Update 'config/mozilla.cfg'

 Sanitized almost all URLs for requests to Mozilla servers from LOCALE
 Synced all the buildIDs with Tor's ones
️ Removed all the warnings on quit and from accessing about:config page
️ Disabled more unwanted connections
️ Disabled vendor useragent info leakage to Mozilla
️ Disabled entering in safe mode
️ Disabled completely PingCentre telemetry (used in several System Add-ons)
ℹ️ Moved some preferences from FF69+ into deprecated section (keeping them active for ESR60.x and ESR68.x)
ℹ️ Added new links for better descriptions
This commit is contained in:
quindecim 2019-09-02 10:04:29 -04:00
parent 439cb92289
commit 0e18822393
1 changed files with 63 additions and 26 deletions

View File

@ -110,8 +110,8 @@ lockPref("browser.startup.homepage_override.mstone", "ignore");
// lockPref("app.update.auto", false); // [DESKTOP]
// lockPref("app.update.autodownload", "never"); // [TEST] // [FENNEC]
// lockPref("app.update.channel", "");
lockPref("app.update.url", "https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED] // [DESKTOP]
lockPref("app.update.url.details", "https://www.mozilla.org/firefox/notes"); // [URL SANITIZED] // [DESKTOP]
lockPref("app.update.url", "https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED] // [DESKTOP]
lockPref("app.update.url.details", "https://www.mozilla.org/en-US/firefox/notes"); // [URL SANITIZED] // [DESKTOP]
// lockPref("app.update.url.manual", ""); // [DESKTOP]
// lockPref("app.update.url.android", ""); // [FENNEC]
// lockPref("app.update.staging.enabled", false); // [DESKTOP]
@ -338,14 +338,17 @@ lockPref("browser.discovery.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable Crash Reports
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.email", ""); // [DESKTOP]
lockPref("browser.tabs.crashReporting.emailMe", false); // [DESKTOP]
lockPref("browser.tabs.crashReporting.includeURL", false); // [DESKTOP]
lockPref("browser.tabs.crashReporting.requestEmail", false); // [DESKTOP]
lockPref("browser.tabs.crashReporting.sendReport", false); // [DESKTOP]
lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // [DESKTOP]
lockPref("toolkit.crashreporter.infoURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable automatic captive portal detection
// https://en.wikipedia.org/wiki/Captive_portal
// https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
// https://wiki.mozilla.org/Necko/CaptivePortal
// https://trac.torproject.org/projects/tor/ticket/21790
lockPref("captivedetect.canonicalURL", "");
lockPref("network.captive-portal-service.enabled", false);
lockPref("network.captive-portal-service.backoffFactor", "");
@ -407,7 +410,7 @@ lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false)
// -------------------------------------
// Pref : Disable send content blocking log to about:protections
// https://bugzilla.mozilla.org/show_bug.cgi?id=1549832
lockPref("browser.contentblocking.database.enabled", false);
lockPref("browser.contentblocking.database.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Onboarding tour disable because of included telemetry
// [NOTE] This setting is just in case it comeback
@ -440,6 +443,7 @@ defaultPref("layout.spellcheckDefault", 0); // [DESKTOP]
// Pref : Disable Firefox internal page warnings
lockPref("network.warnOnAboutNetworking", false);
lockPref("general.warnOnAboutConfig", false);
lockPref("browser.aboutConfig.showWarning", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable recent Highlights in the Library
lockPref("browser.library.activity-stream.enabled", false); // [DESKTOP]
@ -448,6 +452,7 @@ lockPref("browser.library.activity-stream.enabled", false); // [DESKTOP]
lockPref("browser.tabs.warnOnClose", false); // [DESKTOP]
lockPref("browser.tabs.warnOnCloseOtherTabs", false); // [DESKTOP]
lockPref("browser.tabs.warnOnOpen", false); // [DESKTOP]
lockPref("browser.warnOnQuit", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable warnings by entering full screen mode
lockPref("full-screen-api.warning.delay", 0);
@ -495,6 +500,8 @@ lockPref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode", "");
lockPref("startup.homepage_welcome_url", ""); // [DESKTOP]
lockPref("startup.homepage_welcome_url.additional", ""); // [DESKTOP]
lockPref("startup.homepage_override_url", ""); // [DESKTOP]
lockPref("browser.search.param.yahoo-fr", ""); // [DESKTOP]
lockPref("privacy.restrict3rdpartystorage.partitionedHosts", ""); // [DESKTOP]
// -------------------------------------
// Pref : Devtools cleanup
lockPref("devtools.devices.url", "");
@ -524,6 +531,12 @@ lockPref("general.useragent.updates.enabled", false); // [FENNEC]
lockPref("general.useragent.site_specific_overrides", false); // [DESKTOP]
lockPref("general.useragent.updates.url", ""); // [FENNEC]
// -------------------------------------
// Pref : Decrease vendor useragent info leakage to Mozilla
// https://github.com/pyllyukko/user.js/issues/299
lockPref("general.useragent.vendor", ""); // [DESKTOP]
lockPref("general.useragent.vendorComment", ""); // [DESKTOP]
lockPref("general.useragent.vendorSub", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable mailnews
lockPref("mailnews.messageid_browser.url", ""); // [DESKTOP]
lockPref("mailnews.mx_service_url", ""); // [DESKTOP]
@ -544,8 +557,16 @@ lockPref("_config.applied", true);
lockPref("extensions.update.enabled", true);
lockPref("extensions.autoupdate.enabled", true);
// -------------------------------------
// Pref : Decrease system information leakage to Mozilla extensions update servers
lockPref("extensions.update.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"); // [URL SANITIZED]
lockPref("extensions.update.background.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"); // [URL SANITIZED]
// -------------------------------------
// Pref : Decrease system information leakage to Mozilla addons update servers
lockPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/firefox/search?q=%TERMS%"); // [URL SANITIZED]
lockPref("extensions.getAddons.browseAddons", "https://addons.mozilla.org/en-US/firefox/collections/4757633/mob/?page=1&collection_sort=-popularity"); // [URL SANITIZED] // [FENNEC]
lockPref("extensions.getAddons.get.url", "https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=en-US"); // [URL SANITIZED]
lockPref("extensions.getAddons.link.url", "https://addons.mozilla.org/en-US/firefox/"); // [URL SANITIZED]
lockPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/en-US/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%"); // [URL SANITIZED]
lockPref("extensions.getAddons.compatOverides.url", "https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=en-US"); // [URL SANITIZED]
// -------------------------------------
// Pref : Disable Web Compatibility Reporter
// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
@ -936,10 +957,10 @@ lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
// Value taken from Tor Browser
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
lockPref("general.buildID.override", "20100101");
lockPref("browser.startup.homepage_override.buildID", "20100101");
lockPref("media.gmp-manager.buildID", "20190307010101"); // [DESKTOP]
lockPref("extensions.lastAppBuildID", "20190307010101");
lockPref("browser.sessionstore.upgradeBackup.latestBuildID", "20190307010101"); // [DESKTOP]
lockPref("browser.startup.homepage_override.buildID", "20190307050101");
lockPref("media.gmp-manager.buildID", "20190307050101"); // [DESKTOP]
lockPref("extensions.lastAppBuildID", "20190307050101");
lockPref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable raw TCP socket support (mozTCPSocket)
// https://trac.torproject.org/projects/tor/ticket/18863
@ -1005,17 +1026,16 @@ lockPref("dom.imagecapture.enabled", false); // [DEFAULT: false]
lockPref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable autoplay of HTML5 media
// 0=Allowed, 1=Blocked, 2=Prompt
// 0=Allow all, 1=Block non-muted media, 5=Block all
// [NOTE] You can set exceptions under site permissions
lockPref("media.autoplay.default", 1);
lockPref("media.autoplay.allow-muted", false); // [DEFAULT: true]
lockPref("media.autoplay.default", 5);
lockPref("media.autoplay.block-event.enabled", true); // [DEFAULT: false]
lockPref("media.autoplay.block-webaudio", true); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable autoplay of HTML5 media if you interacted with the site
lockPref("media.autoplay.enabled.user-gestures-needed", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable audio autoplay in non-active tabs
// Pref : Disable autoplay of HTML5 media in non-active tabs
// https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
lockPref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true]
//
@ -1190,6 +1210,11 @@ lockPref("remote.log.level", ""); // [DESKTOP]
// "browser.safebrowsing.allowOverride" prevents selecting "ignore the risk" and visiting a harmful site anyway.
lockPref("browser.safebrowsing.allowOverride", false); // [DESKTOP]
lockPref("security.certerror.hideAddException", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable safe mode
// In case of a crash, we don't want to prompt for a safe-mode browser that has extensions disabled.
// https://support.mozilla.org/en-US/questions/951221#answer-410562
lockPref("toolkit.startup.max_resumed_crashes", -1); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Block Implicit Outbound
@ -1778,9 +1803,6 @@ lockPref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courie
// defaultPref("gfx.downloadable_fonts.enabled", false);
// defaultPref("gfx.downloadable_fonts.fallback_delay", 0);
// -------------------------------------
// Pref : Disable WOFF2 (Web Open Font Format)
defaultPref("gfx.downloadable_fonts.woff2.enabled", false);
// -------------------------------------
// Pref : Disable CSS Font Loading API
// [NOTE] Disabling fonts can uglify the web a fair bit.
defaultPref("layout.css.font-loading-api.enabled", false);
@ -1816,12 +1838,6 @@ lockPref("plugin.defaultXpi.state", 0);
// Pref : Disable scanning for plugins
lockPref("plugin.scan.plid.all", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Enable plugins click-to-play
// https://wiki.mozilla.org/Firefox/Click_To_Play
// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/
lockPref("plugins.click_to_play", true);
lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0);
// -------------------------------------
// Pref : Disable all GMP (Gecko Media Plugins)
lockPref("media.gmp-provider.enabled", false);
lockPref("media.gmp-manager.certs.1.issuerName", "");
@ -2026,6 +2042,8 @@ lockPref("privacy.trackingprotection.socialtracking.enabled", false);
// Pref : Disable PingCentre telemetry (used in several System Add-ons)
// Currently blocked by 'datareporting.healthreport.uploadEnabled'
lockPref("browser.ping-centre.telemetry", false); // [DESKTOP]
lockPref("browser.ping-centre.production.endpoint", ""); // [DESKTOP]
lockPref("browser.ping-centre.staging.endpoint", ""); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : System add-ons / Experiments
@ -2037,7 +2055,7 @@ lockPref("browser.ping-centre.telemetry", false); // [DESKTOP]
// https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.jsm#1248-1257
// [NOTE] Disabling system add-on updates prevents Mozilla from "hotfixing" your browser to patch critical problems (one possible use case from the documentation)
// lockPref("extensions.systemAddon.update.enabled", false); // [DESKTOP]
lockPref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED]
lockPref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED]
// -------------------------------------
// Pref : Disable Normandy/Shield
// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
@ -2070,6 +2088,8 @@ lockPref("extensions.formautofill.heuristics.enabled", false); // [DESKTOP]
// defaultPref("network.cookie.lifetimePolicy", 2);
// -------------------------------------
// Pref : Disable 3rd-party cookies and site-data
// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers
// [NOTE] Value 4 is tied to the Tracking Protection lists
// [NOTE] Can breaks payment gateways
defaultPref("network.cookie.cookieBehavior", 1);
// -------------------------------------
@ -2447,8 +2467,8 @@ defaultPref("browser.urlbar.doubleClickSelectsAll", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Deprecated / Removed / Legacy / Renamed
// ESR60.x still uses all the following prefs
// >>>>>>>>>>>>>>>>>>>>
// ESR60.x still uses all the following prefs
// -------------------------------------
// FF52+
// -------------------------------------
@ -2630,7 +2650,7 @@ lockPref("media.autoplay.enabled", false);
// Pref: Enable "Ctrl+Tab cycles through tabs in recently used order"
// Rreplaced by "browser.ctrlTab.recentlyUsedOrder"
// https://bugzilla.mozilla.org/1473595
defaultpref("browser.ctrlTab.previews", true);
defaultPref("browser.ctrlTab.previews", true);
// -------------------------------------
// Pref : Disable In-Browser Feed Handling
// https://bugzilla.mozilla.org/show_bug.cgi?id=1477670
@ -2730,6 +2750,8 @@ lockPref("lightweightThemes.update.enabled", false);
// https://bugzilla.mozilla.org/1386214
defaultPref("security.csp.experimentalEnabled", true);
// -------------------------------------
// ESR68.x still uses all the following prefs
// -------------------------------------
// FF69+
// -------------------------------------
// Pref : Disable app from auto-update
@ -2759,5 +2781,20 @@ lockPref("security.identitypopup.recordEventElemetry", false);
// https://hg.mozilla.org/mozilla-central/rev/68aacb4ba7f9
lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false);
// -------------------------------------
// Pref : Disable WOFF2 (Web Open Font Format)
// https://bugzilla.mozilla.org/1556991
// https://hg.mozilla.org/mozilla-central/rev/69d1b01b2847
lockPref("gfx.downloadable_fonts.woff2.enabled", false);
// -------------------------------------
// Pref : Enable plugins click-to-play
// https://bugzilla.mozilla.org/1519434
// https://hg.mozilla.org/mozilla-central/rev/38fc0d299eb0
lockPref("plugins.click_to_play", true);
// -------------------------------------
// Pref : Disable autoplay of HTML5 media
// https://bugzilla.mozilla.org/1562331
// https://hg.mozilla.org/mozilla-central/rev/3780202d7104
lockPref("media.autoplay.allow-muted", false);
// -------------------------------------
// FF70+
// -------------------------------------