added the base file
the project was born on telegram, and there were published the first changelogs from creation. @fennec_fdroid
This commit is contained in:
commit
130b27e17a
|
@ -0,0 +1,874 @@
|
||||||
|
//
|
||||||
|
/******************************************************************************
|
||||||
|
* * * * * * * * * * * * * * @quindecim | user.js * * * * * * * * * * * * * *
|
||||||
|
* for Fennec F-Droid *
|
||||||
|
* * * * * a project based on gHacks user.js and Librefox Browser * * * * * *
|
||||||
|
******************************************************************************/
|
||||||
|
//
|
||||||
|
// gHacks: https://github.com/ghacksuserjs/ghacks-user.js
|
||||||
|
// Librefox: https://github.com/intika/Librefox
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : IJWY To Shut Up
|
||||||
|
// I Just Want You To Shut Up : Closing all non necessary communication to mozilla.org etc.
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref :
|
||||||
|
user_pref("urlclassifier.passwordAllowTable", "");
|
||||||
|
// Default Value
|
||||||
|
// goog-passwordwhite-proto
|
||||||
|
// Pref :
|
||||||
|
user_pref("app.support.baseURL", "");
|
||||||
|
// Default Value
|
||||||
|
// https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
|
||||||
|
// Pref :
|
||||||
|
user_pref("extensions.getAddons.compatOverides.url", "");
|
||||||
|
// Default Value
|
||||||
|
// https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=%LOCALE%
|
||||||
|
// Pref :
|
||||||
|
user_pref("extensions.getAddons.get.url", "");
|
||||||
|
// Default Value
|
||||||
|
// https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE%
|
||||||
|
// Pref :
|
||||||
|
user_pref("extensions.getAddons.langpacks.url", "");
|
||||||
|
// Default Value
|
||||||
|
// https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION%
|
||||||
|
// Pref :
|
||||||
|
user_pref("extensions.getAddons.search.browseURL", "");
|
||||||
|
// Default Value
|
||||||
|
// https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
|
||||||
|
// Pref :
|
||||||
|
user_pref("identity.sync.tokenserver.uri", "");
|
||||||
|
// Default Value
|
||||||
|
// https://token.services.mozilla.com/1.0/sync/1.5
|
||||||
|
// Pref :
|
||||||
|
user_pref("media.decoder-doctor.new-issue-endpoint", "");
|
||||||
|
// Default Value
|
||||||
|
// https://webcompat.com/issues/new
|
||||||
|
// Pref : Accept Only 1st Party Cookies
|
||||||
|
// http://kb.mozillazine.org/Network.cookie.cookieBehavior#1
|
||||||
|
// Pref :
|
||||||
|
user_pref("network.trr.confirmationNS", "");
|
||||||
|
// Default Value
|
||||||
|
// example.com
|
||||||
|
// Pref : Test To Make FFox Silent
|
||||||
|
user_pref("security.content.signature.root_hash", "");
|
||||||
|
// Default Value
|
||||||
|
// remote-settings.content-signature.mozilla.org
|
||||||
|
// Pref :
|
||||||
|
user_pref("services.settings.default_signer", "");
|
||||||
|
// Default Value
|
||||||
|
// remote-settings.content-signature.mozilla.org
|
||||||
|
// Pref :
|
||||||
|
user_pref("services.settings.server", "");
|
||||||
|
// Default Value
|
||||||
|
// https://firefox.settings.services.mozilla.com/v1
|
||||||
|
// Pref :
|
||||||
|
user_pref("urlclassifier.phishTable", "");
|
||||||
|
// Default Value
|
||||||
|
// goog-phish-proto,test-phish-simple
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Miscellaneous
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : Disable speculative pre-connections
|
||||||
|
// Disable prefetch link on hover.
|
||||||
|
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
|
||||||
|
user_pref("network.http.speculative-parallel-limit", 0);
|
||||||
|
// Pref : Disable predictor / prefetching
|
||||||
|
// Network predicator load pages before they are opened
|
||||||
|
// with mose hover for example
|
||||||
|
user_pref("network.predictor.enabled", false);
|
||||||
|
user_pref("network.predictor.cleaned-up", true);
|
||||||
|
// Pref : Disable prefetching of <link rel="next"> URLs
|
||||||
|
// http://kb.mozillazine.org/Network.prefetch-next
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
|
||||||
|
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited,
|
||||||
|
// so the browser downloads them immediately so they can be displayed immediately when the user requests it.
|
||||||
|
user_pref("network.prefetch-next", false);
|
||||||
|
// Pref : Disable telemetry
|
||||||
|
user_pref("toolkit.telemetry.enabled", false);
|
||||||
|
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
|
||||||
|
user_pref("toolkit.telemetry.server", "data:,");
|
||||||
|
user_pref("toolkit.telemetry.server_owner", "");
|
||||||
|
user_pref("toolkit.telemetry.unified", false);
|
||||||
|
// Pref :
|
||||||
|
user_pref("extensions.systemAddon.update.url", "");
|
||||||
|
// Pref :
|
||||||
|
user_pref("app.feedback.baseURL", "");
|
||||||
|
// Pref : Disable app from auto-update
|
||||||
|
user_pref("app.update.auto", false);
|
||||||
|
user_pref("app.update.autodownload", "");
|
||||||
|
user_pref("app.update.channel", "");
|
||||||
|
user_pref("app.update.lastUpdateTime.auto-addon-background-update-timer", 0);
|
||||||
|
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 0);
|
||||||
|
user_pref("app.update.lastUpdateTime.services-settings-poll-changes", 0);
|
||||||
|
user_pref("app.update.lastUpdateTime.user-agent-updates-timer", 0);
|
||||||
|
user_pref("app.update.lastUpdateTime-xpi-signature-verification", 0);
|
||||||
|
user_pref("app.update.timerFirstInterval", 0);
|
||||||
|
user_pref("app.update.timerMinimumDelay", 0);
|
||||||
|
user_pref("app.update.url.android", "");
|
||||||
|
// Pref :
|
||||||
|
user_pref("breakpad.reportURL", "");
|
||||||
|
// Pref :
|
||||||
|
user_pref("browser.search.suggest.enabled", false);
|
||||||
|
// Pref :
|
||||||
|
user_pref("captivedetect.canonicalURL", "");
|
||||||
|
// Pref :
|
||||||
|
user_pref("devtools.devices.url", "");
|
||||||
|
// Pref :
|
||||||
|
user_pref("dom.battery.enabled", false);
|
||||||
|
// Pref : Maximum pop launch at the same time
|
||||||
|
user_pref("dom.popup_maximum", 4);
|
||||||
|
// Pref :
|
||||||
|
user_pref("dom.registerProtocolHandler.insecure.enabled", true);
|
||||||
|
// Pref : Block list url disabled
|
||||||
|
// gHacks tune this to minimize privacy issue.. its complitely disabled here
|
||||||
|
// Disabled complitely
|
||||||
|
user_pref("extensions.blocklist.url", "");
|
||||||
|
user_pref("extensions.blocklist.detailsURL", "");
|
||||||
|
user_pref("extensions.blocklist.itemURL", "");
|
||||||
|
user_pref("extensions.update.background.url", "");
|
||||||
|
user_pref("extensions.getAddons.browseAddons", "");
|
||||||
|
// Pref : Disable Firefox Accounts and Sync
|
||||||
|
user_pref("identity.fxaccounts.auth.uri", "");
|
||||||
|
user_pref("identity.fxaccounts.remote.oauth.uri", "");
|
||||||
|
user_pref("identity.fxaccounts.remote.profile.uri", "");
|
||||||
|
// [FENNEC][BUG] If empty "Settings" faded
|
||||||
|
user_pref("identity.fxaccounts.remote.webchannel.uri", "https://127.0.0.1");
|
||||||
|
// Pref :
|
||||||
|
user_pref("layout.css.visited_links_enabled", false);
|
||||||
|
// Pref : Disable predictor / prefetching
|
||||||
|
// Network predicator load pages before they are opened
|
||||||
|
// with mose hover for example
|
||||||
|
user_pref("network.predictor.enabled", false);
|
||||||
|
user_pref("network.predictor.cleaned-up", true);
|
||||||
|
user_pref("network.predictor.enable-prefetch", false);
|
||||||
|
// Pref : Sync prefs
|
||||||
|
user_pref("services.sync.enabled", false);
|
||||||
|
user_pref("browser.snippets.syncPromo.enabled", false);
|
||||||
|
user_pref("webextensions.storage.sync.enabled", false);
|
||||||
|
user_pref("webextensions.storage.sync.serverURL", "");
|
||||||
|
user_pref("privacy.item.syncAccount", false);
|
||||||
|
// Pref : Referer: ALL: control the amount of information to send
|
||||||
|
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
|
||||||
|
user_pref("network.http.referer.trimmingPolicy", 0);
|
||||||
|
// Pref : Disable collection/sending of the health report (healthreport.sqlite*)
|
||||||
|
user_pref("datareporting.policy.currentPolicyVersion", 0);
|
||||||
|
user_pref("datareporting.policy.dataSubmissionEnabled", false);
|
||||||
|
user_pref("datareporting.policy.currentPolicyAcceptedVersion", 0);
|
||||||
|
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0);
|
||||||
|
user_pref("datareporting.policy.dataSubmissionPolicyBypassNotification", false);
|
||||||
|
user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "");
|
||||||
|
user_pref("datareporting.policy.FirstRunURL", "");
|
||||||
|
user_pref("datareporting.policy.firstRunURL", "");
|
||||||
|
user_pref("datareporting.policy.minimumPolicyVersion", 0);
|
||||||
|
user_pref("datareporting.policy.minimumPolicyVersion.channel-beta", 0);
|
||||||
|
// Pref : Disable right-click menu manipulation via JavaScript (disabled)
|
||||||
|
user_pref("dom.event.contextmenu.enabled", false);
|
||||||
|
// Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript
|
||||||
|
// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in
|
||||||
|
// JS-based web applications (Google Docs...)
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
|
||||||
|
user_pref("dom.event.clipboardevents.enabled", false);
|
||||||
|
// Pref : Force Punycode for Internationalized Domain Names
|
||||||
|
// http://kb.mozillazine.org/Network.IDN_show_punycode
|
||||||
|
// https://www.xudongz.com/blog/2017/idn-phishing/
|
||||||
|
// https://wiki.mozilla.org/IDN_Display_Algorithm
|
||||||
|
// https://en.wikipedia.org/wiki/IDN_homograph_attack
|
||||||
|
// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
|
||||||
|
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6
|
||||||
|
user_pref("network.IDN_show_punycode", true);
|
||||||
|
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
|
||||||
|
// http://kb.mozillazine.org/Browser.send_pings
|
||||||
|
user_pref("browser.send_pings", false);
|
||||||
|
// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
|
||||||
|
// http://kb.mozillazine.org/Browser.send_pings.require_same_host
|
||||||
|
user_pref("browser.send_pings.require_same_host", true);
|
||||||
|
// Pref : Disable prefetching of <link rel="next"> URLs
|
||||||
|
// http://kb.mozillazine.org/Network.prefetch-next
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
|
||||||
|
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited,
|
||||||
|
// so the browser downloads them immediately so they can be displayed immediately when the user requests it.
|
||||||
|
user_pref("network.prefetch-next", false);
|
||||||
|
// Pref : Disable speculative pre-connections
|
||||||
|
// Disable prefetch link on hover.
|
||||||
|
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
|
||||||
|
user_pref("network.http.speculative-parallel-limit", 0);
|
||||||
|
// Pref : Disable DOM timing API
|
||||||
|
// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
|
||||||
|
// https://www.w3.org/TR/navigation-timing/#privacy
|
||||||
|
user_pref("dom.enable_performance", false);
|
||||||
|
user_pref("dom.enable_performance_navigation_timing", false);
|
||||||
|
// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics)
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
|
||||||
|
user_pref("beacon.enabled", false);
|
||||||
|
// Pref : Disable speech recognition
|
||||||
|
// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
|
||||||
|
// https://wiki.mozilla.org/HTML5_Speech_API
|
||||||
|
user_pref("media.webspeech.recognition.enable", false);
|
||||||
|
// Pref : Disable vibrator API
|
||||||
|
user_pref("dom.vibrator.enabled", false);
|
||||||
|
// Pref : Don't use Mozilla-provided location-specific search engines
|
||||||
|
user_pref("browser.search.geoSpecificDefaults", false);
|
||||||
|
// Pref : Don't trim HTTP off of URLs in the address bar.
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
|
||||||
|
user_pref("browser.urlbar.trimURLs", false);
|
||||||
|
// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar
|
||||||
|
// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
|
||||||
|
user_pref("browser.fixup.alternate.enabled", false);
|
||||||
|
// Pref : Don't monitor OS online/offline connection state
|
||||||
|
// https://trac.torproject.org/projects/tor/ticket/18945
|
||||||
|
user_pref("network.manage-offline-status", false);
|
||||||
|
// Pref : Set File URI Origin Policy
|
||||||
|
// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
|
||||||
|
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8
|
||||||
|
user_pref("security.fileuri.strict_origin_policy", true);
|
||||||
|
// Pref : Disable SVG in OpenType fonts
|
||||||
|
// https://wiki.mozilla.org/SVGOpenTypeFonts
|
||||||
|
// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
|
||||||
|
user_pref("gfx.font_rendering.opentype_svg.enabled", false);
|
||||||
|
// Pref : Ensure you have a security delay when installing add-ons (milliseconds)
|
||||||
|
// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
|
||||||
|
// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
|
||||||
|
user_pref("security.dialog_enable_delay", 700);
|
||||||
|
// Pref : Opt-out of add-on metadata updates
|
||||||
|
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
|
||||||
|
user_pref("extensions.getAddons.cache.enabled", false);
|
||||||
|
user_pref("extensions.getAddons.cache.lastUpdate", 0);
|
||||||
|
// Pref : Disable sending Flash Player crash reports
|
||||||
|
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
|
||||||
|
// Pref : When Flash crash reports are enabled, don't send the visited URL in the crash report
|
||||||
|
user_pref("dom.ipc.plugins.reportCrashURL", false);
|
||||||
|
// Default Value
|
||||||
|
// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
|
||||||
|
user_pref("services.blocklist.addons.signer", "");
|
||||||
|
// Default Value
|
||||||
|
// remote-settings.content-signature.mozilla.org
|
||||||
|
// Pref :
|
||||||
|
user_pref("services.blocklist.gfx.signer", "");
|
||||||
|
// Default Value
|
||||||
|
// remote-settings.content-signature.mozilla.org
|
||||||
|
// Pref :
|
||||||
|
user_pref("services.blocklist.onecrl.signer", "");
|
||||||
|
// Default Value
|
||||||
|
// onecrl.content-signature.mozilla.org
|
||||||
|
// Pref :
|
||||||
|
user_pref("services.blocklist.pinning.signer", "");
|
||||||
|
// Default Value
|
||||||
|
// pinning-preload.content-signature.mozilla.org
|
||||||
|
// Pref :
|
||||||
|
user_pref("services.blocklist.plugins.signer", "");
|
||||||
|
// Pref : Debugging settings
|
||||||
|
user_pref("devtools.debugger.remote-enabled", false);
|
||||||
|
// Pref : Disable remote debugging
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
|
||||||
|
user_pref("devtools.debugger.force-local", true);
|
||||||
|
// Pref : Never check updates for search engines
|
||||||
|
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
|
||||||
|
user_pref("browser.search.update", false);
|
||||||
|
user_pref("browser.search.update.interval", 0);
|
||||||
|
user_pref("browser.search.update.log", false);
|
||||||
|
// Pref : Disable automatic captive portal detection (Firefox >= 52.0)
|
||||||
|
// https://support.mozilla.org/en-US/questions/1157121
|
||||||
|
user_pref("network.captive-portal-service.enabled", false);
|
||||||
|
user_pref("network.captive-portal-service.backoffFactor", "");
|
||||||
|
user_pref("network.captive-portal-service.maxInterval", 0);
|
||||||
|
user_pref("network.captive-portal-service.minInterval", 0);
|
||||||
|
// Pref : Prevent accessibility services from accessing your browser
|
||||||
|
// https://support.mozilla.org/kb/accessibility-services
|
||||||
|
user_pref("accessibility.force_disabled", 1);
|
||||||
|
// Pref : Remove temp files opened with an external application
|
||||||
|
// https://bugzilla.mozilla.org/302433
|
||||||
|
user_pref("browser.helperApps.deleteTempFileOnExit", true);
|
||||||
|
// Pref : Disable various developer tools in browser context
|
||||||
|
// https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676
|
||||||
|
user_pref("devtools.chrome.enabled", false);
|
||||||
|
// Pref : Disable MathML (Mathematical Markup Language)
|
||||||
|
// [TEST] http://browserspy.dk/mathml.php
|
||||||
|
// https://bugzilla.mozilla.org/1173199
|
||||||
|
user_pref("mathml.disabled", true);
|
||||||
|
// Pref : Disable in-content SVG (Scalable Vector Graphics)
|
||||||
|
// [SETUP-WEB] Expect breakage incl. youtube player controls. Best left for a "hardened" profile.
|
||||||
|
// https://bugzilla.mozilla.org/1216893
|
||||||
|
// user_pref("svg.disabled", true);
|
||||||
|
// Pref : Disable middle mouse click opening links from clipboard
|
||||||
|
// https://trac.torproject.org/projects/tor/ticket/10089
|
||||||
|
// http://kb.mozillazine.org/Middlemouse.contentLoadURL
|
||||||
|
user_pref("middlemouse.contentLoadURL", false);
|
||||||
|
// Pref : Limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
|
||||||
|
// [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins)
|
||||||
|
// To control HTML Meta tag and JS redirects, use an extension. Default is 20
|
||||||
|
user_pref("network.http.redirection-limit", 15);
|
||||||
|
// Pref : Remove webchannel whitelist
|
||||||
|
user_pref("webchannel.allowObject.urlWhitelist", "");
|
||||||
|
// Pref : Disable exposure of system colors to CSS or canvas
|
||||||
|
// [NOTE] May cause black on black for elements with undefined colors
|
||||||
|
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
|
||||||
|
// user_pref("ui.use_native_colors", true);
|
||||||
|
// Pref : Discourage downloading to desktop (0=desktop 1=downloads 2=last used)
|
||||||
|
user_pref("browser.download.folderList", 2);
|
||||||
|
// Pref : Enforce user interaction for security by always asking the user where to download
|
||||||
|
user_pref("browser.download.useDownloadDir", false);
|
||||||
|
// Pref : Disable adding downloads to the system's "recent documents" list
|
||||||
|
user_pref("browser.download.manager.addToRecentDocs", false);
|
||||||
|
// Pref : Disable "open with" in download dialog
|
||||||
|
// This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
|
||||||
|
// in such a way that it is forbidden to run external applications.
|
||||||
|
// [NOTE] This may interfere with some users' workflow or methods
|
||||||
|
// https://bugzilla.mozilla.org/1281959
|
||||||
|
user_pref("browser.download.forbid_open_with", true);
|
||||||
|
// Pref : Lock down allowed extension directories
|
||||||
|
// [SETUP-CHROME] This will break extensions, language packs, themes and any other XPI files which are
|
||||||
|
// installed outside of profile directories
|
||||||
|
// https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
|
||||||
|
// archived: https://archive.is/DYjAM
|
||||||
|
user_pref("extensions.enabledScopes", 1); // [DEFAULT: 1]
|
||||||
|
user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
|
||||||
|
// Pref : Enable warning when websites try to install add-ons
|
||||||
|
user_pref("xpinstall.whitelist.required", true); // [DEFAULT: true]
|
||||||
|
// Pref : Enable CSP (Content Security Policy)
|
||||||
|
// https://developer.mozilla.org/docs/Web/HTTP/CSP
|
||||||
|
user_pref("security.csp.enable", true); // [DEFAULT: true]
|
||||||
|
// Pref : Block top level window data: URIs
|
||||||
|
// https://bugzilla.mozilla.org/1331351
|
||||||
|
// https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
|
||||||
|
// https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/
|
||||||
|
user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT: true]
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Media / Camera / Mic
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : WebSockets is a technology that makes it possible to open an interactive communication
|
||||||
|
// session between the user's browser and a server. (May leak IP when using proxy/VPN)
|
||||||
|
user_pref("media.peerconnection.enabled", false);
|
||||||
|
// Pref : Limit WebRTC IP leaks if using WebRTC
|
||||||
|
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416
|
||||||
|
// https://wiki.mozilla.org/Media/WebRTC/Privacy
|
||||||
|
user_pref("media.peerconnection.ice.default_address_only", true);
|
||||||
|
user_pref("media.peerconnection.ice.no_host", true);
|
||||||
|
user_pref("media.peerconnection.use_document_iceservers", false);
|
||||||
|
user_pref("media.peerconnection.identity.enabled", false);
|
||||||
|
user_pref("media.peerconnection.identity.timeout", 1);
|
||||||
|
user_pref("media.peerconnection.turn.disable", true);
|
||||||
|
user_pref("media.peerconnection.ice.tcp", false);
|
||||||
|
// Pref : Disable webGL I/II
|
||||||
|
// WebGL introduce high fingerprinting... (webgl is direct hardware js)
|
||||||
|
user_pref("webgl.disabled", true);
|
||||||
|
user_pref("webgl.enable-webgl2", false);
|
||||||
|
user_pref("webgl.min_capability_mode", true);
|
||||||
|
// Pref : Disable webGL II/II
|
||||||
|
// WebGL introduce high fingerprinting... (webgl is direct hardware js)
|
||||||
|
user_pref("pdfjs.enableWebGL", false);
|
||||||
|
user_pref("webgl.disable-extensions", true);
|
||||||
|
user_pref("webgl.disable-fail-if-major-performance-caveat", true);
|
||||||
|
// Pref : Disable audiocapture
|
||||||
|
user_pref("media.getusermedia.browser.enabled", false);
|
||||||
|
user_pref("media.getusermedia.audiocapture.enabled", false);
|
||||||
|
// Pref : Disable camera
|
||||||
|
user_pref("device.camera.enabled", false);
|
||||||
|
// Pref : Disable canvas capture stream
|
||||||
|
// https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream
|
||||||
|
user_pref("canvas.capturestream.enabled", false);
|
||||||
|
// Pref : Disable camera image capture
|
||||||
|
// https://trac.torproject.org/projects/tor/ticket/16339
|
||||||
|
user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false]
|
||||||
|
// Pref : Disable offscreen canvas
|
||||||
|
// https://developer.mozilla.org/docs/Web/API/OffscreenCanvas
|
||||||
|
user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false]
|
||||||
|
// Pref : Disable autoplay of HTML5 media
|
||||||
|
// 0=Allowed, 1=Blocked, 2=Prompt
|
||||||
|
// [NOTE] You can set exceptions under site permissions
|
||||||
|
user_pref("media.autoplay.default", 1);
|
||||||
|
// Pref : Disable autoplay of HTML5 media if you interacted with the site
|
||||||
|
user_pref("media.autoplay.enabled.user-gestures-needed", false);
|
||||||
|
// Pref : Disable audio autoplay in non-active tabs
|
||||||
|
// https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
|
||||||
|
user_pref("media.block-autoplay-until-in-foreground", true);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Security
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : Pre-populate the current URL but do not pre-fetch the certificate in the
|
||||||
|
// "Add Security Exception" dialog
|
||||||
|
// http://kb.mozillazine.org/Browser.ssl_override_behavior
|
||||||
|
// https://github.com/pyllyukko/user.js/issues/210
|
||||||
|
user_pref("browser.ssl_override_behavior", 1);
|
||||||
|
// Pref : Blocking GD Parking Scam Site
|
||||||
|
user_pref("network.dns.localDomains", "librefox.com");
|
||||||
|
// Pref : Disable HSTS preload list (pre-set HSTS sites list provided by Mozilla)
|
||||||
|
// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
|
||||||
|
// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
|
||||||
|
// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
|
||||||
|
user_pref("network.stricttransportsecurity.preloadlist", false);
|
||||||
|
// Pref : Check disabled section
|
||||||
|
// OCSP Leaks the visited sited exactly same issue as safebrowsing.
|
||||||
|
// Stapling have the site itsefl proof that his certificate is good
|
||||||
|
// through the CA so apparently nothing is leaked in this case.
|
||||||
|
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
|
||||||
|
user_pref("security.OCSP.enabled", 0);
|
||||||
|
user_pref("security.OCSP.require", false);
|
||||||
|
user_pref("security.ssl.enable_ocsp_stapling", true);
|
||||||
|
// Pref :
|
||||||
|
user_pref("security.ssl.errorReporting.enabled", false);
|
||||||
|
// Pref : Enfore Public Key Pinning
|
||||||
|
// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
|
||||||
|
// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
|
||||||
|
// "2. Strict. Pinning is always enforced."
|
||||||
|
user_pref("security.cert_pinning.enforcement_level", 2);
|
||||||
|
// Pref :
|
||||||
|
user_pref("security.mixed_content.upgrade_display_content", true);
|
||||||
|
user_pref("security.mixed_content.block_object_subrequest", true);
|
||||||
|
user_pref("security.mixed_content.block_display_content", true);
|
||||||
|
user_pref("security.mixed_content.block_active_content", true);
|
||||||
|
// Pref : Disallow SHA-1
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
|
||||||
|
// https://shattered.io/
|
||||||
|
user_pref("security.pki.sha1_enforcement_level", 1);
|
||||||
|
// Pref :
|
||||||
|
user_pref("security.ssl.errorReporting.automatic", false);
|
||||||
|
user_pref("security.ssl.errorReporting.url", "");
|
||||||
|
// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
|
||||||
|
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
|
||||||
|
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
|
||||||
|
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
|
||||||
|
// Pref :
|
||||||
|
user_pref("security.ssl3.rsa_des_ede3_sha", false);
|
||||||
|
user_pref("security.ssl3.rsa_aes_256_sha", false);
|
||||||
|
user_pref("security.ssl3.rsa_aes_128_sha", false);
|
||||||
|
// Pref : Disable insecure TLS version fallback
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
|
||||||
|
// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
|
||||||
|
user_pref("security.tls.version.fallback-limit", 3);
|
||||||
|
// Pref : Only allow TLS 1.[0-3]
|
||||||
|
// http://kb.mozillazine.org/Security.tls.version.*
|
||||||
|
user_pref("security.tls.version.min", 2);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : User Settings
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
|
||||||
|
user_pref("network.dns.disableIPv6", true);
|
||||||
|
// Pref : Disable DNS prefetching
|
||||||
|
// http://kb.mozillazine.org/Network.dns.disablePrefetch
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
|
||||||
|
user_pref("network.dns.disablePrefetch", true);
|
||||||
|
// Pref : Disable (or setup) DNS-over-HTTPS (DoH)
|
||||||
|
// TRR = Trusted Recursive Resolver
|
||||||
|
// .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
|
||||||
|
// [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
|
||||||
|
// https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
|
||||||
|
// https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
|
||||||
|
// BUG : This seem to disable socks_remote_dns ?! need to check with wireshark
|
||||||
|
// If true, just settings urls to null should be enough to disable
|
||||||
|
// Without impacting socks_remote_dns
|
||||||
|
user_pref("network.trr.mode", 0);
|
||||||
|
user_pref("network.trr.bootstrapAddress", "");
|
||||||
|
user_pref("network.trr.uri", "");
|
||||||
|
// Pref : Do No Tracker enabled by default
|
||||||
|
user_pref("privacy.donottrackheader.enabled", false);
|
||||||
|
// Pref : Enable Container Tabs
|
||||||
|
user_pref("privacy.userContext.enabled", true);
|
||||||
|
// Pref : Set long press behaviour on "+ Tab" button to display container menu
|
||||||
|
// 0=disables long press, 1=when clicked, the menu is shown
|
||||||
|
// 2=the menu is shown after X milliseconds
|
||||||
|
// [NOTE] The menu does not contain a non-container tab option
|
||||||
|
// https://bugzilla.mozilla.org/1328756
|
||||||
|
user_pref("privacy.userContext.longPressBehavior", 2);
|
||||||
|
// Pref : Enable Container Tabs setting in preferences
|
||||||
|
// https://bugzilla.mozilla.org/1279029
|
||||||
|
user_pref("privacy.userContext.ui.enabled", true);
|
||||||
|
// Pref : Enable Container Tabs
|
||||||
|
user_pref("privacy.userContext.enabled", true);
|
||||||
|
// Pref : Enable a private container for thumbnail loads
|
||||||
|
user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // default: true
|
||||||
|
// Pref : Set long press behaviour on "+ Tab" button to display container menu
|
||||||
|
// 0=disables long press, 1=when clicked, the menu is shown
|
||||||
|
// 2=the menu is shown after X milliseconds
|
||||||
|
// [NOTE] The menu does not contain a non-container tab option
|
||||||
|
// https://bugzilla.mozilla.org/1328756
|
||||||
|
user_pref("privacy.userContext.longPressBehavior", 2);
|
||||||
|
// Pref : Changing block list (Tracking protection)
|
||||||
|
// Default value "test-track-simple,base-track-digest256"
|
||||||
|
user_pref("urlclassifier.trackingTable", "");
|
||||||
|
// Pref : Enable First Party Isolation
|
||||||
|
// [SETUP-WEB] May break cross-domain logins and site functionality until perfected
|
||||||
|
// https://bugzilla.mozilla.org/1260931
|
||||||
|
// Enabled via addons
|
||||||
|
user_pref("privacy.firstparty.isolate", true);
|
||||||
|
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Locale/Time/UserAgent
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : Disable date/time picker
|
||||||
|
// This can leak your locale if not en-US
|
||||||
|
// https://trac.torproject.org/projects/tor/ticket/21787
|
||||||
|
user_pref("dom.forms.datetime", false);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Passwords
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : Disable autofilling saved passwords on HTTP pages and show warning
|
||||||
|
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119
|
||||||
|
user_pref("signon.autofillForms.http", false);
|
||||||
|
user_pref("security.insecure_field_warning.contextual.enabled", true);
|
||||||
|
// [NOTE] This does not clear any passwords already saved
|
||||||
|
user_pref("signon.rememberSignons", false);
|
||||||
|
// Pref : Set how often Firefox should ask for the master password
|
||||||
|
// 0=the first time (default), 1=every time it's needed, 2=every n minutes
|
||||||
|
user_pref("security.ask_for_password", 2);
|
||||||
|
// Pref : Set how often in minutes Firefox should ask for the master password in minutes, default is 30
|
||||||
|
user_pref("security.password_lifetime", 5);
|
||||||
|
// Pref : Disable auto-filling username & password form fields
|
||||||
|
// can leak in cross-site forms AND be spoofed
|
||||||
|
// [NOTE] Password will still be auto-filled after a user name is manually entered
|
||||||
|
// http://kb.mozillazine.org/Signon.autofillForms
|
||||||
|
user_pref("signon.autofillForms", false);
|
||||||
|
// Pref : Disable websites autocomplete
|
||||||
|
// Don't let sites dictate use of saved logins and passwords.
|
||||||
|
user_pref("signon.storeWhenAutocompleteOff", false);
|
||||||
|
// Pref : Disable formless login capture
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
|
||||||
|
user_pref("signon.formlessCapture.enabled", false);
|
||||||
|
// Pref : Limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources
|
||||||
|
// Hardens against potential credentials phishing
|
||||||
|
// 0=don't allow sub-resources to open HTTP authentication credentials dialogs
|
||||||
|
// 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
|
||||||
|
// 2=allow sub-resources to open HTTP authentication credentials dialogs (default)
|
||||||
|
// 1] https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/
|
||||||
|
user_pref("network.auth.subresource-http-auth-allow", 1);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Cache / Session (Re)Store / Favicons
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// ETAG and other cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized by modifying response headers. Another solution is to use a hardened configuration with Temporary Containers. Alternatively, you can *LIMIT* exposure by clearing cache on close. Or on a regular basis manually or with an extension.
|
||||||
|
// https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags
|
||||||
|
// https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/
|
||||||
|
// https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache
|
||||||
|
// https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor
|
||||||
|
// https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21
|
||||||
|
// Pref : Disable disk cache
|
||||||
|
user_pref("browser.cache.disk.enable", false);
|
||||||
|
user_pref("browser.cache.disk.capacity", 0);
|
||||||
|
user_pref("browser.cache.disk.smart_size.enabled", false);
|
||||||
|
user_pref("browser.cache.disk.smart_size.first_run", false);
|
||||||
|
// Pref : Disable disk cache for SSL pages
|
||||||
|
//http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
|
||||||
|
user_pref("browser.cache.disk_cache_ssl", false);
|
||||||
|
// Pref : Disable memory cache
|
||||||
|
// [NOTE] Not recommended due to performance issues
|
||||||
|
// user_pref("browser.cache.memory.enable", false);
|
||||||
|
// user_pref("browser.cache.memory.capacity", 0);
|
||||||
|
// Pref : Disable fastback cache
|
||||||
|
// To improve performance when pressing back/forward Firefox stores visited pages so they don't have to be re-parsed. This is not the same as memory cache.
|
||||||
|
// 0=none, -1=auto (that's minus 1).
|
||||||
|
// [WARNING] Not recommended unless you know what you're doing
|
||||||
|
// http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers
|
||||||
|
// user_pref("browser.sessionhistory.max_total_viewers", 0);
|
||||||
|
// Pref : Exclude "Undo Closed Tabs" in Session Restore
|
||||||
|
// user_pref("browser.sessionstore.max_tabs_undo", 0);
|
||||||
|
// Pref : Disable storing extra session data
|
||||||
|
// Extra session data contains contents of forms, scrollbar positions, cookies and POST data
|
||||||
|
// Define on which sites to save extra session data:
|
||||||
|
// 0=everywhere, 1=unencrypted sites, 2=nowhere
|
||||||
|
user_pref("browser.sessionstore.privacy_level", 2);
|
||||||
|
// Pref : Disable resuming session from crash
|
||||||
|
// user_pref("browser.sessionstore.resume_from_crash", false);
|
||||||
|
// Pref : Set the minimum interval between session save operations
|
||||||
|
// Increasing this can help on older machines and some websites, as well as reducing writes.
|
||||||
|
// Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc
|
||||||
|
// This can also affect entries in the "Recently Closed Tabs" feature:
|
||||||
|
// i.e. the longer the interval the more chance a quick tab open/close won't be captured.
|
||||||
|
// This longer interval *may* affect history but we cannot replicate any history not recorded
|
||||||
|
// https://bugzilla.mozilla.org/1304389
|
||||||
|
user_pref("browser.sessionstore.interval", 30000);
|
||||||
|
// Pref : Disable favicons in web notifications
|
||||||
|
user_pref("alerts.showFavicons", false);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Geolocation
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : Disable location
|
||||||
|
user_pref("geo.enabled", false);
|
||||||
|
user_pref("geo.wifi.xhr.timeout", 0);
|
||||||
|
// Pref : Disable GeoIP lookup on your address to set default search engine region
|
||||||
|
// https://trac.torproject.org/projects/tor/ticket/16254
|
||||||
|
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
|
||||||
|
user_pref("browser.search.region", "US");
|
||||||
|
user_pref("browser.search.geoip.url", "");
|
||||||
|
user_pref("browser.search.geoip.timeout", 0);
|
||||||
|
user_pref("browser.search.geoSpecificDefaults.url", "");
|
||||||
|
user_pref("browser.snippets.geoUrl", "");
|
||||||
|
// Pref : Set OS & APP locale
|
||||||
|
// If set to empty, the OS locales are used. If not set at all, default locale is used
|
||||||
|
user_pref("intl.locale.requested", "en-US");
|
||||||
|
// Pref: Set language to match
|
||||||
|
user_pref("intl.accept_languages", "en-US, en");
|
||||||
|
// Pref : Use APP locale over OS locale in regional preferences
|
||||||
|
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789
|
||||||
|
user_pref("intl.regional_prefs.use_os_locales", false);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Fonts
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : Disable websites choosing fonts (0=block, 1=allow)
|
||||||
|
// If you disallow fonts, this drastically limits/reduces font enumeration (by JS) which is a high entropy fingerprinting vector.
|
||||||
|
// [NOTE] Disabling fonts can uglify the web a fair bit.
|
||||||
|
user_pref("browser.display.use_document_fonts", 0);
|
||||||
|
// Pref: Set more legible default fonts
|
||||||
|
// [NOTE] Example below for Windows/Western only
|
||||||
|
// user_pref("font.name.serif.x-unicode", "Georgia");
|
||||||
|
// user_pref("font.name.serif.x-western", "Georgia"); // default: Times New Roman
|
||||||
|
// user_pref("font.name.sans-serif.x-unicode", "Arial");
|
||||||
|
// user_pref("font.name.sans-serif.x-western", "Arial"); // default: Arial
|
||||||
|
// user_pref("font.name.monospace.x-unicode", "Lucida Console");
|
||||||
|
// user_pref("font.name.monospace.x-western", "Lucida Console"); // default: Courier New
|
||||||
|
// Pref: Disable icon fonts (glyphs) and local fallback rendering
|
||||||
|
// https://bugzilla.mozilla.org/789788
|
||||||
|
// https://trac.torproject.org/projects/tor/ticket/8455
|
||||||
|
user_pref("gfx.downloadable_fonts.enabled", false);
|
||||||
|
user_pref("gfx.downloadable_fonts.fallback_delay", -1);
|
||||||
|
// Pref: Disable rendering of SVG OpenType fonts
|
||||||
|
// https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this
|
||||||
|
user_pref("gfx.font_rendering.opentype_svg.enabled", false);
|
||||||
|
// Pref: Disable WOFF2 (Web Open Font Format)
|
||||||
|
user_pref("gfx.downloadable_fonts.woff2.enabled", false);
|
||||||
|
// Pref: Disable CSS Font Loading API
|
||||||
|
// [NOTE] Disabling fonts can uglify the web a fair bit.
|
||||||
|
user_pref("layout.css.font-loading-api.enabled", false);
|
||||||
|
// Pref: Disable special underline handling for a few fonts which you will probably never use
|
||||||
|
// Any of these fonts on your system can be enumerated for fingerprinting.
|
||||||
|
// http://kb.mozillazine.org/Font.blacklist.underline_offset
|
||||||
|
user_pref("font.blacklist.underline_offset", "");
|
||||||
|
// Pref: Disable graphite which turned back on by default
|
||||||
|
// https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
|
||||||
|
user_pref("gfx.font_rendering.graphite.enabled", false);
|
||||||
|
// Pref: Limit system font exposure to a whitelist [RESTART]
|
||||||
|
// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
|
||||||
|
// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. Eventually privacy.resistFingerprinting will cover this.
|
||||||
|
// https://bugzilla.mozilla.org/1121643
|
||||||
|
// user_pref("font.system.whitelist", "");
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Plugins
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref: Set default plugin state (i.e. new plugins on discovery) to never activate
|
||||||
|
// 0=disabled, 1=ask to activate, 2=active - you can override individual plugins
|
||||||
|
user_pref("plugin.default.state", 0);
|
||||||
|
// Pref : Enable plugins click-to-play
|
||||||
|
// https://wiki.mozilla.org/Firefox/Click_To_Play
|
||||||
|
// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/
|
||||||
|
user_pref("plugins.click_to_play", true);
|
||||||
|
user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0);
|
||||||
|
// Pref : Disable all GMP (Gecko Media Plugins)
|
||||||
|
user_pref("media.gmp-provider.enabled", false);
|
||||||
|
user_pref("media.gmp-manager.certs.1.issuerName", "");
|
||||||
|
user_pref("media.gmp-manager.certs.1.commonName", "");
|
||||||
|
user_pref("media.gmp-manager.certs.2.issuerName", "");
|
||||||
|
user_pref("media.gmp-manager.certs.2.commonName", "");
|
||||||
|
user_pref("media.gmp-manager.url", "data:text/plain,");
|
||||||
|
user_pref("media.gmp-manager.url.override", "data:text/plain,");
|
||||||
|
// Pref : Disable all DRM content (EME: Encryption Media Extension)
|
||||||
|
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
|
||||||
|
user_pref("media.eme.enabled", false);
|
||||||
|
// Pref : Disable the OpenH264 Video Codec by Cisco to "Never Activate".
|
||||||
|
// This is the bundled codec used for video chat in WebRTC.
|
||||||
|
user_pref("media.gmp-gmpopenh264.enabled", false);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Hardware Fingerprinting
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : Disable Battery Status API
|
||||||
|
// Initially a Linux issue (high precision readout) that was fixed.
|
||||||
|
// However, it is still another metric for fingerprinting, used to raise entropy.
|
||||||
|
// e.g. do you have a battery or not, current charging status, charge level, times remaining etc
|
||||||
|
// https://bugzilla.mozilla.org/1313580
|
||||||
|
// user_pref("dom.battery.enabled", false);
|
||||||
|
// Pref : Disable virtual reality devices APIs
|
||||||
|
// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API
|
||||||
|
user_pref("dom.vr.enabled", false);
|
||||||
|
// Pref : Disable WebRTC getUserMedia, screen sharing, audio capture, video capture
|
||||||
|
// https://wiki.mozilla.org/Media/getUserMedia
|
||||||
|
// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Web/API/Navigator
|
||||||
|
user_pref("media.navigator.enabled", false);
|
||||||
|
user_pref("media.navigator.video.enabled", false);
|
||||||
|
// Pref : Disable hardware acceleration to reduce graphics fingerprinting
|
||||||
|
// [SETUP-PERF] Affects text rendering (fonts will look different), impacts video performance,
|
||||||
|
// and parts of Quantum that utilize the GPU will also be affected as they are rolled out
|
||||||
|
// https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration
|
||||||
|
// user_pref("layers.acceleration.disabled", true);
|
||||||
|
// Pref : Disable Web Audio API
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
|
||||||
|
// Avoid fingerprinting...
|
||||||
|
user_pref("dom.webaudio.enabled", false);
|
||||||
|
// Pref : Disable Media Capabilities API
|
||||||
|
// [SETUP-PERF] This *may* affect media performance if disabled, no one is sure
|
||||||
|
// https://github.com/WICG/media-capabilities
|
||||||
|
// https://wicg.github.io/media-capabilities/#security-privacy-considerations
|
||||||
|
// user_pref("media.media-capabilities.enabled", false);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Blocklists / Safe Browsing / Tracking Protection
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// This section has security & tracking protection implications vs privacy concerns vs effectiveness vs 3rd party 'censorship'. If you disable Tracking Protection (TP) and/or Safe Browsing (SB), REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED.
|
||||||
|
// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla
|
||||||
|
// Updated at interval defined in extensions.blocklist.interval
|
||||||
|
user_pref("app.update.lastUpdateTime-blocklist-background-update-timer", 0);
|
||||||
|
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 0);
|
||||||
|
user_pref("extensions.blocklist.enabled", false);
|
||||||
|
user_pref("extensions.blocklist.interval", 0);
|
||||||
|
user_pref("extensions.blocklist.level", 0);
|
||||||
|
user_pref("extensions.blocklist.pingCountTotal", 0);
|
||||||
|
user_pref("extensions.blocklist.pingCountVersion", 0);
|
||||||
|
user_pref("extensions.blocklist.url", "");
|
||||||
|
user_pref("services.blocklist.addons.signer", "");
|
||||||
|
user_pref("services.blocklist.bucket", "");
|
||||||
|
user_pref("services.blocklist.pinning.bucket", "");
|
||||||
|
user_pref("services.blocklist.pinning.checked", 0);
|
||||||
|
user_pref("services.blocklist.pinning.collection", "");
|
||||||
|
user_pref("services.blocklist.pinning.enabled", false);
|
||||||
|
user_pref("services.blocklist.plugins.checked", 0);
|
||||||
|
user_pref("services.blocklist.plugins.collection", "");
|
||||||
|
// Pref : Disable individual unwanted/unneeded parts of the Kinto blocklists
|
||||||
|
// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications
|
||||||
|
// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes
|
||||||
|
user_pref("services.blocklist.onecrl.checked", 0);
|
||||||
|
user_pref("services.blocklist.onecrl.collection", "");
|
||||||
|
user_pref("services.blocklist.addons.checked", 0);
|
||||||
|
user_pref("services.blocklist.addons.collection", "");
|
||||||
|
user_pref("services.blocklist.gfx.checked", 0);
|
||||||
|
user_pref("services.blocklist.gfx.collection", "");
|
||||||
|
// Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents)
|
||||||
|
user_pref("browser.safebrowsing.allowOverride", false);
|
||||||
|
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.debug", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.url", "");
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.timeout_ms", 0);
|
||||||
|
user_pref("browser.safebrowsing.id", "");
|
||||||
|
user_pref("browser.safebrowsing.malware.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.passwords.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.phishing.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.provider.google.advisoryURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.pver", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.advisoryName", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.gethashURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.lists", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.reportURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.updateURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.advisoryName", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.advisoryURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.lists", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.reportURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.updateURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.pver", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.mozilla.lists", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.mozilla.lists.base", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.mozilla.lists.content", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.mozilla.pver", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");
|
||||||
|
user_pref("browser.safebrowsing.reportPhishURL", "");
|
||||||
|
// Pref : Disable Mozilla's tracking protection and Flash blocklist updates
|
||||||
|
user_pref("browser.safebrowsing.provider.mozilla.lists.base", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.mozilla.lists.content", "");
|
||||||
|
// Pref : Disable passive Tracking Protection
|
||||||
|
// Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list.
|
||||||
|
// [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows
|
||||||
|
// This is included for people who want to completely disable Tracking Protection.
|
||||||
|
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814
|
||||||
|
user_pref("privacy.trackingprotection.annotate_channels", false);
|
||||||
|
user_pref("privacy.trackingprotection.lower_network_priority", false);
|
||||||
|
// Pref : Disable passive Tracking Protection in all windows
|
||||||
|
user_pref("privacy.trackingprotection.enabled", false);
|
||||||
|
user_pref("privacy.trackingprotection.pbmode.enabled", false);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Persistent Storage
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// [NOTE] indexedDB and serviceWorkers are not available in Private Browsing Mode
|
||||||
|
// [NOTE] Blocking cookies also blocks websites access to: localStorage (incl. sessionStorage), indexedDB, sharedWorker, and serviceWorker (and therefore service worker cache and notifications).
|
||||||
|
// If you set a site exception for cookies (either "Allow" or "Allow for Session") then they become accessible to websites except shared/service workers where the cookie setting *must* be "Allow".
|
||||||
|
// Pref : Disable 3rd-party cookies and site-data
|
||||||
|
// [NOTE] Can breaks payment gateways
|
||||||
|
user_pref("network.cookie.cookieBehavior", 1);
|
||||||
|
// Pref : Set third-party cookies (i.e ALL) (if enabled) to session-only and set third-party non-secure (i.e HTTP) cookies to session-only
|
||||||
|
// [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
|
||||||
|
// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
|
||||||
|
// http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly
|
||||||
|
user_pref("network.cookie.thirdparty.sessionOnly", true);
|
||||||
|
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true);
|
||||||
|
// Pref : Delete cookies and site data on close
|
||||||
|
// 0=keep until they expire (default), 2=keep until you close Firefox
|
||||||
|
// [NOTE] The setting below is disabled (but not changed) if you block all cookies
|
||||||
|
// user_pref("network.cookie.lifetimePolicy", 2);
|
||||||
|
// Pref : Disable HTTP sites setting cookies with the "secure" directive
|
||||||
|
// https://developer.mozilla.org/Firefox/Releases/52#HTTP
|
||||||
|
user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true]
|
||||||
|
// Pref : Enable support for same-site cookies
|
||||||
|
// https://bugzilla.mozilla.org/795346
|
||||||
|
// https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
|
||||||
|
// https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
|
||||||
|
user_pref("network.cookie.same-site.enabled", true); // [DEFAULT: true]
|
||||||
|
// Pref : Disable DOM (Document Object Model) Storage
|
||||||
|
// [WARNING] This will break a LOT of sites' functionality AND extensions!
|
||||||
|
// You are better off using an extension for more granular control
|
||||||
|
// user_pref("dom.storage.enabled", false);
|
||||||
|
// Pref : Enforce IndexedDB (IDB) as enabled
|
||||||
|
// IDB is required for extensions and Firefox internals.
|
||||||
|
// To control *website* IDB data, control allowing cookies and service workers, or use Temporary Containers. To mitigate *website* IDB, FPI helps, and/or sanitize on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically via an extension. Note that IDB currently cannot be sanitized by host.
|
||||||
|
// https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/
|
||||||
|
user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true]
|
||||||
|
// Pref : Do not download URLs for the offline cache
|
||||||
|
// http://kb.mozillazine.org/Browser.cache.offline.enable
|
||||||
|
user_pref("browser.cache.offline.enable", false);
|
||||||
|
user_pref("browser.cache.offline.capacity", 0);
|
||||||
|
// Pref : Disable offline cache on insecure sites
|
||||||
|
// https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/
|
||||||
|
user_pref("browser.cache.offline.insecure.enable", false);
|
||||||
|
// Pref : Enforce websites to ask to store data for offline use
|
||||||
|
// https://support.mozilla.org/questions/1098540
|
||||||
|
// https://bugzilla.mozilla.org/959985
|
||||||
|
// user_pref("offline-apps.allow_by_default", false);
|
||||||
|
// Pref : Disable service workers cache and cache storage
|
||||||
|
// https://w3c.github.io/ServiceWorker/#privacy
|
||||||
|
user_pref("dom.caches.enabled", false);
|
||||||
|
// Pref : Disable Storage API
|
||||||
|
// The API gives sites the ability to find out how much space they can use, how much they are already using, and even control whether or not they need to be alerted before the user agent disposes of site data in order to make room for other things.
|
||||||
|
// https://developer.mozilla.org/docs/Web/API/StorageManager
|
||||||
|
// https://developer.mozilla.org/docs/Web/API/Storage_API
|
||||||
|
// https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/
|
||||||
|
user_pref("dom.storageManager.enabled", false);
|
||||||
|
// Pref : Disable Storage Access API
|
||||||
|
// https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
|
||||||
|
user_pref("dom.storage_access.enabled", false);
|
||||||
|
//
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Section : Resist Fingerprinting
|
||||||
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
|
||||||
|
// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1333933
|
||||||
|
user_pref("privacy.resistFingerprinting", true);
|
||||||
|
// Pref : [FENNEC]
|
||||||
|
user_pref("privacy.trackingprotection.fingerprinting.enabled", true);
|
Reference in New Issue