Update 'config/mozilla.cfg'

️ Disabled `PiP` (Picture-in-Picture) feature
️ Disabled autoplay of HTML5 media if you interacted with the site | FF78
️ Disabled using the OS's geolocation service | FF78
️ Disabled one more webextension sync process | FF78
️ Disabled Top Sites as suggestion from the search bar | FF78
️ Disabled chrome animations (RFP spoofs this for web content)
️ Disabled FF from sending search terms to ISPs | FF77
️ Disabled new contentblocking report connections prefs | FF78
️ Disabled "Open with PdfJS" dialog | FF78
️ Disabled new stories related activity-stream prefs | FF78
ℹ️ Grouped CBC ciphers
ℹ️ Modified some links, tag and descriptions
ℹ️ Moved some preferences from FF77+ into deprecated section (keeping them active for ESR68.x.x)
This commit is contained in:
quindecim 2020-07-26 11:38:00 -04:00
parent 11f1133aa4
commit 1be62ea706
1 changed files with 104 additions and 60 deletions

View File

@ -14,7 +14,6 @@
// Librefox : https://github.com/intika/Librefox
// pyllyukko : https://github.com/pyllyukko/user.js
// OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js
// CHEF-KOCH : https://github.com/CHEF-KOCH/FFCK/tree/master/user.js
//
// License : https://git.nixnet.xyz/quindecim/mozilla.cfg/src/branch/master/LICENSE.txt
//
@ -107,6 +106,10 @@ lockPref("browser.newtabpage.activity-stream.discoverystream.region-basic-layout
lockPref("browser.newtabpage.activity-stream.discoverystream.region-layout-config", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.discoverystream.region-stories-config", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.discoverystream.recs.personalized", false); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.discoverystream.spocs.personalized", false); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable new tab tile ads & preload
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
@ -125,6 +128,7 @@ lockPref("browser.startup.homepage_override.mstone", "ignore");
// https://bugzilla.mozilla.org/show_bug.cgi?id=1617783
lockPref("browser.aboutwelcome.enabled", false); // [DESKTOP]
lockPref("trailhead.firstrun.branches", ""); // [DESKTOP]
lockPref("browser.aboutwelcome.overrideContent", ""); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Quiet Fox
@ -422,7 +426,6 @@ lockPref("extensions.abuseReport.enabled", false);
lockPref("extensions.abuseReport.url", "");
lockPref("extensions.abuseReport.amoDetailsURL", "");
lockPref("extensions.abuseReport.amWebAPI.enabled", false);
lockPref("extensions.abuseReport.openDialog", false);
// -------------------------------------
// Pref : Disable Firefox Hello metrics collection
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
@ -446,6 +449,9 @@ lockPref("browser.contentblocking.report.social.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.tracker.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.allowlist.annotations.enabled", false); // [FENNEC]
lockPref("browser.contentblocking.allowlist.storage.enabled", false); // [FENNEC]
lockPref("browser.contentblocking.report.endpoint_url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.monitor.home_page_url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.monitor.preferences_url", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable lockwise app callout to the ETP card
// https://bugzilla.mozilla.org/show_bug.cgi?id=1612091
@ -562,6 +568,12 @@ lockPref("security.remote_settings.crlite_filters.signer", "");
// Pref : Disable Default Browser Agent
// https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html
lockPref("default-browser-agent.enabled", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable location bar leaking single words to a DNS provider (after searching)
// 0=never resolve single words, 1=heuristic (default), 2=always resolve
// [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions
// https://bugzilla.mozilla.org/1642623
lockPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : IJWY To Shut Up
@ -717,6 +729,7 @@ lockPref("browser.snippets.syncPromo.enabled", false); // [FENNEC]
// Pref : Disable Webextensions sync
lockPref("webextensions.storage.sync.enabled", false); // [DESKTOP]
lockPref("webextensions.storage.sync.serverURL", "");
lockPref("webextensions.storage.sync.kinto", false);
// -------------------------------------
// Pref : Force Punycode for Internationalized Domain Names
// https://www.xudongz.com/blog/2017/idn-phishing/
@ -750,7 +763,7 @@ lockPref("media.webspeech.test.fake_recognition_service", false); // [DEFAULT: f
lockPref("browser.search.geoSpecificDefaults", false);
// -------------------------------------
// Pref : Don't monitor OS online/offline connection state
// https://trac.torproject.org/projects/tor/ticket/18945
// https://gitlab.torproject.org/legacy/trac/-/issues/18945
lockPref("network.manage-offline-status", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Set File URI Origin Policy
@ -766,7 +779,7 @@ lockPref("security.dialog_enable_delay", 700);
// -------------------------------------
// Pref : Disable ADB extension download
// https://developer.mozilla.org/docs/Tools/WebIDE
// https://trac.torproject.org/projects/tor/ticket/16222
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222
defaultPref("devtools.debugger.remote-enabled", false);
lockPref("devtools.remote.adb.extensionURL", ""); // [DESKTOP]
lockPref("devtools.remote.adb.extensionID", ""); // [DESKTOP]
@ -799,7 +812,7 @@ lockPref("mathml.disabled", true);
lockPref("middlemouse.paste", false);
// -------------------------------------
// Pref : Disable middle mouse click opening links from clipboard
// https://trac.torproject.org/projects/tor/ticket/10089
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089
lockPref("middlemouse.contentLoadURL", false);
// -------------------------------------
// Pref : Limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
@ -920,6 +933,7 @@ lockPref("browser.urlbar.filter.javascript", true); // [DESKTOP]
defaultPref("pdfjs.disabled", true); // [DEFAULT: false] // [DESKTOP]
lockPref("pdfjs.enabledCache.state", false); // [DESKTOP]
lockPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); // [DESKTOP]
defaultPref("browser.helperApps.showOpenOptionForPdfJS", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable exposure of system colors to CSS or canvas
// [NOTE] See second listed bug: may cause black on black for elements with undefined colors
@ -998,6 +1012,14 @@ lockPref("dom.push.udp.wakeupEnabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable hiding mime types not associated with a plugin
lockPref("browser.download.hide_plugins_without_extensions", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable PiP (Picture-in-picture)
lockPref("media.videocontrols.picture-in-picture.enabled", false);
lockPref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
lockPref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false); // [FENIX]
lockPref("media.videocontrols.picture-in-picture.audio-toggle.enabled", false); // [DESKTOP]
lockPref("media.videocontrols.picture-in-picture.keyboard-controls.enabled", false); // [DESKTOP]
lockPref("media.videocontrols.picture-in-picture.video-toggle.always-show", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : DOM (Document Object Model) & Javascript
@ -1039,7 +1061,7 @@ lockPref("javascript.options.asmjs", false);
// [NOTE] In FF75+, when (both) Ion and JIT are disabled, **and** the new hidden pref is enabled, then Ion can still be used by extensions
// [WARNING] Disabling Ion/JIT can cause some site issues and performance loss
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
// https://trac.torproject.org/projects/tor/ticket/26019
// https://gitlab.torproject.org/legacy/trac/-/issues/26019
lockPref("javascript.options.ion", false);
lockPref("javascript.options.baselinejit", false); // [FENNEC - BUG] Addons issues
lockPref("javascript.options.jit_trustedprincipals", true); // [HIDDEN PREF] // [DESKTOP ?]
@ -1049,7 +1071,7 @@ lockPref("javascript.options.native_regexp", false);
// https://webassembly.org/
// https://developer.mozilla.org/docs/WebAssembly
// https://en.wikipedia.org/wiki/WebAssembly
// https://trac.torproject.org/projects/tor/ticket/21549
// https://gitlab.torproject.org/legacy/trac/-/issues/21549
lockPref("javascript.options.wasm", false);
lockPref("javascript.options.wasm_baselinejit", false);
lockPref("javascript.options.wasm_cranelift", false);
@ -1058,6 +1080,7 @@ lockPref("javascript.options.wasm_ionjit", false);
lockPref("javascript.options.wasm_reftypes", false);
lockPref("javascript.options.wasm_trustedprincipals", false);
lockPref("javascript.options.wasm_verbose", false);
lockPref("javascript.options.wasm_multi_value", false);
// -------------------------------------
// Pref : Disable Intersection Observer API
// Almost a year to complete, three versions late to stable (as default false), number #1 cause of crashes in nightly numerous times, and is (primarily) an ad network API for "ad viewability checks" down to a pixel level
@ -1069,7 +1092,7 @@ lockPref("dom.IntersectionObserver.enabled", false);
// Pref : Disable Shared Memory (Spectre mitigation)
// https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
// https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
lockPref("javascript.options.shared_memory", false); // [DEFAULT: false]
lockPref("javascript.options.shared_memory", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable (limited but sufficient) window.opener protection
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
@ -1084,7 +1107,7 @@ lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
// lockPref("general.buildID.override", "");
// -------------------------------------
// Pref : Disable raw TCP socket support (mozTCPSocket)
// https://trac.torproject.org/projects/tor/ticket/18863
// https://gitlab.torproject.org/legacy/trac/-/issues/18863
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
lockPref("dom.mozTCPSocket.enabled", false); // [DESKTOP]
@ -1139,7 +1162,7 @@ lockPref("media.realtime_decoder.enabled", false); // [DEFAULT: true] // [FENNEC
lockPref("canvas.capturestream.enabled", false);
// -------------------------------------
// Pref : Disable camera image capture
// https://trac.torproject.org/projects/tor/ticket/16339
// https://gitlab.torproject.org/legacy/trac/-/issues/16339
lockPref("dom.imagecapture.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable offscreen canvas
@ -1154,7 +1177,9 @@ lockPref("media.autoplay.block-event.enabled", true); // [DEFAULT: false]
lockPref("media.autoplay.block-webaudio", true); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable autoplay of HTML5 media if you interacted with the site
lockPref("media.autoplay.enabled.user-gestures-needed", true); // [DEFAULT: true]
// 0=sticky (default), 1=transient, 2=user
// https://html.spec.whatwg.org/multipage/interaction.html#sticky-activation
lockPref("media.autoplay.blocking_policy", 2);
// -------------------------------------
// Pref : Disable autoplay of HTML5 media in non-active tabs
// https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
@ -1200,7 +1225,7 @@ defaultPref("browser.formfill.enable", false);
// -------------------------------------
// Pref : Disable date/time picker
// [WARNING] This can leak your locale if not en-US
// https://trac.torproject.org/projects/tor/ticket/21787
// https://gitlab.torproject.org/legacy/trac/-/issues/21787
// https://bugzilla.mozilla.org/show_bug.cgi?id=1287503
// lockPref("dom.forms.datetime", false);
// -------------------------------------
@ -1236,6 +1261,7 @@ lockPref("browser.urlbar.autocomplete.enabled", false); // [FENNEC]
defaultPref("browser.urlbar.suggest.history", false); // [DESKTOP]
defaultPref("browser.urlbar.suggest.bookmark", false); // [DESKTOP]
defaultPref("browser.urlbar.suggest.openpage", false); // [DESKTOP]
defaultPref("browser.urlbar.suggest.topsites", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable browsing and download history
// lockPref("places.history.enabled", false); // [DESKTOP]
@ -1380,7 +1406,10 @@ lockPref("network.predictor.enable-hover-on-ssl", false);
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable IPv6
// If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
// IPv6 can be abused, especially regarding MAC addresses. They also do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it.
// [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6
// [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
// [TEST] https://ipleak.org/
lockPref("network.dns.disableIPv6", true);
// -------------------------------------
// Pref : Disable HTTP2 (which was based on SPDY which is now deprecated)
@ -1423,7 +1452,7 @@ defaultPref("network.trr.resolvers", "[]");
lockPref("security.sri.enable", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable using UNC (Uniform Naming Convention) paths
// https://trac.torproject.org/projects/tor/ticket/26424
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424
lockPref("network.file.disable_unc_paths", true); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Disable HTTP Alternative Services
@ -1456,14 +1485,6 @@ lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
lockPref("security.ssl.require_safe_negotiation", true);
// -------------------------------------
// Pref : Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
// Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1
// https://www.ssllabs.com/ssl-pulse/
// lockPref("security.tls.version.min", 3);
// lockPref("security.tls.version.max", 4);
// -------------------------------------
// Pref : Enforce TLS 1.0 and 1.1 downgrades as session only
lockPref("security.tls.version.enable-deprecated", false);
// -------------------------------------
@ -1528,7 +1549,7 @@ lockPref("security.pki.sha1_enforcement_level", 1);
// 0=disable detecting Family Safety mode and importing the root
// 1=only attempt to detect Family Safety mode (don't import the root)
// 2=detect Family Safety mode and import the root
// https://trac.torproject.org/projects/tor/ticket/21686
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
lockPref("security.family_safety.mode", 0);
// -------------------------------------
// Pref : Enfore Public Key Pinning
@ -1538,7 +1559,7 @@ lockPref("security.family_safety.mode", 0);
lockPref("security.cert_pinning.enforcement_level", 2);
// -------------------------------------
// Pref : Disable insecure active content on https pages
// https://trac.torproject.org/projects/tor/ticket/21323
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
lockPref("security.mixed_content.block_active_content", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable insecure passive content (such as images) on https pages
@ -1589,15 +1610,11 @@ lockPref("security.ssl3.ecdhe_ecdsa_null_sha", false); // [DESKTOP]
lockPref("security.ssl3.ecdh_rsa_null_sha", false); // [DESKTOP]
lockPref("security.ssl3.ecdh_ecdsa_null_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Enable GCM ciphers (TLSv1.2 only)
// Pref : Enable GCM ciphers (TLS 1.2 only)
// https://en.wikipedia.org/wiki/Galois/Counter_Mode
lockPref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
lockPref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable ciphers with ECDHE and key size > 128bits
lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // [DEFAULT: true]
lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable ChaCha20 and Poly1305
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
// https://tools.ietf.org/html/rfc7905
@ -1607,9 +1624,11 @@ lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
lockPref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
lockPref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
// -------------------------------------
// Pref : Disable the remaining non-modern cipher suites (fallbacks)
lockPref("security.ssl3.rsa_aes_128_sha", false);
lockPref("security.ssl3.rsa_aes_256_sha", false);
// Pref : Ciphers with CBC & SHA-1 (disabled)
lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // [DEFAULT: true]
lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
lockPref("security.ssl3.rsa_aes_128_sha", false); // [DEFAULT: true]
lockPref("security.ssl3.rsa_aes_256_sha", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable ciphers with DSA (max 1024 bits)
lockPref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP]
@ -1640,8 +1659,10 @@ lockPref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Display warning on the padlock for "broken security"
// [BUG] Warning padlock not indicated for subresources on a secure page!
// [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation
// https://wiki.mozilla.org/Security:Renegotiation
// https://bugzilla.mozilla.org/1353705
// https://www.ssllabs.com/ssl-pulse/
lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
// -------------------------------------
// Pref : Control "Add Security Exception" dialog on SSL warnings
@ -1657,7 +1678,7 @@ lockPref("browser.xul.error_pages.expert_bad_cert", true);
// Pref : Disable GIO as a potential proxy bypass vector
// Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far.
// https://bugzilla.mozilla.org/1433507
// https://trac.torproject.org/23044
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424
// https://en.wikipedia.org/wiki/GVfs
// https://en.wikipedia.org/wiki/GIO_(software)
lockPref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
@ -1773,7 +1794,7 @@ lockPref("dom.disable_window_move_resize", true); // [DEFAULT: true]
// This stops malicious window sizes and some screen resolution leaks.
// You can still right-click a link and open in a new window.
// [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
// https://trac.torproject.org/projects/tor/ticket/9881
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
defaultPref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
defaultPref("browser.link.open_newwindow.restriction", 0); // [DEFAULT: 0]
// -------------------------------------
@ -1900,8 +1921,10 @@ lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP]
lockPref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP]
lockPref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP]
lockPref("geo.provider.network.url", "");
lockPref("geo.provider-country.network.scan", false);
lockPref("geo.provider-country.network.url", "");
lockPref("browser.region.update.enabled", false); // [FENIX]
lockPref("browser.region.log", false);
lockPref("browser.region.network.scan", false);
lockPref("browser.region.network.url", "");
// -------------------------------------
// Pref : Disable logging geolocation to the console
lockPref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
@ -1909,7 +1932,7 @@ lockPref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [DE
// Pref : Enforce fallback text encoding to match en-US
// When the content or server doesn't declare a charset the browser will fallback to the "Current locale" based on your application language
// [TEST] https://hsivonen.com/test/moz/check-charset.htm
// https://trac.torproject.org/projects/tor/ticket/20025
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
lockPref("intl.charset.fallback.override", "windows-1252");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@ -1932,7 +1955,7 @@ lockPref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courie
// Pref : Disable icon fonts (glyphs) and local fallback rendering
// [NOTE] You can do this with uBlock Origin
// https://bugzilla.mozilla.org/789788
// https://trac.torproject.org/projects/tor/ticket/8455
// https://gitlab.torproject.org/legacy/trac/-/issues/8455
// https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts
// defaultPref("gfx.downloadable_fonts.enabled", false);
// defaultPref("gfx.downloadable_fonts.fallback_delay", -1);
@ -2408,8 +2431,8 @@ lockPref("media.navigator.video.enabled", false);
// [NOTE] *may* affect core performance, will affect content.
// Default settings seems to be the best
// https://bugzilla.mozilla.org/1008453
// https://trac.torproject.org/projects/tor/ticket/21675
// https://trac.torproject.org/projects/tor/ticket/22127
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127
// https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
// lockPref("dom.maxHardwareConcurrency", 2);
// -------------------------------------
@ -2424,7 +2447,7 @@ lockPref("dom.enable_performance", false); // [DEFAULT: true]
lockPref("dom.enable_performance_navigation_timing", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable sensor API
// https://trac.torproject.org/projects/tor/ticket/15758
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758
// https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751
lockPref("device.sensors.enabled", false); // [DEFAULT: true]
@ -2436,7 +2459,7 @@ lockPref("device.sensors.test.events", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable gamepad API - USB device ID enumeration
// Optional protection depending on your connected devices
// https://trac.torproject.org/projects/tor/ticket/13023
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023
lockPref("dom.gamepad.enabled", false); // [DEFAULT: true]
lockPref("dom.gamepad.extensions.enabled", false); // [DEFAULT: true]
lockPref("dom.gamepad.haptic_feedback.enabled", false); // [DEFAULT: false]
@ -2459,7 +2482,7 @@ lockPref("media.webspeech.synth.enabled", false); // [DEFAULT: true]
lockPref("media.webspeech.synth_force_global_queue", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable video statistics - JS performance fingerprinting
// https://trac.torproject.org/projects/tor/ticket/15757
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757
// https://bugzilla.mozilla.org/654550
lockPref("media.video_stats.enabled", false); // [DEFAULT: true]
// -------------------------------------
@ -2468,7 +2491,7 @@ lockPref("media.video_stats.enabled", false); // [DEFAULT: true]
// 0=disabled, 1=enabled, 2=autodetect
// This pref is set to 2 by default, which results in the Touch API being exposed only when touch hardware is present. So we should either set it to "1" (enable) or "0" (disable) to ensure that JS code can't fingerprint the user's hardware.
// https://developer.mozilla.org/docs/Web/API/Touch_events
// https://trac.torproject.org/projects/tor/ticket/10286
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286
defaultPref("dom.w3c_touch_events.enabled", 0); // [DEFAULT: 2] // [FENNEC - BUG] ff disabled, disallow copy/paste any text
// -------------------------------------
// Pref : Disable MediaDevices change detection
@ -2544,9 +2567,9 @@ lockPref("browser.startup.blankWindow", false); // [DESKTOP]
// https://www.torproject.org/projects/torbrowser/design/#fingerprinting-defenses
lockPref("dom.network.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Enforce prefers-reduced-motion as no-preference
// 0=no-preference, 1=reduce
lockPref("ui.prefersReducedMotion", 0); // [HIDDEN PREF]
// Pref : Disable chrome animations
// 0=no-preference, 1=reduce. RFP spoofs this for web content
lockPref("ui.prefersReducedMotion", 1); // [HIDDEN PREF]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : UI (User Interface)
@ -2559,10 +2582,6 @@ lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); // [DE
// -------------------------------------
// Pref : Disable auto hide download button
defaultPref("browser.download.autohideButton", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable browser animation
// https://bugzilla.mozilla.org/show_bug.cgi?id=1352069
defaultPref("toolkit.cosmeticAnimations.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Personal
@ -2606,14 +2625,6 @@ defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP]
defaultPref("view_source.wrap_long_lines", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Hotfix
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable UNC
// [NOTE] Disabling UNC can cause extension storage to fail
// https://github.com/ghacksuserjs/ghacks-user.js/issues/923
lockPref("network.file.disable_unc_paths", false); // [HIDDEN PREF]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Deprecated / Removed / Legacy / Renamed
// >>>>>>>>>>>>>>>>>>>>
// ESR68.x still uses all the following prefs
@ -2877,7 +2888,7 @@ lockPref("dom.vr.openvr.action_input", false);
// -------------------------------------
// Pref : Disable GeoIP-based search defaults
// [NOTE] May not be hidden if Firefox has changed your settings due to your locale
// https://trac.torproject.org/projects/tor/ticket/16254
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
// lockPref("browser.search.region", "US"); // [HIDDEN PREF]
// -------------------------------------
@ -2928,3 +2939,36 @@ lockPref("signon.management.overrideURI", "");
// -------------------------------------
// FF78+
// -------------------------------------
// Pref : Disable autoplay of HTML5 media if you interacted with the site
// https://bugzilla.mozilla.org/show_bug.cgi?id=1509933
// https://hg.mozilla.org/mozilla-central/rev/5b34a70e2378
// https://hg.mozilla.org/mozilla-central/rev/95805db3a142
lockPref("media.autoplay.enabled.user-gestures-needed", true);
// -------------------------------------
// Pref : Disable browser animations
// https://bugzilla.mozilla.org/show_bug.cgi?id=1640501
// https://hg.mozilla.org/comm-central/rev/4d4bad93b27d
lockPref("toolkit.cosmeticAnimations.enabled", false);
// -------------------------------------
// Pref : Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
// Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1
// https://www.ssllabs.com/ssl-pulse/
// lockPref("security.tls.version.min", 3);
// lockPref("security.tls.version.max", 4);
// -------------------------------------
// Pref : Disable extension's report option in about:addons
// https://bugzilla.mozilla.org/show_bug.cgi?id=1614653
// https://hg.mozilla.org/mozilla-central/rev/92e149d41267
// https://hg.mozilla.org/mozilla-central/rev/682318515715
lockPref("extensions.abuseReport.openDialog", false);
// -------------------------------------
// Pref : Disable using the OS's geolocation service
// https://bugzilla.mozilla.org/show_bug.cgi?id=1627538
// https://hg.mozilla.org/mozilla-central/rev/710b5a3282f8
lockPref("geo.provider-country.network.scan", false);
lockPref("geo.provider-country.network.url", "");
// -------------------------------------
// FF79+
// -------------------------------------