forked from d3cim/mozilla.cfg
Update 'config/mozilla.cfg'
✅ Enforced FPI (First Party Isolation) by allow communication only if FPDs also match ⛔️ Disabled activity-stream.feeds.recommendationproviderswitcher ⛔️ Disabled activity-stream.discoverystream.personalization.modelKeys ⛔️ Disabled Corroborate.jsm telemetry ⛔️ Disabled experiments extensions (ex legacy) | FF74 ⛔️ Disabled Network Predictor on SSL ⛔️ Disabled the remaining non-modern cipher suites ⛔️ Disabled one more pref to prevent 'Restore Session' after a crash ℹ️ Increased history leaks via enumeration (PER TAB: back/forward) from 3 to 4 ℹ️ Removed all the redundant buildIDs values. Let privacy.resistFingerprinting do the rest ℹ️ Renamed using the OS's geolocation service pref | FF74 ℹ️ Renamed logging geolocation to the console pref | FF74 ℹ️ Removed TLS version min 1.2 (FF implemented it by itself) ℹ️ Created a dedicated section for FPI (First Party Isolation) ℹ️ Added some links and descriptions ℹ️ Moved some preferences from FF73+ into deprecated section (keeping them active for ESR68.x.x)
This commit is contained in:
parent
1a67c8dac0
commit
c758eb5392
|
@ -86,6 +86,7 @@ lockPref("browser.newtabpage.activity-stream.feeds.sections", false); // [DESKTO
|
||||||
lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false); // [DESKTOP]
|
lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false); // [DESKTOP]
|
||||||
lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); // [DESKTOP]
|
lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); // [DESKTOP]
|
||||||
lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); // [DESKTOP]
|
lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); // [DESKTOP]
|
||||||
|
lockPref("browser.newtabpage.activity-stream.feeds.recommendationproviderswitcher", false); // [DESKTOP]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable Activity Stream (others)
|
// Pref : Disable Activity Stream (others)
|
||||||
lockPref("browser.newtabpage.activity-stream.messageCenterExperimentEnabled", false);
|
lockPref("browser.newtabpage.activity-stream.messageCenterExperimentEnabled", false);
|
||||||
|
@ -98,6 +99,7 @@ lockPref("browser.newtabpage.activity-stream.discoverystream.endpointSpocsClear"
|
||||||
lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); // [DESKTOP]
|
lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); // [DESKTOP]
|
||||||
lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [DESKTOP]
|
lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [DESKTOP]
|
||||||
lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [DESKTOP]
|
lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [DESKTOP]
|
||||||
|
lockPref("browser.newtabpage.activity-stream.discoverystream.personalization.modelKeys", ""); // [DESKTOP]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable new tab tile ads & preload
|
// Pref : Disable new tab tile ads & preload
|
||||||
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
|
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
|
||||||
|
@ -515,6 +517,10 @@ lockPref("browser.contentHandlers.types.3.uri", ""); // [FENNEC]
|
||||||
// If you're on wifi and an IPv4 DHCP network we will send 0 length UDP packets at port 4886 of your gateway at the default rate of 60hz for 400ms from the start of the transaction in an attempt to improve RTT during the critical early phases
|
// If you're on wifi and an IPv4 DHCP network we will send 0 length UDP packets at port 4886 of your gateway at the default rate of 60hz for 400ms from the start of the transaction in an attempt to improve RTT during the critical early phases
|
||||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=888268
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=888268
|
||||||
lockPref("network.tickle-wifi.enabled", false);
|
lockPref("network.tickle-wifi.enabled", false);
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref : Disable Corroborate.jsm telemetry
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1608308
|
||||||
|
lockPref("corroborator.enabled", false); // [DESKTOP]
|
||||||
//
|
//
|
||||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
// Section : IJWY To Shut Up
|
// Section : IJWY To Shut Up
|
||||||
|
@ -634,8 +640,8 @@ lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");
|
||||||
// Pref : Don't let XPIProvider install distribution add-ons
|
// Pref : Don't let XPIProvider install distribution add-ons
|
||||||
lockPref("extensions.installDistroAddons", false); // [DEFAULT: false] // [FENNEC]
|
lockPref("extensions.installDistroAddons", false); // [DEFAULT: false] // [FENNEC]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable legacy extensions
|
// Pref : Disable experiments extensions
|
||||||
lockPref("extensions.legacy.enabled", false);
|
lockPref("extensions.experiments.enabled", false);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Provide haptic feedback on longPress selection events
|
// Pref : Provide haptic feedback on longPress selection events
|
||||||
lockPref("layout.accessiblecaret.hapticfeedback", false); // [DEFAULT: true]
|
lockPref("layout.accessiblecaret.hapticfeedback", false); // [DEFAULT: true]
|
||||||
|
@ -775,7 +781,7 @@ lockPref("browser.download.folderList", 2);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Enforce user interaction, for security, by always asking the user where to download and then forget
|
// Pref : Enforce user interaction, for security, by always asking the user where to download and then forget
|
||||||
// [FENNEC] Fix for downloading issues
|
// [FENNEC] Fix for downloading issues
|
||||||
lockPref("browser.download.useDownloadDir", false);
|
lockPref("browser.download.useDownloadDir", false); // [FENNEC - BUG] It causes the breakage of all downloads
|
||||||
lockPref("browser.download.lastDir", ""); // [DESKTOP]
|
lockPref("browser.download.lastDir", ""); // [DESKTOP]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable adding downloads to the system's "recent documents" list
|
// Pref : Disable adding downloads to the system's "recent documents" list
|
||||||
|
@ -1013,13 +1019,12 @@ lockPref("javascript.options.shared_memory", false); // [DEFAULT: false]
|
||||||
lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
|
lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Don't reveal build ID
|
// Pref : Don't reveal build ID
|
||||||
// Value taken from Tor Browser for Desktop
|
|
||||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
|
||||||
lockPref("browser.startup.homepage_override.buildID", "20200402060101");
|
// lockPref("browser.startup.homepage_override.buildID", "");
|
||||||
lockPref("extensions.lastAppBuildId", "20200402060101");
|
// lockPref("extensions.lastAppBuildId", "");
|
||||||
lockPref("media.gmp-manager.buildID", "20200402050101");
|
// lockPref("media.gmp-manager.buildID", "");
|
||||||
lockPref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
|
// lockPref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
|
||||||
lockPref("general.buildID.override", "20100101");
|
// lockPref("general.buildID.override", "");
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable raw TCP socket support (mozTCPSocket)
|
// Pref : Disable raw TCP socket support (mozTCPSocket)
|
||||||
// https://trac.torproject.org/projects/tor/ticket/18863
|
// https://trac.torproject.org/projects/tor/ticket/18863
|
||||||
|
@ -1050,7 +1055,6 @@ lockPref("webgl.disabled", true);
|
||||||
lockPref("webgl.enable-webgl2", false);
|
lockPref("webgl.enable-webgl2", false);
|
||||||
lockPref("webgl.min_capability_mode", true);
|
lockPref("webgl.min_capability_mode", true);
|
||||||
lockPref("pdfjs.enableWebGL", false);
|
lockPref("pdfjs.enableWebGL", false);
|
||||||
lockPref("webgl.disable-extensions", true); // [DEFAULT: false]
|
|
||||||
lockPref("webgl.disable-wgl", true); // [DEFAULT: false]
|
lockPref("webgl.disable-wgl", true); // [DEFAULT: false]
|
||||||
lockPref("webgl.disable-fail-if-major-performance-caveat", true);
|
lockPref("webgl.disable-fail-if-major-performance-caveat", true);
|
||||||
lockPref("webgl.can-lose-context-in-foreground", false); // [DEFAULT: true]
|
lockPref("webgl.can-lose-context-in-foreground", false); // [DEFAULT: true]
|
||||||
|
@ -1116,7 +1120,7 @@ lockPref("browser.urlbar.trimURLs", false);
|
||||||
// Pref : Limit history leaks via enumeration (PER TAB: back/forward)
|
// Pref : Limit history leaks via enumeration (PER TAB: back/forward)
|
||||||
// This is a PER TAB session history. You still have a full history stored under all history
|
// This is a PER TAB session history. You still have a full history stored under all history
|
||||||
// Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
|
// Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
|
||||||
lockPref("browser.sessionhistory.max_entries", 3); // [DEFAULT: 50]
|
lockPref("browser.sessionhistory.max_entries", 4); // [DEFAULT: 50]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable coloring of visited links - CSS history leak
|
// Pref : Disable coloring of visited links - CSS history leak
|
||||||
// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances'
|
// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances'
|
||||||
|
@ -1312,6 +1316,7 @@ lockPref("network.http.speculative-parallel-limit", 0);
|
||||||
lockPref("network.predictor.enabled", false);
|
lockPref("network.predictor.enabled", false);
|
||||||
lockPref("network.predictor.cleaned-up", true);
|
lockPref("network.predictor.cleaned-up", true);
|
||||||
lockPref("network.predictor.enable-prefetch", false);
|
lockPref("network.predictor.enable-prefetch", false);
|
||||||
|
lockPref("network.predictor.enable-hover-on-ssl", false);
|
||||||
//
|
//
|
||||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
|
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
|
||||||
|
@ -1386,13 +1391,6 @@ lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
|
||||||
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
|
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
|
||||||
lockPref("security.ssl.require_safe_negotiation", true);
|
lockPref("security.ssl.require_safe_negotiation", true);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Control TLS versions with min and max
|
|
||||||
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
|
|
||||||
// [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
|
|
||||||
// https://www.ssllabs.com/ssl-pulse/
|
|
||||||
lockPref("security.tls.version.min", 3);
|
|
||||||
lockPref("security.tls.version.max", 4);
|
|
||||||
// -------------------------------------
|
|
||||||
// Pref : Disable deprecated TLS versions
|
// Pref : Disable deprecated TLS versions
|
||||||
lockPref("security.tls.version.enable-deprecated", false);
|
lockPref("security.tls.version.enable-deprecated", false);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
|
@ -1523,9 +1521,9 @@ lockPref("security.ssl3.ecdh_ecdsa_null_sha", false); // [DESKTOP]
|
||||||
lockPref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
|
lockPref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
|
||||||
lockPref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
|
lockPref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Enable ciphers with ECDHE and key size > 128bits
|
// Pref : Disable ciphers with ECDHE and key size > 128bits
|
||||||
lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // [DEFAULT: true]
|
lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // [DEFAULT: true]
|
||||||
lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // [DEFAULT: true]
|
lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Enable ChaCha20 and Poly1305
|
// Pref : Enable ChaCha20 and Poly1305
|
||||||
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
|
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
|
||||||
|
@ -1536,9 +1534,9 @@ lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // [DEFAULT: true]
|
||||||
lockPref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
|
lockPref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
|
||||||
lockPref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
|
lockPref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Fallbacks due compatibility reasons
|
// Pref : Disable the remaining non-modern cipher suites (fallbacks)
|
||||||
lockPref("security.ssl3.rsa_aes_128_sha", true);
|
lockPref("security.ssl3.rsa_aes_128_sha", false);
|
||||||
lockPref("security.ssl3.rsa_aes_256_sha", true);
|
lockPref("security.ssl3.rsa_aes_256_sha", false);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable ciphers with DSA (max 1024 bits)
|
// Pref : Disable ciphers with DSA (max 1024 bits)
|
||||||
lockPref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP]
|
lockPref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP]
|
||||||
|
@ -1594,29 +1592,19 @@ lockPref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
|
||||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
// Section : User Settings
|
// Section : User Settings
|
||||||
// >>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
// Pref : Set long press behaviour on "+ Tab" button to display container menu
|
// Pref : Set behaviour on "+ Tab" button to display container menu on left click
|
||||||
// 0=disabled long press, 1=when clicked, the menu is shown
|
// [NOTE] The menu is always shown on long press and right click each new tab
|
||||||
// 2=the menu is shown after X milliseconds
|
// defaultPref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); // [DESKTOP]
|
||||||
// [NOTE] The menu does not contain a non-container tab option
|
|
||||||
// https://bugzilla.mozilla.org/1328756
|
|
||||||
defaultPref("privacy.userContext.longPressBehavior", 2);
|
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Enable Container Tabs setting in preferences
|
// Pref : Enable Container Tabs setting in preferences
|
||||||
// https://bugzilla.mozilla.org/1279029
|
// https://bugzilla.mozilla.org/1279029
|
||||||
defaultPref("privacy.userContext.ui.enabled", true);
|
defaultPref("privacy.userContext.ui.enabled", true); // [DESKTOP]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Enable Container Tabs
|
// Pref : Enable Container Tabs
|
||||||
defaultPref("privacy.userContext.enabled", true);
|
defaultPref("privacy.userContext.enabled", true); // [DESKTOP]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Enable a private container for thumbnail loads
|
// Pref : Enable a private container for thumbnail loads
|
||||||
defaultPref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true]
|
defaultPref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DESKTOP]
|
||||||
// -------------------------------------
|
|
||||||
// Pref : Enable First Party Isolation
|
|
||||||
// [SETUP-WEB] May break cross-domain logins and site functionality until perfected
|
|
||||||
// https://bugzilla.mozilla.org/1260931
|
|
||||||
// Enabled via addons
|
|
||||||
lockPref("privacy.firstparty.isolate", true);
|
|
||||||
lockPref("privacy.firstparty.isolate.restrict_opener_access", true);
|
|
||||||
//
|
//
|
||||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
// Section : Passwords
|
// Section : Passwords
|
||||||
|
@ -1624,7 +1612,6 @@ lockPref("privacy.firstparty.isolate.restrict_opener_access", true);
|
||||||
// Pref : Disable about:logins (Firefox Lockwise)
|
// Pref : Disable about:logins (Firefox Lockwise)
|
||||||
// https://lockwise.firefox.com/
|
// https://lockwise.firefox.com/
|
||||||
// https://support.mozilla.org/en-US/kb/firefox-lockwise-managing-account-data
|
// https://support.mozilla.org/en-US/kb/firefox-lockwise-managing-account-data
|
||||||
lockPref("signon.management.page.enabled", false); // [DESKTOP]
|
|
||||||
lockPref("signon.management.overrideURI", ""); // [DESKTOP]
|
lockPref("signon.management.overrideURI", ""); // [DESKTOP]
|
||||||
lockPref("signon.management.page.breach-alerts.enabled", false); // [DESKTOP]
|
lockPref("signon.management.page.breach-alerts.enabled", false); // [DESKTOP]
|
||||||
lockPref("signon.management.page.breachAlertUrl", ""); // [DESKTOP]
|
lockPref("signon.management.page.breachAlertUrl", ""); // [DESKTOP]
|
||||||
|
@ -1804,6 +1791,10 @@ lockPref("security.insecure_password.ui.enabled", true); // [DESKTOP]
|
||||||
// Pref : Disable automatic Firefox start and session restore after reboot
|
// Pref : Disable automatic Firefox start and session restore after reboot
|
||||||
// https://bugzilla.mozilla.org/603903
|
// https://bugzilla.mozilla.org/603903
|
||||||
lockPref("toolkit.winRegisterApplicationRestart", false); // [WINDOWS] // [DESKTOP]
|
lockPref("toolkit.winRegisterApplicationRestart", false); // [WINDOWS] // [DESKTOP]
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref : Disable "Restore Session", even after a crash
|
||||||
|
lockPref("browser.sessionstore.resume_from_crash", false);
|
||||||
|
lockPref("browser.sessionstore.resume_session_once", false); // [DESKTOP]
|
||||||
//
|
//
|
||||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
// Section : Geolocation / Language / Locale
|
// Section : Geolocation / Language / Locale
|
||||||
|
@ -1830,10 +1821,12 @@ lockPref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
|
||||||
lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP]
|
lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP]
|
||||||
lockPref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP]
|
lockPref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP]
|
||||||
lockPref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP]
|
lockPref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP]
|
||||||
lockPref("geo.wifi.uri", ""); // [DESKTOP]
|
lockPref("geo.provider.network.url", "");
|
||||||
|
lockPref("geo.provider-country.network.scan", false); // [FENIX]
|
||||||
|
lockPref("geo.provider-country.network.url", ""); // [FENIX]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable logging geolocation to the console
|
// Pref : Disable logging geolocation to the console
|
||||||
lockPref("geo.wifi.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
|
lockPref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Enforce fallback text encoding to match en-US
|
// Pref : Enforce fallback text encoding to match en-US
|
||||||
// When the content or server doesn't declare a charset the browser will fallback to the "Current locale" based on your application language
|
// When the content or server doesn't declare a charset the browser will fallback to the "Current locale" based on your application language
|
||||||
|
@ -1862,9 +1855,9 @@ lockPref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courie
|
||||||
// [NOTE] You can do this with uBlock Origin
|
// [NOTE] You can do this with uBlock Origin
|
||||||
// https://bugzilla.mozilla.org/789788
|
// https://bugzilla.mozilla.org/789788
|
||||||
// https://trac.torproject.org/projects/tor/ticket/8455
|
// https://trac.torproject.org/projects/tor/ticket/8455
|
||||||
// https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
|
// https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts
|
||||||
// defaultPref("gfx.downloadable_fonts.enabled", false);
|
// defaultPref("gfx.downloadable_fonts.enabled", false);
|
||||||
// defaultPref("gfx.downloadable_fonts.fallback_delay", 0);
|
// defaultPref("gfx.downloadable_fonts.fallback_delay", -1);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable CSS Font Loading API
|
// Pref : Disable CSS Font Loading API
|
||||||
// [NOTE] Disabling fonts can uglify the web a fair bit.
|
// [NOTE] Disabling fonts can uglify the web a fair bit.
|
||||||
|
@ -2285,6 +2278,24 @@ lockPref("network.dns.blockDotOnion", true); // [DEFAULT: true]
|
||||||
lockPref("privacy.donottrackheader.enabled", false); // [DEFAULT: true]
|
lockPref("privacy.donottrackheader.enabled", false); // [DEFAULT: true]
|
||||||
//
|
//
|
||||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : FPI (First Party Isolation)
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : Enable FPI (First Party Isolation)
|
||||||
|
// [SETUP-WEB] May break cross-domain logins and site functionality until perfected
|
||||||
|
// https://bugzilla.mozilla.org/1260931
|
||||||
|
lockPref("privacy.firstparty.isolate", true);
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref : Enforce FPI restriction for window.opener [FF54+]
|
||||||
|
// [NOTE] Setting this to false may reduce the breakage in the previous pref
|
||||||
|
// FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But to reduce breakage it ignores the 1st-party domain (FPD) originAttribute.
|
||||||
|
// The 2nd pref removes that limitation and will only allow communication if FPDs also match.
|
||||||
|
// https://bugzilla.mozilla.org/1319773#c22
|
||||||
|
// https://bugzilla.mozilla.org/1492607
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
|
||||||
|
lockPref("privacy.firstparty.isolate.restrict_opener_access", true);
|
||||||
|
lockPref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR]
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs
|
// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs
|
||||||
// >>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
|
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
|
||||||
|
@ -2719,3 +2730,43 @@ lockPref("signon.storeSignons", false);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// FF74+
|
// FF74+
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
|
// Pref : Disable legacy extensions
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1524327
|
||||||
|
// https://hg.mozilla.org/comm-central/rev/c1457ba6362c
|
||||||
|
lockPref("extensions.legacy.enabled", false);
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref : Disable about:logins (Firefox Lockwise)
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1606888
|
||||||
|
// https://hg.mozilla.org/mozilla-central/rev/0c7b5a9964dd
|
||||||
|
lockPref("signon.management.page.enabled", false);
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref : Disable WebGL extensions
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1477756
|
||||||
|
// https://hg.mozilla.org/mozilla-central/rev/ccfa767dba64
|
||||||
|
lockPref("webgl.disable-extensions", true);
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref : Disable using the OS's geolocation service
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1613627
|
||||||
|
// https://hg.mozilla.org/mozilla-central/rev/261683a6e351
|
||||||
|
lockPref("geo.wifi.uri", "");
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref : Disable logging geolocation to the console
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1613627
|
||||||
|
// https://hg.mozilla.org/mozilla-central/rev/261683a6e351
|
||||||
|
lockPref("geo.wifi.logging.enabled", false); // [HIDDEN PREF]
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref : Set behaviour on "+ Tab" button to display container menu
|
||||||
|
// 0=no menu (default), 1=show when clicked, 2=show on long press
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1606265
|
||||||
|
// https://hg.mozilla.org/mozilla-central/rev/4a6071f143a5
|
||||||
|
defaultPref("privacy.userContext.longPressBehavior", 2);
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref : Control TLS versions with min and max
|
||||||
|
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
|
||||||
|
// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1606734
|
||||||
|
// lockPref("security.tls.version.min", 3);
|
||||||
|
// lockPref("security.tls.version.max", 4);
|
||||||
|
// -------------------------------------
|
||||||
|
// FF75+
|
||||||
|
// -------------------------------------
|
Loading…
Reference in New Issue