user set". | +// "defaultPref" : Defaulting : Is used to alter the default value, though users can set it normally and their changes will | +// be saved between sessions. If preferences are reset to default through the GUI or some other method, | +// this is what they will go back to. Appears in about:config as "default". | +// "clearPref" : Can be used to "blank" certain preferences. This can be useful e.g. to disable functions | +// that rely on comparing version numbers. | +// | +// ================================================================================================================================| // ----------------------------------- -// User Settings : Tracking protection +// # TRACKING PROTECTION // ----------------------------------- +defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more lockPref("privacy.trackingprotection.enabled", false); -lockPref("privacy.trackingprotection.annotate_channels", false); -lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); -lockPref("privacy.trackingprotection.lower_network_priority", false); lockPref("privacy.trackingprotection.pbmode.enabled", false); -lockPref("telemetry.origin_telemetry_test_mode.enabled", false); +lockPref("privacy.trackingprotection.socialtracking.enabled", false); +lockPref("privacy.trackingprotection.cryptomining.enabled", false); +lockPref("privacy.trackingprotection.fingerprinting.enabled", false); +lockPref("privacy.trackingprotection.annotate_channels", false); lockPref("urlclassifier.trackingTable", ""); -lockPref("pref.privacy.disable_button.change_blocklist", true); -lockPref("browser.contentblocking.reportBreakage.enabled", false); -lockPref("browser.contentblocking.reportBreakage.url", ""); -lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false); -lockPref("browser.contentblocking.rejecttrackers.ui.enabled", false); -lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); -lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); -lockPref("browser.contentblocking.report.lockwise.url", ""); -lockPref("browser.contentblocking.report.proxy_extension.url", ""); -lockPref("browser.contentblocking.report.cookie.url", ""); -lockPref("browser.contentblocking.report.cryptominer.url", ""); -lockPref("browser.contentblocking.report.fingerprinter.url", ""); -lockPref("browser.contentblocking.report.lockwise.enabled", false); -lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); -lockPref("browser.contentblocking.report.lockwise.url", ""); -lockPref("browser.contentblocking.report.manage_devices.url", ""); -lockPref("browser.contentblocking.report.monitor.enabled", false); -lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); -lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); -lockPref("browser.contentblocking.report.monitor.url", ""); -lockPref("browser.contentblocking.report.proxy.enabled", false); -lockPref("browser.contentblocking.report.proxy_extension.url", ""); -lockPref("browser.contentblocking.report.social.url", ""); -lockPref("browser.contentblocking.report.tracker.url", ""); -//lockPref("browser.contentblocking.global-toggle.enabled", false); -//lockPref("browser.contentblocking.rejecttrackers.ui.recommended", false); -//lockPref("browser.contentblocking.fastblock.ui.enabled", false); -//lockPref("browser.contentblocking.fastblock.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.allowlist.annotations.enabled", false); -//lockPref("browser.contentblocking.allowlist.storage.enabled", false); -//lockPref("pref.privacy.disable_button.tracking_protection_exceptions", false); -//lockPref("browser.contentblocking.rejecttrackers.control-center.ui.enabled", false); -//lockPref("browser.contentblocking.ui.enabled", false); -//lockPref("browser.contentblocking.enabled", false); +lockPref("browser.contentblocking.database.enabled", false); -lockPref("default-browser-agent.enabled", false); +// remove urls +lockPref("browser.contentblocking.reportBreakage.url", ""); + +// hide ui elements +lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); +lockPref("browser.contentblocking.report.hide_vpn_banner", true); +lockPref("browser.contentblocking.report.show_mobile_app", false); +lockPref("browser.contentblocking.report.lockwise.enabled", false); +lockPref("browser.contentblocking.report.monitor.enabled", false); +lockPref("browser.contentblocking.report.proxy.enabled", false); +lockPref("browser.contentblocking.report.vpn.enabled", false); // ---------------------------------- -// User Settings : Auto-play settings +// # AUTOPLAY // ---------------------------------- defaultPref("media.autoplay.default", 5); -defaultPref("media.autoplay.enabled.user-gestures-needed", false); +defaultPref("media.autoplay.blocking_policy", 2); // ----------------------------------------- -// User Settings : Password manager settings +// # PASSWORD MANAGER // ----------------------------------------- -lockPref("signon.storeSignons", false); lockPref("signon.rememberSignons", false); -lockPref("services.sync.prefs.sync.signon.rememberSignons", false); lockPref("signon.storeWhenAutocompleteOff", false); -//lockPref("security.ask_for_password", 2); -//lockPref("security.password_lifetime", 5); - -pref("signon.management.page.breach-alerts.enabled", false); -pref("signon.management.page.breachAlertUrl", ""); -pref("signon.management.page.mobileAndroidURL", ""); -pref("signon.management.page.mobileAppleURL", ""); +defaultPref("signon.management.page.breach-alerts.enabled", false); +defaultPref("signon.management.page.breachAlertUrl", ""); +lockPref("signon.formlessCapture.enabled", false); // -------------------------------- -// User Settings : History settings +// # SEARCH AND URLBAR // -------------------------------- -lockPref("browser.sessionhistory.max_entries", 20); -lockPref("browser.urlbar.filter.javascript", true); +defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); +lockPref("browser.urlbar.speculativeConnect.enabled", false); +lockPref("browser.urlbar.trimURLs", false); +lockPref("browser.search.suggest.enabled", false); +lockPref("browser.search.region", "US"); +lockPref("browser.fixup.alternate.enabled", false); +lockPref("browser.urlbar.suggest.searches", false); +lockPref("browser.search.update", false); -// Disables the “megabar” -// NOTE: probably deprecated / no-ops by now, can probably be removed -// handled by a patch instead. -lockPref("browser.urlbar.openViewOnFocus", false); -lockPref("browser.urlbar.update1", false); -lockPref("browser.urlbar.update1.interventions", false); -lockPref("browser.urlbar.update1.searchTips", false); +// -------------------------------- +// # SANITIZING, COOKIES AND HISTORY +// -------------------------------- + +defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 +defaultPref("network.cookie.lifetimePolicy", 2); +defaultPref("network.cookie.thirdparty.sessionOnly", true); +lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); + +// includes new cookie behavior that allows to stay logged with exceptions +defaultPref("privacy.clearOnShutdown.cookies", false); +defaultPref("privacy.clearOnShutdown.offlineApps", false); +defaultPref("privacy.cpd.cookies", false); // just for consistency to avoid accidental logout +defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid accidental logout -defaultPref("browser.tabs.drawInTitlebar", true); -pref("startup.homepage_override_url", "about:blank"); -pref("startup.homepage_welcome_url", "about:blank"); -pref("startup.homepage_welcome_url.additional", ""); -defaultPref("privacy.clearOnShutdown.offlineApps", true); -defaultPref("privacy.cpd.offlineApps", true); // Offline Website Data defaultPref("privacy.sanitize.timeSpan", 0); defaultPref("browser.formfill.enable", false); defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("places.history.enabled", false); -// the following can be safely set here, as it should not have any effect, -// the above defaultPref("places.history.enabled", false); is set to true -defaultPref("places.history.expiration.max_pages", 2147483647); defaultPref("privacy.history.custom", true); -//defaultPref("privacy.cpd.openWindows", true); // Clear session data -//defaultPref("privacy.clearOnShutdown.openWindows", true); -//defaultPref("privacy.sanitize.pending", '[{"id":"shutdown","itemsToClear":["cache","cookies","history","formdata","downloads"],"options":{}}]'); -//lockPref("permissions.memory_only", true); // (hidden pref) -//lockPref("browser.formfill.expire_days", 0); - -lockPref("privacy.storagePrincipal.enabledForTrackers", false); // -------------------------------------------------------------------- -// User Settings : Session : Other session settings on disabled section +// # SESSIONS // -------------------------------------------------------------------- lockPref("browser.sessionstore.privacy_level", 2); lockPref("browser.sessionstore.interval", 60000); // --------------------------------- -// User Settings : Autofill settings +// # AUTOFILL // --------------------------------- -defaultPref("extensions.formautofill.addresses.enabled", false); +defaultPref("extensions.formautofill.section.enabled", false); defaultPref("extensions.formautofill.available", "off"); +defaultPref("extensions.formautofill.addresses.enabled", false); defaultPref("extensions.formautofill.creditCards.enabled", false); +defaultPref("extensions.formautofill.creditCards.available", false); defaultPref("extensions.formautofill.heuristics.enabled", false); - lockPref("signon.autofillForms", false); -lockPref("signon.autofillForms.http", false); -//lockPref("browser.urlbar.autoFill", false); -//lockPref("browser.urlbar.autoFill.typed", false); - -// ---------------------------------------------- -// User Settings : Check default browser Settings -// ---------------------------------------------- - -lockPref("browser.shell.checkDefaultBrowser", false); // ----------------------- -// User Settings : DRM/CDM +// # DRM // ----------------------- +// includes new DRM implementation for easily re-enabling it +// following four prefs must be set to true to play DRM content +// could be further reduced to 2 or 1 prefs defaultPref("media.eme.enabled", false); -defaultPref("media.gmp-provider.enabled", false); -defaultPref("media.gmp-manager.url", "data:text/plain,"); -defaultPref("media.gmp-manager.url.override", "data:text/plain,"); -defaultPref("media.gmp-manager.updateEnabled", false); -defaultPref("media.gmp.trial-create.enabled", false); - defaultPref("media.gmp-widevinecdm.visible", false); defaultPref("media.gmp-widevinecdm.enabled", false); -defaultPref("media.gmp-widevinecdm.autoupdate", false); +defaultPref("media.gmp-provider.enabled", false); +defaultPref("media.gmp-manager.url", "data:text/plain,"); // had to re-add to prevent connections defaultPref("media.gmp-gmpopenh264.enabled", false); -defaultPref("media.gmp-gmpopenh264.autoupdate", false); -defaultPref("media.peerconnection.video.enabled", false); -//lockPref("media.peerconnection.video.h264", true); -defaultPref("media.gmp-eme-adobe.enabled", false); -defaultPref("media.gmp-manager.certs.2.commonName", ""); -defaultPref("media.gmp-manager.certs.1.commonName", ""); // ---------------------- -// User Settings : WebRTC +// # WEBRTC // ---------------------- defaultPref("media.navigator.enabled", false); -defaultPref("media.navigator.video.enabled", false); +defaultPref("media.peerconnection.enabled", false); +defaultPref("media.peerconnection.ice.default_address_only", true); +defaultPref("media.peerconnection.ice.no_host", true); +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); + +// all covered by previous prefs +// defaultPref("media.navigator.video.enabled", false); +// defaultPref("media.peerconnection.use_document_iceservers", false); +// defaultPref("media.peerconnection.identity.enabled", false); +// defaultPref("media.peerconnection.identity.timeout", 1); +// defaultPref("media.peerconnection.turn.disable", true); +// defaultPref("media.peerconnection.ice.tcp", false); + +// ---------------------- +// # SHARING +// ---------------------- + defaultPref("media.getusermedia.browser.enabled", false); defaultPref("media.getusermedia.screensharing.enabled", false); defaultPref("media.getusermedia.audiocapture.enabled", false); -defaultPref("media.peerconnection.use_document_iceservers", false); -defaultPref("media.peerconnection.identity.enabled", false); -// 10000 per default -defaultPref("media.peerconnection.identity.timeout", 1); -defaultPref("media.peerconnection.turn.disable", true); -defaultPref("media.peerconnection.ice.tcp", false); -defaultPref("media.peerconnection.ice.default_address_only", true); -defaultPref("media.peerconnection.ice.no_host", true); - -// ------------------------------ -// User Settings : Proxy settings -// ------------------------------ - -//lockPref("network.proxy.autoconfig_url.include_path", false); -//lockPref("network.proxy.socks_remote_dns", true); // ---------------------------- -// User Settings : DNS settings +// # DNS // ---------------------------- lockPref("network.trr.mode", 5); lockPref("network.trr.bootstrapAddress", ""); lockPref("network.trr.uri", ""); -lockPref("network.trr.send_user-agent_headers", false); +lockPref("network.trr.send_empty_accept-encoding_headers", false); defaultPref("network.dns.disableIPv6", true); lockPref("network.dns.disablePrefetch", true); -lockPref("network.dns.disablePrefetchFromHTTPS", true); // ------------------------------------ -// User Settings : Start page highlight +// # NEW TAB PAGE // ------------------------------------ +lockPref("browser.newtab.preload", false); lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); +lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); +lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); +lockPref("browser.newtabpage.activity-stream.feeds.newtabinit", false); +lockPref("browser.newtabpage.activity-stream.feeds.places", false); +lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false); +lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); +lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); +lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); +lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); +lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); -lockPref("browser.newtabpage.activity-stream.prerender", false); +lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); +lockPref("browser.newtabpage.activity-stream.showSponsored", false); +lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":false}"); +lockPref("browser.newtabpage.activity-stream.asrouter.devtoolsEnableds", true); +lockPref("browser.newtabpage.activity-stream.telemetry", false); +lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); +lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); +lockPref("browser.newtabpage.activity-stream.default.sites", ""); +lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false); +lockPref("browser.newtabpage.activity-stream.discoverystream.config", "{\"collapsible\":true,\"enabled\":false,\"personalized\":false,\"layout_endpoint\":\"\"}"); +lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); +lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnabled", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); +lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // ------------------------------------------- -// Defaulting Settings : Do not track settings +// # DO NOT TRACK // ------------------------------------------- -lockPref("privacy.donottrackheader.enabled", true); -lockPref("privacy.donottrackheader.value", 1); +// Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("privacy.donottrackheader.enabled", true); -// -------------------------------------- -// User Settings : Other theming settings -// -------------------------------------- - -//lockPref("widget.content.gtk-theme-override", "Adwaita:light"); -//lockPref("browser.devedition.theme.enabled", true); -//lockPref("devtools.theme", "dark"); -//lockPref("browser.devedition.theme.showCustomizeButton", true); - -// -------------------------------------- -// User Settings : Miscellaneous settings -// -------------------------------------- +// -------------------------------- +// # DOM +// -------------------------------- lockPref("dom.disable_beforeunload", true); -lockPref("permissions.default.geo", 2); - -// disable permissions delegation [FF73+] -// Currently applies to cross-origin geolocation, camera, mic and screen-sharing -// permissions, and fullscreen requests. Disabling delegation means any prompts -// for these will show/use their correct 3rd party origin -// [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion -lockPref("permissions.delegation.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Defaulting Settings -// Those settings are not locked this section purpose is to change default setting... -// Modifications can still be done within firefox -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// -------------------------------------- -// Defaulting Settings : Other Defaulting -// -------------------------------------- - -defaultPref("privacy.spoof_english", 2); -//defaultPref("intl.accept_languages", "en-US, en"); //This make lang windows unusable -defaultPref("network.http.referer.defaultPolicy", 3); // (FF59+) default: 3 -defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2 -defaultPref("privacy.userContext.ui.enabled", true); -defaultPref("privacy.userContext.enabled", true); -defaultPref("privacy.userContext.longPressBehavior", 2); -defaultPref("browser.aboutConfig.showWarning", false); -defaultPref("browser.download.autohideButton", false); -defaultPref("browser.ctrlTab.recentlyUsedOrder", false); -defaultPref("accessibility.typeaheadfind", false); -defaultPref("clipboard.autocopy", false); -defaultPref("layout.spellcheckDefault", 2); -defaultPref("browser.tabs.closeWindowWithLastTab", true); -defaultPref("general.autoScroll", false); -//defaultPref("network.http.sendRefererHeader", 1); -defaultPref("pdfjs.disabled", false); defaultPref("dom.disable_open_during_load", true); -defaultPref("browser.link.open_newwindow", 3); -defaultPref("browser.link.open_newwindow.restriction", 0); -defaultPref("network.proxy.autoconfig_url", ""); -defaultPref("network.proxy.autoconfig_url.include_path", false); -defaultPref("network.proxy.socks_remote_dns", true); -defaultPref("network.proxy.socks_version", 5); -defaultPref("browser.tabs.loadBookmarksInTabs", true); -defaultPref("devtools.debugger.remote-enabled", false); -defaultPref("devtools.chrome.enabled", false); -defaultPref("extensions.ui.experiment.hidden", false); -//defaultPref("extensions.ui.dictionary.hidden", false); -//defaultPref("extensions.ui.locale.hidden", false); - - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Controversial -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -lockPref("dom.indexedDB.enabled", true); //default true -//lockPref("dom.indexedDB.logging.details", false); //default true -//lockPref("dom.indexedDB.logging.enabled", false); //default true -lockPref("dom.w3c_pointer_events.enabled", false); -//lockPref("network.http.spdy.enabled", false); -//lockPref("network.http.spdy.enabled.deps", false); -//lockPref("network.http.spdy.enabled.http2", false); -//lockPref("network.http.spdy.websockets", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Firefox Fingerprint -// ResistFingerprinting : Overriden by 'privacy.resistFingerprinting' -// This needs to be kept disabled to make resistFingerprinting efficient -// https://wiki.mozilla.org/Security/Fingerprinting -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -defaultPref("privacy.resistFingerprinting", true); -defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Locale/Time/UserAgent -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -lockPref("dom.forms.datetime", false); -lockPref("javascript.use_us_english_locale", true); -lockPref("intl.regional_prefs.use_os_locales", false); -defaultPref("intl.locale.requested", "en-US"); -defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); -defaultPref("general.appname.override", "Netscape"); -defaultPref("general.appversion.override", "5.0 (Windows)"); -defaultPref("general.platform.override", "Win32"); -defaultPref("general.oscpu.override", "Windows NT 6.1"); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Ghacks-user Selection -// Bench Diff : +100/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -lockPref("toolkit.coverage.endpoint.base", ""); -lockPref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] -lockPref("browser.download.manager.addToRecentDocs", false); //do not disable -lockPref("browser.download.hide_plugins_without_extensions", false); //do not disable -lockPref("webchannel.allowObject.urlWhitelist", ""); -lockPref("browser.cache.offline.insecure.enable", false); // default: false in FF62+ -lockPref("network.http.redirection-limit", 10); -lockPref("offline-apps.allow_by_default", false); -lockPref("extensions.enabledScopes", 5); // (hidden pref) -lockPref("extensions.autoDisableScopes", 11); //Tor value must be 0 -lockPref("xpinstall.whitelist.required", true); // default: true lockPref("dom.push.enabled", false); lockPref("dom.push.connection.enabled", false); lockPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" lockPref("dom.push.userAgentID", ""); lockPref("dom.targetBlankNoOpener.enabled", true); -lockPref("dom.reporting.crash.enabled", false); -lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default: true in FF59+ -lockPref("ui.use_standins_for_native_colors", true); -lockPref("services.blocklist.onecrl.collection", ""); // revoked certificates -lockPref("services.blocklist.addons.collection", ""); -lockPref("services.blocklist.plugins.collection", ""); -lockPref("services.blocklist.gfx.collection", ""); -lockPref("browser.startup.blankWindow", false); -lockPref("dom.event.highrestimestamp.enabled", true); // default: true -lockPref("privacy.trackingprotection.introURL", ""); -lockPref("network.http.altsvc.enabled", false); -lockPref("network.http.altsvc.oe", false); -lockPref("network.file.disable_unc_paths", true); // (hidden pref) -lockPref("network.gio.supported-protocols", ""); // (hidden pref) -lockPref("browser.urlbar.usepreloadedtopurls.enabled", false); -lockPref("browser.urlbar.speculativeConnect.enabled", false); -lockPref("browser.urlbar.oneOffSearches", false); -lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); //Deprecated Active -lockPref("browser.shell.shortcutFavicons", false); -lockPref("alerts.showFavicons", false); // default: false -defaultPref("security.ssl.require_safe_negotiation", true); -lockPref("security.tls.enable_0rtt_data", false); // (FF55+ default true) -lockPref("browser.xul.error_pages.expert_bad_cert", true); -lockPref("font.blacklist.underline_offset", ""); -lockPref("gfx.font_rendering.graphite.enabled", false); -lockPref("network.http.referer.XOriginTrimmingPolicy", 0); -lockPref("network.http.referer.spoofSource", false); -lockPref("plugin.default.state", 1); -lockPref("plugin.defaultXpi.state", 1); -lockPref("canvas.capturestream.enabled", false); -lockPref("dom.imagecapture.enabled", false); // default: false -lockPref("gfx.offscreencanvas.enabled", false); // default: false -lockPref("dom.disable_window_open_feature.close", true); -lockPref("dom.disable_window_open_feature.location", true); // default: true -lockPref("dom.disable_window_open_feature.menubar", true); -lockPref("dom.disable_window_open_feature.minimizable", true); -lockPref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar -lockPref("dom.disable_window_open_feature.resizable", true); // default: true -lockPref("dom.disable_window_open_feature.status", true); // status bar - default: true -lockPref("dom.disable_window_open_feature.titlebar", true); -lockPref("dom.disable_window_open_feature.toolbar", true); lockPref("dom.disable_window_move_resize", true); -// lockPref("dom.IntersectionObserver.enabled", false); -lockPref("accessibility.force_disabled", 1); -lockPref("browser.uitour.enabled", false); -lockPref("browser.uitour.url", ""); -lockPref("middlemouse.contentLoadURL", false); +defaultPref("dom.serviceWorkers.enabled", false); +defaultPref("dom.battery.enabled", false); +lockPref("dom.popup_maximum", 4); +defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +defaultPref("dom.webaudio.enabled", false); +lockPref("dom.vr.enabled", false); +lockPref("dom.vibrator.enabled", false); +defaultPref("dom.storage.next_gen", true); + +// -------------------------------- +// # PERMISSIONS +// -------------------------------- + +lockPref("permissions.delegation.enabled", false); +defaultPref("permissions.default.geo", 2); // unlocked as some think it increases fingerprint, they can now disable it lockPref("permissions.manager.defaultsUrl", ""); -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Extensions Manager -// Extensions settings and experimental tentative to firewall extensions -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> +// -------------------------------- +// # REFERERS +// -------------------------------- -// ---------------------------------------------------------------------------------- -// Extensions Firewalling - Blocking Domains : -// ------------------------------------------- +lockPref("network.http.referer.XOriginTrimmingPolicy", 2); +lockPref("network.http.referer.XOriginPolicy", 0); -// !!!!!!!!!!!!!!!!!!! Important !!!!!!!!!!!!!!!!!!! -// Please check readme section "Extensions Firewall" +// -------------------------------- +// # PROXY +// -------------------------------- -// Pref : Restricted Domains I/II -// This will allow extensions to work everywhere -defaultPref("extensions.webextensions.restrictedDomains", ""); -// Default Value : available in "debug-notes.log" +defaultPref("network.proxy.autoconfig_url", ""); +defaultPref("network.proxy.socks_remote_dns", true); +defaultPref("network.proxy.socks_version", 5); -// Pref : Restricted Domains II/II -// Old restrictedDomains implementation -// Redirect basedomain used by identity api -lockPref("extensions.webextensions.identity.redirectDomain", ""); -// Default Value : "extensions.allizom.org" +// -------------------------------------- +// # HTTP(S) +// -------------------------------------- -// ---------------------------------------------------------------------------------- -// Extensions Firewalling - Blocking The Network : -// ----------------------------------------------- +lockPref("network.http.altsvc.enabled", false); +lockPref("network.http.altsvc.oe", false); +defaultPref("dom.security.https_only_mode", true); +defaultPref("dom.security.https_only_mode_pbm", true); +defaultPref("network.auth.subresource-http-auth-allow", 1); -// !!!!!!!!!!!!!!!!!!! Important !!!!!!!!!!!!!!!!!!! -// Please check readme section "Extensions Firewall" +// -------------------------------------- +// # TLS +// -------------------------------------- -// Pref : CSP Settings For Extensions I/II : Extension Firewall Feature -// Uncomment to disable network for the extensions +defaultPref("security.ssl.require_safe_negotiation", true); +lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +lockPref("security.ssl.disable_session_identifiers", true); +lockPref("browser.ssl_override_behavior", 1); +lockPref("security.tls.enable_0rtt_data", false); +lockPref("security.tls.version.enable-deprecated", false); +lockPref("security.tls.version.fallback-limit", 3); +lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos + +// to check +lockPref("network.stricttransportsecurity.preloadlist", false); + +// -------------------------------------- +// # RFP +// -------------------------------------- + +defaultPref("privacy.resistFingerprinting", true); +defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); +lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing + +// -------------------------------------- +// # LANGUAGE AND REGION +// -------------------------------------- + +defaultPref("javascript.use_us_english_locale", true); +defaultPref("intl.locale.requested", "en-US"); +defaultPref("privacy.spoof_english", 2); +// defaultPref("intl.regional_prefs.use_os_locales", false); // default + +// ------------------------------------------------------- +// # EXTENSIONS - check readme section "Extensions Firewall" +// ------------------------------------------------------- + +// handle default restricted domains +defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" +lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" + +// disable network for the extensions // Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>> defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;"); -// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature -// This value is applied after the first one (just ignore this) -//defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';"); -// Default Value : "script-src 'self'; object-src 'self';" +// set extensions scopes +lockPref("extensions.enabledScopes", 5); +lockPref("extensions.autoDisableScopes", 11); -// ---------------------------------------------------------------------------------- -// Extensions Firewalling - CSP Main Settings : -// --------------------------------------------- +// Relevant for addons and lang packs search +defaultPref("extensions.getAddons.search.browseURL", ""); // https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% +defaultPref("extensions.getAddons.langpacks.url", ""); // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% -// !!!!!!!!!!!!!!!!!!! Important !!!!!!!!!!!!!!!!!!! -// Please check readme section "Extensions Firewall" - -// Pref : CSP Main Settings I/II : -// Those are default values for CSP -// Those are not meant to to be uncommented -//defaultPref("security.csp.enable", true); //This is its default value -//defaultPref("security.csp.enableStrictDynamic", true); //This is its default value -//defaultPref("security.csp.enable_violation_events", true); //This is its default value -//defaultPref("security.csp.experimentalEnabled", false); //This is its default value -//defaultPref("security.csp.reporting.script-sample.max-length", 40); //This is its default value -// Default Content Security Policy to apply to signed contents. -//defaultPref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); //This is its default value - -// Pref : Enable Content Security Policy (CSP) -// https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy -// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -lockPref("security.csp.enable", true); - -// Pref : Enable CSP 1.1 script-nonce directive support -// https://bugzilla.mozilla.org/show_bug.cgi?id=855326 -lockPref("security.csp.experimentalEnabled", true); - -// Pref : CSP Main Settings II/II : Pref : 2681 : Disable CSP Violation Events [FF59+] -// [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent -// [-] https://bugzilla.mozilla.org/1488165 -// Setting removed in firefox v64 -lockPref("security.csp.enable_violation_events", false); //Deprecated Active - -// ---------------------------------------------------------------------------------- -// Extensions Security : -// --------------------- - -// Pref : Enable tab-hiding API by default. -defaultPref("extensions.webextensions.tabhide.enabled", false); //Default true - -// ---------------------------------------------------------------------------------- -// Extensions IJWY : -// ----------------- - -// Pref : Report Site Issue button -lockPref("extensions.webcompat-reporter.newIssueEndpoint", ""); -// Default Value -// https://webcompat.com/issues/new - -// Pref : 0518 : disable Web Compatibility Reporter (FF56+) -// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla -// Report Site Issue button -// Note that on enabling the button in other release channels, make sure to -// disable it in problematic tests, see disableNonReleaseActions() inside -// browser/modules/test/browser/head.js -lockPref("extensions.webcompat-reporter.enabled", false); // Default true - -// ---------------------------------------------------------------------------------- -// Extensions Performance : -// ------------------------ - -// Pref : Delaying extensions background script startup -defaultPref("extensions.webextensions.background-delayed-startup", true); //default true - -// Pref :Whether or not the installed extensions should be migrated to the -// storage.local IndexedDB backend. -//defaultPref("extensions.webextensions.ExtensionStorageIDB.enabled", false); //default false - -// Pref : if enabled, store execution times for API calls -//defaultPref("extensions.webextensions.enablePerformanceCounters", false); //default false - -// Pref : Maximum age in milliseconds of performance counters in children -// When reached, the counters are sent to the main process and -// reset, so we reduce memory footprint. -//defaultPref("extensions.webextensions.performanceCountersMaxAge", 1000); //Hidden prefs - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : IJWY To Shut Up -// I Just Want You To Shut Up : Closing all non necessary communication to mozilla.org etc. -// These settings are not used in gHacks at the moment. -// Will be upstreamed once stable in final version. -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Disabling performance addon url [FF64+] -defaultPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); -// Default Value : https://perf-html.io - -// Pref : The default set of protocol handlers for irc [FF64+] -lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); -// Default Value : https://www.mibbit.com/?url=%s - -// Pref : -lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); // Deprecated Active -// Default Value -// https://www.mibbit.com/?url=%s - -// Pref : "coverage" ping [FF64+] -// This ping is not enabled by default. When enabled, a ping is generated a total of once -//per profile, as a diagnostic tool to determine whether Telemetry is working for users. -lockPref("toolkit.coverage.enabled", false); //default false - -// Pref : Allow extensions access to list of sites -// https://github.com/mozilla/gecko/blob/central/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp -lockPref("extensions.webapi.testing", false); // hidden prefs // default false - -// Pref : Disable recommended extensions [FF64+] -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // disable CFR - -// Disable recommendations in about:addons' Extensions and Themes panes [FF68+] -lockPref("extensions.getAddons.discovery.api_url", ""); -lockPref("extensions.htmlaboutaddons.discover.enabled", false); -lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); - -// [SETTING] General>Browsing>Recommend extensions as you browse -// [1] https://support.mozilla.org/en-US/kb/extension-recommendations - -// Pref : [FF64+] -lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); -lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); -// Default Value : -// {\"id\":\"cfr\",\"enabled\":false,\"type\":\"local\",\"localProvider\":\ -// "CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}} - -// Pref : [FF64+] -lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", ""); -// Default Value : -// {\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true} - -// Pref : [FF64+] -lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); -// Default Value : -// {\"id\":\"snippets\",\"enabled\":false,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/ -// %STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION% -// /%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000} - -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); -lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); - -lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":false}"); - -lockPref("browser.messaging-system.whatsNewPanel.enabled", false); -lockPref("browser.messaging-system.fxatoolbarbadge.enabled", false); - -// Pref : -lockPref("browser.onboarding.notification.tour-ids-queue", ""); - -// Pref : -lockPref("lightweightThemes.getMoreURL", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/themes - -// Pref : -lockPref("devtools.gcli.lodashSrc", ""); -// Default Value -// https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.6.1/lodash.min.js - -// Pref : -lockPref("media.decoder-doctor.new-issue-endpoint", ""); -// Default Value -// https://webcompat.com/issues/new - -// Pref : -lockPref("identity.sync.tokenserver.uri", ""); -// Default Value -// https://token.services.mozilla.com/1.0/sync/1.5 - -// Pref : -lockPref("devtools.webide.templatesURL", ""); -// Default Value -// https://code.cdn.mozilla.net/templates/list.json - -// Pref : -lockPref("browser.ping-centre.production.endpoint", ""); -// Default Value -// https://tiles.services.mozilla.com/v3/links/ping-centre - -// Pref : -lockPref("browser.translation.engine", ""); -// Default Value -// Google - -// Pref : -lockPref("network.trr.confirmationNS", ""); -// Default Value -// example.com - -// Pref : -lockPref("gecko.handlerService.schemes.mailto.1.name", ""); -// Default Value -// Gmail - -// Pref : -lockPref("gecko.handlerService.schemes.irc.0.name", ""); -// Default Value -// Mibbit - -// Pref : -lockPref("gecko.handlerService.schemes.ircs.0.name", ""); -// Default Value -// Mibbit - -// Pref : -lockPref("gecko.handlerService.schemes.mailto.0.name", ""); -// Default Value -// Yahoo! Mail - -// Pref : -lockPref("services.sync.lastversion", ""); -// Default Value -// firstrun - -// Pref : -lockPref("browser.safebrowsing.provider.mozilla.lists.base", ""); -// Default Value -// moz-std - -// Pref : -lockPref("browser.safebrowsing.provider.mozilla.lists.content", ""); -// Default Value -// moz-full - -// Pref : -lockPref("browser.safebrowsing.provider.google.advisoryName", ""); -// Default Value -// Google Safe Browsing - -// Pref : -lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); -// Default Value -// Google Safe Browsing - -// Pref : Test To Make FFox Silent -lockPref("browser.safebrowsing.provider.mozilla.lists", ""); -// Default Value -// base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256, -// mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256, -// except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256, -// block-flashsubdoc-digest256,except-flashsubdoc-digest256, -// except-flashinfobar-digest256,ads-track-digest256,social-track-digest256, -// analytics-track-digest256,fastblock1-track-digest256,fastblock1-trackwhite-digest256, -// fastblock2-track-digest256,fastblock2-trackwhite-digest256,fastblock3-track-digest256 - -// Pref : -lockPref("identity.fxaccounts.remote.root", ""); -// Default Value -// https://accounts.firefox.com/ - -// Pref : -lockPref("services.settings.server", ""); -// Default Value -// https://firefox.settings.services.mozilla.com/v1 - -// Pref : -lockPref("services.sync.fxa.privacyURL", ""); -// Default Value -// https://accounts.firefox.com/legal/privacy - -// Pref : -lockPref("services.sync.fxa.termsURL", ""); -// Default Value -// https://accounts.firefox.com/legal/terms - -// Pref : -lockPref("services.blocklist.addons.signer", ""); -// Default Value -// remote-settings.content-signature.mozilla.org - -// Pref : -lockPref("services.blocklist.gfx.signer", ""); -// Default Value -// remote-settings.content-signature.mozilla.org - -// Pref : -lockPref("services.blocklist.onecrl.signer", ""); -// Default Value -// onecrl.content-signature.mozilla.org - -// Pref : -lockPref("services.blocklist.pinning.signer", ""); -// Default Value -// pinning-preload.content-signature.mozilla.org - -// Pref : -lockPref("services.blocklist.plugins.signer", ""); -// Default Value -// remote-settings.content-signature.mozilla.org - -// Pref : -lockPref("services.settings.default_signer", ""); -// Default Value -// remote-settings.content-signature.mozilla.org - -// Pref : -lockPref("accessibility.support.url", ""); -// Default Value -// https://support.mozilla.org/%LOCALE%/kb/accessibility-services - -// Pref : -lockPref("app.normandy.shieldLearnMoreUrl", ""); -// Default Value -// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield - -// Pref : -lockPref("app.productInfo.baseURL", ""); -// Default Value -// https://www.mozilla.org/firefox/features/ - -// Pref : -lockPref("app.support.baseURL", ""); -// Default Value -// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/ - -// Pref : -lockPref("browser.chrome.errorReporter.infoURL", ""); -// Default Value -// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/nightly-error-collection - -// Pref : -lockPref("browser.dictionaries.download.url", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/dictionaries/ - -// Pref : -lockPref("browser.geolocation.warning.infoURL", ""); -// Default Value -// https://www.mozilla.org/%LOCALE%/firefox/geolocation/ - -// Pref : -lockPref("browser.search.searchEnginesURL", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/search-engines/ - -// Pref : -lockPref("browser.uitour.themeOrigin", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/themes/ - -// Pref : Disable WebIDE ADB Dxtension Downloads -// Pref : 2608 : gHacks Deprecated Active -lockPref("devtools.webide.adbAddonURL", ""); -// Default Value -// https://ftp.mozilla.org/pub/mozilla.org/labs/fxos-simulator/adb-helper/#OS#/adbhelper-#OS#-latest.xpi - -// Pref : -lockPref("extensions.getAddons.compatOverides.url", ""); -// Default Value -// https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=%LOCALE% - -// Pref : -defaultPref("extensions.getAddons.get.url", ""); -// Default Value -// https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% - -// Pref : -defaultPref("extensions.getAddons.langpacks.url", ""); -// Default Value -// https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% - -// Pref : -defaultPref("extensions.getAddons.link.url", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/ - -// Pref : -defaultPref("extensions.getAddons.search.browseURL", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION% - -// Pref : -lockPref("extensions.getAddons.themes.browseURL", ""); -// Default Value -// https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox - -// Pref : -lockPref("services.sync.addons.trustedSourceHostnames", ""); -// Default Value -// addons.mozilla.org - -// Pref : -lockPref("toolkit.datacollection.infoURL", ""); -// Default Value -// https://www.mozilla.org/legal/privacy/firefox.html - -// Pref : -lockPref("xpinstall.signatures.devInfoURL", ""); -// Default Value -// https://wiki.mozilla.org/Addons/Extension_Signing - -// Pref : -lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); -// Default Value -// google,amazon - -// Pref : -lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); -// Default Value -// https://accounts.firefox.com/ - -// Pref : +// other urls +defaultPref("extensions.getAddons.get.url", ""); // https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE% +defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ defaultPref("extensions.update.url", ""); // Default Value // https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= @@ -939,652 +343,89 @@ defaultPref("extensions.update.url", ""); // %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= // %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% -// Pref : -lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); -// Default Value -// {"api_key_pref":"extensions.pocket.oAuthConsumerKey","hidden":false,"provider_icon": -// "pocket","provider_name":"Pocket","read_more_endpoint":"https://getpocket.com/explore/ -// trending?src=fx_new_tab","stories_endpoint":"https://getpocket.cdn.mozilla.net/v3/ -// firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=en-US&feed_variant= -// default_spocs_on","stories_referrer":"https://getpocket.com/recommendations", -// "topics_endpoint":"https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics? -// version=2&consumer_key=$apiKey&locale_lang=en-US","show_spocs":true,"personalized":true} +// ui +defaultPref("extensions.getAddons.showPane", false); +lockPref("extensions.getAddons.discovery.api_url", ""); +lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); +lockPref("extensions.webcompat-reporter.enabled", false); +lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");// Default Value https://webcompat.com/issues/new -// Pref : -lockPref("lightweightThemes.recommendedThemes", ""); -// Default Value -// [{"id":"recommended-1","homepageURL":"https://addons.mozilla.org/firefox/addon/a-web-browser-renaissance/", -// "headerURL":"resource:///chrome/browser/content/browser/defaultthemes/1.header.jpg", -// "textcolor":"#000000","accentcolor":"#834d29","iconURL":"resource:///chrome/browser/content/browser/ -// defaultthemes/1.icon.jpg","previewURL":"resource:///chrome/browser/content/browser/defaultthemes/1. -// preview.jpg","author":"Sean.Martell","version":"0"},{"id":"recommended-2","homepageURL": -// "https://addons.mozilla.org/firefox/addon/space-fantasy/","headerURL": -// "resource:///chrome/browser/content/browser/defaultthemes/2.header.jpg", -// "textcolor":"#ffffff","accentcolor":"#d9d9d9","iconURL":"resource:///chrome/browser/content/browser/ -// defaultthemes/2.icon.jpg","previewURL":"resource:///chrome/browser/content/browser/defaultthemes/ -// 2.preview.jpg","author":"fx5800p","version":"1.0"},{"id":"recommended-4","homepageURL": -// "https://addons.mozilla.org/firefox/addon/pastel-gradient/","headerURL": -// "resource:///chrome/browser/content/browser/defaultthemes/4.header.png", -// "textcolor":"#000000","accentcolor":"#000000","iconURL": -// "resource:///chrome/browser/content/browser/defaultthemes/4.icon.png","previewURL": -// "resource:///chrome/browser/content/browser/defaultthemes/4.preview.png", -// "author":"darrinhenein","version":"1.0"}] +// background checking and updating +defaultPref("extensions.update.enabled", false); +defaultPref("extensions.update.autoUpdateDefault", false); +defaultPref("extensions.update.background.url", ""); +defaultPref("extensions.getAddons.cache.enabled", false); -// Other Sync Settings - Disabling By Prevention --------------------------------------------------------- +// blocklist +defaultPref("extensions.blocklist.enabled", false); +defaultPref("extensions.blocklist.detailsURL", ""); +defaultPref("extensions.blocklist.itemURL", ""); -lockPref("services.sync.maxResyncs", 0); //5 -lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 -lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false -lockPref("services.sync.engine.addons", false); //true -lockPref("services.sync.engine.addresses", false); //false -lockPref("services.sync.engine.bookmarks", false); //true -lockPref("services.sync.engine.bookmarks.buffer", false); //false -lockPref("services.sync.engine.creditcards", false); //false -lockPref("services.sync.engine.creditcards.available", false); //false -lockPref("services.sync.engine.history", false); //true -lockPref("services.sync.engine.passwords", false); //true -lockPref("services.sync.engine.prefs", false); //true -lockPref("services.sync.engine.tabs", false); //true -lockPref("services.sync.log.appender.file.logOnError", false); //true -lockPref("services.sync.log.appender.file.logOnSuccess", false); //false -lockPref("services.sync.log.cryptoDebug", false); //false -lockPref("services.sync.sendVersionInfo", false); //true -lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true -lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true -lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true -lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true -lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true -lockPref("services.sync.prefs.sync.browser.contentblocking.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true -lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true -lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true -lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true -lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true -lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true -lockPref("services.sync.prefs.sync.browser.search.update", false); //true -lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); //true -lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true -lockPref("services.sync.prefs.sync.browser.startup.page", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true -lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true -lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true -lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true -lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true -lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true -lockPref("services.sync.prefs.sync.extensions.personas.current", false); //true -lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true -lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true -lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true -lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); //true -lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); //true -lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true -lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true -lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true -lockPref("services.sync.prefs.sync.permissions.default.image", false); //true -lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); //true -lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); //true -lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true -lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true -lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true -lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true -lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true -lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true -lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true -lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); //true -lockPref("services.sync.prefs.sync.security.OCSP.require", false); //true -lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true -lockPref("services.sync.prefs.sync.security.tls.version.max", false); //true -lockPref("services.sync.prefs.sync.security.tls.version.min", false); //true -lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true -lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true -lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); //true +// system addons +lockPref("extensions.systemAddon.update.url", ""); +lockPref("extensions.systemAddon.update.enabled", false); -// Testing ----------------------------------------------------------------------------------------------- +lockPref("xpinstall.signatures.devInfoURL", ""); +lockPref("extensions.webservice.discoverURL", ""); +lockPref("webextensions.storage.sync.serverURL", ""); +lockPref("extensions.screenshots.upload-disabled", true); +lockPref("lightweightThemes.getMoreURL", ""); +defaultPref("extensions.postDownloadThirdPartyPrompt", false); -// Pref : Test To Make FFox Silent -lockPref("browser.chrome.errorReporter.publicKey", ""); -// Default Value -// c709cb7a2c0b4f0882fcc84a5af161ec +// ------------------------------------------------------- +// # NORMANDY +// ------------------------------------------------------- -// Pref : Test To Make FFox Silent -lockPref("prio.publicKeyA", ""); -// Default Value -// 35AC1C7576C7C6EDD7FED6BCFC337B34D48CB4EE45C86BEEFB40BD8875707733 -lockPref("prio.publicKeyB", ""); -// Default Value -// 26E6674E65425B823F1F1D5F96E3BB3EF9E406EC7FBA7DEF8B08A35DD135AF50 +lockPref("app.normandy.enabled", false); +lockPref("app.normandy.api_url", ""); +lockPref("app.normandy.user_id", ""); +lockPref("app.normandy.shieldLearnMoreUrl", ""); -// Alpha Settings Not Needed At The Moment -------------------------------------------------------------- +// -------------------------------- +// # SECURITY +// -------------------------------- -// Pref : -//lockPref("urlclassifier.phishTable", ""); -// Default Value -// goog-phish-proto,test-phish-simple - -// Pref : -//lockPref("urlclassifier.passwordAllowTable", ""); -// Default Value -// goog-passwordwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadAllowTable", ""); -// Default Value -// goog-downloadwhite-proto - -// Pref : -//lockPref("urlclassifier.downloadBlockTable", ""); -// Default Value -// goog-badbinurl-proto - -// Pref : Test To Make FFox Silent -//lockPref("security.content.signature.root_hash", ""); -// Default Value -// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.1.issuerName", ""); -// Default Value -// CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US - -// Pref : Test To Make FFox Silent -//lockPref("media.gmp-manager.certs.2.issuerName", ""); -// Default Value -// CN=thawte SSL CA - G2,O="thawte, Inc.",C=US - -// Disabled ---------------------------------------------------------------------------------------------- - -// Pref : New page default sites -//lockPref("browser.newtabpage.activity-stream.default.sites", ""); -// Default Value -// https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/, -// https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Microsoft Windows -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Other webGl [WINDOWS] -lockPref("webgl.dxgl.enabled", false); - -// Pref : disable scanning for plugins [WINDOWS] -lockPref("plugin.scan.plid.all", false); - -// Pref : disable Windows jumplist [WINDOWS] -lockPref("browser.taskbar.lists.enabled", false); -lockPref("browser.taskbar.lists.frequent.enabled", false); -lockPref("browser.taskbar.lists.recent.enabled", false); -lockPref("browser.taskbar.lists.tasks.enabled", false); - -// Pref : disable Windows taskbar preview [WINDOWS] -lockPref("browser.taskbar.previews.enable", false); - -// Pref : disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] -// [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ -lockPref("network.protocol-handler.external.ms-windows-store", false); - -// Pref : disable background update service [WINDOWS] -// [SETTING] General>Firefox Updates>Use a background service to install updates -lockPref("app.update.service.enabled", false); - -// Pref : disable automatic Firefox start and session restore after reboot [WINDOWS] (FF62+) -// [1] https://bugzilla.mozilla.org/603903 -lockPref("toolkit.winRegisterApplicationRestart", false); - -// Pref : 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) -// 0=disable detecting Family Safety mode and importing the root -// 1=only attempt to detect Family Safety mode (don't import the root) -// 2=detect Family Safety mode and import the root -// [1] https://trac.torproject.org/projects/tor/ticket/21686 -lockPref("security.family_safety.mode", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Firefox ESR60.x -// Deprecated Active For ESR -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Geolocation -lockPref("browser.search.countryCode", "US"); - -// Pref : Disable Mozilla telemetry/experiments -// https://wiki.mozilla.org/Platform/Features/Telemetry -// https://wiki.mozilla.org/Privacy/Reviews/Telemetry -// https://wiki.mozilla.org/Telemetry -// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry -// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 -// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry -// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html -// https://wiki.mozilla.org/Telemetry/Experiments -// https://support.mozilla.org/en-US/questions/1197144 -lockPref("experiments.activeExperiment", false); -lockPref("experiments.enabled", false); -lockPref("experiments.manifest.uri", ""); -lockPref("experiments.supported", false); - -// Pref : 2612: disable remote JAR files being opened, regardless of content type (FF42+) -// [1] https://bugzilla.mozilla.org/1173171 -// [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.block-remote-files", true); - -// Pref : 2613: disable JAR from opening Unsafe File Types -// [-] https://bugzilla.mozilla.org/1427726 -lockPref("network.jar.open-unsafe-types", false); - -// Pref : Disable Java NPAPI plugin -lockPref("plugin.state.java", 0); - -// Discussion at https://github.com/ghacksuserjs/ghacks-user.js/issues/743 -lockPref("trailhead.firstrun.branches", "join-privacy"); - -// Pref : 0402: enable Kinto blocklist updates (FF50+) -// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications -// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be -// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes -// [-] https://bugzilla.mozilla.org/1458917 -lockPref("services.blocklist.update_enabled", false); - -// Pref : 0503: disable "Savant" Shield study (FF61+) -// [-] https://bugzilla.mozilla.org/1457226 -lockPref("shield.savant.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 1/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Enable insecure password warnings (login forms in non-HTTPS pages) -// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ -// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 -lockPref("security.insecure_password.ui.enabled", true); - -// Pref : Show in-content login form warning UI for insecure login fields -// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 -lockPref("security.insecure_field_warning.contextual.enabled", true); - -// Pref : Disable HSTS preload list (pre-set HSTS sites list provided by Mozilla) -// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ -// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List -// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security -lockPref("network.stricttransportsecurity.preloadlist", false); - -// Pref : Disable TLS Session Tickets -// https://www.blackhat.com/us-13/briefings.html#NextGen -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf -// https://bugzilla.mozilla.org/show_bug.cgi?id=917049 -// https://bugzilla.mozilla.org/show_bug.cgi?id=967977 -// SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs. -// Since the ID is unique, web servers can (and do) use it for tracking. If set to true, -// this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking -lockPref("security.ssl.disable_session_identifiers", true); - -// Pref : Blocking GD Parking Scam Site -// TODO: do we still need this? librefox.com isn't relevant anymore and this pretty much -// only tells LibreWolf to look for librefox.com locally -defaultPref("network.dns.localDomains", "librefox.com"); - -// Pref : Disable insecure TLS version fallback -// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 -// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645 -lockPref("security.tls.version.fallback-limit", 3); - -// Pref : Only allow TLS 1.2+ -// http://kb.mozillazine.org/Security.tls.version.* -lockPref("security.tls.version.min", 3); - -// enforce TLS 1.0 and 1.1 downgrades as session only -lockPref("security.tls.version.enable-deprecated", false); - -// Pref : Enfore Public Key Pinning -// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning -// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning -// "2. Strict. Pinning is always enforced." +// certificates lockPref("security.cert_pinning.enforcement_level", 2); - -// Pref : Disallow SHA-1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 -// https://shattered.io/ +defaultPref("security.OCSP.enabled", 0); +defaultPref("security.OCSP.require", false); +lockPref("security.ssl.enable_ocsp_stapling", true); lockPref("security.pki.sha1_enforcement_level", 1); -// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) -// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 -lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); - -// Pref : Pre-populate the current URL but do not pre-fetch the certificate in the -// "Add Security Exception" dialog -// http://kb.mozillazine.org/Browser.ssl_override_behavior -// https://github.com/pyllyukko/user.js/issues/210 -lockPref("browser.ssl_override_behavior", 1); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 2/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : -lockPref("security.ssl.errorReporting.automatic", false); -lockPref("security.ssl.errorReporting.url", ""); - -// Pref : Check disabled section -// OCSP leaks the visited sites. Exactly same issue as with safebrowsing. -// Stapling forces the site to prove that its certificate is good -// through the CA, so apparently nothing is leaked in this case. -// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ -lockPref("security.OCSP.enabled", 0); -lockPref("security.OCSP.require", false); -lockPref("security.ssl.enable_ocsp_stapling", true); - -// Pref : -lockPref("security.ssl.errorReporting.enabled", false); -lockPref("security.remote_settings.intermediates.enabled", true); - -// Pref : Manage certificates button -//lockPref("security.disable_button.openCertManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : Manage security devices button -//lockPref("security.disable_button.openDeviceManager", false); -// Disabled because of a bug that disables the button regardless of its value - -// Pref : -lockPref("security.mixed_content.upgrade_display_content", true); +// mixed content lockPref("security.mixed_content.block_object_subrequest", true); lockPref("security.mixed_content.block_display_content", true); lockPref("security.mixed_content.block_active_content", true); -// Pref : -lockPref("security.insecure_connection_icon.enabled", true); -lockPref("security.insecure_connection_icon.pbmode.enabled", true); +// ui lockPref("security.insecure_connection_text.enabled", true); +lockPref("security.insecure_connection_text.pbmode.enabled", true); -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Security 3/3 (Cipher) -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> +lockPref("security.dialog_enable_delay", 700); +lockPref("security.csp.enable", true); -// Pref : -lockPref("security.ssl3.rsa_des_ede3_sha", false); -lockPref("security.ssl3.rsa_aes_256_sha", false); -lockPref("security.ssl3.rsa_aes_128_sha", false); +// ------------------------------------------------------- +// # SAFE BROWSING +// ------------------------------------------------------- -// Pref : Disable RC4 -// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security -// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 -// https://rc4.io/ -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 -lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); -lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); +lockPref("browser.safebrowsing.malware.enabled", false); +lockPref("browser.safebrowsing.passwords.enabled", false); +lockPref("browser.safebrowsing.phishing.enabled", false); -// Pref : Disable SEED cipher -// https://en.wikipedia.org/wiki/SEED -lockPref("security.ssl3.rsa_seed_sha", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 1/5 -// Defaulting settings - HW Settings can be checked under about:support -// Bench Diff : +650/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : +100/5000 -// Pref : Increases animation speed. May mitigate choppy scrolling. -defaultPref("layout.frame_rate.precise", true); - -// Bench Diff : +500/5000 -// Pref : Enable Hardware Acceleration and Off Main Thread Compositing (OMTC). -// It's likely your browser is already set to use these features. -// May introduce instability on some hardware. -// Tor compatibility - have inverted values in tor. -defaultPref("webgl.force-enabled", true); -defaultPref("layers.acceleration.force-enabled", true); - -// Pref : 2508: disable hardware acceleration to reduce graphics fingerprinting -// [SETTING] General>Performance>Custom>Use hardware acceleration when available -// [SETUP-PERF] Affects text rendering (fonts will look different) and impacts video performance. -// Parts of Quantum that utilize the GPU will also be affected as they are rolled out -// [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration -// Resolved by extension -defaultPref("gfx.direct2d.disabled", false); // [WINDOWS] -defaultPref("layers.acceleration.disabled", false); - -// Bench Diff : 0/5000 -// Pref : -defaultPref("html5.offmainthread", true); //default true -defaultPref("layers.offmainthreadcomposition.enabled", true); -defaultPref("layers.offmainthreadcomposition.async-animations", true); -defaultPref("layers.async-video.enabled", true); - -// Bench Diff : +50/5000 -// Pref : Deprecated Active -defaultPref("browser.tabs.animate", false); - -// Pref : The impact for this one is negligible -//defaultPref("browser.download.animateNotifications", false); - -// Bench Diff : -80/5000 -// Pref : Spoof CPU Core Def 16 -// Default settings seems to be the best -//defaultPref("dom.maxHardwareConcurrency", 8); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 2/5 -// Bench Diff : -800/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -500/5000 -// Pref : Tell garbage collector to start running when javascript is using xx MB of memory. -// Garbage collection releases memory back to the system. -// Default settings seems to be the best -//lockPref("javascript.options.mem.high_water_mark", 96); - -// Bench Diff : -200/5000 -// Pref : Disable WebAssembly -// https://webassembly.org/ -// https://en.wikipedia.org/wiki/WebAssembly -// https://trac.torproject.org/projects/tor/ticket/21549 -// Solved by extension disabled here for performance -//lockPref("javascript.options.wasm", false); - -// Bench Diff : -100/5000 -// Pref : Prevent font fingerprinting -// https://browserleaks.com/fonts -// https://github.com/pyllyukko/user.js/issues/120 -// Solved by extension disabled here for performance -//lockPref("browser.display.use_document_fonts", 0); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 3/5 -// Bench Diff : -1720/5000 -// >>>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -220/5000 -// Pref : Disable webGL I/II -// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) -defaultPref("webgl.disabled", false); // Tor have it false but the rest is the same (webgl) -// This does not leak -lockPref("webgl.enable-webgl2", false); -lockPref("webgl.min_capability_mode", true); - -// Bench Diff : 0/5000 -// Pref : Disable webGL II/II -// WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) -lockPref("pdfjs.enableWebGL", false); -lockPref("webgl.disable-extensions", true); -lockPref("webgl.disable-fail-if-major-performance-caveat", true); -lockPref("webgl.enable-debug-renderer-info", false); //Deprecated Active - -// Bench Diff : -1500/5000 -// Pref : Disable asm.js -// http://asmjs.org/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ -// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 -// Solved by extension disabled here for performance -// Tor enforce this -//lockPref("javascript.options.asmjs", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 4/5 -// Bench Diff : -200/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -200/5000 -// Pref : JS Shared Memory - Default false -// https://github.com/MrAlex94/Waterfox/issues/356 -lockPref("javascript.options.shared_memory", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Performance 5/5 -// Bench Diff : -50/5000 -// >>>>>>>>>>>>>>>>>>>>> - -// Bench Diff : -50/5000 -// Pref : 2302 : disable service workers -// Service workers essentially act as proxy servers that sit between web apps, and the browser -// and network. They are event-driven, and can control the web page/site it is associated with, -// intercepting and modifying navigation and resource requests, and caching resources. -// SW may decrease performance depending on the script that is running in background. -// So overall, disabling SW should enhance performance because it blocks SW Scripts. -// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. -// [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. -defaultPref("dom.serviceWorkers.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 1/3 -// Bench Diff : +100/5000 -// >>>>>>>>>>>>>>>>>>>>>> - -// Pref : Onboarding tour disabled because of included telemetry -// This extension has already been removed. This setting is here to disable it just in case it -// comes back or for users using the script outside the bundle. -lockPref("browser.onboarding.notification.finished", true); -lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); -lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); - -// Pref : -lockPref("devtools.onboarding.telemetry.logged", false); - -// Pref : -lockPref("services.sync.engine.addresses.available", false); - -// Pref : -lockPref("browser.bookmarks.restore_default_bookmarks", false); - -// Pref : -lockPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); - -// Pref : Caching for integrated PDF -lockPref("pdfjs.enabledCache.state", false); - -// Pref : -lockPref("pref.general.disable_button.default_browser", false); -lockPref("pref.privacy.disable_button.view_passwords", false); - -// Pref : -lockPref("identity.mobilepromo.android", ""); -pref("identity.sendtabpromo.url", ""); - -// Pref : -lockPref("extensions.systemAddon.update.url", ""); - -// Pref : -lockPref("datareporting.healthreport.infoURL", ""); - -// Pref : -lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); -lockPref("browser.urlbar.searchSuggestionsChoice", false); -lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); - -// Pref : -lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); - -// Pref : -lockPref("app.feedback.baseURL", ""); - -// Pref : -lockPref("app.normandy.enabled", false); -lockPref("app.normandy.api_url", ""); -lockPref("app.normandy.first_run", false); -lockPref("app.normandy.user_id", ""); - -// Pref : -lockPref("app.releaseNotesURL", ""); - -// Pref : -lockPref("app.update.auto", false); -defaultPref("extensions.update.autoUpdateDefault", false); -lockPref("app.update.staging.enabled", false); -lockPref("app.update.silent", false); -lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); -lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); -lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); - -// Pref : -lockPref("app.vendorURL", ""); - -// Pref : -lockPref("breakpad.reportURL", ""); - -// Pref : -lockPref("browser.chrome.errorReporter.submitUrl", ""); -lockPref("browser.chrome.errorReporter.enabled", false); - -// Pref : -lockPref("browser.ping-centre.staging.endpoint", ""); -lockPref("browser.ping-centre.telemetry", false); - -// Pref : Google Safe Browsing (Blocks dangerous and deceptive contents) - -// browser.safebrowsing.downloads.enabled true - // browser.safebrowsing.downloads.remote.block_potentially_unwanted true - // browser.safebrowsing.downloads.remote.block_uncommon true - // browser.safebrowsing.malware.enabled true - // browser.safebrowsing.phishing.enabled true - -lockPref("browser.safebrowsing.id", ""); -lockPref("browser.safebrowsing.provider.google4.pver", ""); -lockPref("browser.safebrowsing.provider.mozilla.pver", ""); -lockPref("browser.safebrowsing.allowOverride", false); -lockPref("browser.safebrowsing.blockedURIs.enabled", false); +// downloads and unwanted software lockPref("browser.safebrowsing.downloads.enabled", false); +lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false); lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false); -lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.url", ""); -lockPref("browser.safebrowsing.malware.enabled", false); -lockPref("browser.safebrowsing.passwords.enabled", false); -lockPref("browser.safebrowsing.phishing.enabled", false); + +// could try re-enabling some of these urls to see if it causes connections +lockPref("browser.safebrowsing.id", ""); +lockPref("browser.safebrowsing.blockedURIs.enabled", false); +lockPref("browser.safebrowsing.provider.google4.pver", ""); +lockPref("browser.safebrowsing.provider.google4.advisoryName", ""); lockPref("browser.safebrowsing.provider.google4.advisoryURL", ""); lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); lockPref("browser.safebrowsing.provider.google4.dataSharingURL", ""); @@ -1596,6 +437,7 @@ lockPref("browser.safebrowsing.provider.google4.reportURL", ""); lockPref("browser.safebrowsing.provider.google4.updateURL", ""); lockPref("browser.safebrowsing.provider.google4.lastupdatetime", ""); lockPref("browser.safebrowsing.provider.google4.nextupdatetime", ""); +lockPref("browser.safebrowsing.provider.google.advisoryName", ""); lockPref("browser.safebrowsing.provider.google.advisoryURL", ""); lockPref("browser.safebrowsing.provider.google.gethashURL", ""); lockPref("browser.safebrowsing.provider.google.lastupdatetime", ""); @@ -1606,1177 +448,266 @@ lockPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); lockPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); lockPref("browser.safebrowsing.provider.google.reportURL", ""); lockPref("browser.safebrowsing.provider.google.updateURL", ""); +lockPref("browser.safebrowsing.provider.mozilla.pver", ""); +lockPref("browser.safebrowsing.provider.mozilla.lists", ""); +lockPref("browser.safebrowsing.provider.mozilla.lists.base", ""); +lockPref("browser.safebrowsing.provider.mozilla.lists.content", ""); +lockPref("browser.safebrowsing.provider.mozilla.updateURL", ""); lockPref("browser.safebrowsing.provider.mozilla.gethashURL", ""); lockPref("browser.safebrowsing.provider.mozilla.lastupdatetime", ""); lockPref("browser.safebrowsing.provider.mozilla.nextupdatetime", ""); -lockPref("browser.safebrowsing.provider.mozilla.updateURL", ""); lockPref("browser.safebrowsing.reportPhishURL", ""); -// Pref : -lockPref("browser.search.suggest.enabled", false); +// -------------------------------- +// # FONTS +// -------------------------------- -// Pref : -lockPref("captivedetect.canonicalURL", ""); +lockPref("gfx.font_rendering.graphite.enabled", false); +lockPref("gfx.font_rendering.opentype_svg.enabled", false); -// Pref : -lockPref("datareporting.policy.firstRunURL", ""); +// -------------------------------- +// # MISC +// -------------------------------- -// Pref : -lockPref("devtools.devedition.promo.url", ""); +// keep track of, should be useless as mozilla removed flash from source code +lockPref("dom.ipc.plugins.reportCrashURL", false); +lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); +lockPref("plugin.state.flash", 0); + +// more important stuff +lockPref("browser.shell.shortcutFavicons", false); +defaultPref("alerts.showFavicons", false); +defaultPref("browser.link.open_newwindow", 3); +defaultPref("browser.link.open_newwindow.restriction", 0); +lockPref("network.file.disable_unc_paths", true); // (hidden pref) +lockPref("network.gio.supported-protocols", ""); // (hidden pref) +lockPref("plugin.default.state", 1); +lockPref("network.IDN_show_punycode", true); +defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP + +// pocket, to check if we can remove +lockPref("extensions.pocket.enabled", false); +lockPref("extensions.pocket.site", ""); +lockPref("extensions.pocket.oAuthConsumerKey", ""); +lockPref("extensions.pocket.api", ""); + +// pdf reader +defaultPref("pdfjs.disabled", false); +defaultPref("pdfjs.enableScripting", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); + +// remote agent +lockPref("remote.enabled", false); + +// settings and behavior +lockPref("browser.shell.checkDefaultBrowser", false); +lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); +defaultPref("startup.homepage_override_url", "about:blank"); +defaultPref("startup.homepage_welcome_url", "about:blank"); +defaultPref("startup.homepage_welcome_url.additional", ""); +lockPref("browser.startup.homepage_override.mstone", "ignore"); +defaultPref("privacy.userContext.enabled", true); +defaultPref("general.autoScroll", false); +defaultPref("clipboard.autocopy", false); +defaultPref("browser.tabs.loadBookmarksInTabs", true); +lockPref("browser.download.manager.addToRecentDocs", false); +lockPref("accessibility.force_disabled", 1); +lockPref("browser.uitour.enabled", false); +lockPref("middlemouse.contentLoadURL", false); +defaultPref("accessibility.typeaheadfind", false); +lockPref("network.manage-offline-status", false); +lockPref("browser.helperApps.deleteTempFileOnExit", true); +lockPref("browser.pagethumbnails.capturing_disabled", true); +lockPref("browser.bookmarks.max_backups", 2); +defaultPref("reader.parse-on-load.enabled", false); + +// devtools +defaultPref("devtools.debugger.remote-enabled", false); +defaultPref("devtools.chrome.enabled", false); +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com lockPref("devtools.devices.url", ""); -lockPref("devtools.gcli.imgurUploadURL", ""); -lockPref("devtools.gcli.jquerySrc", ""); -lockPref("devtools.gcli.underscoreSrc", ""); -lockPref("devtools.telemetry.supported_performance_marks", ""); -// Fix ESR Devtools -//lockPref("devtools.telemetry.tools.opened.version", ""); -// Default {"DEVTOOLS_SCREEN_RESOLUTION_ENUMERATED_PER_USER":"60.4.0"} +lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] +lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] +defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-community/browser/linux/-/issues/80 -// Pref : -lockPref("dom.battery.enabled", false); +// ui +defaultPref("browser.tabs.drawInTitlebar", true); +defaultPref("browser.aboutConfig.showWarning", false); +defaultPref("general.warnOnAboutConfig", false); +defaultPref("browser.download.autohideButton", false); +defaultPref("privacy.userContext.ui.enabled", true); +lockPref("browser.messaging-system.whatsNewPanel.enabled", false); -// Pref : -lockPref("dom.permissions.enabled", false); - -// Pref : Maximum popups that may be launched at the same time -lockPref("dom.popup_maximum", 4); - -// Pref : -lockPref("dom.registerProtocolHandler.insecure.enabled", true); - -// Pref : -lockPref("extensions.blocklist.detailsURL", ""); -lockPref("extensions.blocklist.itemURL", ""); - -// Pref : Block list url disabled -// gHacks tunes this to minimize privacy issues. its complitely disabled here -// Disabled complitely -lockPref("extensions.blocklist.url", ""); - -// Pref : -defaultPref("extensions.update.background.url", ""); - -// Pref : -defaultPref("extensions.getAddons.showPane", false); - -// Pref : -lockPref("extensions.webservice.discoverURL", ""); - -// Pref : +// urls and handlers +lockPref("media.decoder-doctor.new-issue-endpoint", ""); +lockPref("identity.sync.tokenserver.uri", ""); +lockPref("network.trr.confirmationNS", ""); +lockPref("browser.translation.engine", ""); // default Google lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // default Yahoo! Mail lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // default Gmail +lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.irc.0.name", ""); +lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.ircs.0.name", ""); +lockPref("services.settings.server", ""); +lockPref("accessibility.support.url", ""); +lockPref("app.support.baseURL", ""); +lockPref("browser.uitour.url", ""); +lockPref("webchannel.allowObject.urlWhitelist", ""); +lockPref("browser.dictionaries.download.url", ""); +lockPref("browser.geolocation.warning.infoURL", ""); +lockPref("browser.search.searchEnginesURL", ""); +lockPref("browser.uitour.themeOrigin", ""); +lockPref("toolkit.datacollection.infoURL", ""); +lockPref("identity.mobilepromo.android", ""); +lockPref("identity.mobilepromo.ios", ""); +defaultPref("identity.sendtabpromo.url", ""); +lockPref("datareporting.healthreport.infoURL", ""); +lockPref("app.feedback.baseURL", ""); +lockPref("app.releaseNotesURL", ""); +lockPref("app.releaseNotesURL.aboutDialog", ""); +lockPref("browser.chrome.errorReporter.infoURL", ""); +lockPref("datareporting.policy.firstRunURL", ""); lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); -// Pref : -lockPref("geo.enabled", false); -lockPref("geo.wifi.uri", ""); +// -------------------------------- +// # CACHE +// -------------------------------- -// Disable using the OS's geolocation service +lockPref("browser.cache.offline.storage.enable", false); +lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] +defaultPref("media.memory_cache_max_size", 65536); + +// -------------------------------- +// # WEBGL AND PERFORMANCE +// -------------------------------- + +lockPref("webgl.enable-webgl2", false); +lockPref("webgl.disable-fail-if-major-performance-caveat", true); + +// -------------------------------- +// # JS +// -------------------------------- + +// should we consider disabling WebAssembly ? +// lockPref("javascript.options.wasm", false); + +// left as it is worth considering +// lockPref("javascript.options.asmjs", false); + +lockPref("javascript.options.shared_memory", false); + +// -------------------------------- +// # GEO +// -------------------------------- + +lockPref("geo.enabled", false); lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] lockPref("geo.provider.use_corelocation", false); // [MAC] lockPref("geo.provider.use_gpsd", false); // [LINUX] lockPref("geo.provider.network.url", ""); lockPref("geo.provider.network.logging.enabled", false); +lockPref("browser.region.network.url", ""); +lockPref("browser.region.update.enabled", false); -lockPref("geo.provider-country.network.scan", false); -lockPref("geo.provider-country.network.url", ""); +// -------------------------------- +// # PREFETCHING +// -------------------------------- -// Pref : -lockPref("identity.fxaccounts.auth.uri", ""); -lockPref("identity.fxaccounts.remote.oauth.uri", ""); -lockPref("identity.fxaccounts.remote.profile.uri", ""); -lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); -lockPref("identity.fxaccounts.service.sendLoginUrl", ""); -lockPref("identity.mobilepromo.ios", ""); - -lockPref("remote.enabled", false); -lockPref("remote.force-local", true); -lockPref("remote.log.level", "Info"); - -// Pref : -lockPref("layout.css.visited_links_enabled", false); -lockPref("layout.css.always-repaint-on-unvisited", false); -lockPref("layout.css.layout.css.notify-of-unvisited", false); - -// Pref : -lockPref("lpbmode.enabled", true); - -// Pref : -lockPref("mailnews.messageid_browser.url", ""); -lockPref("mailnews.mx_service_url", ""); - -// Pref : 0608 : disable predictor / prefetching (FF48+) -// Network predictor load pages before they are opened -// with mouse hover for example lockPref("network.predictor.enabled", false); -lockPref("network.predictor.cleaned-up", true); -lockPref("network.predictor.enable-prefetch", false); +lockPref("network.prefetch-next", false); +lockPref("network.http.speculative-parallel-limit", 0); -// Disable Network Connectivity Services +// -------------------------------- +// # OUTGOING CONNECTIONS +// -------------------------------- + +// updates +lockPref("app.update.auto", false); +lockPref("app.update.staging.enabled", false); +lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); +lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); +lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); + +// connectivity service lockPref("network.connectivity-service.enabled", false); lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0"); lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); lockPref("network.connectivity-service.DNSv6.domain", ""); lockPref("network.connectivity-service.DNSv4.domain", ""); -// Pref : -lockPref("plugins.crash.supportUrl", ""); - -// Pref : Sync prefs -lockPref("services.sync.clients.lastSync", "0"); -lockPref("services.sync.clients.lastSyncLocal", "0"); -lockPref("services.sync.declinedEngines", ""); -lockPref("services.sync.enabled", false); -lockPref("services.sync.globalScore", 0); -lockPref("services.sync.jpake.serverURL", ""); -lockPref("services.sync.migrated", true); -lockPref("services.sync.nextSync", 0); -lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.passwords.enabled", false); -lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); -lockPref("services.sync.serverURL", ""); -lockPref("services.sync.tabs.lastSync", "0"); -lockPref("services.sync.tabs.lastSyncLocal", "0"); - -// Pref : -lockPref("sync.enabled", false); - -// Pref : -lockPref("sync.jpake.serverURL", ""); - -// Pref : -lockPref("sync.serverURL", ""); - -// Pref : +// telemetry lockPref("toolkit.crashreporter.infoURL", ""); - -// Pref : Disable telemetry lockPref("toolkit.telemetry.archive.enabled", false); lockPref("toolkit.telemetry.updatePing.enabled", false); lockPref("toolkit.telemetry.bhrPing.enabled", false); lockPref("toolkit.telemetry.cachedClientID", ""); lockPref("toolkit.telemetry.enabled", false); lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); -lockPref("toolkit.telemetry.hybridContent.enabled", false); -lockPref("toolkit.telemetry.infoURL", ""); lockPref("toolkit.telemetry.newProfilePing.enabled", false); lockPref("toolkit.telemetry.previousBuildID", ""); -lockPref("toolkit.telemetry.prompted", 2); //Setting seems to still exist -lockPref("toolkit.telemetry.rejected", true); lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); lockPref("toolkit.telemetry.server", "data:,"); lockPref("toolkit.telemetry.server_owner", ""); lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); +lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); lockPref("toolkit.telemetry.unified", false); -lockPref("toolkit.telemetry.coverage.opt-out", true); lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); +lockPref("security.protectionspopup.recordEventTelemetry", false); +lockPref("datareporting.healthreport.uploadEnabled", false); +lockPref("datareporting.policy.dataSubmissionEnabled", false); +lockPref("toolkit.coverage.endpoint.base", ""); +lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] +lockPref("toolkit.coverage.opt-out", true); +lockPref("toolkit.coverage.enabled", false); +lockPref("app.shield.optoutstudies.enabled", false); +lockPref("beacon.enabled", false); +lockPref("browser.ping-centre.telemetry", false); -lockPref("security.protectionspopup.recordEventTelemetry", false) - +// discovery lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.containers.enabled", false); lockPref("browser.discovery.sites", ""); -// Pref : -lockPref("webextensions.storage.sync.serverURL", ""); - -// Pref : -lockPref("extensions.screenshots.upload-disabled", true); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 2/3 -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : Referer: ALL: control the amount of information to send -// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port -lockPref("network.http.referer.trimmingPolicy", 0); - -// Pref : Close tab -lockPref("browser.tabs.closeTabByDblclick", true); - -// Pref : Disable collection/sending of the health report (healthreport.sqlite*) -// https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf -// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html -lockPref("datareporting.healthreport.uploadEnabled", false); -lockPref("datareporting.policy.dataSubmissionEnabled", false); - -// Pref : Disable right-click menu manipulation via JavaScript (disabled) -defaultPref("dom.event.contextmenu.enabled", false); - -// Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript -// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in -// JS-based web applications (Google Docs etc.) -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled -lockPref("dom.event.clipboardevents.enabled", false); - -// Pref : Force Punycode for Internationalized Domain Names -// http://kb.mozillazine.org/Network.IDN_show_punycode -// https://www.xudongz.com/blog/2017/idn-phishing/ -// https://wiki.mozilla.org/IDN_Display_Algorithm -// https://en.wikipedia.org/wiki/IDN_homograph_attack -// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 -lockPref("network.IDN_show_punycode", true); - -// Pref : Disable Pocket -// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox -// https://github.com/pyllyukko/user.js/issues/143 -lockPref("extensions.pocket.enabled", false); -lockPref("extensions.pocket.site", ""); -lockPref("extensions.pocket.oAuthConsumerKey", ""); -lockPref("extensions.pocket.api", ""); - -// Pref : Disable downloading homepage snippets/messages from Mozilla -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content -// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service -lockPref("browser.aboutHomeSnippets.updateUrl", ""); - -// Pref : Don't reveal build ID -// Value taken from Tor Browser -// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -// Already enforced with 'privacy.resistFingerprinting' ? -lockPref("general.buildID.override", "20100101"); -lockPref("browser.startup.homepage_override.buildID", "20100101"); - -// Pref : Disable pinging URIs specified in HTML ping= attributes -// http://kb.mozillazine.org/Browser.send_pings -lockPref("browser.send_pings", false); - -// Pref : When browser pings are enabled, only allow pinging the origin page's host -// http://kb.mozillazine.org/Browser.send_pings.require_same_host -lockPref("browser.send_pings.require_same_host", true); - -// Pref : Do not download URLs for the offline cache -// http://kb.mozillazine.org/Browser.cache.offline.enable -lockPref("browser.cache.offline.enable", false); - -/* 1007: disable media cache from writing to disk in Private Browsing - * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB */ -lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] -lockPref("media.memory_cache_max_size", 16384); - -// Pref : Disable prefetching of URLs -// http://kb.mozillazine.org/Network.prefetch-next -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F -// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, -// so the browser downloads them immediately so they can be displayed immediately when the user requests it. -lockPref("network.prefetch-next", false); - -// Pref : Disable speculative pre-connections -// Disable prefetch link on hover. -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections -// https://bugzilla.mozilla.org/show_bug.cgi?id=814169 -lockPref("network.http.speculative-parallel-limit", 0); - -// Pref : WebSockets is a technology that makes it possible to open an interactive communication -// session between the user's browser and a server. (May leak IP when using proxy/VPN) -defaultPref("media.peerconnection.enabled", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : General Settings 3/3 -// Bench Diff : -40/5000 -// >>>>>>>>>>>>>>>>>>>>> - -// Pref : Disable DOM timing API -// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI -// https://www.w3.org/TR/navigation-timing/#privacy -lockPref("dom.enable_performance", false); //Deprecated Active -lockPref("dom.enable_performance_navigation_timing", false); - -// Pref : Make sure the User Timing API does not provide a new high resolution timestamp -// https://trac.torproject.org/projects/tor/ticket/16336 -// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security -lockPref("dom.enable_user_timing", false); - -// Pref : Disable Web Audio API -// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 -// Avoid fingerprinting -defaultPref("dom.webaudio.enabled", false); - -// Pref : When geolocation is enabled, don't log geolocation requests to the console -lockPref("geo.wifi.logging.enabled", false); - -// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics) -// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon -lockPref("beacon.enabled", false); - -// Pref : Disable speech recognition -// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html -// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition -// https://wiki.mozilla.org/HTML5_Speech_API -lockPref("media.webspeech.recognition.enable", false); - -// Pref : Disable virtual reality devices APIs -// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM -// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API -lockPref("dom.vr.enabled", false); - -// Pref : Disable vibrator API -lockPref("dom.vibrator.enabled", false); - -// Pref : Disable GeoIP lookup on your address to set default search engine region -// https://trac.torproject.org/projects/tor/ticket/16254 -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine -lockPref("browser.search.region", "US"); -lockPref("browser.search.geoip.url", ""); -lockPref("browser.search.geoSpecificDefaults.url", ""); - -// Pref : Don't use Mozilla-provided location-specific search engines -lockPref("browser.search.geoSpecificDefaults", false); - -// Pref : Don't trim HTTP from URLs in the address bar. -// https://bugzilla.mozilla.org/show_bug.cgi?id=665580 -lockPref("browser.urlbar.trimURLs", false); - -// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar -// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html -lockPref("browser.fixup.alternate.enabled", false); - -// Pref : When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs -// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851 -lockPref("browser.fixup.hide_user_pass", true); - -// Pref : Don't monitor OS online/offline connection state -// https://trac.torproject.org/projects/tor/ticket/18945 -lockPref("network.manage-offline-status", false); - -// Pref : Set File URI Origin Policy -// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 -lockPref("security.fileuri.strict_origin_policy", true); - -// Pref : Disable SVG in OpenType fonts -// https://wiki.mozilla.org/SVGOpenTypeFonts -// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle -lockPref("gfx.font_rendering.opentype_svg.enabled", false); - -// Pref : Enable only whitelisted URL protocol handlers -// Disabling non-essential protocols breaks all interaction with custom protocols such -// as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... -// clients when clicking on links with these protocols -lockPref("network.protocol-handler.warn-external-default",true); -lockPref("network.protocol-handler.external.http",false); -lockPref("network.protocol-handler.external.https",false); -lockPref("network.protocol-handler.external.javascript",false); -lockPref("network.protocol-handler.external.moz-extension",false); -lockPref("network.protocol-handler.external.ftp",false); -lockPref("network.protocol-handler.external.file",false); -lockPref("network.protocol-handler.external.about",false); -lockPref("network.protocol-handler.external.chrome",false); -lockPref("network.protocol-handler.external.blob",false); -lockPref("network.protocol-handler.external.data",false); -lockPref("network.protocol-handler.expose-all",false); -lockPref("network.protocol-handler.expose.http",true); -lockPref("network.protocol-handler.expose.https",true); -lockPref("network.protocol-handler.expose.javascript",true); -lockPref("network.protocol-handler.expose.moz-extension",true); -lockPref("network.protocol-handler.expose.ftp",true); -lockPref("network.protocol-handler.expose.file",true); -lockPref("network.protocol-handler.expose.about",true); -lockPref("network.protocol-handler.expose.chrome",true); -lockPref("network.protocol-handler.expose.blob",true); -lockPref("network.protocol-handler.expose.data",true); - -// Pref : Ensure there is a security delay when installing add-ons (milliseconds) -// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox -// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ -lockPref("security.dialog_enable_delay", 700); - -// Pref : Opt-out of add-on metadata updates -// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -defaultPref("extensions.getAddons.cache.enabled", false); - -// Pref : Opt-out of theme (Persona) updates -// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 -lockPref("lightweightThemes.update.enabled", false); -lockPref("lightweightThemes.persisted.headerURL", false); -lockPref("lightweightThemes.persisted.footerURL", false); - -// Pref : Disable Flash Player NPAPI plugin -// http://kb.mozillazine.org/Flash_plugin -lockPref("plugin.state.flash", 0); - -// Pref : Disable sending Flash Player crash reports -lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); - -// Pref : When Flash Player crash reports are enabled, don't send the visited URL in the crash report -lockPref("dom.ipc.plugins.reportCrashURL", false); - -// Pref : Disable Shumway (Mozilla Flash renderer) -// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway -lockPref("shumway.disabled", true); - -// Pref : Disable Gnome Shell Integration NPAPI plugin -lockPref("plugin.state.libgnome-shell-browser-plugin", 0); - -// Pref : Enable click-to-play plugin -// https://wiki.mozilla.org/Firefox/Click_To_Play -// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ -lockPref("plugins.click_to_play", true); -lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); - -// Pref : Update addons automatically -// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ -defaultPref("extensions.update.enabled", false); - -// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla -// Updated at interval defined in extensions.blocklist.interval (default: 86400) -lockPref("extensions.blocklist.enabled", false); - -// Pref : Disable system add-on updates (hidden & always-enabled add-ons from Mozilla) -lockPref("extensions.systemAddon.update.enabled", false); - -// Pref : Disable WebIDE Web Debug -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.enabled", false); -lockPref("devtools.webide.autoinstallADBExtension", false); // [FF64+] -lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+] -lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] - -// Pref : Disable remote debugging -// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop -// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings -lockPref("devtools.debugger.force-local", true); - -// Pref : Disallow Necko to do A/B testing -// https://trac.torproject.org/projects/tor/ticket/13170 -lockPref("network.allow-experiments", false); - -// Pref : Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't -// nag user about unsent crash reports -// https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js +// crash report +lockPref("breakpad.reportURL", ""); lockPref("browser.tabs.crashReporting.sendReport", false); lockPref("browser.crashReports.unsubmittedCheck.enabled", false); lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); -// Pref : Disable SHIELD -// https://support.mozilla.org/en-US/kb/shield -// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 -lockPref("app.shield.optoutstudies.enabled", false); - -// Pref : Disable new tab tile ads, preload, and Activity Stream -// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox -// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331 -// https://wiki.mozilla.org/Firefox/Activity_Stream -// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping -// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source -// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping -lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); -lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); -lockPref("browser.newtabpage.activity-stream.showSponsored", false); -lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); -lockPref("browser.newtabpage.activity-stream.asrouter.messageProviders", ""); -lockPref("browser.newtabpage.activity-stream.asrouter.devtoolsEnableds", true); -lockPref("browser.newtabpage.activity-stream.telemetry", false); -lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); -lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); -lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); -lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); -lockPref("browser.newtabpage.activity-stream.disableSnippets", true); -lockPref("browser.newtabpage.activity-stream.default.sites", ""); -lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false); -lockPref("browser.newtabpage.activity-stream.discoverystream.config", "{\"collapsible\":true,\"enabled\":false,\"personalized\":false,\"layout_endpoint\":\"\"}"); -lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); -lockPref("browser.newtabpage.activity-stream.discoverystream.engagementLabelEnabled", false); -lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); -lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); -lockPref("browser.newtabpage.activity-stream.feeds.newtabinit", false); -lockPref("browser.newtabpage.activity-stream.feeds.places", false); -lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false); -lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); -lockPref("browser.newtab.preload", false); - -// Pref : Disable "Show search suggestions in location bar results" -lockPref("browser.urlbar.suggest.searches", false); -lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); - -// Pref : Never check for updates to search engines -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking -lockPref("browser.search.update", false); - -// Pref : Disable automatic captive portal detection (Firefox >= 52.0) -// https://support.mozilla.org/en-US/questions/1157121 +// captive portal lockPref("network.captive-portal-service.enabled", false); +lockPref("captivedetect.canonicalURL", ""); -lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); -lockPref("network.netlink.route.check.IPv6", "::1"); +// -------------------------------- +// # WINDOWS +// -------------------------------- -// Pref : Disallow NTLMv1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=828183 -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); -// it is still allowed through HTTPS. -lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); +// disable links launching Windows Store [WINDOWS] +lockPref("network.protocol-handler.external.ms-windows-store", false); -// Pref : Disable formless login capture -// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947 -lockPref("signon.formlessCapture.enabled", false); +// disable background update service [WINDOWS] +lockPref("app.update.service.enabled", false); -// Pref : Delete temporary files on exit -// https://bugzilla.mozilla.org/show_bug.cgi?id=238789 -lockPref("browser.helperApps.deleteTempFileOnExit", true); +// disable automatic Firefox start and session restore after reboot [WINDOWS] +lockPref("toolkit.winRegisterApplicationRestart", false); -// Pref : Do not create screenshots of visited pages (relates to the "new tab page" feature) -// https://support.mozilla.org/en-US/questions/973320 -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled -lockPref("browser.pagethumbnails.capturing_disabled", true); +// disable Windows 8.1 Family Safety cert [WINDOWS] +lockPref("security.family_safety.mode", 0); -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Disabled - ON/OFF -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> +// Windows only? +lockPref("default-browser-agent.enabled", false); -// - Disabled - Section OFF ----------------------------------------------------------------- - -// Pref : Don't remember browsing history -// MIGRATED to defaulting section, this setting does not need to be enforced -//lockPref("places.history.enabled", false); - -// Pref : Clear all history on shutdown -// MIGRATED to defaulting section, this setting does not need to be enforced -// This setting may be enforced here if preferred -//lockPref("privacy.sanitize.sanitizeOnShutdown", true); - -// Pref : 2804: reset default history items to clear with Ctrl-Shift-Del (to match above) -// This dialog can also be accessed from the menu History>Clear Recent History -// Firefox remembers your last choices. This will reset them when you start Firefox. -// [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog -// for "Clear Recent History" is opened, it is synced with 'privacy.cpd.history' -//defaultPref("privacy.cpd.siteSettings", false); // Site Preferences -//defaultPref("privacy.cpd.downloads", true); // not used, see note above -//defaultPref("privacy.cpd.cache", true); -//defaultPref("privacy.cpd.cookies", true); -//defaultPref("privacy.cpd.formdata", true); // Form & Search History -//defaultPref("privacy.cpd.history", true); // Browsing & Download History -//defaultPref("privacy.cpd.offlineApps", true); // Offline Website Data -//defaultPref("privacy.cpd.passwords", false); // this is not listed -//defaultPref("privacy.cpd.sessions", true); // Active Logins -// Not needed // replaced by //defaultPref("privacy.sanitize.sanitizeOnShutdown", true); -// Also default value are already good - -// Pref : 2803: set which history items are to be cleared on shutdown -// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings -// [NOTE] If 'history' is true, downloads will also be cleared regardless of the value -// but if 'history' is false, downloads can still be cleared independently -// However, this may not always be the case. The interface combines and syncs these -// prefs when set from there, and the sanitize code may change at any time -//defaultPref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences -//defaultPref("privacy.clearOnShutdown.cache", true); -//defaultPref("privacy.clearOnShutdown.cookies", true); -//defaultPref("privacy.clearOnShutdown.downloads", true); // see note above -//defaultPref("privacy.clearOnShutdown.formdata", true); // Form & Search History -//defaultPref("privacy.clearOnShutdown.history", true); // Browsing & Download History -//defaultPref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data -//defaultPref("privacy.clearOnShutdown.sessions", true); // Active Logins -// Make panel locked (bug) -// replaced by //defaultPref("privacy.sanitize.sanitizeOnShutdown", true); - -// Pref : 0801: disable location bar using search - PRIVACY -// don't leak typos to a search engine; give an error message instead -//lockPref("keyword.enabled", false); -// Beak search from url bar -// After other settings, this does not send any data to search. - -// Pref : Disable Firefox Account -//lockPref("identity.fxaccounts.enabled", false); //Deprecated Active -// Already disabled in policies.json - -// Pref : 2609: disable MathML (Mathematical Markup Language) (FF51+) -// [TEST] http://browserspy.dk/mathml.php -// [1] https://bugzilla.mozilla.org/1173199 -//lockPref("mathml.disabled", true); -// This setting is a fingerprint in itself - -// Pref : 2304: disable web notifications -// [1] https://developer.mozilla.org/docs/Web/API/Notifications_API -//lockPref("dom.webnotifications.enabled", false); // (FF22+) -//lockPref("dom.webnotifications.serviceworker.enabled", false); // (FF44+) -// After tuning, this is no longer a privacy issue but a feature - -// Pref : History sessionhistory -//lockPref("browser.sessionhistory.max_total_viewers", 0); - -// Pref : 0850f: disable location bar suggesting local search history (FF57+) -// [1] https://bugzilla.mozilla.org/1181644 -//lockPref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions -// No privacy issue here - -// Pref : 1020: disable the Session Restore service completely -// [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature -// It does not affect "Recently Closed Windows" or any history. -//lockPref("browser.sessionstore.max_tabs_undo", 0); -//lockPref("browser.sessionstore.max_windows_undo", 0); -// Not really a privacy issue, but it's useful to have this feature - -// Pref : Disable URL bar autocomplete and history/bookmark suggestion dropdown -//lockPref("browser.urlbar.autocomplete.enabled", false); -//lockPref("browser.urlbar.suggest.history", false); -//lockPref("browser.urlbar.suggest.bookmark", false); -//lockPref("browser.urlbar.suggest.openpage", false); -// This does not cause privacy/leaking issues - -// Pref : 2605: block web content in file processes (FF55+) -// [SETUP-WEB] You may want to disable this for corporate or developer environments -// [1] https://bugzilla.mozilla.org/1343184 -//lockPref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); -// Not an issue - -// DOWNLOADS -// Pref : 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used) -// [SETTING] To set your default "downloads", set General>Downloads>Save files to -//lockPref("browser.download.folderList", 2); -// Pref : 2651: enforce user interaction for security by always asking the user where to download -// [SETTING] General>Downloads>Always ask you where to save files -//lockPref("browser.download.useDownloadDir", false); -// Pref : 2654: disable "open with" in download dialog (FF50+) -// This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) -// in such a way that it is forbidden to run external applications. -// [SETUP-CHROME] This may interfere with some users' workflow or methods -// [1] https://bugzilla.mozilla.org/1281959 -//lockPref("browser.download.forbid_open_with", true); -// Not an issue - -// OCSP (Online Certificate Status Protocol) -// OCSP leaks the visited sites. Exactly same issue as with safebrowsing. -// Stapling forces the site to prove that its certificate is good -// through the CA, so apparently nothing is leaked in this case. -// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ -// Pref : 1211: control when to use OCSP fetching (to confirm current validity of certificates) -// 0=disabled, 1=enabled (default), 2=enabled for EV certificates only -// OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) -// It's a trade-off between security (checking) and privacy (leaking info to the CA) -// [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling -// [1] https://en.wikipedia.org/wiki/Ocsp -//lockPref("security.OCSP.enabled", 1); - -// Pref : 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB] -// When a CA cannot be reached to validate a cert, Firefox just continues with the connection (=soft-fail) -// Setting this pref to true tells Firefox to terminate the connection instead (=hard-fail) -// It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm that the cert is still valid (it -// could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers) -// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ -// [2] https://www.imperialviolet.org/2014/04/19/revchecking.html -//lockPref("security.OCSP.require", true); - -// Pref : 1022: disable resuming session from crash [SETUP-CHROME] -//lockPref("browser.sessionstore.resume_from_crash", false); -// Not really a privacy issue, but it's useful to have this feature - -// Pref : 0103: set HOME+NEWWINDOW page -// about:home=Activity Stream (default, see 0105), custom URL, about:blank -// [SETTING] Home>New Windows and Tabs>Homepage and new windows -//lockPref("browser.startup.homepage", "about:blank"); -// Let the user have the choice, and easily change it - -// Pref : 2740: disable service workers cache and cache storage -// [1] https://w3c.github.io/ServiceWorker/#privacy -//lockPref("dom.caches.enabled", false); -// Not really a privacy issue, but it's useful to have this feature -// Other settings solve privacy issues related to this - -// Pref : First-party isolation -// https://bugzilla.mozilla.org/show_bug.cgi?id=1299996 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 -// https://wiki.mozilla.org/Security/FirstPartyIsolation -// First-party isolation breaks Microsoft Teams -// First-party isolation causes HTTP basic auth to ask for credentials for every new tab (see #425) -// Solved by extension -// Pref : 4001: enable First Party Isolation (FF51+) -// [SETUP-WEB] May break cross-domain logins and site functionality until perfected -// [1] https://bugzilla.mozilla.org/1260931 -// enabled via addons -//lockPref("privacy.firstparty.isolate", true); -// Pref : 4002: enforce FPI restriction for window.opener (FF54+) -// [NOTE] Setting this to false may reduce the breakage in 4001 -// [FF65+] blocks postMessage with targetOrigin "*" if originAttributes don't match. But -// to reduce breakage it ignores the 1st-party domain (FPD) originAttribute. (see [2],[3]) -// The 2nd pref removes that limitation and will only allow communication if FPDs also match. -// [1] https://bugzilla.mozilla.org/1319773#c22 -// [2] https://bugzilla.mozilla.org/1492607 -// [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage -//lockPref("privacy.firstparty.isolate.restrict_opener_access", true); // default: true -// lockPref("privacy.firstparty.isolate.block_post_message", true); -// Enforced with addon - -// Pref : 0102: set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session) -// [SETTING] General>Startup>Restore previous session -//lockPref("browser.startup.page", 0); -// Let the user choose over settings page - -// Pref : 1001: disable disk cache -//lockPref("browser.cache.disk.enable", false); -//lockPref("browser.cache.disk.capacity", 0); -//lockPref("browser.cache.disk.smart_size.enabled", false); -//lockPref("browser.cache.disk.smart_size.first_run", false); -// Pref : 1003: disable memory cache -// [NOTE] Not recommended due to performance issues -// lockPref("browser.cache.memory.enable", false); -// lockPref("browser.cache.memory.capacity", 0); -// This is overkill. Disabled for performance. -// Firefox should be run in a container: sandbox or otherwise - -// Pref : New tab page -//lockPref("browser.newtabpage.enabled", false); -// New page site shortcuts does not spy after tunning. May be enabled if preferred. - -// Pref : Disable in-content SVG rendering (Firefox >= 53) (disabled) -// Disabling SVG support breaks many UI elements on many sites -// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 -//lockPref("svg.disabled", true); -// Solved by extension - -// Pref : Disable Caching of SSL Pages -// CIS Version 1.2.0 October 21st, 2011 2.5.8 -// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl -//lockPref("browser.cache.disk_cache_ssl", false); - -// Pref : 2212 : limit events that can cause a popup -// default is "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend contextmenu" -// [1] http://kb.mozillazine.org/Dom.popup_allowed_events -//lockPref("dom.popup_allowed_events", "click dblclick"); -// This does not cause privacy/leaking issues -// Also already set in "dom.popup_maximum" - -// Pref : 2031 : disable audio auto-play in non-active tabs (FF51+) -// [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ -//lockPref("media.block-autoplay-until-in-foreground", true); -// Not privacy/security related - -// Pref : 2403 : disable clipboard commands (cut/copy) from "non-privileged" content (FF41+) -// this disables document.execCommand("cut"/"copy") to protect your clipboard -// [1] https://bugzilla.mozilla.org/1170911 -//lockPref("dom.allow_cut_copy", false); -// Not an issue - -// Pref : 1405 : disable WOFF2 (Web Open Font Format) (FF35+) -//lockPref("gfx.downloadable_fonts.woff2.enabled", false); -// Solved by extension - -// Pref : 1406 : disable CSS Font Loading API -// Disabling fonts can uglify the web a fair bit. -//lockPref("layout.css.font-loading-api.enabled", false); -// Solved by extension - -// - Disabled - Dumped Disabled From (gHacks, Check user.js for description) ---------------- - -//lockPref("browser.chrome.site_icons", false); -//lockPref("browser.library.activity-stream.enabled", false); -//lockPref("browser.privatebrowsing.autostart", true); -//lockPref("browser.urlbar.maxRichResults", 0); -//lockPref("dom.storage.enabled", false); -//lockPref("dom.storageManager.enabled", false); -//lockPref("extensions.screenshots.disabled", true); -//lockPref("extensions.webextensions.restrictedDomains", ""); -//lockPref("font.name.monospace.x-unicode", "Lucida Console"); -//lockPref("font.name.monospace.x-western", "Lucida Console"); -//lockPref("font.name.sans-serif.x-unicode", "Arial"); -//lockPref("font.name.sans-serif.x-western", "Arial"); -//lockPref("font.name.serif.x-unicode", "Georgia"); -//lockPref("font.name.serif.x-western", "Georgia"); -//lockPref("font.system.whitelist", ""); -//lockPref("full-screen-api.enabled", false); -//lockPref("gfx.downloadable_fonts.enabled", false); -//lockPref("gfx.downloadable_fonts.fallback_delay", -1); -//lockPref("javascript.options.baselinejit", false); -//lockPref("javascript.options.ion", false); -//lockPref("media.media-capabilities.enabled", false); -//lockPref("network.dnsCacheEntries", 400); -//lockPref("network.dnsCacheExpiration", 60); -//lockPref("network.ftp.enabled", false); -//lockPref("permissions.default.camera", 2); -//lockPref("permissions.default.desktop-notification", 2); -//lockPref("permissions.default.microphone", 2); -//lockPref("permissions.default.shortcuts", 2); -//lockPref("privacy.window.maxInnerHeight", 900); -//lockPref("privacy.window.maxInnerWidth", 1600); -//lockPref("security.insecure_connection_text.pbmode.enabled", true); -//lockPref("security.nocertdb", true); -//lockPref("security.ssl3.dhe_rsa_aes_128_sha", false); -//lockPref("security.ssl3.dhe_rsa_aes_256_sha", false); -//lockPref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); -//lockPref("security.ssl3.ecdhe_rsa_aes_128_sha", false); -//lockPref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); - -// - Disabled - Section ON ------------------------------------------------------------------ - -// Pref : Tor settings -// This browser is not meant for tor -// Enabling those settings for user torifying their whole connection -defaultPref("network.dns.blockDotOnion", true); -lockPref("network.http.referer.hideOnionSource", true); - -// Pref : 1603 : CROSS ORIGIN: control when to send a referer -// 0=always (default), 1=only if base domains match, 2=only if hosts match -// Can break some important site... (payment... ) -lockPref("network.http.referer.XOriginPolicy", 1); - -// Pref : Only allow TLS 1.[0-3] -lockPref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3 - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Disabled - Deprecated Active -// Deprecated settings but left active for various reasons -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// Pref : 0516 : disable Onboarding (FF55+) -// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time -// about:home or about:newtab is opened, the onboarding overlay is injected into it -// [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] -// [1] https://wiki.mozilla.org/Firefox/Onboarding -// [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf -// [3] https://bugzilla.mozilla.org/863246#c154 -lockPref("browser.onboarding.enabled", false); // Removed in v64 //Deprecated Active - -// Pref : Disable WebIDE Web Debug Extension -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.autoinstallADBHelper", false); -// Replaced by "devtools.webide.autoinstallADBExtension" in 64 - -// Pref : Disable raw TCP socket support (mozTCPSocket) -// https://trac.torproject.org/projects/tor/ticket/18863 -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ -// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket -// is only exposed to chrome ( https://trac.torproject.org/projects/tor/ticket/27268#comment:2 ) -// Not important -lockPref("dom.mozTCPSocket.enabled", false); - -// Pref : Enforce checking for Firefox updates -lockPref("app.update.enabled", false); - -// Pref : Disable bookmark backups (default: 15) -// http://kb.mozillazine.org/Browser.bookmarks.max_backups -lockPref("browser.bookmarks.max_backups", 2); - -// Pref : Disable SSDP -// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967 -lockPref("browser.casting.enabled", false); - -// Pref : -lockPref("browser.newtabpage.activity-stream.enabled", false); -lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); -lockPref("browser.newtabpage.directory.source", "data:text/plain,"); -lockPref("browser.newtabpage.enhanced", false); - -// Pref : -lockPref("browser.pocket.enabled", false); - -// Pref : Disable Heartbeat (Mozilla user rating telemetry) -// https://wiki.mozilla.org/Advocacy/heartbeat -// https://trac.torproject.org/projects/tor/ticket/19047 -lockPref("browser.selfsupport.url", ""); - -// Pref : Don't reveal build ID -// Value taken from Tor Browser -// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -// Already enforced with 'privacy.resistFingerprinting' ? -lockPref("browser.startup.homepage_override.mstone", "ignore"); - -// Pref : Disable face detection -lockPref("camera.control.face_detection.enabled", false); - -// Pref : -lockPref("datareporting.healthreport.about.reportUrl", "data:,"); -lockPref("datareporting.healthreport.service.enabled", false); - -// Pref : -lockPref("device.sensors.enabled", false); - -// Pref : Disable WebIDE Web Debug -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -lockPref("devtools.webide.autoinstallFxdtAdapters", false); -lockPref("devtools.webide.adaptersAddonURL", ""); - -// Pref : Disable resource timing API -// https://www.w3.org/TR/resource-timing/#privacy-security -lockPref("dom.enable_resource_timing", false); - -// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) -// https://wiki.mozilla.org/FlyWeb -// https://wiki.mozilla.org/FlyWeb/Security_scenarios -// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit -// http://www.ghacks.net/2016/07/26/firefox-flyweb -lockPref("dom.flyweb.enabled", false); - -// Pref : -lockPref("dom.gamepad.enabled", false); - -// Pref : Disable leaking network/browser connection information via Javascript -// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) -// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API -// https://wicg.github.io/netinfo/#privacy-considerations -// https://bugzilla.mozilla.org/show_bug.cgi?id=960426 -lockPref("dom.netinfo.enabled", false); - -// Pref : 2306: disable push notifications (FF44+) -// web apps can receive messages pushed to them from a server, whether or -// not the web app is in the foreground, or even currently loaded -// [1] https://developer.mozilla.org/docs/Web/API/Push_API -lockPref("dom.push.udp.wakeupEnabled", false); //UDP Wake-up - -// Pref : Disable telephony API -// https://wiki.mozilla.org/WebAPI/Security/WebTelephony -lockPref("dom.telephony.enabled", false); - -// Pref : Disable SHIELD -// https://support.mozilla.org/en-US/kb/shield -// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 -lockPref("extensions.shield-recipe-client.enabled", false); - -// Pref : Disable Firefox Hello metrics collection -// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion -lockPref("loop.logDomains", false); - -// Pref : Disable video stats to reduce fingerprinting threat -// https://bugzilla.mozilla.org/show_bug.cgi?id=654550 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065 -lockPref("media.video_stats.enabled", false); - -// Pref : WebSockets is a technology that makes it possible to open an interactive communication -// session between the user's browser and a server. (May leak IP when using proxy/VPN) -lockPref("network.websocket.enabled", false); - -// Pref : Disable Reader -// Not deprecated but useful to be located here -lockPref("reader.parse-on-load.enabled", false); - -// CIS 2.7.4 Disable Scripting of Plugins by JavaScript -// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 -lockPref("security.xpconnect.plugin.unrestricted", false); - -// Pref : -lockPref("social.directories", ""); - -// Pref : -lockPref("social.remote-install.enabled", false); - -// Pref : -lockPref("social.whitelist", ""); - -// Pref : Disable RC4 -// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security -// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 -// https://rc4.io/ -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 -lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); -lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); -lockPref("security.ssl3.rsa_rc4_128_md5", false); -lockPref("security.ssl3.rsa_rc4_128_sha", false); -lockPref("security.tls.unrestricted_rc4_fallback", false); - -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Disabled - Deprecated Inactive -// Bench Diff : +0/5000 -// >>>>>>>>>>>>>>>>>>>> - -// - Disabled - Deprecated Main ------------------------------------------------------------------- - -// Pref : Other old safebrowsing not used -//lockPref("browser.safebrowsing.appRepURL", ""); -//lockPref("browser.safebrowsing.enabled", false); -//lockPref("browser.safebrowsing.gethashURL", ""); -//lockPref("browser.safebrowsing.malware.reportURL", ""); -//lockPref("browser.safebrowsing.provider.google.appRepURL", ""); -//lockPref("browser.safebrowsing.reportErrorURL", ""); -//lockPref("browser.safebrowsing.reportGenericURL", ""); -//lockPref("browser.safebrowsing.reportMalwareErrorURL", ""); -//lockPref("browser.safebrowsing.reportMalwareMistakeURL", ""); -//lockPref("browser.safebrowsing.reportMalwareURL", ""); -//lockPref("browser.safebrowsing.reportPhishMistakeURL", ""); -//lockPref("browser.safebrowsing.reportURL", ""); -//lockPref("browser.safebrowsing.updateURL", ""); - -// Pref : 1031: disable favicons in tabs and new bookmarks - merged with browser.chrome.site_icons -// [-] https://bugzilla.mozilla.org/1453751 -// lockPref("browser.chrome.favicons", false); - -// Pref : Don't use OS values to determine locale, force using Firefox locale setting -// http://kb.mozillazine.org/Intl.locale.matchOS -// Disabled to make resistFingerprinting efficient -//lockPref("intl.locale.matchOS", false); - -// Pref : 1601: disable referer from SSL Websites -// [-] https://bugzilla.mozilla.org/1308725 -//lockPref("network.http.sendSecureXSiteReferrer", false); - -// Pref : 2030: disable auto-play of HTML5 media - replaced by media.autoplay.default -// [WARNING] This may break video playback on various sites -// [-] https://bugzilla.mozilla.org/1470082 -// Still active for ESR60.x but not important -//lockPref("media.autoplay.enabled", false); - -// Pref : 1007: disable randomized FF HTTP cache decay experiments -// [1] https://trac.torproject.org/projects/tor/ticket/13575 -// [-] https://bugzilla.mozilla.org/1430197 -//lockPref("browser.cache.frecency_experiment", -1); - -// Pref : 1606: set the default Referrer Policy - replaced by network.http.referer.defaultPolicy -// [-] https://bugzilla.mozilla.org/587523 -//lockPref("network.http.referer.userControlPolicy", 3); // (FF53-FF58) default: 3 - -// Pref : 2704: set cookie lifetime in days (see 2703) -// [-] https://bugzilla.mozilla.org/1457170 -// lockPref("network.cookie.lifetime.days", 90); // default: 90 - -// Pref : 2604: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled -// [-] https://bugzilla.mozilla.org/897811 -//lockPref("pageThumbs.enabled", false); - -// - Disabled - Default is same ------------------------------------------------------------------- -// This is generally a bad idea: if FF disables something due to a security concern, the -// end user who doesn't keep up to date with changes (IF they do update) would be screwed over -// Thanks to @Thorin-Oakenpants - -// Pref : Display a notification bar when websites offer data for offline use -// http://kb.mozillazine.org/Browser.offline-apps.notify -//lockPref("browser.offline-apps.notify", true); //Default true - -// Pref : Enable Subresource Integrity -// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity -// https://wiki.mozilla.org/Security/Subresource_Integrity -//lockPref("security.sri.enable", true); //Default true - -// Pref : Enable GCM ciphers (TLSv1.2 only) -// https://en.wikipedia.org/wiki/Galois/Counter_Mode -//lockPref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // Pref : 0xc02b //Default true - -// Pref : Enable ciphers with ECDHE and key size > 128bits -//lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // Pref : 0xc00a //Default true - -// Pref : Enable ChaCha20 and Poly1305 (Firefox >= 47) -// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/ -// https://tools.ietf.org/html/rfc7905 -// https://bugzilla.mozilla.org/show_bug.cgi?id=917571 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860 -// https://cr.yp.to/chacha.html -//lockPref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true); //Default true -//lockPref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true); //Default true - -// Pref : Enable GCM ciphers (TLSv1.2 only) -// https://en.wikipedia.org/wiki/Galois/Counter_Mode -//lockPref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // Pref : 0xc02f //Default true - -// Pref : Enable ciphers with ECDHE and key size > 128bits -//lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // Pref : 0xc014 //Default true - -// - Disabled - Dumped Deprecated From (gHacks, Check user.js for description) -------------------- - -//lockPref("general.useragent.locale", "en-US"); -//lockPref("browser.backspace_action", 2); -//lockPref("browser.bookmarks.showRecentlyBookmarked", false); -//lockPref("browser.crashReports.unsubmittedCheck.autoSubmit", false); -//lockPref("browser.ctrlTab.previews", true); -//lockPref("browser.formautofill.enabled", false); -//lockPref("browser.formfill.saveHttpsForms", false); -//lockPref("browser.fullscreen.animate", false); -//lockPref("browser.history.allowPopState", false); -//lockPref("browser.history.allowPushState", false); -//lockPref("browser.history.allowReplaceState", false); -//lockPref("browser.newtabpage.introShown", true); -//lockPref("browser.pocket.api", ""); -//lockPref("browser.pocket.oAuthConsumerKey", ""); -//lockPref("browser.pocket.site", ""); -//lockPref("browser.polaris.enabled", false); -//lockPref("browser.search.showOneOffButtons", false); -//lockPref("browser.selfsupport.enabled", false); -//lockPref("browser.sessionstore.privacy_level_deferred", 2); -//lockPref("browser.tabs.warnOnClose", false); -//lockPref("browser.tabs.warnOnCloseOtherTabs", false); -//lockPref("browser.tabs.warnOnOpen", false); -//lockPref("browser.trackingprotection.gethashURL", ""); -//lockPref("browser.trackingprotection.updateURL", ""); -//lockPref("browser.urlbar.decodeURLsOnCopy", true); -//lockPref("browser.urlbar.unifiedcomplete", false); -//lockPref("browser.usedOnWindows10.introURL", ""); -//lockPref("browser.zoom.siteSpecific", false); -//lockPref("camera.control.autofocus_moving_callback.enabled", false); -//lockPref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); -//lockPref("datareporting.healthreport.documentServerURI", ""); -//lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); -//lockPref("dom.archivereader.enabled", false); -//lockPref("dom.beforeAfterKeyboardEvent.enabled", false); -//lockPref("dom.disable_image_src_set", true); -//lockPref("dom.disable_window_open_feature.scrollbars", true); -//lockPref("dom.disable_window_status_change", true); -//lockPref("dom.idle-observers-api.enabled", false); -//lockPref("dom.keyboardevent.code.enabled", false); -//lockPref("dom.network.enabled", false); -//lockPref("dom.vr.oculus050.enabled", false); -//lockPref("dom.w3c_touch_events.enabled", 0); -//lockPref("dom.workers.enabled", false); -//lockPref("dom.workers.sharedWorkers.enabled", false); -//lockPref("extensions.formautofill.experimental", false); -//lockPref("extensions.screenshots.system-disabled", true); -//lockPref("extensions.shield-recipe-client.api_url", ""); -//lockPref("full-screen-api.approval-required", false); -//lockPref("full-screen-api.warning.delay", 0); -//lockPref("full-screen-api.warning.timeout", 0); -//lockPref("general.warnOnAboutConfig", false); -//lockPref("geo.security.allowinsecure", false); -//lockPref("loop.enabled", false); -//lockPref("loop.facebook.appId", ""); -//lockPref("loop.facebook.enabled", false); -//lockPref("loop.facebook.fallbackUrl", ""); -//lockPref("loop.facebook.shareUrl", ""); -//lockPref("loop.feedback.formURL", ""); -//lockPref("loop.feedback.manualFormURL", ""); -//lockPref("loop.server", ""); -//lockPref("media.block-play-until-visible", true); -//lockPref("media.eme.apiVisible", false); -//lockPref("media.eme.chromium-api.enabled", false); -//lockPref("media.getusermedia.screensharing.allow_on_old_platforms", false); -//lockPref("media.getusermedia.screensharing.allowed_domains", ""); -//lockPref("media.gmp-eme-adobe.autoupdate", false); -//lockPref("media.gmp-eme-adobe.visible", false); -//lockPref("media.ondevicechange.enabled", false); -//lockPref("media.webspeech.synth.enabled", false); -//lockPref("network.http.spdy.enabled.http2draft", false); -//lockPref("network.http.spdy.enabled.v3-1", false); -//lockPref("pfs.datasource.url", ""); -//lockPref("plugin.scan.Acrobat", "99999"); -//lockPref("plugin.scan.Quicktime", "99999"); -//lockPref("plugin.scan.WindowsMediaPlayer", "99999"); -//lockPref("plugins.enumerable_names", ""); -//lockPref("plugins.update.notifyUser", false); -//lockPref("plugins.update.url", ""); -//lockPref("privacy.clearOnShutdown.passwords", false); -//lockPref("security.mixed_content.send_hsts_priming", false); -//lockPref("security.mixed_content.use_hsts", true); -//lockPref("security.tls.insecure_fallback_hosts.use_static_list", false); -//lockPref("social.enabled", false); -//lockPref("social.share.activationPanelEnabled", false); -//lockPref("social.shareDirectory", ""); -//lockPref("social.toast-notifications.enabled", false); -//lockPref("startup.homepage_override_url", ""); -//lockPref("startup.homepage_welcome_url", ""); -//lockPref("startup.homepage_welcome_url.additional", ""); -//lockPref("toolkit.cosmeticAnimations.enabled", false); -//lockPref("toolkit.telemetry.unifiedIsOptIn", true); -//lockPref("ui.key.menuAccessKey", 0); -//lockPref("view_source.tab", false); - -defaultPref("xpinstall.signatures.required", true); - -// https://www.ghacks.net/2019/05/24/firefox-69-userchrome-css-and-usercontent-css-disabled-by-default/ -// might increase startup time, so keep it disabled, but modifiable by default -defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); - -// to be set for the console to work, see https://gitlab.com/librewolf-community/browser/linux/-/issues/80: -defaultPref("devtools.selfxss.count", 0); - -// enable HTTPS only mode by default -defaultPref("dom.security.https_only_mode", true); -defaultPref("dom.security.https_only_mode_ever_enabled", true); +// ----------------------------------- +// # OVERRIDES +// ----------------------------------- // allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg` // or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak). -// not yet verified to work on Windows and MacOS releases -let home_directory = getenv("HOME"); -if (home_directory) { - pref("autoadmin.global_config_url", `file://${home_directory}/.librewolf/librewolf.overrides.cfg`); +let profile_directory; +if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { + pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); }