2019-04-24 23:38:24 +00:00
//
2019-05-14 07:29:30 +00:00
/ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
2020-09-19 14:03:04 +00:00
* user . js | Fenix , Iceraven , Fennec F - Droid or Icecatmobile *
2019-05-14 07:29:30 +00:00
* *
2020-09-19 10:54:09 +00:00
* https : //git.nixnet.xyz/Narsil/mobile_user.js *
2019-05-14 07:29:30 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * /
2019-04-24 23:38:24 +00:00
//
2020-09-19 13:11:31 +00:00
// Author : Narsil https://git.nixnet.xyz/Narsil/mobile_user.js
2019-04-24 23:38:24 +00:00
//
2019-04-28 23:52:16 +00:00
//
2020-10-16 18:26:40 +00:00
// Based on : * [Quindecim](https://git.nixnet.xyz/quindecim/mobile_user.js)
* [ Arkenfox ] ( https : //github.com/arkenfox/user.js)
2019-07-15 09:37:50 +00:00
//
2020-09-19 10:54:09 +00:00
// License : https://git.nixnet.xyz/Narsil/mobile_user.js/src/branch/master/LICENSE.txt
2019-07-15 09:37:50 +00:00
//
2019-05-14 07:29:30 +00:00
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Startup
// >>>>>>>>>>>>>>>>>>>>>
2020-02-17 12:16:08 +00:00
// Pref : Enable start in Private Browsing mode
// user_pref("browser.privatebrowsing.autostart", true);
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Disable default browser check
user _pref ( "browser.shell.checkDefaultBrowser" , false ) ; // [DESKTOP]
// -------------------------------------
2020-02-17 12:16:08 +00:00
// Pref : Set START page
// (0=blank, 1=home, 2=last visited page, 3=resume previous session)
// [NOTE] Session Restore is not used in PB mode and is cleared with history
user _pref ( "browser.startup.page" , 0 ) ; // [DESKTOP]
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Set NEWTAB page
// true=Activity Stream, false=blank page
user _pref ( "browser.newtabpage.enabled" , false ) ; // [DESKTOP]
user _pref ( "browser.newtab.url" , "about:blank" ) ; // [DESKTOP]
// -------------------------------------
2020-04-08 20:54:55 +00:00
// Pref : Disable Extension Recommendations (CFR: "Contextual Feature Recommender")
2019-05-14 07:29:30 +00:00
// https://support.mozilla.org/en-US/kb/extension-recommendations
2019-05-25 16:45:03 +00:00
user _pref ( "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Activity Stream Top Stories, Pocket-based and/or sponsored content
user _pref ( "browser.newtabpage.activity-stream.feeds.section.topstories" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.section.topstories.options" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.section.highlights.includePocket" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.showSponsored" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.discoverystreamfeed" , false ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
user _pref ( "browser.newtabpage.activity-stream.pocketCta" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.sectionOrder" , "" ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
2020-04-08 20:54:55 +00:00
// Pref : Set Homepage and disable caching content
2019-05-14 07:29:30 +00:00
user _pref ( "browser.startup.homepage" , "about:blank" ) ; // [DESKTOP]
2020-04-08 20:54:55 +00:00
user _pref ( "browser.startup.homepage.abouthome_cache.enabled" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Activity Stream Snippets
// Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
// https://abouthome-snippets-service.readthedocs.io/
user _pref ( "browser.newtabpage.activity-stream.asrouter.providers.snippets" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.snippets" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream telemetry
user _pref ( "browser.newtabpage.activity-stream.feeds.telemetry" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.telemetry" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.telemetry.ut.events" , false ) ; // [DESKTOP]
2019-05-25 16:45:03 +00:00
user _pref ( "browser.newtabpage.activity-stream.telemetry.structuredIngestion" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint" , "" ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Activity Stream feeds
user _pref ( "browser.newtabpage.activity-stream.feeds.aboutpreferences" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.favicon" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.messagecenterfeed" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.migration" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.newtabinit" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.places" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.prefs" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.section.highlights" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.sections" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.systemtick" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.topsites" , false ) ; // [DESKTOP]
2020-02-17 12:16:08 +00:00
user _pref ( "browser.newtabpage.activity-stream.feeds.asrouterfeed" , false ) ; // [DESKTOP]
2020-03-15 17:00:28 +00:00
user _pref ( "browser.newtabpage.activity-stream.feeds.recommendationproviderswitcher" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Activity Stream (others)
user _pref ( "browser.newtabpage.activity-stream.messageCenterExperimentEnabled" , false ) ;
user _pref ( "browser.newtabpage.activity-stream.showSearch" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "browser.newtabpage.activity-stream.discoverystream.config" , "" ) ; // [DESKTOP]
2019-05-25 16:45:03 +00:00
user _pref ( "browser.newtabpage.activity-stream.discoverystream.endpoints" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.discoverystream.rec.impressions" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.discoverystream.spoc.impressions" , "" ) ; // [DESKTOP]
2019-08-24 19:06:23 +00:00
user _pref ( "browser.newtabpage.activity-stream.discoverystream.endpointSpocsClear" , "" ) ;
2019-05-24 19:15:59 +00:00
user _pref ( "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.section.highlights.includeDownloads" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.section.highlights.includeVisited" , false ) ; // [DESKTOP]
2020-03-15 17:00:28 +00:00
user _pref ( "browser.newtabpage.activity-stream.discoverystream.personalization.modelKeys" , "" ) ; // [DESKTOP]
2020-04-08 20:54:55 +00:00
user _pref ( "browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.discoverystream.isCollectionDismissible" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.discoverystream.region-basic-layout" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.discoverystream.region-layout-config" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.discoverystream.region-spocs-config" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.discoverystream.region-stories-config" , "" ) ; // [DESKTOP]
2020-07-26 15:37:57 +00:00
user _pref ( "browser.newtabpage.activity-stream.discoverystream.recs.personalized" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.discoverystream.spocs.personalized" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.system.topsites" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.feeds.system.topstories" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable new tab tile ads & preload
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
user _pref ( "browser.newtab.preload" , false ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.directory.ping" , "" ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
user _pref ( "browser.newtabpage.activity-stream.asrouter.messageProviders" , "" ) ; // [DESKTOP]
// -------------------------------------
// Pref : Don't reveal build ID
// Value taken from Tor Browser
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
user _pref ( "browser.startup.homepage_override.mstone" , "ignore" ) ;
2020-04-08 20:54:55 +00:00
// -------------------------------------
2020-06-18 11:22:51 +00:00
// Pref : Disable separate about:welcome page
2020-04-08 20:54:55 +00:00
// https://bugzilla.mozilla.org/show_bug.cgi?id=1617783
user _pref ( "browser.aboutwelcome.enabled" , false ) ; // [DESKTOP]
2020-05-07 17:42:34 +00:00
user _pref ( "trailhead.firstrun.branches" , "" ) ; // [DESKTOP]
2020-07-26 15:37:57 +00:00
user _pref ( "browser.aboutwelcome.overrideContent" , "" ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
//
2019-04-24 23:38:24 +00:00
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Section : Quiet Fox
// >>>>>>>>>>>>>>>>>>>>>
2019-05-21 19:53:35 +00:00
// Pref : Disable app from auto-update
2020-04-08 20:54:55 +00:00
// true=application updates are installed without user approval.
// false=application updates are downloaded but the user can choose when to install the update.
2019-05-21 19:53:35 +00:00
user _pref ( "app.update.auto" , false ) ; // [DESKTOP]
2020-10-24 13:41:38 +00:00
user _pref ( "app.update.autodownload" , "never" ) ;
2019-05-28 09:00:22 +00:00
user _pref ( "app.update.channel" , "" ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "app.update.url.details" , "" ) ; // [DESKTOP]
user _pref ( "app.update.url.manual" , "" ) ; // [DESKTOP]
2020-10-24 13:41:38 +00:00
user _pref ( "app.update.url.android" , "" ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "app.update.staging.enabled" , false ) ; // [DESKTOP]
user _pref ( "app.update.log.file" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable sync
user _pref ( "sync.enabled" , false ) ; // [DEPRECATED] // [DESKTOP]
user _pref ( "services.sync.enabled" , false ) ;
// -------------------------------------
// Pref : Disable other sync settings (by prevention)
user _pref ( "services.sync.maxResyncs" , 0 ) ; // [DESKTOP]
user _pref ( "services.sync.telemetry.maxPayloadCount" , 0 ) ; // [DESKTOP]
user _pref ( "services.sync.addons.ignoreUserEnabledChanges" , true ) ; // [DESKTOP]
user _pref ( "services.sync.engine.addons" , false ) ; // [DESKTOP]
user _pref ( "services.sync.engine.addresses" , false ) ; // [DESKTOP]
user _pref ( "services.sync.engine.bookmarks" , false ) ; // [DESKTOP]
user _pref ( "services.sync.engine.bookmarks.buffer" , false ) ; // [DESKTOP]
user _pref ( "services.sync.engine.creditcards" , false ) ; // [DESKTOP]
user _pref ( "services.sync.engine.creditcards.available" , false ) ; // [DESKTOP]
user _pref ( "services.sync.engine.history" , false ) ; // [DESKTOP]
user _pref ( "services.sync.engine.passwords" , false ) ; // [DESKTOP]
user _pref ( "services.sync.engine.prefs" , false ) ; // [DESKTOP]
user _pref ( "services.sync.engine.tabs" , false ) ; // [DESKTOP]
user _pref ( "services.sync.log.appender.file.logOnError" , false ) ; // [DESKTOP]
user _pref ( "services.sync.log.appender.file.logOnSuccess" , false ) ; // [DESKTOP]
user _pref ( "services.sync.log.cryptoDebug" , false ) ; // [DESKTOP]
user _pref ( "services.sync.sendVersionInfo" , false ) ; // [DESKTOP]
user _pref ( "services.sync.syncedTabs.showRemoteIcons" , true ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.accessibility.blockautorefresh" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.accessibility.browsewithcaret" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.accessibility.typeaheadfind" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.accessibility.typeaheadfind.linksonly" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.addons.ignoreUserEnabledChanges" , true ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.download.useDownloadDir" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.formfill.enable" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.link.open_newwindow" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.pinned" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.search.update" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.startup.homepage" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.startup.page" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.tabs.loadInBackground" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.tabs.warnOnClose" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.tabs.warnOnOpen" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.urlbar.autocomplete.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.urlbar.matchBuckets" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.urlbar.maxRichResults" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.urlbar.suggest.bookmark" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.urlbar.suggest.history" , false ) ; // [DESKTOP]
2020-12-19 16:41:58 +00:00
user _pref ( "services.sync.prefs.sync.browser.urlbar.suggest.engines" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.urlbar.suggest.openpage" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.urlbar.suggest.searches" , false ) ; // [DESKTOP]
2019-05-24 19:15:59 +00:00
user _pref ( "services.sync.prefs.sync.browser.contentblocking.category" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.contentblocking.introCount" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.crashReports.unsubmittedCheck.autoSubmit2" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.section.highlights" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.section.topstories" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.snippets" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.topsites" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.showSearch" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.topSitesRows" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.taskbar.previews.enable" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "services.sync.prefs.sync.dom.disable_open_during_load" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.dom.disable_window_flip" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.dom.disable_window_move_resize" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.dom.event.contextmenu.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.extensions.personas.current" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.extensions.update.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.intl.accept_languages" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.layout.spellcheckDefault" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.lightweightThemes.selectedThemeID" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.lightweightThemes.usedThemes" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.network.cookie.cookieBehavior" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.network.cookie.lifetimePolicy" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.permissions.default.image" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.pref.advanced.images.disable_button.view_image" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.pref.downloads.disable_button.edit_actions" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.clearOnShutdown.cache" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.clearOnShutdown.cookies" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.clearOnShutdown.downloads" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.clearOnShutdown.formdata" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.clearOnShutdown.history" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.clearOnShutdown.sessions" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.donottrackheader.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.reduceTimerPrecision" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.resistFingerprinting" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.trackingprotection.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled" , false ) ; // [DESKTOP]
2019-05-25 16:45:03 +00:00
user _pref ( "services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.media.autoplay.default" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "services.sync.prefs.sync.security.OCSP.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.security.OCSP.require" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.security.default_personal_cert" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.security.tls.version.max" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.security.tls.version.min" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.spellchecker.dictionary" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.xpinstall.whitelist.required" , false ) ; // [DESKTOP]
user _pref ( "services.sync.declinedEngines" , "" ) ; // [DESKTOP]
user _pref ( "services.sync.jpake.serverURL" , "" ) ; // [DEPRECATED] // [DESKTOP]
user _pref ( "services.sync.migrated" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.safebrowsing.downloads.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.safebrowsing.malware.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.safebrowsing.passwords.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.browser.safebrowsing.phishing.enabled" , false ) ; // [DESKTOP]
2019-06-23 17:24:52 +00:00
user _pref ( "services.sync.engine.addresses.available" , false ) ; // [DESKTOP]
user _pref ( "services.sync.addons.trustedSourceHostnames" , "" ) ; // [DESKTOP]
user _pref ( "services.sync.engine.tabs.filteredUrls" , "" ) ; // [DESKTOP]
user _pref ( "services.sync.log.appender.console" , "" ) ; // [DESKTOP]
user _pref ( "services.sync.log.appender.dump" , "" ) ; // [DESKTOP]
user _pref ( "services.sync.log.appender.file.level" , "" ) ; // [DESKTOP]
user _pref ( "services.sync.log.logger" , "" ) ; // [DESKTOP]
user _pref ( "services.sync.log.logger.engine" , "" ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.media.eme.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.privacy.fuzzyfox.enabled" , false ) ; // [DESKTOP]
user _pref ( "services.sync.prefs.sync.signon.rememberSignons" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "services.sync.serverURL" , "" ) ; // [DESKTOP]
user _pref ( "services.sync.lastversion" , "" ) ; // [DESKTOP]
user _pref ( "sync.serverURL" , "" ) ; // [DEPRECATED] // [DESKTOP]
user _pref ( "sync.jpake.serverURL" , "" ) ; // [DEPRECATED] // [DESKTOP]
2019-07-08 09:27:28 +00:00
user _pref ( "services.sync.prefs.sync.browser.contentblocking.features.strict" , false ) ; // [DESKTOP]
2019-07-15 09:37:50 +00:00
user _pref ( "services.sync.prefs.dangerously_allow_arbitrary" , false ) ; // [DESKTOP]
2019-08-24 19:06:23 +00:00
user _pref ( "services.sync.prefs.sync.app.shield.optoutstudies.enabled" , false ) ;
user _pref ( "services.sync.prefs.sync.browser.discovery.enabled" , false ) ;
user _pref ( "services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored" , false ) ;
user _pref ( "services.sync.prefs.sync.browser.search.widget.inNavBar" , false ) ;
user _pref ( "services.sync.prefs.sync.extensions.activeThemeID" , false ) ;
2019-05-21 19:53:35 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Never check updates for search engines
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
user _pref ( "browser.search.update" , false ) ;
user _pref ( "browser.search.update.log" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Tell the search service that we don't really expose the "current engine"
2020-10-24 13:41:38 +00:00
user _pref ( "browser.search.noCurrentEngine" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable sending Flash Player crash reports
user _pref ( "dom.ipc.plugins.flash.subprocess.crashreporter.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable sending the URL of the website where a plugin crashed
user _pref ( "dom.ipc.plugins.reportCrashURL" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-06 07:59:33 +00:00
// Pref : Disable Telemetry
2019-05-14 07:29:30 +00:00
// https://wiki.mozilla.org/Platform/Features/Telemetry
// https://wiki.mozilla.org/Privacy/Reviews/Telemetry
// https://wiki.mozilla.org/Telemetry
// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry
// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715
// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry
// https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html#id1
2019-04-27 09:27:34 +00:00
user _pref ( "toolkit.telemetry.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
user _pref ( "toolkit.telemetry.debugSlowSql" , false ) ;
2019-04-27 09:27:34 +00:00
user _pref ( "toolkit.telemetry.reportingpolicy.firstRun" , false ) ;
2021-02-06 18:46:27 +00:00
user _pref ( "toolkit.telemetry.server" , "" ) ;
2019-04-27 09:27:34 +00:00
user _pref ( "toolkit.telemetry.server_owner" , "" ) ;
user _pref ( "toolkit.telemetry.unified" , false ) ;
2019-06-06 16:32:41 +00:00
user _pref ( "toolkit.telemetry.unifiedIsOptIn" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
user _pref ( "toolkit.telemetry.archive.enabled" , false ) ; // [DESKTOP]
user _pref ( "toolkit.telemetry.cachedClientID" , "" ) ; // [DESKTOP]
user _pref ( "toolkit.telemetry.newProfilePing.enabled" , false ) ; // [DESKTOP]
user _pref ( "toolkit.telemetry.shutdownPingSender.enabled" , false ) ; // [DESKTOP]
user _pref ( "toolkit.telemetry.updatePing.enabled" , false ) ; // [DESKTOP]
user _pref ( "toolkit.telemetry.bhrPing.enabled" , false ) ; // [DESKTOP]
user _pref ( "toolkit.telemetry.firstShutdownPing.enabled" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "toolkit.telemetry.previousBuildID" , "" ) ; // [DESKTOP]
user _pref ( "toolkit.telemetry.prompted" , 2 ) ; // [DESKTOP]
user _pref ( "toolkit.telemetry.rejected" , true ) ; // [DESKTOP]
2019-08-24 19:06:23 +00:00
user _pref ( "security.identitypopup.recordEventTelemetry" , false ) ;
2019-06-06 16:32:41 +00:00
user _pref ( "security.certerrors.recordEventTelemetry" , false ) ; // [DESKTOP]
2019-07-08 09:27:28 +00:00
user _pref ( "privacy.trackingprotection.origin_telemetry.enabled" , false ) ;
user _pref ( "telemetry.origin_telemetry_test_mode.enabled" , false ) ;
user _pref ( "toolkit.telemetry.ecosystemtelemetry.enabled" , false ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
user _pref ( "security.protectionspopup.recordEventTelemetry" , false ) ; // [DESKTOP]
user _pref ( "toolkit.telemetry.geckoview.streaming" , false ) ;
user _pref ( "toolkit.telemetry.isGeckoViewMode" , false ) ;
2019-12-04 21:55:28 +00:00
user _pref ( "toolkit.telemetry.testing.overrideProductsCheck" , false ) ;
2020-02-17 12:16:08 +00:00
user _pref ( "security.app_menu.recordEventTelemetry" , false ) ; // [DESKTOP]
2020-05-07 17:42:34 +00:00
user _pref ( "browser.urlbar.eventTelemetry.enabled" , false ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-11-11 14:49:31 +00:00
// Pref : Disable collect Telemetry on tracking resources traffic.
// An experiment that analyses HTTP traffic and will run at most until Firefox 73, looking for the prevalence of tracking resources going through HTTP.
// https://bugzilla.mozilla.org/show_bug.cgi?id=1533363
2020-11-11 14:52:38 +00:00
user _pref ( "network.traffic_analyzer.enabled" , false ) ;
2020-11-11 14:49:31 +00:00
// -------------------------------------
2019-05-06 07:59:33 +00:00
// Pref : Disable Telemetry Coverage
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
2019-05-21 19:53:35 +00:00
user _pref ( "toolkit.coverage.enabled" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
user _pref ( "toolkit.telemetry.coverage.opt-out" , true ) ; // [HIDDEN PREF] // [DESKTOP]
user _pref ( "toolkit.coverage.opt-out" , true ) ; // [HIDDEN PREF] // [DESKTOP]
user _pref ( "toolkit.coverage.endpoint.base" , "" ) ; // [DESKTOP]
2019-05-06 07:59:33 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable collection/sending of the health report (healthreport.sqlite*)
2019-05-14 07:29:30 +00:00
user _pref ( "datareporting.healthreport.uploadEnabled" , false ) ; // [DESKTOP]
user _pref ( "datareporting.healthreport.service.enabled" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "datareporting.healthreport.infoURL" , "" ) ; // [DESKTOP]
2019-04-27 09:27:34 +00:00
user _pref ( "datareporting.policy.dataSubmissionEnabled" , false ) ;
2019-05-14 07:29:30 +00:00
user _pref ( "datareporting.policy.currentPolicyVersion" , 0 ) ;
2019-04-27 09:27:34 +00:00
user _pref ( "datareporting.policy.currentPolicyAcceptedVersion" , 0 ) ;
user _pref ( "datareporting.policy.dataSubmissionPolicyAcceptedVersion" , 0 ) ;
user _pref ( "datareporting.policy.dataSubmissionPolicyBypassNotification" , false ) ;
user _pref ( "datareporting.policy.dataSubmissionPolicyNotifiedTime" , "" ) ;
user _pref ( "datareporting.policy.firstRunURL" , "" ) ;
user _pref ( "datareporting.policy.minimumPolicyVersion" , 0 ) ;
user _pref ( "datareporting.policy.minimumPolicyVersion.channel-beta" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable personalized Extension Recommendations in about:addons and AMO
2019-04-27 17:36:54 +00:00
// [NOTE] This pref has no effect when Health Reports are disabled
2019-04-27 09:27:34 +00:00
// https://support.mozilla.org/kb/personalized-extension-recommendations
user _pref ( "browser.discovery.enabled" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable Crash Reports
user _pref ( "breakpad.reportURL" , "" ) ;
2019-09-02 14:04:25 +00:00
user _pref ( "browser.tabs.crashReporting.email" , "" ) ; // [DESKTOP]
user _pref ( "browser.tabs.crashReporting.emailMe" , false ) ; // [DESKTOP]
user _pref ( "browser.tabs.crashReporting.includeURL" , false ) ; // [DESKTOP]
user _pref ( "browser.tabs.crashReporting.requestEmail" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
user _pref ( "browser.tabs.crashReporting.sendReport" , false ) ; // [DESKTOP]
user _pref ( "browser.crashReports.unsubmittedCheck.enabled" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "toolkit.crashreporter.infoURL" , "" ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-04-08 20:54:55 +00:00
// Pref : Disable Crash Report for Reporting API
// https://bugzilla.mozilla.org/show_bug.cgi?id=1607364
user _pref ( "dom.reporting.crash.enabled" , false ) ;
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable automatic captive portal detection
2019-09-02 14:04:25 +00:00
// https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
2019-04-27 09:27:34 +00:00
// https://wiki.mozilla.org/Necko/CaptivePortal
user _pref ( "captivedetect.canonicalURL" , "" ) ;
user _pref ( "network.captive-portal-service.enabled" , false ) ;
user _pref ( "network.captive-portal-service.backoffFactor" , "" ) ;
2019-05-10 20:50:17 +00:00
// user_pref("network.captive-portal-service.maxInterval", 0);
// user_pref("network.captive-portal-service.minInterval", 0);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable Network Connectivity checks
// https://bugzilla.mozilla.org/1460537
user _pref ( "network.connectivity-service.enabled" , false ) ; // [DEFAULT: true]
user _pref ( "network.connectivity-service.IPv4.url" , "" ) ;
user _pref ( "network.connectivity-service.IPv6.url" , "" ) ;
user _pref ( "network.connectivity-service.DNSv4.domain" , "" ) ;
user _pref ( "network.connectivity-service.DNSv6.domain" , "" ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Disable auto updating of lightweight themes (LWT)
// Not to be confused with themes, which use the Theme API
// Mozilla plan to convert existing LWTs and remove LWT support in the future
// https://blog.mozilla.org/addons/2018/09/20/future-themes-here/
user _pref ( "lightweightThemes.persisted.headerURL" , false ) ;
2019-07-08 09:27:28 +00:00
// user_pref("lightweightThemes.selectedThemeID", ""); // [BUG - FF doesen't save theme selected by user]
2019-05-21 19:53:35 +00:00
user _pref ( "lightweightThemes.getMoreURL" , "" ) ; // [DESKTOP]
user _pref ( "lightweightThemes.persisted.footerURL" , false ) ; // [DESKTOP]
user _pref ( "lightweightThemes.recommendedThemes" , "" ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Studies and SHIELD
user _pref ( "app.shield.optoutstudies.enabled" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable backlogged Crash Reports
user _pref ( "browser.crashReports.unsubmittedCheck.autoSubmit2" , false ) ; // [DESKTOP]
// -------------------------------------
2019-07-08 09:27:28 +00:00
// Pref : Disable about:addons Recommendations pane (uses Google Analytics)
2019-05-14 07:29:30 +00:00
user _pref ( "extensions.getAddons.showPane" , false ) ; // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
2019-07-08 09:27:28 +00:00
// Pref : Disable recommendations in about:addons Extensions and Themes panes
// https://www.ghacks.net/2019/05/15/enable-new-firefox-recommended-extensions-suggestions-in-firefox-68-nightly/
user _pref ( "extensions.htmlaboutaddons.inline-options.enabled" , false ) ;
2019-07-15 09:37:50 +00:00
user _pref ( "extensions.htmlaboutaddons.recommendations.enabled" , false ) ;
2019-07-08 09:27:28 +00:00
user _pref ( "extensions.getAddons.discovery.api_url" , "" ) ; // [DESKTOP]
2019-07-15 09:37:50 +00:00
user _pref ( "extensions.recommendations.privacyPolicyUrl" , "" ) ;
user _pref ( "extensions.recommendations.themeRecommendationUrl" , "" ) ;
2019-07-08 09:27:28 +00:00
// -------------------------------------
2019-12-04 21:55:28 +00:00
// Pref : Disable extension's report option in about:addons
2019-07-08 09:27:28 +00:00
user _pref ( "extensions.abuseReport.enabled" , false ) ;
user _pref ( "extensions.abuseReport.url" , "" ) ;
2019-12-04 21:55:28 +00:00
user _pref ( "extensions.abuseReport.amoDetailsURL" , "" ) ;
user _pref ( "extensions.abuseReport.amWebAPI.enabled" , false ) ;
2019-07-08 09:27:28 +00:00
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Disable Firefox Hello metrics collection
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
2019-07-08 09:27:28 +00:00
user _pref ( "loop.logDomains" , false ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
// -------------------------------------
2019-10-23 08:18:18 +00:00
// Pref : Disable contentblocking reports
2019-05-16 09:59:26 +00:00
user _pref ( "browser.contentblocking.reportBreakage.url" , "" ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
user _pref ( "browser.contentblocking.report.cookie.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.cryptominer.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.fingerprinter.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.lockwise.enabled" , false ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.lockwise.how_it_works.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.manage_devices.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.monitor.enabled" , false ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.monitor.how_it_works.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.monitor.sign_in_url" , "" ) ; // [DESKTOP]
2019-12-04 21:55:28 +00:00
user _pref ( "browser.contentblocking.report.monitor.url" , "" ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
user _pref ( "browser.contentblocking.report.proxy.enabled" , false ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.proxy_extension.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.social.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.tracker.url" , "" ) ; // [DESKTOP]
2020-07-26 15:37:57 +00:00
user _pref ( "browser.contentblocking.report.endpoint_url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.monitor.home_page_url" , "" ) ; // [DESKTOP]
user _pref ( "browser.contentblocking.report.monitor.preferences_url" , "" ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
// -------------------------------------
2020-04-08 20:54:55 +00:00
// Pref : Disable lockwise app callout to the ETP card
// https://bugzilla.mozilla.org/show_bug.cgi?id=1612091
// https://bugzilla.mozilla.org/show_bug.cgi?id=1612088
user _pref ( "browser.contentblocking.report.show_mobile_app" , false ) ;
user _pref ( "browser.contentblocking.report.lockwise.mobile-android.url" , "" ) ;
user _pref ( "browser.contentblocking.report.lockwise.mobile-ios.url" , "" ) ;
user _pref ( "browser.contentblocking.report.mobile-android.url" , "" ) ;
user _pref ( "browser.contentblocking.report.mobile-ios.url" , "" ) ;
// -------------------------------------
2019-08-24 19:06:23 +00:00
// Pref : Disable send content blocking log to about:protections
// https://bugzilla.mozilla.org/show_bug.cgi?id=1549832
2019-10-23 08:18:18 +00:00
user _pref ( "browser.contentblocking.database.enabled" , false ) ;
2019-08-24 19:06:23 +00:00
// -------------------------------------
2019-12-04 21:55:28 +00:00
// Pref : Disable celebrating milestone toast when certain numbers of trackers are blocked
user _pref ( "browser.contentblocking.cfr-milestone.enabled" , false ) ; // [DESKTOP]
// -------------------------------------
2019-05-16 09:59:26 +00:00
// Pref : Onboarding tour disable because of included telemetry
// [NOTE] This setting is just in case it comeback
user _pref ( "browser.onboarding.notification.finished" , true ) ; // [DESKTOP] // [DEPRECATED]
user _pref ( "browser.onboarding.tour.onboarding-tour-customize.completed" , true ) ; // [DESKTOP] // [DEPRECATED]
user _pref ( "browser.onboarding.tour.onboarding-tour-performance.completed" , true ) ; // [DESKTOP] // [DEPRECATED]
2019-05-21 19:53:35 +00:00
user _pref ( "devtools.onboarding.telemetry.logged" , false ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
// -------------------------------------
// Pref : Disable check default browser on first run
user _pref ( "browser.shell.didSkipDefaultBrowserCheckOnFirstRun" , true ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
// -------------------------------------
// Pref : Disable GCLI (Graphical Command Line Interface)
// https://wiki.mozilla.org/DevTools/Features/GCLI
user _pref ( "devtools.gcli.imgurUploadURL" , "" ) ; // [DESKTOP]
user _pref ( "devtools.gcli.jquerySrc" , "" ) ; // [DESKTOP]
user _pref ( "devtools.gcli.underscoreSrc" , "" ) ; // [DESKTOP]
user _pref ( "devtools.gcli.lodashSrc" , "" ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox screenshot extension
// https://support.mozilla.org/en-US/kb/firefox-screenshots
user _pref ( "extensions.screenshots.disabled" , true ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable spellchecker functionality by default
// 0=none, 1-multi-line, 2=multi-line & single-line
// https://support.mozilla.org/en-US/kb/how-do-i-use-firefox-spell-checker
user _pref ( "layout.spellcheckDefault" , 0 ) ; // [DESKTOP]
// -------------------------------------
2019-12-04 21:55:28 +00:00
// Pref : Enable Firefox internal pages and disable the related warnings
user _pref ( "general.aboutConfig.enable" , true ) ;
2020-02-17 12:16:08 +00:00
user _pref ( "general.warnOnAboutConfig" , false ) ; // [XUL/XHTML]
2020-01-10 15:23:10 +00:00
user _pref ( "browser.aboutConfig.showWarning" , false ) ; // [DESKTOP] // [HTML]
2019-06-23 17:24:52 +00:00
// -------------------------------------
// Pref : Disable recent Highlights in the Library
user _pref ( "browser.library.activity-stream.enabled" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable warnings about close/open multiple tabs
user _pref ( "browser.tabs.warnOnClose" , false ) ; // [DESKTOP]
user _pref ( "browser.tabs.warnOnCloseOtherTabs" , false ) ; // [DESKTOP]
user _pref ( "browser.tabs.warnOnOpen" , false ) ; // [DESKTOP]
2019-09-02 14:04:25 +00:00
user _pref ( "browser.warnOnQuit" , false ) ; // [DESKTOP]
2019-06-23 17:24:52 +00:00
// -------------------------------------
2019-08-24 19:06:23 +00:00
// Pref : Disable warnings by entering full screen mode
2019-06-23 17:24:52 +00:00
user _pref ( "full-screen-api.warning.delay" , 0 ) ;
user _pref ( "full-screen-api.warning.timeout" , 0 ) ;
2019-08-24 19:06:23 +00:00
// -------------------------------------
// Pref : Disable WebVTT logging and test events
// https://developer.mozilla.org/en-US/docs/Web/API/WebVTT_API
// https://git.sny.no/gecko/commit/?id=5701a142f2a5e89b1b716e0edec0f18d5e513678
user _pref ( "media.webvtt.debug.logging" , false ) ;
user _pref ( "media.webvtt.testing.events" , false ) ;
2019-12-04 21:55:28 +00:00
// -------------------------------------
// Pref : Disable Firefox Developer Tools
// https://developer.mozilla.org/en-US/docs/Tools
user _pref ( "devtools.enabled" , false ) ;
2020-02-17 12:16:08 +00:00
// -------------------------------------
// Pref : Disable SSDP (Simple Service Discovery Protocol)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
2020-10-24 13:41:38 +00:00
user _pref ( "browser.casting.enabled" , false ) ;
2020-02-17 12:16:08 +00:00
// -------------------------------------
// Pref : Disable in-browser feed handling
2020-10-24 13:41:38 +00:00
// This preferences determines which web sites are listed in the “Subscription Options” dialog.
user _pref ( "browser.contentHandlers.types.0.title" , "" ) ;
user _pref ( "browser.contentHandlers.types.0.type" , "" ) ;
user _pref ( "browser.contentHandlers.types.0.uri" , "" ) ;
user _pref ( "browser.contentHandlers.types.1.title" , "" ) ;
user _pref ( "browser.contentHandlers.types.1.type" , "" ) ;
user _pref ( "browser.contentHandlers.types.1.uri" , "" ) ;
user _pref ( "browser.contentHandlers.types.2.title" , "" ) ;
user _pref ( "browser.contentHandlers.types.2.type" , "" ) ;
user _pref ( "browser.contentHandlers.types.2.uri" , "" ) ;
user _pref ( "browser.contentHandlers.types.3.title" , "" ) ;
user _pref ( "browser.contentHandlers.types.3.type" , "" ) ;
user _pref ( "browser.contentHandlers.types.3.uri" , "" ) ;
/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2020-02-17 12:16:08 +00:00
// Pref : Disable tickle time under wifi network
// It transmit UDP busy-work to the LAN when anticipating low latency network reads and on wifi to mitigate 802.11 Power Save Polling delays
// If you're on wifi and an IPv4 DHCP network we will send 0 length UDP packets at port 4886 of your gateway at the default rate of 60hz for 400ms from the start of the transaction in an attempt to improve RTT during the critical early phases
// https://bugzilla.mozilla.org/show_bug.cgi?id=888268
user _pref ( "network.tickle-wifi.enabled" , false ) ;
2020-03-15 17:00:28 +00:00
// -------------------------------------
2020-10-15 15:10:05 +00:00
// Pref : Disable SSL False Start for HTTPS/WebSockets/SPDY connections
2020-10-15 15:30:16 +00:00
// https://bugzilla.mozilla.org/show_bug.cgi?id=658222
2020-10-15 15:10:05 +00:00
// Avoid the client to complete its handshake before starting the actual session
user _pref ( "security.ssl.enable_false_start" , false ) ;
//--------------------------------------
2020-03-15 17:00:28 +00:00
// Pref : Disable Corroborate.jsm telemetry
// https://bugzilla.mozilla.org/show_bug.cgi?id=1608308
user _pref ( "corroborator.enabled" , false ) ; // [DESKTOP]
2020-04-08 20:54:55 +00:00
// -------------------------------------
// Pref : Disable Remote Settings
2020-12-07 18:16:06 +00:00
// In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985
// https://blog.mozilla.org/security/tag/crlite/ ***/
2020-04-08 20:54:55 +00:00
user _pref ( "security.remote_settings.intermediates.enabled" , false ) ;
user _pref ( "security.remote_settings.intermediates.bucket" , "" ) ;
user _pref ( "security.remote_settings.intermediates.collection" , "" ) ;
user _pref ( "security.remote_settings.intermediates.signer" , "" ) ;
user _pref ( "security.remote_settings.crlite_filters.enabled" , false ) ;
user _pref ( "security.remote_settings.crlite_filters.bucket" , "" ) ;
user _pref ( "security.remote_settings.crlite_filters.collection" , "" ) ;
user _pref ( "security.remote_settings.crlite_filters.signer" , "" ) ;
2021-02-21 10:58:40 +00:00
user _pref ( "security.pki.crlite_mode" , 0 ) ;
2020-04-08 20:54:55 +00:00
// -------------------------------------
// Pref : Disable Default Browser Agent
// https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html
user _pref ( "default-browser-agent.enabled" , false ) ; // [WINDOWS] // [DESKTOP]
2020-07-26 15:37:57 +00:00
// -------------------------------------
// Pref : Disable location bar leaking single words to a DNS provider (after searching)
// 0=never resolve single words, 1=heuristic (default), 2=always resolve
// [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions
// https://bugzilla.mozilla.org/1642623
user _pref ( "browser.urlbar.dnsResolveSingleWordsAfterSearch" , 0 ) ; // [DESKTOP]
2019-04-27 09:27:34 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-24 23:38:24 +00:00
// Section : IJWY To Shut Up
// I Just Want You To Shut Up : Closing all non necessary communication to mozilla.org etc.
// >>>>>>>>>>>>>>>>>>>>>
2019-05-01 09:22:54 +00:00
// Pref : Block unwanted connections
2019-04-30 16:29:58 +00:00
user _pref ( "app.feedback.baseURL" , "" ) ;
2020-10-24 13:41:38 +00:00
user _pref ( "app.feedbackURL" , "" ) ;
user _pref ( "app.channelURL" , "" ) ;
user _pref ( "app.creditsURL" , "" ) ;
user _pref ( "app.faqURL" , "" ) ;
user _pref ( "app.privacyURL" , "" ) ;
user _pref ( "app.releaseNotesURL" , "" ) ; // [URL SANITIZED]
2019-05-01 09:22:54 +00:00
user _pref ( "app.support.baseURL" , "" ) ;
2020-10-24 13:41:38 +00:00
user _pref ( "app.supportURL" , "" ) ;
2019-05-16 09:59:26 +00:00
user _pref ( "app.vendorURL" , "" ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
user _pref ( "media.decoder-doctor.new-issue-endpoint" , "" ) ;
user _pref ( "network.trr.confirmationNS" , "" ) ;
user _pref ( "services.settings.default_signer" , "" ) ; // [DESKTOP]
user _pref ( "services.settings.server" , "" ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
user _pref ( "accessibility.support.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.dictionaries.download.url" , "" ) ; // [DESKTOP]
user _pref ( "browser.geolocation.warning.infoURL" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.asrouter.providers.cfr" , "" ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
user _pref ( "browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa" , "" ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
user _pref ( "browser.newtabpage.activity-stream.asrouter.providers.onboarding" , "" ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
user _pref ( "browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel" , "" ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
user _pref ( "browser.newtabpage.activity-stream.fxaccounts.endpoint" , "" ) ; // [DESKTOP]
user _pref ( "browser.search.searchEnginesURL" , "" ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "extensions.getAddons.themes.browseURL" , "" ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
user _pref ( "security.content.signature.root_hash" , "" ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "identity.mobilepromo.android" , "" ) ; // [DESKTOP]
user _pref ( "identity.mobilepromo.ios" , "" ) ; // [DESKTOP]
2019-12-04 21:55:28 +00:00
user _pref ( "identity.sendtabpromo.url" , "" ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "toolkit.datacollection.infoURL" , "" ) ; // [DESKTOP]
2019-05-25 16:45:03 +00:00
user _pref ( "dom.keyboardevent.keypress.hack.dispatch_non_printable_keys" , "" ) ;
user _pref ( "dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode" , "" ) ;
2019-06-23 17:24:52 +00:00
user _pref ( "startup.homepage_welcome_url" , "" ) ; // [DESKTOP]
user _pref ( "startup.homepage_welcome_url.additional" , "" ) ; // [DESKTOP]
user _pref ( "startup.homepage_override_url" , "" ) ; // [DESKTOP]
2019-09-02 14:04:25 +00:00
user _pref ( "browser.search.param.yahoo-fr" , "" ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
user _pref ( "privacy.restrict3rdpartystorage.partitionedHosts" , "" ) ;
2020-02-17 12:16:08 +00:00
user _pref ( "browser.xr.warning.infoURL" , "" ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
// -------------------------------------
// Pref : Devtools cleanup
user _pref ( "devtools.devices.url" , "" ) ;
user _pref ( "devtools.devedition.promo.url" , "" ) ; // [DESKTOP]
user _pref ( "devtools.performance.recording.ui-base-url" , "" ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable website protocol handlers
user _pref ( "gecko.handlerService.schemes.irc.0.name" , "" ) ; // [DESKTOP]
user _pref ( "gecko.handlerService.schemes.irc.0.uriTemplate" , "" ) ; // [DESKTOP]
user _pref ( "gecko.handlerService.schemes.ircs.0.name" , "" ) ; // [DESKTOP]
user _pref ( "gecko.handlerService.schemes.ircs.0.uriTemplate" , "" ) ; // [DESKTOP]
user _pref ( "gecko.handlerService.schemes.mailto.0.name" , "" ) ; // [DESKTOP]
user _pref ( "gecko.handlerService.schemes.mailto.0.uriTemplate" , "" ) ; // [DESKTOP]
user _pref ( "gecko.handlerService.schemes.mailto.1.name" , "" ) ; // [DESKTOP]
user _pref ( "gecko.handlerService.schemes.mailto.1.uriTemplate" , "" ) ; // [DESKTOP]
user _pref ( "gecko.handlerService.schemes.webcal.0.uriTemplate" , "" ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
2019-05-16 09:59:26 +00:00
// Pref : Disable browser translate integration
// https://www.ghacks.net/2018/09/09/mozilla-working-on-google-translate-integration-in-firefox/
user _pref ( "browser.translation.engine" , "" ) ; // [DESKTOP]
user _pref ( "browser.translation.detectLanguage" , false ) ; // [DESKTOP]
user _pref ( "browser.translation.neverForLanguages" , "" ) ; // [DESKTOP]
user _pref ( "browser.translation.ui.show" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
// -------------------------------------
2019-09-02 14:04:25 +00:00
// Pref : Decrease vendor useragent info leakage to Mozilla
// https://github.com/pyllyukko/user.js/issues/299
user _pref ( "general.useragent.vendor" , "" ) ; // [DESKTOP]
// -------------------------------------
2019-05-21 19:53:35 +00:00
// Pref : Disable mailnews
user _pref ( "mailnews.messageid_browser.url" , "" ) ; // [DESKTOP]
user _pref ( "mailnews.mx_service_url" , "" ) ; // [DESKTOP]
2019-05-24 19:15:59 +00:00
// -------------------------------------
// Pref : Remove pinned sites from searchbar
user _pref ( "browser.newtabpage.activity-stream.default.sites" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned" , "" ) ; // [DESKTOP]
user _pref ( "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines" , "" ) ; // [DESKTOP]
2019-12-04 21:55:28 +00:00
// -------------------------------------
// Pref : Disable report browser errors in Nightly to Mozilla
// https://bugzilla.mozilla.org/show_bug.cgi?id=1426482
user _pref ( "browser.chrome.errorReporter.infoURL" , "" ) ;
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Miscellaneous
// >>>>>>>>>>>>>>>>>>>>>>
2019-05-01 09:22:54 +00:00
// Pref : Test user.js in about:config
2019-07-29 06:34:37 +00:00
user _pref ( "_config.applied" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Updates addons automatically
// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
user _pref ( "extensions.update.enabled" , true ) ;
user _pref ( "extensions.autoupdate.enabled" , true ) ;
// -------------------------------------
2019-09-02 14:04:25 +00:00
// Pref : Decrease system information leakage to Mozilla extensions update servers
user _pref ( "extensions.update.url" , "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" ) ; // [URL SANITIZED]
user _pref ( "extensions.update.background.url" , "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" ) ; // [URL SANITIZED]
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Decrease system information leakage to Mozilla addons update servers
2020-10-24 13:41:38 +00:00
user _pref ( "extensions.getAddons.browseAddons" , "https://addons.mozilla.org/en-US/android/collections/4757633/mob/?page=1&collection_sort=-popularity" ) ; // [URL SANITIZED]
2019-09-02 14:04:25 +00:00
user _pref ( "extensions.getAddons.get.url" , "https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=en-US" ) ; // [URL SANITIZED]
user _pref ( "extensions.getAddons.link.url" , "https://addons.mozilla.org/en-US/firefox/" ) ; // [URL SANITIZED]
user _pref ( "extensions.getAddons.search.browseURL" , "https://addons.mozilla.org/en-US/android/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" ) ; // [URL SANITIZED]
2019-05-10 20:50:17 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable Web Compatibility Reporter
// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
user _pref ( "extensions.webcompat-reporter.enabled" , false ) ;
user _pref ( "extensions.webcompat-reporter.newIssueEndpoint" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Don't let XPIProvider install distribution add-ons
2020-10-24 13:41:38 +00:00
user _pref ( "extensions.installDistroAddons" , false ) ; // [DEFAULT: false]
2019-05-10 20:50:17 +00:00
// -------------------------------------
2020-03-15 17:00:28 +00:00
// Pref : Disable experiments extensions
user _pref ( "extensions.experiments.enabled" , false ) ;
2019-05-10 20:50:17 +00:00
// -------------------------------------
// Pref : Provide haptic feedback on longPress selection events
2019-04-30 16:29:58 +00:00
user _pref ( "layout.accessiblecaret.hapticfeedback" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable Firefox Accounts and Sync
2019-06-23 17:24:52 +00:00
user _pref ( "identity.fxaccounts.enabled" , false ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
user _pref ( "identity.fxaccounts.auth.uri" , "" ) ;
user _pref ( "identity.fxaccounts.remote.oauth.uri" , "" ) ;
user _pref ( "identity.fxaccounts.remote.profile.uri" , "" ) ;
2019-05-10 20:50:17 +00:00
user _pref ( "identity.sync.tokenserver.uri" , "" ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "identity.fxaccounts.remote.root" , "" ) ; // [DESKTOP]
2019-05-25 16:45:03 +00:00
user _pref ( "identity.fxaccounts.pairing.enabled" , false ) ; // [DESKTOP]
user _pref ( "identity.fxaccounts.remote.pairing.uri" , "" ) ; // [DESKTOP]
user _pref ( "identity.fxaccounts.toolbar.accessed" , false ) ; // [DESKTOP]
user _pref ( "identity.fxaccounts.toolbar.enabled" , false ) ; // [DESKTOP]
2019-06-23 17:24:52 +00:00
user _pref ( "identity.fxaccounts.migrateToDevEdition" , false ) ; // [DESKTOP]
user _pref ( "identity.fxaccounts.contextParam" , "" ) ; // [DESKTOP]
user _pref ( "identity.fxaccounts.commands.enabled" , false ) ; // [DESKTOP]
user _pref ( "identity.fxaccounts.autoconfig.uri" , "" ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
user _pref ( "identity.fxaccounts.service.monitorLoginUrl" , "" ) ; // [DESKTOP]
user _pref ( "identity.fxaccounts.service.sendLoginUrl" , "" ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Disable Webextensions sync
user _pref ( "webextensions.storage.sync.enabled" , false ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
user _pref ( "webextensions.storage.sync.serverURL" , "" ) ;
2020-07-26 15:37:57 +00:00
user _pref ( "webextensions.storage.sync.kinto" , false ) ;
2019-05-14 07:29:30 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Force Punycode for Internationalized Domain Names
// https://www.xudongz.com/blog/2017/idn-phishing/
// https://wiki.mozilla.org/IDN_Display_Algorithm
// https://en.wikipedia.org/wiki/IDN_homograph_attack
// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
user _pref ( "network.IDN_show_punycode" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Disable page thumbnail collection
user _pref ( "browser.pagethumbnails.capturing_disabled" , true ) ; // [HIDDEN PREF]
// -------------------------------------
// Pref : Do not automatically send selection to clipboard on Linux and some UNIX-like platforms
user _pref ( "clipboard.autocopy" , false ) ;
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics)
// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
user _pref ( "beacon.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable speech recognition
// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
// https://wiki.mozilla.org/HTML5_Speech_API
2019-05-04 17:30:35 +00:00
user _pref ( "media.webspeech.recognition.enable" , false ) ; // [DEFAULT: true]
user _pref ( "media.webspeech.recognition.force_enable" , false ) ; // [DEFAULT: false]
user _pref ( "media.webspeech.test.enable" , false ) ; // [DEFAULT: false]
user _pref ( "media.webspeech.test.fake_fsm_events" , false ) ; // [DEFAULT: false]
user _pref ( "media.webspeech.test.fake_recognition_service" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Don't use Mozilla-provided location-specific search engines
user _pref ( "browser.search.geoSpecificDefaults" , false ) ;
2020-10-15 15:16:20 +00:00
user _pref ( "browser.search.geoSpecificDefaults.url" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Don't monitor OS online/offline connection state
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/legacy/trac/-/issues/18945
2019-05-10 20:50:17 +00:00
user _pref ( "network.manage-offline-status" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Set File URI Origin Policy
user _pref ( "security.fileuri.strict_origin_policy" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable SVG in OpenType fonts
// https://wiki.mozilla.org/SVGOpenTypeFonts
// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
user _pref ( "gfx.font_rendering.opentype_svg.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Ensure you have a security delay when installing add-ons (milliseconds)
2019-05-02 09:06:56 +00:00
user _pref ( "security.dialog_enable_delay" , 700 ) ;
// -------------------------------------
2019-12-04 21:55:28 +00:00
// Pref : Disable ADB extension download
2019-05-21 19:53:35 +00:00
// https://developer.mozilla.org/docs/Tools/WebIDE
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222
2019-05-01 09:22:54 +00:00
user _pref ( "devtools.debugger.remote-enabled" , false ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "devtools.remote.adb.extensionURL" , "" ) ; // [DESKTOP]
user _pref ( "devtools.remote.adb.extensionID" , "" ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Force local debugging
2019-04-24 23:38:24 +00:00
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
user _pref ( "devtools.debugger.force-local" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Prevent accessibility services from accessing your browser
// https://support.mozilla.org/kb/accessibility-services
user _pref ( "accessibility.force_disabled" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Remove temp files opened with an external application
// https://bugzilla.mozilla.org/302433
user _pref ( "browser.helperApps.deleteTempFileOnExit" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable various developer tools in browser context
// https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676
user _pref ( "devtools.chrome.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable MathML (Mathematical Markup Language)
2019-10-23 08:18:18 +00:00
// [TEST] https://browserleaks.com/features - look for Modernizr.mathml
2019-04-24 23:38:24 +00:00
// https://bugzilla.mozilla.org/1173199
user _pref ( "mathml.disabled" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-06-23 17:24:52 +00:00
// Pref : Disable middle mouse click paste leaking on Linux
// https://bugzilla.mozilla.org/1528289
2019-05-07 08:26:05 +00:00
// Useless on Android
user _pref ( "middlemouse.paste" , false ) ;
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable middle mouse click opening links from clipboard
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089
2019-04-24 23:38:24 +00:00
user _pref ( "middlemouse.contentLoadURL" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Remove webchannel whitelist
user _pref ( "webchannel.allowObject.urlWhitelist" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable exposure of system colors to CSS or canvas
// [NOTE] May cause black on black for elements with undefined colors
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
// user_pref("ui.use_native_colors", true);
2019-12-04 21:55:28 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Discourage downloading to desktop (0=desktop 1=downloads 2=last used)
user _pref ( "browser.download.folderList" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-12-04 21:55:28 +00:00
// Pref : Enforce user interaction, for security, by always asking the user where to download and then forget
// [FENNEC] Fix for downloading issues
2020-10-24 13:41:38 +00:00
// user_pref("browser.download.useDownloadDir", false); // [BUG] It causes the breakage of all downloads
2019-12-04 21:55:28 +00:00
user _pref ( "browser.download.lastDir" , "" ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable adding downloads to the system's "recent documents" list
user _pref ( "browser.download.manager.addToRecentDocs" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable "open with" in download dialog
2019-05-01 09:22:54 +00:00
// This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) in such a way that it is forbidden to run external applications.
2019-04-24 23:38:24 +00:00
// [NOTE] This may interfere with some users' workflow or methods
// https://bugzilla.mozilla.org/1281959
user _pref ( "browser.download.forbid_open_with" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Lock down allowed extension directories
2019-05-01 09:22:54 +00:00
// This will break extensions, language packs, themes and any other XPI files which are installed outside of profile directories
2019-04-24 23:38:24 +00:00
// https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
// archived: https://archive.is/DYjAM
2019-05-24 19:15:59 +00:00
user _pref ( "extensions.enabledScopes" , 5 ) ; // [DEFAULT: 1] // [HIDDEN PREF]
2019-04-24 23:38:24 +00:00
user _pref ( "extensions.autoDisableScopes" , 15 ) ; // [DEFAULT: 15]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable warning when websites try to install add-ons
user _pref ( "xpinstall.whitelist.required" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-12-04 21:55:28 +00:00
// Pref : Enforce CSP (Content Security Policy)
// [WARNING] CSP is a very important and widespread security feature. Don't disable it!
2019-04-24 23:38:24 +00:00
// https://developer.mozilla.org/docs/Web/HTTP/CSP
user _pref ( "security.csp.enable" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Block top level window data: URIs
// https://bugzilla.mozilla.org/1331351
// https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
// https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/
user _pref ( "security.data_uri.block_toplevel_data_uri_navigations" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Enable only whitelisted URL protocol handlers
// https://news.ycombinator.com/item?id=13047883
// https://bugzilla.mozilla.org/show_bug.cgi?id=167475
// https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005
// [NOTE] Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... clients when clicking on links with these protocols
// If you want to enable a protocol, set network.protocol-handler.expose.(protocol) to true and network.protocol-handler.external.(protocol) to:
// * true, if the protocol should be handled by an external application
// * false, if the protocol should be handled internally by Firefox
user _pref ( "network.protocol-handler.warn-external-default" , true ) ;
user _pref ( "network.protocol-handler.external.javascript" , false ) ;
user _pref ( "network.protocol-handler.external.data" , false ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "network.protocol-handler.external.about" , false ) ; // [DESKTOP]
user _pref ( "network.protocol-handler.external.blob" , false ) ; // [DESKTOP]
user _pref ( "network.protocol-handler.external.chrome" , false ) ; // [DESKTOP]
user _pref ( "network.protocol-handler.external.file" , false ) ; // [DESKTOP]
user _pref ( "network.protocol-handler.external.ftp" , false ) ; // [DESKTOP]
user _pref ( "network.protocol-handler.external.http" , false ) ; // [DESKTOP]
user _pref ( "network.protocol-handler.external.https" , false ) ; // [DESKTOP]
user _pref ( "network.protocol-handler.external.moz-extension" , false ) ; // [DESKTOP]
user _pref ( "network.protocol-handler.external.ms-windows-store" , false ) ; // [DESKTOP]
2019-05-07 08:26:05 +00:00
user _pref ( "network.protocol-handler.expose-all" , false ) ;
user _pref ( "network.protocol-handler.expose.http" , true ) ;
user _pref ( "network.protocol-handler.expose.https" , true ) ;
user _pref ( "network.protocol-handler.expose.javascript" , true ) ;
user _pref ( "network.protocol-handler.expose.moz-extension" , true ) ;
user _pref ( "network.protocol-handler.expose.ftp" , true ) ;
user _pref ( "network.protocol-handler.expose.file" , true ) ;
user _pref ( "network.protocol-handler.expose.about" , true ) ;
user _pref ( "network.protocol-handler.expose.chrome" , true ) ;
user _pref ( "network.protocol-handler.expose.blob" , true ) ;
user _pref ( "network.protocol-handler.expose.data" , true ) ;
2019-05-10 20:50:17 +00:00
// -------------------------------------
// Pref : Don't allow meta-refresh when backgrounded
user _pref ( "browser.meta_refresh_when_inactive.disabled" , true ) ;
// -------------------------------------
// Pref : Optimize images memory usage
user _pref ( "image.downscale-during-decode.enabled" , true ) ;
// -------------------------------------
// Pref : Disable firstrun showup
user _pref ( "browser.firstrun.show.uidiscovery" , false ) ; // [DEFAULT: true]
user _pref ( "browser.firstrun.show.localepicker" , false ) ; // [DEFAULT: false]
// -------------------------------------
// Pref : Disable sending console to logcat on release builds.
2020-10-24 13:41:38 +00:00
user _pref ( "consoleservice.logcat" , false ) ;
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Pocket
// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
// https://github.com/pyllyukko/user.js/issues/143
user _pref ( "browser.pocket.enabled" , false ) ; // [DESKTOP]
user _pref ( "extensions.pocket.enabled" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "extensions.pocket.api" , "" ) ; // [DESKTOP]
user _pref ( "extensions.pocket.oAuthConsumerKey" , "" ) ; // [DESKTOP]
user _pref ( "extensions.pocket.site" , "" ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Lock web content in file processes
// https://bugzilla.mozilla.org/1343184
user _pref ( "browser.tabs.remote.allowLinkedWebInFileUriProcess" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable Displaying Javascript in History URLs
user _pref ( "browser.urlbar.filter.javascript" , true ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox's built-in PDF reader
// This setting controls if the option "Display in Firefox" is available in the setting below and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With")
// PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most)
// Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly.
// It doesn't break "state separation" of browser content (by not sharing with OS, independent apps).
// It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk.
// CONS: You may prefer a different pdf reader for security reasons
// CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare)
user _pref ( "pdfjs.disabled" , true ) ; // [DEFAULT: false] // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "pdfjs.enabledCache.state" , false ) ; // [DESKTOP]
user _pref ( "pdfjs.previousHandler.alwaysAskBeforeHandling" , true ) ; // [DESKTOP]
2020-07-26 15:37:57 +00:00
user _pref ( "browser.helperApps.showOpenOptionForPdfJS" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable exposure of system colors to CSS or canvas
// [NOTE] See second listed bug: may cause black on black for elements with undefined colors
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
user _pref ( "ui.use_standins_for_native_colors" , true ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
// -------------------------------------
// Pref : Close tab with double click action
2019-07-18 09:08:43 +00:00
user _pref ( "browser.tabs.closeTabByDblclick" , true ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
// -------------------------------------
// Pref : Remove special permissions for certain mozilla domains
// resource://app/defaults/permissions
user _pref ( "permissions.manager.defaultsUrl" , "" ) ; // [DESKTOP]
2019-05-28 09:00:22 +00:00
// -------------------------------------
// Pref : Disable in-content SVG rendering
// Disabling SVG support breaks many UI elements on many sites incl. youtube player controls
// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893
// https://github.com/iSECPartners/publications/raw/master/reports/Tor%20Browser%20Bundle/Tor%20Browser%20Bundle%20-%20iSEC%20Deliverable%201.3.pdf#16
// user_pref("svg.disabled", true);
2019-06-06 16:32:41 +00:00
// -------------------------------------
// Pref : Enable FF Process Priority Manager
// https://bugzilla.mozilla.org/show_bug.cgi?id=1548364
user _pref ( "dom.ipc.processPriorityManager.enabled" , true ) ; // [DESKTOP] // [TEST]
2020-04-08 20:54:55 +00:00
// -------------------------------------
// Pref : Enforce no system colors
// [NOTE] They can be fingerprinted
user _pref ( "browser.display.use_system_colors" , false ) ; // [DEFAULT: false]
// -------------------------------------
// Pref : Disable purge site data after identifying tracking site via cookies
2020-05-07 17:42:34 +00:00
// [NOTE] Relax this with 'privacy.clearOnShutdown.*' enabled
2020-04-08 20:54:55 +00:00
// https://bugzilla.mozilla.org/show_bug.cgi?id=1599262
// https://www.ghacks.net/2020/03/04/firefox-75-will-purge-site-data-if-associated-with-tracking-cookies/
user _pref ( "privacy.purge_trackers.enabled" , false ) ;
// -------------------------------------
// Pref : Disable permissions delegation
// Currently applies to cross-origin geolocation, camera, mic and screen-sharing permissions, and fullscreen requests. Disabling delegation means any prompts for these will show/use their correct 3rd party origin
// https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion
user _pref ( "permissions.delegation.enabled" , false ) ;
2020-05-07 17:42:34 +00:00
// -------------------------------------
2020-11-28 15:23:41 +00:00
// Pref : Enable "window.name" protection [FF82+]
2020-11-14 10:36:27 +00:00
// If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original
2021-01-31 14:32:41 +00:00
// string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks
// https://arkenfox.github.io/TZP/tests/windownamea.html
2020-11-14 10:36:27 +00:00
user _pref ( "privacy.window.name.update.enabled" , true ) ;
// -------------------------------------
2021-01-18 19:52:01 +00:00
// Pref: Disable bypassing 3rd party extension install prompts [FF82+]
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
user _pref ( "extensions.postDownloadThirdPartyPrompt" , false ) ; // [DESKTOP]
// -------------------------------------
2020-05-07 17:42:34 +00:00
// Pref : Disable the default checkedness for "Save card and address to Firefox" checkboxes
// https://bugzilla.mozilla.org/show_bug.cgi?id=1477106
user _pref ( "dom.payments.defaults.saveAddress" , false ) ;
user _pref ( "dom.payments.defaults.saveCreditCard" , false ) ;
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 17:36:54 +00:00
// Section : Web Workers
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable service workers
// Service workers essentially act as proxy servers that sit between web apps, and the browser and network, are event driven, and can control the web page/site it is associated with, intercepting and modifying navigation and resource requests, and caching resources.
// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode.
2019-10-23 08:18:18 +00:00
// [NOTE] Service workers only run over HTTPS. Service workers have no DOM access.
2019-04-27 17:36:54 +00:00
user _pref ( "dom.serviceWorkers.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Disable push service
// The upstream autopush endpoint must have the Google API key corresponding to the App's sender ID; we bake this assumption directly into the URL.
user _pref ( "dom.push.enabled" , false ) ;
user _pref ( "dom.push.serverURL" , "" ) ;
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable web notifications
2019-10-23 08:18:18 +00:00
// [NOTE] Web Notifications can also use service workers and are behind a prompt
2019-04-27 17:36:54 +00:00
// https://developer.mozilla.org/docs/Web/API/Notifications_API
2020-10-24 13:41:38 +00:00
user _pref ( "notification.feature.enabled" , false ) ;
2019-04-27 17:36:54 +00:00
user _pref ( "dom.webnotifications.enabled" , false ) ;
user _pref ( "dom.webnotifications.serviceworker.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Prevent tooltips from showing up
user _pref ( "browser.chrome.toolbar_tips" , false ) ;
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable push notifications
// Web apps can receive messages pushed to them from a server, whether or not the web app is in the foreground, or even currently loaded
// https://developer.mozilla.org/docs/Web/API/Push_API
user _pref ( "dom.push.alwaysConnect" , false ) ;
user _pref ( "dom.push.debug" , false ) ;
user _pref ( "dom.push.connection.enabled" , false ) ;
user _pref ( "dom.push.userAgentID" , "" ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "dom.push.udp.wakeupEnabled" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
2020-07-26 15:37:57 +00:00
// Pref : Disable PiP (Picture-in-picture)
user _pref ( "media.videocontrols.picture-in-picture.enabled" , false ) ;
user _pref ( "media.videocontrols.picture-in-picture.video-toggle.enabled" , false ) ;
2020-10-24 13:48:42 +00:00
user _pref ( "media.videocontrols.picture-in-picture.video-toggle.flyout-enabled" , false ) ;
2021-02-21 10:58:40 +00:00
user _pref ( "media.videocontrols.picture-in-picture.video-toggle.always-show" , false ) ;
2020-07-26 15:37:57 +00:00
user _pref ( "media.videocontrols.picture-in-picture.audio-toggle.enabled" , false ) ; // [DESKTOP]
user _pref ( "media.videocontrols.picture-in-picture.keyboard-controls.enabled" , false ) ; // [DESKTOP]
2019-04-27 17:36:54 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : DOM (Document Object Model) & Javascript
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable right-click menu manipulation via JavaScript
user _pref ( "dom.event.contextmenu.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable website access to clipboard events/content
2020-05-07 17:42:34 +00:00
// [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress
2020-01-10 15:23:10 +00:00
// [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one is default (false) then enabling this pref can leak clipboard content
2019-04-27 17:36:54 +00:00
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
2020-01-10 15:23:10 +00:00
// https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/
// https://bugzilla.mozilla.org/1528289
2019-04-27 17:36:54 +00:00
user _pref ( "dom.event.clipboardevents.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable "Confirm you want to leave" dialog on page close
// Does not prevent JS leaks of the page close event.
// https://developer.mozilla.org/docs/Web/Events/beforeunload
// https://support.mozilla.org/questions/1043508
user _pref ( "dom.disable_beforeunload" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable shaking the screen (Vibrator API)
user _pref ( "dom.vibrator.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Disable clipboard commands (cut/copy) from "non-privileged" content
2019-08-24 19:06:23 +00:00
// This disable document.execCommand("cut"/"copy") to protect your clipboard
2019-05-07 08:26:05 +00:00
// https://bugzilla.mozilla.org/1170911
2019-07-08 09:27:28 +00:00
// user_pref("dom.allow_cut_copy", false);
2019-05-07 08:26:05 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable asm.js
// https://www.mozilla.org/security/advisories/mfsa2015-29/
// https://www.mozilla.org/security/advisories/mfsa2015-50/
// https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375
// https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400
// https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
user _pref ( "javascript.options.asmjs" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-28 09:00:22 +00:00
// Pref : Disable Ion, baseline JIT and RegExp to help harden JS against exploits
2020-05-07 17:42:34 +00:00
// [NOTE] In FF75+, when (both) Ion and JIT are disabled, **and** the new hidden pref is enabled, then Ion can still be used by extensions
2020-04-08 20:54:55 +00:00
// [WARNING] Disabling Ion/JIT can cause some site issues and performance loss
2019-04-27 17:36:54 +00:00
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/legacy/trac/-/issues/26019
2020-05-07 17:42:34 +00:00
user _pref ( "javascript.options.ion" , false ) ;
2020-10-24 13:41:38 +00:00
// user_pref("javascript.options.baselinejit", false); // [BUG] Addons issues
2020-10-26 18:42:05 +00:00
// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [DESKTOP HIDDEN PREF]
2019-05-28 09:00:22 +00:00
user _pref ( "javascript.options.native_regexp" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable WebAssembly
2020-10-26 18:42:05 +00:00
// Vulnerabilities have increasingly been found, including those known and fixed
// in native programs years ago. WASM has powerful low-level access, making
// certain attacks (brute-force) and vulnerabilities more possible
// [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising
2019-04-27 17:36:54 +00:00
// https://developer.mozilla.org/docs/WebAssembly
2020-10-26 18:42:05 +00:00
// https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
// https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
2019-05-07 08:26:05 +00:00
user _pref ( "javascript.options.wasm" , false ) ;
2019-12-04 21:55:28 +00:00
user _pref ( "javascript.options.wasm_baselinejit" , false ) ;
user _pref ( "javascript.options.wasm_cranelift" , false ) ;
user _pref ( "javascript.options.wasm_gc" , false ) ;
user _pref ( "javascript.options.wasm_ionjit" , false ) ;
2020-06-18 11:22:51 +00:00
user _pref ( "javascript.options.wasm_reftypes" , false ) ;
2019-12-04 21:55:28 +00:00
user _pref ( "javascript.options.wasm_trustedprincipals" , false ) ;
user _pref ( "javascript.options.wasm_verbose" , false ) ;
2020-07-26 15:37:57 +00:00
user _pref ( "javascript.options.wasm_multi_value" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable Shared Memory (Spectre mitigation)
// https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
// https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
2020-07-26 15:37:57 +00:00
user _pref ( "javascript.options.shared_memory" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Enable (limited but sufficient) window.opener protection
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
user _pref ( "dom.targetBlankNoOpener.enabled" , true ) ; // [DEFAULT: false]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Don't reveal build ID
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
2020-03-15 17:00:28 +00:00
// user_pref("browser.startup.homepage_override.buildID", "");
// user_pref("extensions.lastAppBuildId", "");
// user_pref("media.gmp-manager.buildID", "");
// user_pref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
2019-05-16 09:59:26 +00:00
// Pref : Disable raw TCP socket support (mozTCPSocket)
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/legacy/trac/-/issues/18863
2019-05-16 09:59:26 +00:00
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
user _pref ( "dom.mozTCPSocket.enabled" , false ) ; // [DESKTOP]
2019-04-27 17:36:54 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-24 23:38:24 +00:00
// Section : Media / Camera / Mic
// >>>>>>>>>>>>>>>>>>>>>>
2019-04-27 17:36:54 +00:00
// Pref : WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server. (May leak IP when using proxy/VPN)
2019-04-24 23:38:24 +00:00
user _pref ( "media.peerconnection.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Limit WebRTC IP leaks if using WebRTC
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416
// https://wiki.mozilla.org/Media/WebRTC/Privacy
user _pref ( "media.peerconnection.ice.default_address_only" , true ) ;
user _pref ( "media.peerconnection.ice.no_host" , true ) ;
2021-02-06 18:46:27 +00:00
user _pref ( "media.peerconnection.ice.proxy_only_if_behind_proxy" , true ) ;
2019-04-24 23:38:24 +00:00
user _pref ( "media.peerconnection.use_document_iceservers" , false ) ;
user _pref ( "media.peerconnection.identity.enabled" , false ) ;
user _pref ( "media.peerconnection.turn.disable" , true ) ;
user _pref ( "media.peerconnection.ice.tcp" , false ) ;
2019-05-14 07:29:30 +00:00
user _pref ( "media.peerconnection.video.enabled" , false ) ;
2020-11-21 10:31:01 +00:00
user _pref ( "media.peerconnection.identity.timeout" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
// Pref : Disable WebGL I/II
// [WARNING] WebGL introduce high fingerprinting... (webgl is direct hardware js)
2019-04-24 23:38:24 +00:00
user _pref ( "webgl.disabled" , true ) ;
user _pref ( "webgl.enable-webgl2" , false ) ;
user _pref ( "webgl.min_capability_mode" , true ) ;
user _pref ( "pdfjs.enableWebGL" , false ) ;
2019-05-04 17:30:35 +00:00
user _pref ( "webgl.disable-wgl" , true ) ; // [DEFAULT: false]
2019-04-24 23:38:24 +00:00
user _pref ( "webgl.disable-fail-if-major-performance-caveat" , true ) ;
2019-05-04 17:30:35 +00:00
user _pref ( "webgl.can-lose-context-in-foreground" , false ) ; // [DEFAULT: true]
2019-05-21 19:53:35 +00:00
user _pref ( "webgl.force-enabled" , false ) ;
2019-06-06 16:32:41 +00:00
user _pref ( "webgl.vendor-string-override" , " " ) ;
user _pref ( "webgl.renderer-string-override" , " " ) ;
2019-08-24 19:06:23 +00:00
user _pref ( "webgl.all-angle-options" , false ) ;
user _pref ( "webgl.allow-immediate-queries" , false ) ;
user _pref ( "webgl.default-antialias" , false ) ;
user _pref ( "webgl.enable-surface-texture" , false ) ;
2020-01-10 15:23:10 +00:00
user _pref ( "webgl.cgl.multithreaded" , false ) ;
user _pref ( "webgl.dxgl.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Disable screensharing and audiocapture
user _pref ( "media.getusermedia.screensharing.enabled" , false ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
user _pref ( "media.getusermedia.browser.enabled" , false ) ;
user _pref ( "media.getusermedia.audiocapture.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Disable camera support
2020-10-24 13:41:38 +00:00
user _pref ( "device.camera.enabled" , false ) ; // [DEFAULT: true]
user _pref ( "media.realtime_decoder.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable canvas capture stream
// https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream
user _pref ( "canvas.capturestream.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable camera image capture
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/legacy/trac/-/issues/16339
2019-04-24 23:38:24 +00:00
user _pref ( "dom.imagecapture.enabled" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable offscreen canvas
// https://developer.mozilla.org/docs/Web/API/OffscreenCanvas
user _pref ( "gfx.offscreencanvas.enabled" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable autoplay of HTML5 media
2019-10-23 08:18:18 +00:00
// 0=Allow all, 1=Block non-muted media, 5=Block all
2019-04-24 23:38:24 +00:00
// [NOTE] You can set exceptions under site permissions
2019-09-02 14:04:25 +00:00
user _pref ( "media.autoplay.default" , 5 ) ;
2019-05-14 07:29:30 +00:00
user _pref ( "media.autoplay.block-event.enabled" , true ) ; // [DEFAULT: false]
user _pref ( "media.autoplay.block-webaudio" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable autoplay of HTML5 media if you interacted with the site
2020-07-26 15:37:57 +00:00
// 0=sticky (default), 1=transient, 2=user
2020-10-24 10:08:18 +00:00
// https://support.mozilla.org/questions/1293231 ***/
2020-07-26 15:37:57 +00:00
user _pref ( "media.autoplay.blocking_policy" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-09-02 14:04:25 +00:00
// Pref : Disable autoplay of HTML5 media in non-active tabs
2019-04-24 23:38:24 +00:00
// https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
2019-07-18 09:08:43 +00:00
user _pref ( "media.block-autoplay-until-in-foreground" , true ) ; // [DEFAULT: true]
2021-02-21 10:58:40 +00:00
// -------------------------------------
// Pref : Disable showing avif images
2021-02-21 11:07:12 +00:00
// user_pref("image.avif.enabled", false); // [DESKTOP]
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-25 16:58:17 +00:00
// Section : Location Bar / Search Bar / Suggestions / History / Forms
// >>>>>>>>>>>>>>>>>>>>
2019-05-07 08:26:05 +00:00
// Pref : Do not submit invalid URIs entered in the address bar to the default search engine
user _pref ( "keyword.enabled" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar
user _pref ( "browser.fixup.alternate.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Don't trim HTTP off of URLs in the address bar
// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
user _pref ( "browser.urlbar.trimURLs" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Limit history leaks via enumeration (PER TAB: back/forward)
// This is a PER TAB session history. You still have a full history stored under all history
2019-05-02 09:06:56 +00:00
// Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
2020-03-15 17:00:28 +00:00
user _pref ( "browser.sessionhistory.max_entries" , 4 ) ; // [DEFAULT: 50]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-05-07 17:42:34 +00:00
// Pref : Disable live search suggestions
2019-12-04 21:55:28 +00:00
user _pref ( "browser.search.suggest.enabled" , false ) ;
user _pref ( "browser.search.suggest.enabled.private" , false ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "browser.urlbar.suggest.searches" , false ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-05-07 17:42:34 +00:00
// Pref : Disable "Would you like to turn on search suggestions" prompt message
2020-10-24 13:41:38 +00:00
user _pref ( "browser.search.suggest.prompted" , true ) ;
2020-05-07 17:42:34 +00:00
// -------------------------------------
2019-05-21 19:53:35 +00:00
// Pref : Disable information entered in web page forms and the search bar
2019-04-25 16:58:17 +00:00
// [NOTE] You can clear formdata on exiting Firefox
user _pref ( "browser.formfill.enable" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Disable date/time picker
2019-04-26 00:08:12 +00:00
// [WARNING] This can leak your locale if not en-US
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/legacy/trac/-/issues/21787
2019-05-21 19:53:35 +00:00
// https://bugzilla.mozilla.org/show_bug.cgi?id=1287503
2019-04-26 00:08:12 +00:00
// user_pref("dom.forms.datetime", false);
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Windows jumplist
user _pref ( "browser.taskbar.lists.enabled" , false ) ; // [WINDOWS] // [DESKTOP]
user _pref ( "browser.taskbar.lists.frequent.enabled" , false ) ; // [WINDOWS] // [DESKTOP]
user _pref ( "browser.taskbar.lists.recent.enabled" , false ) ; // [WINDOWS] // [DESKTOP]
user _pref ( "browser.taskbar.lists.tasks.enabled" , false ) ; // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable Windows taskbar preview
user _pref ( "browser.taskbar.previews.enable" , false ) ; // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable UITour backend so there is no chance that a remote page can use it
user _pref ( "browser.uitour.enabled" , false ) ; // [DESKTOP]
user _pref ( "browser.uitour.url" , "" ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
user _pref ( "browser.uitour.themeOrigin" , "" ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable location bar making speculative connections
// https://bugzilla.mozilla.org/1348275
user _pref ( "browser.urlbar.speculativeConnect.enabled" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable location bar suggesting "preloaded" top websites
// https://bugzilla.mozilla.org/1211726
user _pref ( "browser.urlbar.usepreloadedtopurls.enabled" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
// -------------------------------------
// Pref : Disable Firefox Tips / Search suggestions
user _pref ( "browser.urlbar.daysBeforeHidingSuggestionsPrompt" , 0 ) ; // [DESKTOP]
user _pref ( "browser.urlbar.searchSuggestionsChoice" , false ) ; // [DESKTOP]
// -------------------------------------
2020-05-07 17:42:34 +00:00
// Pref : Disable URL bar autocomplete and history/bookmarks suggestions dropdown
// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5
2020-10-24 13:41:38 +00:00
user _pref ( "browser.urlbar.autocomplete.enabled" , false ) ;
2019-06-23 17:24:52 +00:00
user _pref ( "browser.urlbar.suggest.history" , false ) ; // [DESKTOP]
user _pref ( "browser.urlbar.suggest.bookmark" , false ) ; // [DESKTOP]
user _pref ( "browser.urlbar.suggest.openpage" , false ) ; // [DESKTOP]
2020-07-26 15:37:57 +00:00
user _pref ( "browser.urlbar.suggest.topsites" , false ) ; // [DESKTOP]
2020-12-19 16:41:58 +00:00
user _pref ( "browser.urlbar.suggest.engines" , false ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
// -------------------------------------
// Pref : Disable browsing and download history
2020-09-19 12:00:40 +00:00
user _pref ( "places.history.enabled" , false ) ; // [DESKTOP]
2019-04-25 16:58:17 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-24 23:38:24 +00:00
// Section : Security
// >>>>>>>>>>>>>>>>>>>>
// Pref : Blocking GD Parking Scam Site
2019-05-10 20:50:17 +00:00
user _pref ( "network.dns.localDomains" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-06 07:59:33 +00:00
// Pref : Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla)
2019-04-24 23:38:24 +00:00
// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
2019-05-06 07:59:33 +00:00
user _pref ( "network.stricttransportsecurity.preloadlist" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable insecure TLS version fallback
// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
user _pref ( "security.tls.version.fallback-limit" , 3 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Enable OCSP Must-Staple support
// https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/
// https://www.entrust.com/ocsp-must-staple/
// https://github.com/schomery/privacy-settings/issues/40
// [NOTE] Firefox falls back on plain OCSP when must-staple is not configured on the host certificate
user _pref ( "security.ssl.enable_ocsp_must_staple" , true ) ;
2019-05-10 20:50:17 +00:00
// -------------------------------------
// Pref : Control remote debugging
user _pref ( "devtools.remote.usb.enabled" , false ) ; // [DEFAULT: false]
user _pref ( "devtools.remote.wifi.enabled" , false ) ; // [DEFAULT: false]
// -------------------------------------
// Pref : Disable dump function
// True if you always want dump() to work
// On Android, you also need to do the following for the output to show up in logcat:
// $ adb shell stop
// $ adb shell setprop log.redirect-stdio true
// $ adb shell start
user _pref ( "browser.dom.window.dump.enabled" , false ) ; // [DEFAULT: true]
user _pref ( "devtools.console.stdout.chrome" , false ) ; // [DEFAULT: true]
// -------------------------------------
// Pref : Disable number linkification
2020-10-24 13:41:38 +00:00
user _pref ( "browser.ui.linkify.phone" , false ) ; // [DEFAULT: false]
2019-05-10 20:50:17 +00:00
// -------------------------------------
// Pref : Controls which bits of private data to clear.
2020-10-24 13:41:38 +00:00
user _pref ( "privacy.item.cache" , true ) ; // [DEFAULT: true]
2019-05-10 20:50:17 +00:00
user _pref ( "privacy.item.cookies" , true ) ; // [DEFAULT: true]
2020-10-24 13:41:38 +00:00
user _pref ( "privacy.item.offlineApps" , true ) ; // [DEFAULT: true]
user _pref ( "privacy.item.history" , true ) ; // [DEFAULT: true]
user _pref ( "privacy.item.searchHistory" , true ) ; // [DEFAULT: true]
user _pref ( "privacy.item.formdata" , true ) ; // [DEFAULT: true]
user _pref ( "privacy.item.downloads" , true ) ; // [DEFAULT: true]
user _pref ( "privacy.item.passwords" , true ) ; // [DEFAULT: true]
user _pref ( "privacy.item.sessions" , true ) ; // [DEFAULT: true]
user _pref ( "privacy.item.geolocation" , true ) ; // [DEFAULT: true]
user _pref ( "privacy.item.siteSettings" , true ) ; // [DEFAULT: true]
user _pref ( "privacy.item.syncAccount" , true ) ; // [DEFAULT: true]
2019-05-21 19:53:35 +00:00
// -------------------------------------
// Pref : Disable tab hiding API by default
user _pref ( "extensions.webextensions.tabhide.enabled" , false ) ; // [DEFAULT: true] // [DESKTOP]
// -------------------------------------
// Pref : WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server. (May leak IP when using proxy/VPN)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1091016
user _pref ( "network.websocket.enabled" , false ) ; // [HIDDEN PREF] // [DEPRECATED] // [DESKTOP]
2019-06-23 17:24:52 +00:00
// -------------------------------------
// Pref : Block new requests asking to access your hardware components
// This will prevent any websites not listed in a specific list from requesting permission to access your components
user _pref ( "permissions.default.geo" , 2 ) ; // [DESKTOP]
user _pref ( "permissions.default.camera" , 2 ) ; // [DESKTOP]
user _pref ( "permissions.default.microphone" , 2 ) ; // [DESKTOP]
user _pref ( "permissions.default.desktop-notification" , 2 ) ; // [DESKTOP]
2019-07-08 09:27:28 +00:00
// -------------------------------------
// Pref : Disable the Enterprise Roots preference
// https://support.mozilla.org/en-US/kb/how-disable-enterprise-roots-preference
user _pref ( "security.enterprise_roots.enabled" , false ) ;
user _pref ( "security.certerrors.mitm.auto_enable_enterprise_roots" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable access to navigator.mediaDevices features on HTTP web pages
// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/mediaDevices
user _pref ( "media.devices.insecure.enabled" , false ) ;
// -------------------------------------
2020-02-17 12:16:08 +00:00
// Pref : Disable verbosity of the internal logger
2019-07-08 09:27:28 +00:00
user _pref ( "remote.log.level" , "" ) ; // [DESKTOP]
2019-07-28 09:34:32 +00:00
// -------------------------------------
// Pref : Disable security bypass buttons
// Prevent the user from bypassing security in certain cases.
// "security.certerror.hideAddException" prevents adding an exception when an invalid certificate is shown.
// "browser.safebrowsing.allowOverride" prevents selecting "ignore the risk" and visiting a harmful site anyway.
2020-12-07 18:16:06 +00:00
user _pref ( "browser.safebrowsing.allowOverride" , false ) ; // [DESKTOP] [FF45+]
2019-07-28 09:34:32 +00:00
user _pref ( "security.certerror.hideAddException" , true ) ; // [DESKTOP]
2019-09-02 14:04:25 +00:00
// -------------------------------------
// Pref : Disable safe mode
// In case of a crash, we don't want to prompt for a safe-mode browser that has extensions disabled.
// https://support.mozilla.org/en-US/questions/951221#answer-410562
user _pref ( "toolkit.startup.max_resumed_crashes" , - 1 ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
// -------------------------------------
// Pref : Force Encrypted Server Name Indication (eSNI) for TLS 1.3 if TRR/DoH is enabled
// [NOTE] I don't encourage DoH (but it is a useful and valid mechanism for those who need it)
2020-05-07 17:42:34 +00:00
// https://wiki.mozilla.org/Trusted_Recursive_Resolver#ESNI
// https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications_(ESNI)
2019-10-23 08:18:18 +00:00
user _pref ( "network.security.esni.enabled" , true ) ;
2019-12-04 21:55:28 +00:00
// -------------------------------------
// Pref : Disable ping to Mozilla for Man-in-the-Middle detection
// https://blog.torproject.org/new-release-tor-browser-901
user _pref ( "security.certerrors.mitm.priming.enabled" , false ) ; // [DESKTOP]
user _pref ( "security.certerrors.mitm.priming.endpoint" , "" ) ; // [DESKTOP]
user _pref ( "security.pki.mitm_canary_issuer" , "" ) ;
user _pref ( "security.pki.mitm_canary_issuer.enabled" , false ) ;
user _pref ( "security.pki.mitm_detected" , false ) ;
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Section : Block Implicit Outbound
2019-04-24 23:38:24 +00:00
// >>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Pref : Disable prefetching of <link rel="next"> URLs
2019-05-02 09:06:56 +00:00
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it.
2019-04-27 09:27:34 +00:00
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
user _pref ( "network.prefetch-next" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable DNS prefetching
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
user _pref ( "network.dns.disablePrefetch" , true ) ;
2020-10-20 18:44:29 +00:00
user _pref ( "network.dns.disablePrefetchFromHTTPS" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
user _pref ( "browser.send_pings" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
2020-09-19 10:54:09 +00:00
user _pref ( "browser.send_pings.require_same_host" , true ) ; // defense-in-depth
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Disable speculative pre-connections
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
user _pref ( "network.http.speculative-parallel-limit" , 0 ) ;
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable predictor / prefetching
// Network predicator load pages before they are opened with mose hover for example
2019-05-01 09:22:54 +00:00
user _pref ( "network.predictor.enabled" , false ) ;
2019-04-27 09:27:34 +00:00
user _pref ( "network.predictor.enable-prefetch" , false ) ;
2020-03-15 17:00:28 +00:00
user _pref ( "network.predictor.enable-hover-on-ssl" , false ) ;
2019-04-27 09:27:34 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-05-07 08:26:05 +00:00
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
2019-04-27 09:27:34 +00:00
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable IPv6
2020-12-08 11:31:52 +00:00
// IPv6 can be abused, especially with MAC addresses, and can leak with VPNs. That's even
// assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
2020-12-07 18:16:06 +00:00
// [STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6
2020-07-26 15:37:57 +00:00
// [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
2020-10-26 18:42:05 +00:00
// [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
2020-12-08 11:31:52 +00:00
// https://www.internetsociety.org/tag/ipv6-security/
2020-07-26 15:37:57 +00:00
// [TEST] https://ipleak.org/
2019-04-27 09:27:34 +00:00
user _pref ( "network.dns.disableIPv6" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable HTTP2 (which was based on SPDY which is now deprecated)
// HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance privacy, and in fact opens up a number of server-side fingerprinting opportunities.
// [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
// https://http2.github.io/faq/
// https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html
2020-12-07 18:16:06 +00:00
// https://http2.github.io/http2-spec/#rfc.section.10.8
2019-04-27 09:27:34 +00:00
// https://queue.acm.org/detail.cfm?id=2716278
2020-12-07 18:16:06 +00:00
// https://w3techs.com/technologies/details/ce-http2/all/all ***/
2019-04-27 09:27:34 +00:00
// user_pref("network.http.spdy.enabled", false);
// user_pref("network.http.spdy.enabled.deps", false);
// user_pref("network.http.spdy.enabled.http2", false);
// user_pref("network.http.spdy.websockets", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Enforce the proxy server to do any DNS lookups when using SOCKS
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
2019-05-04 17:30:35 +00:00
user _pref ( "network.proxy.socks_remote_dns" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Remove paths when sending URLs to PAC scripts
// https://bugzilla.mozilla.org/1255474
user _pref ( "network.proxy.autoconfig_url.include_path" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable (or setup) DNS-over-HTTPS (DoH)
// TRR = Trusted Recursive Resolver
2019-10-23 08:18:18 +00:00
// 0=off by default, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result, 5=explicitly off
2019-04-24 23:38:24 +00:00
// [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
2019-05-02 09:06:56 +00:00
// [BUG] This seem to disable socks_remote_dns ?! need to check with wireshark
// If true, just settings urls to null should be enough to disable without impacting socks_remote_dns.
2019-04-24 23:38:24 +00:00
// https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
2019-07-08 09:27:28 +00:00
// https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
2019-04-24 23:38:24 +00:00
user _pref ( "network.trr.mode" , 0 ) ;
user _pref ( "network.trr.bootstrapAddress" , "" ) ;
user _pref ( "network.trr.uri" , "" ) ;
2019-07-08 09:27:28 +00:00
user _pref ( "network.trr.resolvers" , "[]" ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Enable Subresource Integrity
// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
// https://wiki.mozilla.org/Security/Subresource_Integrity
user _pref ( "security.sri.enable" , true ) ; // [DEFAULT: true]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable using UNC (Uniform Naming Convention) paths
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424
2019-05-14 07:29:30 +00:00
user _pref ( "network.file.disable_unc_paths" , true ) ; // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Disable HTTP Alternative Services
// https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881
// https://www.mnot.net/blog/2016/03/09/alt-svc
user _pref ( "network.http.altsvc.enabled" , false ) ; // [DESKTOP]
user _pref ( "network.http.altsvc.oe" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disallow NTLMv1
// https://bugzilla.mozilla.org/show_bug.cgi?id=828183
user _pref ( "network.negotiate-auth.allow-insecure-ntlm-v1" , false ) ; // [DESKTOP]
// It is still allowed through HTTPS. uncomment the following to disable it completely.
// user_pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // [DESKTOP]
2019-04-27 09:27:34 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-28 23:52:16 +00:00
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
// >>>>>>>>>>>>>>>>>>>>
2020-11-25 10:51:03 +00:00
// Pref : Enable HTTPS-only-mode [FF76+]
// [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily
// [SETTING] Privacy & Security>HTTPS-Only Mode
// [TEST] http://example.com [upgrade]
// [TEST] http://neverssl.org/ [no upgrade]
2020-12-07 18:16:06 +00:00
// https://bugzilla.mozilla.org/1613063 [META] ***/
2020-11-25 10:51:03 +00:00
user _pref ( "dom.security.https_only_mode" , true ) ; [ FF76 + ]
2020-09-19 10:54:09 +00:00
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
2020-11-25 10:51:03 +00:00
// -------------------------------------
// Pref: Enable HTTPS-Only mode for local resources [FF77+] ***/
2020-06-18 11:22:51 +00:00
// user_pref("dom.security.https_only_mode.upgrade_local", true);
2020-05-07 17:42:34 +00:00
// -------------------------------------
2020-11-25 10:51:03 +00:00
// Pref: Disable HTTP background requests [FF82+]
// When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox
// sends HTTP requests in order to check if the server supports HTTPS or not.
// This is done to avoid waiting for a timeout which takes 90 seconds
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
user _pref ( "dom.security.https_only_mode_send_http_background_request" , false ) ;
// -------------------------------------
2020-01-10 15:23:10 +00:00
// Pref : Require safe negotiation
2021-01-27 14:20:49 +00:00
// Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746
// as they're potentially vulnerable to a MiTM attack. A server without RFC 5746 can be
// safe from the attack if it disables renegotiations but the problem is that the browser can't
// know that. Setting this pref to true is the only way for the browser to ensure there will be
// no unsafe renegotiations on the channel between the browser and the server.
2019-04-28 23:52:16 +00:00
// https://wiki.mozilla.org/Security:Renegotiation
2020-01-10 15:23:10 +00:00
// https://tools.ietf.org/html/rfc5746
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
2019-04-28 23:52:16 +00:00
user _pref ( "security.ssl.require_safe_negotiation" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-04-08 20:54:55 +00:00
// Pref : Enforce TLS 1.0 and 1.1 downgrades as session only
2019-12-04 21:55:28 +00:00
user _pref ( "security.tls.version.enable-deprecated" , false ) ;
// -------------------------------------
2020-10-20 18:44:29 +00:00
// Pref: Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
// https://www.ssllabs.com/ssl-pulse/ ***/
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
// user_pref("security.tls.version.max", 4);
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Disable SSL session tracking
// SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking
// https://tools.ietf.org/html/rfc5077
// https://bugzilla.mozilla.org/967977
// https://arxiv.org/abs/1810.07304
user _pref ( "security.ssl.disable_session_identifiers" , true ) ; // [DEFAULT: true] // [HIDDEN PREF]
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable TLS1.3 0-RTT (round-trip time)
// https://github.com/tlswg/tls13-spec/issues/1001
// https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/
user _pref ( "security.tls.enable_0rtt_data" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Require a valid OCSP response for OCSP enabled certificates
// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA
// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses
// [NOTE] `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable
// [NOTE] `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal)
user _pref ( "security.OCSP.require" , true ) ;
// -------------------------------------
// Pref : Enable OSCP (Online Certificate Status Protocol)
// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
// https://www.imperialviolet.org/2014/04/19/revchecking.html
// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/
// https://wiki.mozilla.org/CA:RevocationPlan
// https://wiki.mozilla.org/CA:ImprovingRevocation
// https://wiki.mozilla.org/CA:OCSP-HardFail
// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html
// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html
// [NOTE] OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host
// [NOTE] OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder
// [NOTE] OCSP adds latency (performance)
// [NOTE] Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10)
2019-05-21 19:53:35 +00:00
user _pref ( "security.OCSP.enabled" , 0 ) ;
2019-05-04 17:30:35 +00:00
// -------------------------------------
// Pref : Enable OCSP Stapling support
// Stapling have the site itself proof that his certificate is good through the CA so apparently nothing is leaked in this case.
// https://en.wikipedia.org/wiki/OCSP_stapling
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
2019-04-28 23:52:16 +00:00
user _pref ( "security.ssl.enable_ocsp_stapling" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disallow SHA-1
// 0=all SHA1 certs are allowed
// 1=all SHA1 certs are blocked
// 2=deprecated option that now maps to 1
// 3=only allowed for locally-added roots (e.g. anti-virus)
// 4=only allowed for locally-added roots or for certs in 2015 and earlier
// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
// https://shattered.io/
user _pref ( "security.pki.sha1_enforcement_level" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable Windows 8.1's Microsoft Family Safety cert
// 0=disable detecting Family Safety mode and importing the root
// 1=only attempt to detect Family Safety mode (don't import the root)
// 2=detect Family Safety mode and import the root
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
2019-04-28 23:52:16 +00:00
user _pref ( "security.family_safety.mode" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Enfore Public Key Pinning
// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
// 2= strict (pinning is always enforced)
user _pref ( "security.cert_pinning.enforcement_level" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-09-19 10:54:09 +00:00
// Pref : enforce no insecure active content on https pages
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
2019-04-28 23:52:16 +00:00
user _pref ( "security.mixed_content.block_active_content" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable insecure passive content (such as images) on https pages
user _pref ( "security.mixed_content.upgrade_display_content" , true ) ;
user _pref ( "security.mixed_content.block_display_content" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks
// https://bugzilla.mozilla.org/1190623
user _pref ( "security.mixed_content.block_object_subrequest" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable 3DES (effective key size < 128)
// https://en.wikipedia.org/wiki/3des#Security
2019-10-23 08:18:18 +00:00
// https://en.wikipedia.org/wiki/Meet-in-the-middle_attack
2019-04-28 23:52:16 +00:00
// https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
2021-01-24 17:30:46 +00:00
user _pref ( "security.ssl3.rsa_des_ede3_sha" , false ) ;
2020-10-20 18:44:29 +00:00
// -------------------------------------
// Pref: Disable the remaining non-modern cipher suites as of FF78 (in order of preferred by FF) ***/
// user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
2021-01-24 17:30:46 +00:00
user _pref ( "security.ssl3.ecdhe_ecdsa_aes_128_sha" , false ) ;
user _pref ( "security.ssl3.ecdhe_rsa_aes_128_sha" , false ) ;
2020-10-20 18:44:29 +00:00
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable SEED cipher
// https://en.wikipedia.org/wiki/SEED
user _pref ( "security.ssl3.rsa_seed_sha" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable null ciphers
user _pref ( "security.ssl3.rsa_null_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.rsa_null_md5" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.ecdhe_rsa_null_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.ecdhe_ecdsa_null_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.ecdh_rsa_null_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.ecdh_ecdsa_null_sha" , false ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-07-26 15:37:57 +00:00
// Pref : Enable GCM ciphers (TLS 1.2 only)
2019-05-07 08:26:05 +00:00
// https://en.wikipedia.org/wiki/Galois/Counter_Mode
user _pref ( "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256" , true ) ; // [DEFAULT: true]
user _pref ( "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256" , true ) ; // [DEFAULT: true]
// -------------------------------------
// Pref : Enable ChaCha20 and Poly1305
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
// https://tools.ietf.org/html/rfc7905
// https://bugzilla.mozilla.org/show_bug.cgi?id=917571
// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860
// https://cr.yp.to/chacha.html
user _pref ( "security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256" , true ) ;
user _pref ( "security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256" , true ) ;
// -------------------------------------
2020-07-26 15:37:57 +00:00
// Pref : Ciphers with CBC & SHA-1 (disabled)
user _pref ( "security.ssl3.ecdhe_rsa_aes_256_sha" , false ) ; // [DEFAULT: true]
user _pref ( "security.ssl3.ecdhe_ecdsa_aes_256_sha" , false ) ; // [DEFAULT: true]
user _pref ( "security.ssl3.rsa_aes_128_sha" , false ) ; // [DEFAULT: true]
user _pref ( "security.ssl3.rsa_aes_256_sha" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Disable ciphers with DSA (max 1024 bits)
user _pref ( "security.ssl3.dhe_dss_aes_128_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.dhe_dss_aes_256_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.dhe_dss_camellia_128_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.dhe_dss_camellia_256_sha" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable ciphers susceptible to the logjam attack
// https://weakdh.org/
user _pref ( "security.ssl3.dhe_rsa_camellia_256_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.dhe_rsa_aes_256_sha" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable ciphers with ECDH (non-ephemeral)
user _pref ( "security.ssl3.ecdh_rsa_aes_256_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.ecdh_ecdsa_aes_256_sha" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable RC4
// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
// https://rc4.io/
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
user _pref ( "security.ssl3.ecdh_ecdsa_rc4_128_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.ecdh_rsa_rc4_128_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.ecdhe_ecdsa_rc4_128_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.ecdhe_rsa_rc4_128_sha" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.rsa_rc4_128_md5" , false ) ; // [DESKTOP]
user _pref ( "security.ssl3.rsa_rc4_128_sha" , false ) ; // [DESKTOP]
// -------------------------------------
2020-01-10 15:23:10 +00:00
// Pref : Display warning on the padlock for "broken security"
// [BUG] Warning padlock not indicated for subresources on a secure page!
2020-12-07 18:16:06 +00:00
// [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation
2020-01-10 15:23:10 +00:00
// https://wiki.mozilla.org/Security:Renegotiation
// https://bugzilla.mozilla.org/1353705
2020-07-26 15:37:57 +00:00
// https://www.ssllabs.com/ssl-pulse/
2019-04-28 23:52:16 +00:00
user _pref ( "security.ssl.treat_unsafe_negotiation_as_broken" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Control "Add Security Exception" dialog on SSL warnings
// 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
// https://github.com/pyllyukko/user.js/issues/210
user _pref ( "browser.ssl_override_behavior" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Display advanced information on Insecure Connection warning pages (only works when it's possible to add an exception), i.e. it doesn't work for HSTS discrepancies
// https://subdomain.preloaded-hsts.badssl.com/
// [TEST] https://expired.badssl.com/
user _pref ( "browser.xul.error_pages.expert_bad_cert" , true ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Disable GIO as a potential proxy bypass vector
// Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far.
// https://bugzilla.mozilla.org/1433507
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23044
2019-05-07 08:26:05 +00:00
// https://en.wikipedia.org/wiki/GVfs
// https://en.wikipedia.org/wiki/GIO_(software)
user _pref ( "network.gio.supported-protocols" , "" ) ; // [HIDDEN PREF]
2019-04-28 23:52:16 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Section : User Settings
// >>>>>>>>>>>>>>>>>>>>
2020-03-15 17:00:28 +00:00
// Pref : Set behaviour on "+ Tab" button to display container menu on left click
// [NOTE] The menu is always shown on long press and right click each new tab
// user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable Container Tabs setting in preferences
// https://bugzilla.mozilla.org/1279029
2020-03-15 17:00:28 +00:00
user _pref ( "privacy.userContext.ui.enabled" , true ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable Container Tabs
2020-03-15 17:00:28 +00:00
user _pref ( "privacy.userContext.enabled" , true ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable a private container for thumbnail loads
2020-03-15 17:00:28 +00:00
user _pref ( "privacy.usercontext.about_newtab_segregation.enabled" , true ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Passwords
// >>>>>>>>>>>>>>>>>>>>
2019-08-24 19:06:23 +00:00
// Pref : Disable about:logins (Firefox Lockwise)
// https://lockwise.firefox.com/
// https://support.mozilla.org/en-US/kb/firefox-lockwise-managing-account-data
2019-10-23 08:18:18 +00:00
user _pref ( "signon.management.page.breach-alerts.enabled" , false ) ; // [DESKTOP]
user _pref ( "signon.management.page.breachAlertUrl" , "" ) ; // [DESKTOP]
user _pref ( "signon.management.page.hideMobileFooter" , true ) ; // [DESKTOP]
user _pref ( "signon.management.page.mobileAndroidURL" , "" ) ; // [DESKTOP]
user _pref ( "signon.management.page.mobileAppleURL" , "" ) ; // [DESKTOP]
2020-01-10 15:23:10 +00:00
user _pref ( "signon.management.page.showPasswordSyncNotification" , false ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable autofilling saved passwords on HTTP pages and show warning
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119
user _pref ( "signon.autofillForms.http" , false ) ;
user _pref ( "security.insecure_field_warning.contextual.enabled" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
// Pref : Disable password manager
2019-04-24 23:38:24 +00:00
// [NOTE] This does not clear any passwords already saved
user _pref ( "signon.rememberSignons" , false ) ;
2019-06-23 17:24:52 +00:00
user _pref ( "signon.rememberSignons.visibilityToggle" , false ) ;
user _pref ( "signon.schemeUpgrades" , false ) ;
user _pref ( "signon.showAutoCompleteFooter" , false ) ;
user _pref ( "signon.autologin.proxy" , false ) ;
user _pref ( "signon.privateBrowsingCapture.enabled" , false ) ;
2019-05-10 20:50:17 +00:00
user _pref ( "signon.debug" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-06-23 17:24:52 +00:00
// Pref : Disable Firefox import password from signons.sqlite file
// https://support.mozilla.org/en-US/questions/1020818
user _pref ( "signon.importedFromSqlite" , false ) ;
user _pref ( "signon.recipes.path" , "" ) ;
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Set how often Firefox should ask for the master password
// 0=the first time (default), 1=every time it's needed, 2=every n minutes
user _pref ( "security.ask_for_password" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Set how often in minutes Firefox should ask for the master password
user _pref ( "security.password_lifetime" , 1 ) ; // [DEFAULT: 30]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable auto-filling username & password form fields
2019-10-23 08:18:18 +00:00
// Can leak in cross-site forms and be spoofed
// NOTE] Username & password is still available when you enter the field
2019-04-24 23:38:24 +00:00
user _pref ( "signon.autofillForms" , false ) ;
2019-05-25 16:45:03 +00:00
user _pref ( "signon.autofillForms.autocompleteOff" , true ) ;
2019-12-04 21:55:28 +00:00
user _pref ( "signon.showAutoCompleteOrigins" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable websites autocomplete
// Don't let sites dictate use of saved logins and passwords.
user _pref ( "signon.storeWhenAutocompleteOff" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable formless login capture
// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
user _pref ( "signon.formlessCapture.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources
// Hardens against potential credentials phishing
// 0=don't allow sub-resources to open HTTP authentication credentials dialogs
// 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
2020-10-20 18:44:29 +00:00
// 2=allow sub-resources to open HTTP authentication credentials dialogs (default) ***/
2019-04-24 23:38:24 +00:00
user _pref ( "network.auth.subresource-http-auth-allow" , 1 ) ;
2019-05-21 19:53:35 +00:00
// -------------------------------------
// Pref : Prevent cross-origin images from triggering an HTTP-Authentication prompt
// https://bugzilla.mozilla.org/1357835
user _pref ( "network.auth.subresource-img-cross-origin-http-auth-allow" , false ) ; // [DEPRECATED] // [DESKTOP]
2019-08-24 19:06:23 +00:00
// -------------------------------------
// Pref : Disable Firefox built-in password generator
// https://wiki.mozilla.org/Toolkit:Password_Manager/Password_Generation
// [NOTE] Best still create passwords with random characters and numbers in sequence by yourself
user _pref ( "signon.generation.available" , false ) ;
user _pref ( "signon.generation.enabled" , false ) ;
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Section : Window Meddling & Leaks / Popups
// >>>>>>>>>>>>>>>>>>>>
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Prevent scripts from moving and resizing open windows
user _pref ( "dom.disable_window_move_resize" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Open links targeting new windows in a new tab instead
// This stops malicious window sizes and some screen resolution leaks.
// You can still right-click a link and open in a new window.
// [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
2020-09-19 11:37:12 +00:00
user _pref ( "browser.link.open_newwindow" , 3 ) ; // 1=most recent window or tab 2=new window, 3=new tab
2019-04-27 09:27:34 +00:00
user _pref ( "browser.link.open_newwindow.restriction" , 0 ) ; // [DEFAULT: 0]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
// [NOTE] You can still manually toggle the browser's fullscreen state, but this pref will disable embedded video fullscreen controls, e.g. youtube
2020-09-19 11:35:06 +00:00
// * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
2019-04-27 09:27:34 +00:00
// user_pref("full-screen-api.enabled", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Block popup windows
user _pref ( "dom.disable_open_during_load" , true ) ; // [DEFAULT: true]
2019-05-10 20:50:17 +00:00
user _pref ( "privacy.popups.showBrowserMessage" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Set max popups from a single non-click event
2019-05-06 07:59:33 +00:00
// [NOTE] Non-click events should never spawn a popup?
user _pref ( "dom.popup_maximum" , 0 ) ; // [DEFAULT: 20]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Limit events that can cause a popup
2021-02-19 09:33:07 +00:00
user _pref ( "dom.popup_allowed_events" , "click dblclick mousedown pointerdown" ) ; // [DEFAULT: "change click dblclick auxclick mousedown mouseup pointerdown pointerup notificationclick reset submit touchend contextmenu"]
2019-04-27 09:27:34 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-24 23:38:24 +00:00
// Section : Cache / Session (Re)Store / Favicons
// >>>>>>>>>>>>>>>>>>>>
2019-05-02 09:06:56 +00:00
// [INTRO] ETAG and other cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk and memory cache. ETAGs can also be neutralized by modifying response headers. Another solution is to use a hardened configuration with Temporary Containers. Alternatively, you can *LIMIT* exposure by clearing cache on close. Or on a regular basis manually or with an extension.
2019-04-24 23:38:24 +00:00
// https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags
// https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/
// https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache
2020-09-19 11:35:06 +00:00
// https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor
2019-04-24 23:38:24 +00:00
// https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable disk cache
user _pref ( "browser.cache.disk.enable" , false ) ;
user _pref ( "browser.cache.disk.smart_size.enabled" , false ) ;
user _pref ( "browser.cache.disk.smart_size.first_run" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable memory cache
2020-05-07 17:42:34 +00:00
// Capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes
2020-10-15 15:10:05 +00:00
user _pref ( "browser.cache.memory.enable" , false ) ;
2020-09-19 10:54:09 +00:00
// user_pref("browser.cache.memory.capacity", 0);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-05-07 17:42:34 +00:00
// Pref : Disable permissions manager from writing to disk
// [NOTE] This means any permission changes are session only
// https://bugzilla.mozilla.org/967812
2020-06-18 11:22:51 +00:00
user _pref ( "permissions.memory_only" , true ) ; // [HIDDEN PREF]
2020-05-07 17:42:34 +00:00
// -------------------------------------
// Pref : Disable media cache from writing to disk in Private Browsing
2020-09-19 10:54:09 +00:00
// * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB
// * [SETUP-WEB] ESR78: playback might break on subsequent loading (1650281) ***/
2020-05-07 17:42:34 +00:00
user _pref ( "browser.privatebrowsing.forceMediaMemoryCache" , true ) ;
user _pref ( "media.memory_cache_max_size" , 16384 ) ;
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable fastback cache
// To improve performance when pressing back/forward Firefox stores visited pages so they don't have to be re-parsed. This is not the same as memory cache.
// 0=none, -1=auto (that's minus 1).
// [WARNING] Not recommended unless you know what you're doing
// user_pref("browser.sessionhistory.max_total_viewers", 0);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Exclude "Undo Closed Tabs" in Session Restore
2019-04-26 00:08:12 +00:00
user _pref ( "browser.sessionstore.max_tabs_undo" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable storing extra session data
// Extra session data contains contents of forms, scrollbar positions, cookies and POST data
// Define on which sites to save extra session data:
// 0=everywhere, 1=unencrypted sites, 2=nowhere
user _pref ( "browser.sessionstore.privacy_level" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Set the minimum interval between session save operations
2019-05-02 09:06:56 +00:00
// Increasing this can help on older machines and some websites, as well as reducing writes. Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc.
// This can also affect entries in the "Recently Closed Tabs" feature: i.e. the longer the interval the more chance a quick tab open/close won't be captured.
2019-04-24 23:38:24 +00:00
// This longer interval *may* affect history but we cannot replicate any history not recorded
// https://bugzilla.mozilla.org/1304389
2019-05-16 09:59:26 +00:00
// user_pref("browser.sessionstore.interval", 30000);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable favicons in web notifications
user _pref ( "alerts.showFavicons" , false ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Delete Search and Form History
user _pref ( "browser.formfill.expire_days" , 0 ) ;
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable favicons in shortcuts
// URL shortcuts use a cached randomly named .ico file which is stored in your profile/shortcutCache directory. The .ico remains after the shortcut is deleted.
// false=shortcuts use a generic Firefox icon
user _pref ( "browser.shell.shortcutFavicons" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Display "insecure" icon and "Not Secure" text on HTTP sites
2020-10-20 18:44:29 +00:00
// user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [FF59+] [DEFAULT: true]
2019-05-14 07:29:30 +00:00
user _pref ( "security.insecure_connection_text.enabled" , true ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "security.insecure_connection_icon.pbmode.enabled" , true ) ; // [DESKTOP]
user _pref ( "security.insecure_connection_text.pbmode.enabled" , true ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Enable insecure password warnings (login forms in non-HTTPS pages)
// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119
// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156
user _pref ( "security.insecure_password.ui.enabled" , true ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable automatic Firefox start and session restore after reboot
// https://bugzilla.mozilla.org/603903
user _pref ( "toolkit.winRegisterApplicationRestart" , false ) ; // [WINDOWS] // [DESKTOP]
2020-03-15 17:00:28 +00:00
// -------------------------------------
// Pref : Disable "Restore Session", even after a crash
user _pref ( "browser.sessionstore.resume_from_crash" , false ) ;
user _pref ( "browser.sessionstore.resume_session_once" , false ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-10-23 08:18:18 +00:00
// Section : Geolocation / Language / Locale
2019-04-24 23:38:24 +00:00
// >>>>>>>>>>>>>>>>>>>>
2019-05-21 19:53:35 +00:00
// Pref : Disable geolocation
2019-04-24 23:38:24 +00:00
user _pref ( "geo.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-10-23 08:18:18 +00:00
// Pref : Set preferred language for displaying web pages
2019-04-24 23:38:24 +00:00
user _pref ( "intl.accept_languages" , "en-US, en" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Enforce US English locale regardless of the system locale
2020-12-07 18:16:06 +00:00
// [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
2019-05-07 08:26:05 +00:00
user _pref ( "javascript.use_us_english_locale" , true ) ; // [HIDDEN PREF]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable using the OS's geolocation service
user _pref ( "geo.provider.ms-windows-location" , false ) ; // [WINDOWS] // [DESKTOP]
user _pref ( "geo.provider.use_corelocation" , false ) ; // [MAC] // [DESKTOP]
user _pref ( "geo.provider.use_gpsd" , false ) ; // [LINUX] // [DESKTOP]
2020-03-15 17:00:28 +00:00
user _pref ( "geo.provider.network.url" , "" ) ;
2020-10-24 13:48:42 +00:00
user _pref ( "browser.region.update.enabled" , false ) ;
2020-07-26 15:37:57 +00:00
user _pref ( "browser.region.log" , false ) ;
user _pref ( "browser.region.network.scan" , false ) ;
user _pref ( "browser.region.network.url" , "" ) ;
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable logging geolocation to the console
2020-03-15 17:00:28 +00:00
user _pref ( "geo.provider.network.logging.enabled" , false ) ; // [HIDDEN PREF] // [DESKTOP]
2019-10-23 08:18:18 +00:00
// -------------------------------------
// Pref : Enforce fallback text encoding to match en-US
// When the content or server doesn't declare a charset the browser will fallback to the "Current locale" based on your application language
// [TEST] https://hsivonen.com/test/moz/check-charset.htm
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
2019-10-23 08:18:18 +00:00
user _pref ( "intl.charset.fallback.override" , "windows-1252" ) ;
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Fonts
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable websites choosing fonts (0=block, 1=allow)
2019-06-23 17:24:52 +00:00
// This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector.
2020-10-15 15:22:57 +00:00
// [WARNING] **DO NOT USE**: in FF80+ RFP covers this. Moreover that's not supported anymore in newer versions.
// https://github.com/mozilla-mobile/fenix/issues/15604
2020-10-15 15:30:16 +00:00
// user_pref("browser.display.use_document_fonts", 0);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Set more legible default fonts
2019-06-06 16:32:41 +00:00
user _pref ( "font.name.serif.x-unicode" , "Georgia" ) ;
user _pref ( "font.name.serif.x-western" , "Georgia" ) ; // [DEFAULT: Times New Roman]
user _pref ( "font.name.sans-serif.x-unicode" , "Arial" ) ;
user _pref ( "font.name.sans-serif.x-western" , "Arial" ) ; // [DEFAULT: Arial]
user _pref ( "font.name.monospace.x-unicode" , "Lucida Console" ) ;
user _pref ( "font.name.monospace.x-western" , "Lucida Console" ) ; // [DEFAULT: Courier New]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Disable icon fonts (glyphs) and local fallback rendering
2019-05-21 19:53:35 +00:00
// [NOTE] You can do this with uBlock Origin
2019-04-24 23:38:24 +00:00
// https://bugzilla.mozilla.org/789788
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/legacy/trac/-/issues/8455
2020-03-15 17:00:28 +00:00
// https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts
2019-05-14 07:29:30 +00:00
// user_pref("gfx.downloadable_fonts.enabled", false);
2020-03-15 17:00:28 +00:00
// user_pref("gfx.downloadable_fonts.fallback_delay", -1);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Disable CSS Font Loading API
2019-04-24 23:38:24 +00:00
// [NOTE] Disabling fonts can uglify the web a fair bit.
user _pref ( "layout.css.font-loading-api.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Disable special underline handling for a few fonts which you will probably never use
2020-09-19 11:35:06 +00:00
// https://github.com/arkenfox/user.js/issues/744
2019-06-23 17:24:52 +00:00
// user_pref("font.blacklist.underline_offset", "");
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-01-10 15:23:10 +00:00
// Pref : Disable graphite
// [NOTE] Graphite has had many critical security issues in the past
2019-04-24 23:38:24 +00:00
// https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
2020-01-10 15:23:10 +00:00
// https://en.wikipedia.org/wiki/Graphite_(SIL)
2019-04-24 23:38:24 +00:00
user _pref ( "gfx.font_rendering.graphite.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Limit system font exposure to a whitelist [RESTART]
2019-04-24 23:38:24 +00:00
// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
2020-09-19 10:54:09 +00:00
// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy.
2019-04-24 23:38:24 +00:00
// https://bugzilla.mozilla.org/1121643
// user_pref("font.system.whitelist", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Plugins
// >>>>>>>>>>>>>>>>>>>>
2019-05-10 20:50:17 +00:00
// Pref : Disable plugins
2020-10-24 13:41:38 +00:00
user _pref ( "plugin.disable" , true ) ; // [DEFAULT: true]
user _pref ( "dom.ipc.plugins.enabled" , false ) ; // [DEFAULT: false]
2019-05-21 19:53:35 +00:00
user _pref ( "plugins.crash.supportUrl" , "" ) ; // [DESKTOP]
2019-05-10 20:50:17 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Set default plugin state (i.e. new plugins on discovery) to never activate
2019-04-24 23:38:24 +00:00
// 0=disabled, 1=ask to activate, 2=active - you can override individual plugins
user _pref ( "plugin.default.state" , 0 ) ;
2019-05-21 19:53:35 +00:00
// -------------------------------------
// Pref : Disable scanning for plugins
user _pref ( "plugin.scan.plid.all" , false ) ; // [WINDOWS] // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable all GMP (Gecko Media Plugins)
user _pref ( "media.gmp-provider.enabled" , false ) ;
user _pref ( "media.gmp-manager.certs.1.issuerName" , "" ) ;
user _pref ( "media.gmp-manager.certs.1.commonName" , "" ) ;
user _pref ( "media.gmp-manager.certs.2.issuerName" , "" ) ;
user _pref ( "media.gmp-manager.certs.2.commonName" , "" ) ;
2019-05-14 07:29:30 +00:00
user _pref ( "media.gmp-manager.url" , "" ) ;
user _pref ( "media.gmp-manager.url.override" , "" ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "media.gmp-manager.updateEnabled" , false ) ; // [DESKTOP]
user _pref ( "media.gmp.trial-create.enabled" , false ) ; // [WINDOWS] // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable all DRM content (EME: Encryption Media Extension)
2019-12-04 21:55:28 +00:00
// [NOTE] if you need CDM, e.g. Netflix, Amazon Prime, Hulu, whatever
2019-04-24 23:38:24 +00:00
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
user _pref ( "media.eme.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable the OpenH264 Video Codec by Cisco to "Never Activate".
// This is the bundled codec used for video chat in WebRTC.
user _pref ( "media.gmp-gmpopenh264.enabled" , false ) ;
2019-05-21 19:53:35 +00:00
user _pref ( "media.gmp-gmpopenh264.autoupdate" , false ) ; // [DESKTOP]
2019-05-25 16:45:03 +00:00
user _pref ( "media.gmp-gmpopenh264.visible" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Disable widevine CDM (Content Decryption Module)
2019-12-04 21:55:28 +00:00
// [NOTE] if you need CDM, e.g. Netflix, Amazon Prime, Hulu, whatever
2019-05-14 07:29:30 +00:00
user _pref ( "media.gmp-widevinecdm.enabled" , false ) ; // [DESKTOP]
2020-10-24 13:41:38 +00:00
user _pref ( "media.mediadrm-widevinecdm.visible" , false ) ; // [DEFAULT: true]
2019-05-21 19:53:35 +00:00
user _pref ( "media.gmp-widevinecdm.autoupdate" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Flash plugin
// 0=deactivated, 1=ask, 2=enabled
// [NOTE] You can still override individual sites via site permissions
// https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/
user _pref ( "plugin.state.flash" , 0 ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable Gnome Shell Integration NPAPI plugin
user _pref ( "plugin.state.libgnome-shell-browser-plugin" , 0 ) ; // [DESKTOP]
// -------------------------------------
// Pref : Enable Auto Notification of Outdated Plugins
// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review
// https://hg.mozilla.org/mozilla-central/rev/304560
user _pref ( "plugins.update.notifyUser" , true ) ; // [DESKTOP]
// -------------------------------------
// Pref : Disable Shumway (Mozilla Flash renderer)
// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway
user _pref ( "shumway.disabled" , true ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Blocklists / Safe Browsing / Tracking Protection
// >>>>>>>>>>>>>>>>>>>>
2019-07-08 09:27:28 +00:00
// Pref : Disable add-on and certificate blocklists (OneCRL) from Mozilla
// https://wiki.mozilla.org/Security/Tracking_protection
// https://wiki.mozilla.org/Services/TrackingProtection/Shavar_Server_-_Testing
// https://wiki.mozilla.org/Security/Safe_Browsing
2019-05-04 17:30:35 +00:00
// https://wiki.mozilla.org/Blocklisting
// https://blocked.cdn.mozilla.net/
// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
2019-07-08 09:27:28 +00:00
user _pref ( "services.blocklist.update_enabled" , false ) ; // [DESKTOP]
user _pref ( "services.blocklist.plugins.signer" , "" ) ;
user _pref ( "services.blocklist.plugins.collection" , "" ) ;
user _pref ( "services.blocklist.pinning.signer" , "" ) ;
user _pref ( "services.blocklist.pinning.enabled" , false ) ;
user _pref ( "services.blocklist.pinning.collection" , "" ) ;
user _pref ( "services.blocklist.pinning.bucket" , "" ) ; // [DESKTOP]
user _pref ( "services.blocklist.onecrl.signer" , "" ) ;
user _pref ( "services.blocklist.onecrl.collection" , "" ) ;
user _pref ( "services.blocklist.gfx.signer" , "" ) ;
user _pref ( "services.blocklist.gfx.collection" , "" ) ;
user _pref ( "services.blocklist.bucket" , "" ) ;
user _pref ( "services.blocklist.addons.signer" , "" ) ; // [DESKTOP]
user _pref ( "services.blocklist.addons.collection" , "" ) ;
user _pref ( "extensions.blocklist.lastModified" , "" ) ; // [DESKTOP]
user _pref ( "extensions.blocklist.itemURL" , "" ) ;
user _pref ( "extensions.blocklist.enabled" , false ) ;
user _pref ( "extensions.blocklist.detailsURL" , "" ) ;
user _pref ( "services.settings.security.onecrl.bucket" , "" ) ;
user _pref ( "services.settings.security.onecrl.collection" , "" ) ;
user _pref ( "services.settings.security.onecrl.signer" , "" ) ;
user _pref ( "urlclassifier.blockedTable" , "" ) ;
user _pref ( "urlclassifier.disallow_completions" , "" ) ;
user _pref ( "urlclassifier.downloadAllowTable" , "" ) ;
user _pref ( "urlclassifier.downloadBlockTable" , "" ) ;
user _pref ( "urlclassifier.flashAllowExceptTable" , "" ) ;
user _pref ( "urlclassifier.flashAllowTable" , "" ) ;
user _pref ( "urlclassifier.flashExceptTable" , "" ) ;
user _pref ( "urlclassifier.flashSubDocExceptTable" , "" ) ;
user _pref ( "urlclassifier.flashSubDocTable" , "" ) ;
user _pref ( "urlclassifier.flashTable" , "" ) ;
user _pref ( "urlclassifier.malwareTable" , "" ) ;
user _pref ( "urlclassifier.passwordAllowTable" , "" ) ;
user _pref ( "urlclassifier.phishTable" , "" ) ;
user _pref ( "urlclassifier.trackingAnnotationSkipURLs" , "" ) ; // [DESKTOP]
user _pref ( "urlclassifier.trackingAnnotationTable" , "" ) ; // [DESKTOP]
user _pref ( "urlclassifier.trackingAnnotationWhitelistTable" , "" ) ;
user _pref ( "urlclassifier.trackingTable" , "" ) ;
user _pref ( "urlclassifier.trackingWhitelistTable" , "" ) ;
2021-02-09 10:00:50 +00:00
user _pref ( "urlclassifier.trackingSkipURL" , "" ) ;
2019-05-04 17:30:35 +00:00
// -------------------------------------
// Pref : Opt-out of add-on metadata updates
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
2020-04-08 20:54:55 +00:00
user _pref ( "extensions.getAddons.cache.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents)
2019-05-14 07:29:30 +00:00
user _pref ( "browser.safebrowsing.enabled" , false ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
user _pref ( "browser.safebrowsing.blockedURIs.enabled" , false ) ;
user _pref ( "browser.safebrowsing.debug" , false ) ;
2019-05-10 20:50:17 +00:00
user _pref ( "browser.safebrowsing.downloads.enabled" , false ) ; // [DEFAULT: false]
2019-04-24 23:38:24 +00:00
user _pref ( "browser.safebrowsing.downloads.remote.block_dangerous" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.block_dangerous_host" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.block_potentially_unwanted" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.block_uncommon" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.enabled" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.url" , "" ) ;
user _pref ( "browser.safebrowsing.id" , "" ) ;
user _pref ( "browser.safebrowsing.malware.enabled" , false ) ;
user _pref ( "browser.safebrowsing.passwords.enabled" , false ) ;
user _pref ( "browser.safebrowsing.phishing.enabled" , false ) ;
user _pref ( "browser.safebrowsing.provider.google.advisoryURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.pver" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.advisoryName" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.gethashURL" , "" ) ;
2019-05-16 09:59:26 +00:00
user _pref ( "browser.safebrowsing.provider.google.lastupdatetime" , "" ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
user _pref ( "browser.safebrowsing.provider.google.lists" , "" ) ;
2019-05-16 09:59:26 +00:00
user _pref ( "browser.safebrowsing.provider.google.nextupdatetime" , "" ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
user _pref ( "browser.safebrowsing.provider.google.reportMalwareMistakeURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.reportPhishMistakeURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.reportURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.updateURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.advisoryName" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.advisoryURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.gethashURL" , "" ) ;
2019-05-16 09:59:26 +00:00
user _pref ( "browser.safebrowsing.provider.google4.lastupdatetime" , "" ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
user _pref ( "browser.safebrowsing.provider.google4.lists" , "" ) ;
2019-05-16 09:59:26 +00:00
user _pref ( "browser.safebrowsing.provider.google4.nextupdatetime" , "" ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
user _pref ( "browser.safebrowsing.provider.google4.reportMalwareMistakeURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.reportPhishMistakeURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.reportURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.updateURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.dataSharing.enabled" , false ) ;
user _pref ( "browser.safebrowsing.provider.google4.dataSharingURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.pver" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.gethashURL" , "" ) ;
2019-05-16 09:59:26 +00:00
user _pref ( "browser.safebrowsing.provider.mozilla.lastupdatetime" , "" ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
user _pref ( "browser.safebrowsing.provider.mozilla.lists" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.lists.base" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.lists.content" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.nextupdatetime" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.pver" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.updateURL" , "" ) ;
user _pref ( "browser.safebrowsing.reportPhishURL" , "" ) ;
2020-10-24 13:48:42 +00:00
user _pref ( "browser.safebrowsing.features.cryptomining.update" , false ) ;
user _pref ( "browser.safebrowsing.features.fingerprinting.update" , false ) ;
user _pref ( "browser.safebrowsing.features.malware.update" , false ) ;
user _pref ( "browser.safebrowsing.features.pishing.update" , false ) ;
user _pref ( "browser.safebrowsing.features.trackingAnnotation.update" , false ) ;
user _pref ( "browser.safebrowsing.features.trackingProtection.update" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2021-01-24 17:30:46 +00:00
// Pref : Disable SB checks for downloads (remote)
// To verify the safety of certain executable files, Firefox may submit some information about the
// file, including the name, origin, size and a cryptographic hash of the contents, to the Google
// Safe Browsing service which helps Firefox determine whether or not the file should be blocked
// [SETUP-SECURITY] If you do not understand this, or you want this protection, then override it ***/
user _pref ( "browser.safebrowsing.downloads.remote.enabled" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.url" , "" ) ;
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable passive Tracking Protection
// Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list.
// [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows
// This is included for people who want to completely disable Tracking Protection.
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814
user _pref ( "privacy.trackingprotection.annotate_channels" , false ) ;
user _pref ( "privacy.trackingprotection.lower_network_priority" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable passive Tracking Protection in all windows
user _pref ( "privacy.trackingprotection.enabled" , false ) ;
user _pref ( "privacy.trackingprotection.pbmode.enabled" , false ) ;
2019-05-14 07:29:30 +00:00
// -------------------------------------
2019-05-28 09:00:22 +00:00
// Pref : Disable cryptomining trackingprotection
// [NOTE] uBlock is far superior and you can customize the lists as you wish
// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
// https://github.com/AdroitAdorKhan/EnergizedProtection
// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
// https://github.com/hoshsadiq/adblock-nocoin-list
user _pref ( "browser.contentblocking.cryptomining.preferences.ui.enabled" , false ) ; // [DESKTOP]
user _pref ( "privacy.trackingprotection.cryptomining.enabled" , false ) ;
user _pref ( "urlclassifier.features.cryptomining.blacklistTables" , "" ) ;
user _pref ( "urlclassifier.features.cryptomining.whitelistTables" , "" ) ;
2019-10-23 08:18:18 +00:00
user _pref ( "urlclassifier.features.cryptomining.annotate.whitelistTables" , "" ) ;
user _pref ( "urlclassifier.features.cryptomining.annotate.blacklistTables" , "" ) ;
2019-05-28 09:00:22 +00:00
// -------------------------------------
// Pref : Disable fingerprinting trackingprotection
// [NOTE] uBlock is far superior and you can customize the lists as you wish
// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
// https://github.com/AdroitAdorKhan/EnergizedProtection
// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
user _pref ( "browser.contentblocking.fingerprinting.preferences.ui.enabled" , false ) ; // [DESKTOP]
user _pref ( "privacy.trackingprotection.fingerprinting.enabled" , false ) ;
user _pref ( "urlclassifier.features.fingerprinting.blacklistTables" , "" ) ;
user _pref ( "urlclassifier.features.fingerprinting.whitelistTables" , "" ) ;
2019-10-23 08:18:18 +00:00
user _pref ( "urlclassifier.features.fingerprinting.annotate.whitelistTables" , "" ) ;
user _pref ( "urlclassifier.features.fingerprinting.annotate.blacklistTables" , "" ) ;
2019-05-28 09:00:22 +00:00
// -------------------------------------
2019-08-24 19:06:23 +00:00
// Pref : Disable social trackingprotection
// [NOTE] uBlock is far superior and you can customize the lists as you wish
// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
// https://github.com/AdroitAdorKhan/EnergizedProtection
// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
user _pref ( "privacy.trackingprotection.socialtracking.enabled" , false ) ;
2019-10-23 08:18:18 +00:00
user _pref ( "urlclassifier.features.socialtracking.blacklistTables" , "" ) ;
user _pref ( "urlclassifier.features.socialtracking.whitelistTables" , "" ) ;
user _pref ( "urlclassifier.features.socialtracking.annotate.whitelistTables" , "" ) ;
user _pref ( "urlclassifier.features.socialtracking.annotate.blacklistTables" , "" ) ;
user _pref ( "privacy.socialtracking.block_cookies.enabled" , false ) ; // [DESKTOP]
user _pref ( "privacy.socialtracking.notification.enabled" , false ) ; // [DESKTOP]
2019-08-24 19:06:23 +00:00
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Disable PingCentre telemetry (used in several System Add-ons)
// Currently blocked by 'datareporting.healthreport.uploadEnabled'
user _pref ( "browser.ping-centre.telemetry" , false ) ; // [DESKTOP]
2019-10-23 08:18:18 +00:00
// -------------------------------------
// Pref : Disable all the trackingprotection blocked elements by default
user _pref ( "browser.contentblocking.features.strict" , "" ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : System add-ons / Experiments
// >>>>>>>>>>>>>>>>>>>>
2019-07-29 06:34:37 +00:00
// Pref : Sanitize System Add-on updates URL
2019-05-14 07:29:30 +00:00
// https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
// https://github.com/pyllyukko/user.js/issues/419
// https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.jsm#1248-1257
// [NOTE] Disabling system add-on updates prevents Mozilla from "hotfixing" your browser to patch critical problems (one possible use case from the documentation)
2020-05-07 17:42:34 +00:00
// user_pref("extensions.systemAddon.update.enabled", false);
2019-09-02 14:04:25 +00:00
user _pref ( "extensions.systemAddon.update.url" , "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml" ) ; // [URL SANITIZED]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Normandy/Shield
// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
// https://wiki.mozilla.org/Firefox/Shield
// https://github.com/mozilla/normandy
user _pref ( "app.normandy.enabled" , false ) ; // [DESKTOP]
user _pref ( "app.normandy.api_url" , "" ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
user _pref ( "app.normandy.first_run" , false ) ; // [DESKTOP]
user _pref ( "app.normandy.shieldLearnMoreUrl" , "" ) ; // [DESKTOP]
user _pref ( "app.normandy.user_id" , "" ) ; // [DESKTOP]
2019-05-25 16:45:03 +00:00
user _pref ( "features.normandy-remote-settings.enabled" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Form Autofill
// [NOTE] Stored data is NOT secure (uses a JSON file)
// [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
// https://wiki.mozilla.org/Firefox/Features/Form_Autofill
// https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/
user _pref ( "extensions.formautofill.addresses.enabled" , false ) ; // [DESKTOP]
user _pref ( "extensions.formautofill.available" , "off" ) ; // [DESKTOP]
user _pref ( "extensions.formautofill.creditCards.enabled" , false ) ; // [DESKTOP]
2020-11-14 10:36:27 +00:00
user _pref ( "extensions.formautofill.creditCards.available" , false ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
user _pref ( "extensions.formautofill.heuristics.enabled" , false ) ; // [DESKTOP]
2020-05-07 17:42:34 +00:00
// -------------------------------------
// Pref : Disable ExperimentManager and relative API
// https://bugzilla.mozilla.org/show_bug.cgi?id=1620021
user _pref ( "messaging-system.rsexperimentloader.enabled" , false ) ; // [DESKTOP]
user _pref ( "messaging-system.log" , "" ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Persistent Storage
// >>>>>>>>>>>>>>>>>>>>
2019-05-14 07:29:30 +00:00
// Pref : Delete cookies and site data on close
2020-01-10 15:23:10 +00:00
// 0=keep until they expire (default),1=Prompt for each cookie, 2=keep until you close Firefox, 3=Accept for N days
2019-05-14 07:29:30 +00:00
// https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
2020-02-17 12:16:08 +00:00
user _pref ( "network.cookie.lifetimePolicy" , 2 ) ;
2019-05-14 07:29:30 +00:00
// -------------------------------------
2020-01-10 15:23:10 +00:00
// Pref : Sets the number of days that the lifetime of cookies should be limited to
// [NOTE] Only use if network.cookie.lifetimePolicy is set to 3
// user_pref("network.cookie.lifetime.days", 1); // [DEFAULT: 90]
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable 3rd-party cookies and site-data
2020-10-20 18:44:29 +00:00
// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (default)
2019-04-24 23:38:24 +00:00
// [NOTE] Can breaks payment gateways
user _pref ( "network.cookie.cookieBehavior" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-05-07 17:42:34 +00:00
// Pref : Disable compatibility heuristics to 3rd-party cookie blocking
// https://bugzilla.mozilla.org/show_bug.cgi?id=1625568
user _pref ( "network.cookie.rejectForeignWithExceptions.enabled" , false ) ;
// -------------------------------------
2020-10-20 18:44:29 +00:00
// Pref : Set third-party cookies(if enabled) to session-only
2019-04-24 23:38:24 +00:00
// [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
user _pref ( "network.cookie.thirdparty.sessionOnly" , true ) ;
user _pref ( "network.cookie.thirdparty.nonsecureSessionOnly" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable HTTP sites setting cookies with the "secure" directive
// https://developer.mozilla.org/Firefox/Releases/52#HTTP
user _pref ( "network.cookie.leave-secure-alone" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable support for same-site cookies
// https://bugzilla.mozilla.org/795346
// https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
// https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
user _pref ( "network.cookie.same-site.enabled" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable DOM (Document Object Model) Storage
// [WARNING] This will break a LOT of sites' functionality AND extensions!
// You are better off using an extension for more granular control
// user_pref("dom.storage.enabled", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Do not download URLs for the offline cache
2019-12-04 21:55:28 +00:00
user _pref ( "browser.cache.offline.storage.enable" , false ) ;
2019-04-24 23:38:24 +00:00
user _pref ( "browser.cache.offline.enable" , false ) ;
user _pref ( "browser.cache.offline.capacity" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable service workers cache and cache storage
2020-05-07 17:42:34 +00:00
// [NOTE] Service worker cache are cleared on exit
2019-04-24 23:38:24 +00:00
// https://w3c.github.io/ServiceWorker/#privacy
2019-05-14 07:29:30 +00:00
// user_pref("dom.caches.enabled", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable Storage API
// The API gives sites the ability to find out how much space they can use, how much they are already using, and even control whether or not they need to be alerted before the user agent disposes of site data in order to make room for other things.
// https://developer.mozilla.org/docs/Web/API/StorageManager
// https://developer.mozilla.org/docs/Web/API/Storage_API
// https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/
user _pref ( "dom.storageManager.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable Storage Access API
// https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
user _pref ( "dom.storage_access.enabled" , false ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
2020-11-14 10:36:27 +00:00
// Pref : Enable Local Storage Next Generation (LSNG) [FF65+] ***/
user _pref ( "dom.storage.next_gen" , true ) ;
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Disable download history
user _pref ( "browser.download.manager.retention" , 0 ) ; // [DESKTOP]
// -------------------------------------
// Pref : Enable Firefox to clear items on shutdown
2021-02-07 09:56:45 +00:00
user _pref ( "privacy.sanitize.sanitizeOnShutdown" , true ) ;
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Set what items to clear when Firefox closes
// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically
// [NOTE] Installing user.js will remove your browsing history, caches and local storage.
// [NOTE] Installing user.js **will remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27)
// [NOTE] Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945
// [NOTE] If 'history' is true, downloads will also be cleared regardless of the value
user _pref ( "privacy.clearOnShutdown.cache" , true ) ; // [DESKTOP]
2020-02-17 12:16:08 +00:00
user _pref ( "privacy.clearOnShutdown.cookies" , true ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "privacy.clearOnShutdown.downloads" , true ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
user _pref ( "privacy.clearOnShutdown.formdata" , true ) ; // [DESKTOP]
2019-05-21 19:53:35 +00:00
user _pref ( "privacy.clearOnShutdown.history" , true ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
user _pref ( "privacy.clearOnShutdown.offlineApps" , true ) ; // [DESKTOP]
user _pref ( "privacy.clearOnShutdown.sessions" , true ) ; // [DESKTOP]
2020-02-17 12:16:08 +00:00
user _pref ( "privacy.clearOnShutdown.siteSettings" , true ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// user_pref("privacy.clearOnShutdown.openWindows", true); // [DESKTOP]
// -------------------------------------
// Pref : Reset default 'Time range to clear' for 'Clear Recent History'
// Firefox remembers your last choice. This will reset the value when you start Firefox.
// 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today, 5=last five minutes, 6=last twenty-four hours
// [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a blank value if they are used, but they do work as advertised
user _pref ( "privacy.sanitize.timeSpan" , 0 ) ; // [DESKTOP]
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-25 16:58:17 +00:00
// Section : Headers / Referers
// >>>>>>>>>>>>>>>>>>>>
// Pref : Control when images/links send a referer
// 0=never, 1=send only when links are clicked, 2=for links and images (default)
user _pref ( "network.http.sendRefererHeader" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Control the amount of information to send
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
2019-04-26 00:08:12 +00:00
user _pref ( "network.http.referer.trimmingPolicy" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Control when to send a referer
// 0=always (default), 1=only if base domains match, 2=only if hosts match
2019-04-26 00:08:12 +00:00
user _pref ( "network.http.referer.XOriginPolicy" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Control the amount of information to send
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
2019-04-26 00:08:12 +00:00
user _pref ( "network.http.referer.XOriginTrimmingPolicy" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-28 09:00:22 +00:00
// Pref : Send a referer header with the target URI as the source
// https://bugzilla.mozilla.org/show_bug.cgi?id=822869
// https://github.com/pyllyukko/user.js/issues/227
// https://github.com/pyllyukko/user.js/issues/94
// [NOTE] Spoofing referers breaks functionality on websites relying on authentic referer headers
// [NOTE] Spoofing referers breaks visualisation of 3rd-party sites on the Lightbeam addon
2019-08-24 19:06:23 +00:00
// [NOTE] Spoofing referers disable CSRF protection on some login pages not implementing origin-header/cookie+token based CSRF protection
2019-04-26 00:08:12 +00:00
user _pref ( "network.http.referer.spoofSource" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-26 00:08:12 +00:00
// Pref : Set the default Referrer Policy
2019-04-25 16:58:17 +00:00
// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
// [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
// https://www.w3.org/TR/referrer-policy/
// https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy
// https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/
user _pref ( "network.http.referer.defaultPolicy" , 3 ) ; // [DEFAULT: 3]
user _pref ( "network.http.referer.defaultPolicy.pbmode" , 2 ) ; // [DEFAULT: 2]
2019-05-25 16:45:03 +00:00
user _pref ( "network.http.referer.defaultPolicy.trackers" , 3 ) ; // [DEFAULT: 3]
user _pref ( "network.http.referer.defaultPolicy.trackers.pbmode" , 2 ) ; // [DEFAULT: 2]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Hide (not spoof) referrer when leaving a .onion domain
// [NOTE] Firefox cannot access .onion sites by default. We recommend you use the Tor Browser which is specifically designed for hidden services
// https://bugzilla.mozilla.org/1305144
user _pref ( "network.http.referer.hideOnionSource" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Reject .onion hostnames before passing the to DNS
// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
user _pref ( "network.dns.blockDotOnion" , true ) ; // [DEFAULT: true]
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Disable the DNT (Do Not Track) HTTP header
user _pref ( "privacy.donottrackheader.enabled" , false ) ; // [DEFAULT: true]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020-03-15 17:00:28 +00:00
// Section : FPI (First Party Isolation)
// >>>>>>>>>>>>>>>>>>>>
2020-12-07 18:16:06 +00:00
// Pref : Enable FPI (First Party Isolation) [FF51+]
2020-05-07 17:42:34 +00:00
// [NOTE] May break cross-domain logins and site functionality until perfected
2020-12-07 18:16:06 +00:00
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/
2020-03-15 17:00:28 +00:00
user _pref ( "privacy.firstparty.isolate" , true ) ;
// -------------------------------------
// Pref : Enforce FPI restriction for window.opener [FF54+]
// [NOTE] Setting this to false may reduce the breakage in the previous pref
// FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But to reduce breakage it ignores the 1st-party domain (FPD) originAttribute.
2020-12-07 18:16:06 +00:00
// to reduce breakage it ignores the 1st-party domain (FPD) originAttribute
2020-03-15 17:00:28 +00:00
// The 2nd pref removes that limitation and will only allow communication if FPDs also match.
// https://bugzilla.mozilla.org/1319773#c22
// https://bugzilla.mozilla.org/1492607
// https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
user _pref ( "privacy.firstparty.isolate.restrict_opener_access" , true ) ;
2020-09-19 10:54:09 +00:00
user _pref ( "privacy.firstparty.isolate.block_post_message" , true ) ;
2020-11-25 10:51:03 +00:00
// -------------------------------------
// Pref: Enable scheme with FPI [FF78+]
// [NOTE] Experimental: existing data and site permissions are incompatible
// and some site exceptions may not work e.g. HTTPS-only mode ***/
// user_pref("privacy.firstparty.isolate.use_site", true);
2020-03-15 17:00:28 +00:00
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020-11-28 15:23:41 +00:00
//
2020-10-20 18:44:29 +00:00
// Section : RFP (Resist Fingerprinting) / RFP Alternatives (USER AGENT SPOOFING)
2019-04-24 23:38:24 +00:00
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
// https://bugzilla.mozilla.org/show_bug.cgi?id=1333933
2019-04-28 23:52:16 +00:00
user _pref ( "privacy.resistFingerprinting" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2020-12-07 18:16:06 +00:00
// Pref: Set new window sizes to round to hundreds [FF55+] [SETUP-CHROME]
// Width will round down to multiples of 200s and height to 100s, to fit your screen.
// The override values are a starting point to round from if you want some control
// https://bugzilla.mozilla.org/1330882 ***/
// user_pref("privacy.window.maxInnerWidth", 1000);
// user_pref("privacy.window.maxInnerHeight", 1000);
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Disable mozAddonManager Web API
// [NOTE] As a side-effect allowed extensions to work on AMO. You also need to sanitize or clear extensions.webextensions.restrictedDomains to keep that side-effect
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988
user _pref ( "privacy.resistFingerprinting.block_mozAddonManager" , true ) ; // [HIDDEN PREF] // [DESKTOP]
2021-01-28 18:18:59 +00:00
// user_pref("extensions.webextensions.restrictedDomains", "");
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Enable RFP letterboxing
// Dynamically resizes the inner window by applying letterboxing, using dimensions which waste the least content area, If you use the dimension pref, then it will only apply those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
// [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it
// https://bugzilla.mozilla.org/1407366
2020-10-20 18:44:29 +00:00
// https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/
2021-01-24 17:30:46 +00:00
user _pref ( "privacy.resistFingerprinting.letterboxing" , true ) ; // [HIDDEN PREF] // [DESKTOP]
2019-05-14 07:29:30 +00:00
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable WebRTC, getUserMedia, screen sharing, audio capture, video capture
// https://wiki.mozilla.org/Media/getUserMedia
// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/
// https://developer.mozilla.org/en-US/docs/Web/API/Navigator
user _pref ( "media.navigator.enabled" , false ) ;
user _pref ( "media.navigator.video.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Spoof CPU Core
2019-05-02 09:06:56 +00:00
// [NOTE] *may* affect core performance, will affect content.
2019-04-28 23:52:16 +00:00
// Default settings seems to be the best
// https://bugzilla.mozilla.org/1008453
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127
2019-04-28 23:52:16 +00:00
// https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
2019-05-02 09:06:56 +00:00
// user_pref("dom.maxHardwareConcurrency", 2);
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable resource timing API
// https://www.w3.org/TR/resource-timing/#privacy-security
user _pref ( "dom.enable_resource_timing" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable DOM timing API
// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
// https://www.w3.org/TR/navigation-timing/#privacy
user _pref ( "dom.enable_performance" , false ) ; // [DEFAULT: true]
user _pref ( "dom.enable_performance_navigation_timing" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable sensor API
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758
2019-04-28 23:52:16 +00:00
// https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751
user _pref ( "device.sensors.enabled" , false ) ; // [DEFAULT: true]
2019-05-01 09:22:54 +00:00
user _pref ( "device.sensors.ambientLight.enabled" , false ) ; // [DEFAULT: false]
2019-05-24 19:15:59 +00:00
user _pref ( "device.sensors.motion.enabled" , false ) ; // [DEFAULT: true]
user _pref ( "device.sensors.orientation.enabled" , false ) ; // [DEFAULT: true]
user _pref ( "device.sensors.proximity.enabled" , false ) ; // [DEFAULT: false]
2019-10-23 08:18:18 +00:00
user _pref ( "device.sensors.test.events" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable gamepad API - USB device ID enumeration
// Optional protection depending on your connected devices
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023
2019-04-28 23:52:16 +00:00
user _pref ( "dom.gamepad.enabled" , false ) ; // [DEFAULT: true]
2019-04-30 16:29:58 +00:00
user _pref ( "dom.gamepad.extensions.enabled" , false ) ; // [DEFAULT: true]
user _pref ( "dom.gamepad.haptic_feedback.enabled" , false ) ; // [DEFAULT: false]
user _pref ( "dom.gamepad.test.enabled" , false ) ; // [DEFAULT: true]
2019-08-24 19:06:23 +00:00
user _pref ( "dom.gamepad.extensions.lightindicator" , false ) ; // [DEFAULT: false]
user _pref ( "dom.gamepad.extensions.multitouch" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable giving away network info
// e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
// https://developer.mozilla.org/docs/Web/API/Network_Information_API
// https://wicg.github.io/netinfo/
// https://bugzilla.mozilla.org/960426
user _pref ( "dom.netinfo.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API
// https://developer.mozilla.org/docs/Web/API/Web_Speech_API
// https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
// https://wiki.mozilla.org/HTML5_Speech_API
2019-05-10 20:50:17 +00:00
user _pref ( "media.webspeech.synth.enabled" , false ) ; // [DEFAULT: true]
2019-05-04 17:30:35 +00:00
user _pref ( "media.webspeech.synth_force_global_queue" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable video statistics - JS performance fingerprinting
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757
2019-04-28 23:52:16 +00:00
// https://bugzilla.mozilla.org/654550
user _pref ( "media.video_stats.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Force touch events enabled by default
// Fingerprinting attack vector - leaks screen res & actual screen coordinates.
2019-04-28 23:52:16 +00:00
// 0=disabled, 1=enabled, 2=autodetect
2019-05-04 17:30:35 +00:00
// This pref is set to 2 by default, which results in the Touch API being exposed only when touch hardware is present. So we should either set it to "1" (enable) or "0" (disable) to ensure that JS code can't fingerprint the user's hardware.
2019-04-28 23:52:16 +00:00
// https://developer.mozilla.org/docs/Web/API/Touch_events
2020-07-26 15:37:57 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286
2021-02-21 10:58:40 +00:00
user _pref ( "dom.w3c_touch_events.enabled" , 0 ) ; // [DEFAULT: 2]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable MediaDevices change detection
// https://developer.mozilla.org/docs/Web/Events/devicechange
// https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange
user _pref ( "media.ondevicechange.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable WebGL debug info being available to websites
// https://bugzilla.mozilla.org/1171228
// https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info
user _pref ( "webgl.enable-debug-renderer-info" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable PointerEvents
// https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent
2019-04-30 16:29:58 +00:00
user _pref ( "dom.w3c_pointer_events.enabled" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable Battery Status API
// Initially a Linux issue (high precision readout) that was fixed.
// However, it is still another metric for fingerprinting, used to raise entropy.
// e.g. do you have a battery or not, current charging status, charge level, times remaining etc
// https://bugzilla.mozilla.org/1313580
user _pref ( "dom.battery.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable virtual reality devices APIs
// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API
user _pref ( "dom.vr.enabled" , false ) ; // [DEFAULT: true]
2019-06-23 17:24:52 +00:00
user _pref ( "dom.vr.autoactivate.enabled" , false ) ;
user _pref ( "dom.vr.oculus.enabled" , false ) ;
user _pref ( "dom.vr.oculus.invisible.enabled" , false ) ;
user _pref ( "dom.vr.openvr.enabled" , false ) ;
user _pref ( "dom.vr.osvr.enabled" , false ) ;
user _pref ( "dom.vr.poseprediction.enabled" , false ) ;
user _pref ( "dom.vr.puppet.enabled" , false ) ;
user _pref ( "dom.vr.require-gesture" , true ) ;
user _pref ( "gfx.vr.osvr.clientKitLibPath" , "" ) ;
user _pref ( "gfx.vr.osvr.clientLibPath" , "" ) ;
user _pref ( "gfx.vr.osvr.commonLibPath" , "" ) ;
user _pref ( "gfx.vr.osvr.utilLibPath" , "" ) ;
2019-07-08 09:27:28 +00:00
user _pref ( "dom.vr.process.enabled" , false ) ;
2020-01-10 15:23:10 +00:00
user _pref ( "dom.vr.webxr.enabled" , false ) ;
2020-02-17 12:16:08 +00:00
user _pref ( "dom.vr.always_support_ar" , false ) ;
user _pref ( "dom.vr.always_support_vr" , false ) ;
// -------------------------------------
// Pref : Block by default permission for Virtual Reality
// 0=always ask (default), 1=allow, 2=block
user _pref ( "permissions.default.xr" , 2 ) ; // [DESKTOP]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable hardware acceleration to reduce graphics fingerprinting
2019-06-23 17:24:52 +00:00
// [WARNING] Affects text rendering (fonts will look different), impacts video performance, and parts of Quantum that utilize the GPU will also be affected as they are rolled out
2019-04-28 23:52:16 +00:00
// https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration
2021-02-21 10:58:40 +00:00
// user_pref("gfx.direct2d.disabled", true);
2019-04-28 23:52:16 +00:00
// user_pref("layers.acceleration.disabled", true); // [DEFAULT: false]
2020-10-24 13:41:38 +00:00
// user_pref("layers.acceleration.force-enabled", false); // [BUG] Force close during startup
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable Web Audio API
// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
user _pref ( "dom.webaudio.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable Media Capabilities API
// [SETUP-PERF] This *may* affect media performance if disabled, no one is sure
// https://github.com/WICG/media-capabilities
// https://wicg.github.io/media-capabilities/#security-privacy-considerations
// user_pref("media.media-capabilities.enabled", false); // [DEFAULT: true]
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable showing about:blank as soon as possible during startup
// true=no longer masks the RFP chrome resizing activity
// https://bugzilla.mozilla.org/1448423
user _pref ( "browser.startup.blankWindow" , false ) ; // [DESKTOP]
// -------------------------------------
2020-06-18 11:22:51 +00:00
// Pref : Disable network API
2019-05-14 07:29:30 +00:00
// https://developer.mozilla.org/en-US/docs/Web/API/Connection/onchange
// https://www.torproject.org/projects/torbrowser/design/#fingerprinting-defenses
user _pref ( "dom.network.enabled" , false ) ; // [DESKTOP]
2020-06-18 11:22:51 +00:00
// -------------------------------------
2020-07-26 15:37:57 +00:00
// Pref : Disable chrome animations
// 0=no-preference, 1=reduce. RFP spoofs this for web content
user _pref ( "ui.prefersReducedMotion" , 1 ) ; // [HIDDEN PREF]
2020-10-20 18:44:29 +00:00
// -------------------------------------
// Pref: Navigator DOM object overrides
// [WARNING] DO NOT USE ***/
// user_pref("general.appname.override", ""); // [HIDDEN PREF]
// user_pref("general.appversion.override", ""); // [HIDDEN PREF]
// user_pref("general.buildID.override", ""); // [HIDDEN PREF]
// user_pref("general.oscpu.override", ""); // [HIDDEN PREF]
// user_pref("general.platform.override", ""); // [HIDDEN PREF]
// user_pref("general.useragent.override", ""); // [HIDDEN PREF]
2020-11-28 15:23:41 +00:00
//
2019-05-01 09:22:54 +00:00
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-05-16 09:59:26 +00:00
// Section : UI (User Interface)
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable third-party cookie UI
2020-02-17 12:16:08 +00:00
user _pref ( "browser.contentblocking.rejecttrackers.ui.enabled" , false ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
// -------------------------------------
// Pref : Disable tracking protection UI list editing under preferences
2020-02-17 12:16:08 +00:00
user _pref ( "browser.contentblocking.trackingprotection.ui.enabled" , false ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
// -------------------------------------
// Pref : Disable auto hide download button
2020-02-17 12:16:08 +00:00
user _pref ( "browser.download.autohideButton" , false ) ; // [DESKTOP]
2019-05-16 09:59:26 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-05-01 09:22:54 +00:00
// Section : Personal
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable "Always enable zoom" feature by default
2019-05-10 20:50:17 +00:00
// When true, zooming will be enabled on all sites, even ones that declare user-scalable=no
2019-05-01 09:22:54 +00:00
user _pref ( "browser.ui.zoom.force-user-scalable" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-14 07:29:30 +00:00
// Pref : Disable inline autocomplete in URL bar
2019-10-23 08:18:18 +00:00
// https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete
2019-05-14 07:29:30 +00:00
user _pref ( "browser.urlbar.autoFill" , false ) ; // [DESKTOP]
user _pref ( "browser.urlbar.autoFill.typed" , false ) ; // [DESKTOP]
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Set bookmarks backups
// To compensate for the case of bookmarks being lost due to a system crash.
2019-05-10 20:50:17 +00:00
user _pref ( "browser.bookmarks.max_backups" , 0 ) ; // [DEFAULT: 5]
// -------------------------------------
// Pref : Set home provider syncing only on wifi
// 0=sync always, 1=sync only when on wifi
2020-10-24 13:41:38 +00:00
user _pref ( "home.sync.updateMode" , 1 ) ; // [DEFAULT: 0]
// user_pref("home.sync.checkIntervalSecs", 3600); //
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Middle-click mouse enabling auto-scrolling
2019-07-08 09:27:28 +00:00
user _pref ( "general.autoScroll" , true ) ; // [DESKTOP]
2019-05-14 07:29:30 +00:00
// -------------------------------------
2019-05-21 19:53:35 +00:00
// Pref : Disable buttons
user _pref ( "pref.general.disable_button.default_browser" , true ) ; // [DESKTOP]
user _pref ( "pref.privacy.disable_button.view_passwords" , true ) ; // [DESKTOP]
// -------------------------------------
2019-05-24 19:15:59 +00:00
// Pref : Disable Reader mode
2019-05-28 09:00:22 +00:00
// user_pref("reader.parse-on-load.enabled", false);
2019-05-24 19:15:59 +00:00
// -------------------------------------
// Pref : Disable dark theme on forms
user _pref ( "widget.content.gtk-theme-override" , "Adwaita" ) ; // [DESKTOP]
// -------------------------------------
2019-07-18 09:08:43 +00:00
// Pref: Disable "Ctrl+Tab cycles through tabs in recently used order"
// https://bugzilla.mozilla.org/1473595
2019-05-24 19:15:59 +00:00
user _pref ( "browser.ctrlTab.recentlyUsedOrder" , false ) ; // [DESKTOP]
// -------------------------------------
// Pref : Display long lines in view-source page
user _pref ( "view_source.wrap_long_lines" , true ) ;
2020-11-28 15:23:41 +00:00
//
2019-07-18 09:08:43 +00:00
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Deprecated / Removed / Legacy / Renamed
2020-10-20 18:44:29 +00:00
// >>>>>>>>>>>>>>>>>>>>
2021-02-19 09:33:07 +00:00
// FF86
// Pref : Disable SSL Error Reporting
// https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html
// https://bugzilla.mozilla.org/1681839
user _pref ( "security.ssl.errorReporting.automatic" , false ) ;
user _pref ( "security.ssl.errorReporting.enabled" , false ) ;
user _pref ( "security.ssl.errorReporting.url" , "" ) ;
// -------------------------------------
// Pref : Disable hiding mime types (Options>General>Applications) not associated with a plugin
// https://bugzilla.mozilla.org/1581678
user _pref ( "browser.download.hide_plugins_without_extensions" , false ) ; // [DESKTOP]
// -------------------------------------
2020-10-16 17:24:45 +00:00
// FF79
2020-10-20 18:44:29 +00:00
// -------------------------------------
// Pref: Enforce fallback text encoding to match en-US
2020-10-16 17:24:45 +00:00
// When the content or server doesn't declare a charset the browser will
// fallback to the "Current locale" based on your application language
// [TEST] https://hsivonen.com/test/moz/check-charset.htm
2020-10-20 18:44:29 +00:00
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
// https://bugzilla.mozilla.org/1603712
2020-10-16 17:24:45 +00:00
user _pref ( "intl.charset.fallback.override" , "windows-1252" ) ;
2020-10-20 18:44:29 +00:00
// -------------------------------------
2020-10-16 17:24:45 +00:00
// FF82
2020-10-20 18:44:29 +00:00
// -------------------------------------
// Pref: Disable geographically specific results/search engines e.g. "browser.search.*.US"
2020-10-16 17:24:45 +00:00
// i.e. ignore all of Mozilla's various search engines in multiple locales
2020-10-20 18:44:29 +00:00
// https://bugzilla.mozilla.org/1619926
2020-10-16 17:24:45 +00:00
user _pref ( "browser.search.geoSpecificDefaults" , false ) ;
user _pref ( "browser.search.geoSpecificDefaults.url" , "" ) ;
//