Update 'config/mozilla.cfg'

✅ Defaulted to an empty value about DoH resolvers instead Cloudflare and co. (FF68) ⛔️ Locked entirely add-on and certificate blocklists (OneCRL) from Mozilla ⛔️ Locked more sync (FF68) ⛔️ Locked more telemetry (FF68) ⛔️ Locked recommendations in about:addons Extensions and Themes panes (FF68) ⛔️ Locked report extension option in about:addons (FF68) ⛔️ Decreased more system information leakage to Mozilla addons update servers ⛔️ Locked the Enterprise Roots preference (FF68) ⛔️ Locked access to navigator.mediaDevices features on HTTP web pages (FF68) ⛔️ Locked FF Remote Agent (FF68) ⛔️ Locked more VR features (FF68) ℹ️ Fixed some typo ℹ️ Fixed FF doesen't save theme selected by user ℹ️ Removed "Defaulting Proxy settings" because the two values I entered are the same of default now
2019-07-08 12:27:31 +03:00 · 2019-07-08 12:27:31 +03:00 · 0f281947c6
parent cf2307d58f
commit 0f281947c6
1 changed files with 92 additions and 31 deletions
--- a/config/mozilla.cfg
+++ b/config/mozilla.cfg
@ -274,6 +274,7 @@ lockPref("services.sync.fxa.termsURL", ""); // [DESKTOP]
 lockPref("services.sync.lastversion", ""); // [DESKTOP]
 lockPref("sync.serverURL", ""); // [DEPRECATED] // [DESKTOP]
 lockPref("sync.jpake.serverURL", ""); // [DEPRECATED] // [DESKTOP]
+lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); // [DESKTOP]
 // -------------------------------------
 // Pref : Never check updates for search engines
 // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
@ -323,6 +324,9 @@ lockPref("toolkit.telemetry.prompted", 2); // [DESKTOP]
 lockPref("toolkit.telemetry.rejected", true); // [DESKTOP]
 lockPref("security.identitypopup.recordEventElemetry", false); // [DESKTOP]
 lockPref("security.certerrors.recordEventTelemetry", false); // [DESKTOP]
+lockPref("privacy.trackingprotection.origin_telemetry.enabled", false);
+lockPref("telemetry.origin_telemetry_test_mode.enabled", false);
+lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); // [DESKTOP]
 // -------------------------------------
 // Pref : Disable Telemetry Coverage
 // https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
@ -392,7 +396,7 @@ lockPref("network.connectivity-service.DNSv6.domain", "");
 // -------------------------------------
 // Pref : Opt-out of themes (Persona) updates
 // https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287
-lockPref("lightweightThemes.update.enabled",false); // [DESKTOP]
+lockPref("lightweightThemes.update.enabled", false); // [DESKTOP]
 // -------------------------------------
 // Pref : Disable auto updating of lightweight themes (LWT)
 // Not to be confused with themes, which use the Theme API
@ -400,7 +404,7 @@ lockPref("lightweightThemes.update.enabled",false); // [DESKTOP]
 // https://blog.mozilla.org/addons/2018/09/20/future-themes-here/
 lockPref("lightweightThemes.persisted.headerURL", false);
 lockPref("lightweightThemes.persistedThemeID", ""); // [FENNEC]
-lockPref("lightweightThemes.selectedThemeID", ""); // [FENNEC]
+// lockPref("lightweightThemes.selectedThemeID", ""); // [BUG - FF doesen't save theme selected by user]
 lockPref("lightweightThemes.getMoreURL", ""); // [DESKTOP]
 lockPref("lightweightThemes.persisted.footerURL", false); // [DESKTOP]
 lockPref("lightweightThemes.recommendedThemes", ""); // [DESKTOP]
@ -420,13 +424,24 @@ lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DESKTO
 // https://trac.torproject.org/projects/tor/ticket/19047
 lockPref("browser.selfsupport.url", ""); // [DESKTOP]
 // -------------------------------------
-// Pref : Disable about:addons Get Add-ons panel (uses Google Analytics)
+// Pref : Disable about:addons Recommendations pane (uses Google Analytics)
 lockPref("extensions.getAddons.showPane", false); // [HIDDEN PREF] // [DESKTOP]
 lockPref("extensions.webservice.discoverURL", ""); // [DESKTOP]
 // -------------------------------------
+// Pref : Disable recommendations in about:addons Extensions and Themes panes 
+// https://www.ghacks.net/2019/05/15/enable-new-firefox-recommended-extensions-suggestions-in-firefox-68-nightly/
+lockPref("extensions.htmlaboutaddons.discover.enabled", false); // [DESKTOP]
+lockPref("extensions.htmlaboutaddons.inline-options.enabled", false);
+lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); // [FENNEC]
+lockPref("extensions.getAddons.discovery.api_url", ""); // [DESKTOP]
+// -------------------------------------
+// Pref : Disable report extension option in about:addons
+lockPref("extensions.abuseReport.enabled", false);
+lockPref("extensions.abuseReport.url", "");
+// -------------------------------------
 // Pref : Disable Firefox Hello metrics collection
 // https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
-lockPref("loop.logDomains",false); // [DESKTOP]
+lockPref("loop.logDomains", false); // [DESKTOP]
 // -------------------------------------
 // Pref : Disable Browser Error Reporter
 // https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection
@ -533,8 +548,6 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // [DESK
 lockPref("browser.search.searchEnginesURL", ""); // [DESKTOP]
 lockPref("extensions.getAddons.themes.browseURL", ""); // [DESKTOP]
 lockPref("security.content.signature.root_hash", "");
-lockPref("urlclassifier.phishTable", "");
-lockPref("urlclassifier.passwordAllowTable", "");
 lockPref("identity.mobilepromo.android", ""); // [DESKTOP]
 lockPref("identity.mobilepromo.ios", ""); // [DESKTOP]
 lockPref("prio.publicKeyA", ""); // [DESKTOP]
@ -591,11 +604,6 @@ lockPref("mailnews.mx_service_url", ""); // [DESKTOP]
 lockPref("browser.newtabpage.activity-stream.default.sites", ""); // [DESKTOP]
 lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); // [DESKTOP]
 lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable FF Recommended Extensions suggestions
-// https://www.ghacks.net/2019/05/15/enable-new-firefox-recommended-extensions-suggestions-in-firefox-68-nightly/
-lockPref("extensions.htmlaboutaddons.discover.enabled", false);
-lockPref("extensions.htmlaboutaddons.inline-options.enabled", false);
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : Miscellaneous
@ -609,7 +617,7 @@ lockPref("extensions.update.enabled", true);
 lockPref("extensions.autoupdate.enabled", true);
 // -------------------------------------
 // Pref : Decrease system information leakage to Mozilla addons update servers
-lockPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/%LOCALE%/android/search?q=%TERMS%"); // [URL SANITIZED]
+lockPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/firefox/search?q=%TERMS%"); // [URL SANITIZED]
 // -------------------------------------
 // Pref : Disable Web Compatibility Reporter
 // Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
@ -972,7 +980,7 @@ lockPref("dom.vibrator.enabled", false);
 // Pref : Disable clipboard commands (cut/copy) from "non-privileged" content
 // This disables document.execCommand("cut"/"copy") to protect your clipboard
 // https://bugzilla.mozilla.org/1170911
-// lockPref("dom.allow_cut_copy", false); // [HIDDEN PREF]
+// lockPref("dom.allow_cut_copy", false);
 // -------------------------------------
 // Pref : Disable asm.js
 // http://asmjs.org/
@ -1262,6 +1270,22 @@ lockPref("permissions.default.geo", 2); // [DESKTOP]
 lockPref("permissions.default.camera", 2); // [DESKTOP]
 lockPref("permissions.default.microphone", 2); // [DESKTOP]
 lockPref("permissions.default.desktop-notification", 2); // [DESKTOP]
+// -------------------------------------
+// Pref : Disable the Enterprise Roots preference
+// https://support.mozilla.org/en-US/kb/how-disable-enterprise-roots-preference
+lockPref("security.enterprise_roots.enabled", false);
+lockPref("security.certerrors.mitm.auto_enable_enterprise_roots", false); // [DESKTOP]
+// -------------------------------------
+// Pref : Disable access to navigator.mediaDevices features on HTTP web pages
+// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/mediaDevices
+lockPref("media.devices.insecure.enabled", false);
+// -------------------------------------
+// Pref : Disable FF Remote Agent
+// https://dxr.mozilla.org/mozilla-central/source/remote/README
+// https://dxr.mozilla.org/mozilla-central/source/remote/doc/Prefs.md
+lockPref("remote.enabled", false); // [DESKTOP]
+lockPref("remote.force-local", true); // [DESKTOP]
+lockPref("remote.log.level", ""); // [DESKTOP]
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : Block Implicit Outbound
@ -1326,10 +1350,6 @@ defaultPref("network.proxy.socks_remote_dns", true);
 // https://bugzilla.mozilla.org/1255474
 defaultPref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false]
 // -------------------------------------
-// Pref : Defaulting Proxy settings
-defaultPref("network.proxy.autoconfig_url", ""); // [DEFAULT: ""]
-defaultPref("network.proxy.socks_version", 5); // [DEFAULT: 5]
-// -------------------------------------
 // Pref : Disable (or setup) DNS-over-HTTPS (DoH)
 // TRR = Trusted Recursive Resolver
 // .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
@ -1337,10 +1357,11 @@ defaultPref("network.proxy.socks_version", 5); // [DEFAULT: 5]
 // [BUG] This seem to disable socks_remote_dns ?! need to check with wireshark 
 // If true, just settings urls to null should be enough to disable without impacting socks_remote_dns.
 // https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
-// https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ 
-lockPref("network.trr.mode", 0);
-lockPref("network.trr.bootstrapAddress", "");
-lockPref("network.trr.uri", "");
+// https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
+defaultPref("network.trr.mode", 0);
+defaultPref("network.trr.bootstrapAddress", "");
+defaultPref("network.trr.uri", "");
+defaultPref("network.trr.resolvers", "[]");
 // -------------------------------------
 // Pref : Enable Subresource Integrity
 // https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
@ -1601,10 +1622,6 @@ defaultPref("privacy.userContext.enabled", true);
 // Pref : Enable a private container for thumbnail loads
 defaultPref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true]
 // -------------------------------------
-// Pref : Changing block list (Tracking protection)
-// Default value "test-track-simple,base-track-digest256"
-lockPref("urlclassifier.trackingTable", "");
-// -------------------------------------
 // Pref : Enable First Party Isolation
 // [SETUP-WEB] May break cross-domain logins and site functionality until perfected
 // https://bugzilla.mozilla.org/1260931 
@ -1711,7 +1728,7 @@ lockPref("dom.popup_maximum", 0); // [DEFAULT: 20]
 // -------------------------------------
 // Pref : Limit events that can cause a popup
 // http://kb.mozillazine.org/Dom.popup_allowed_events
-lockPref("dom.popup_allowed_events", "click dblclick"); // [DEFAULT: "change click dblclick mouseup pointerup notificationclick reset submit touchend"]
+lockPref("dom.popup_allowed_events", "click dblclick"); // [DEFAULT: "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend"]
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : Cache / Session (Re)Store / Favicons
@ -1952,19 +1969,62 @@ lockPref("shumway.disabled", true); // [DESKTOP]
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : Blocklists / Safe Browsing / Tracking Protection
 // >>>>>>>>>>>>>>>>>>>>
-// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla
+// Pref : Disable add-on and certificate blocklists (OneCRL) from Mozilla
+// https://wiki.mozilla.org/Security/Tracking_protection
+// https://wiki.mozilla.org/Services/TrackingProtection/Shavar_Server_-_Testing
+// https://wiki.mozilla.org/Security/Safe_Browsing
 // https://wiki.mozilla.org/Blocklisting
 // https://blocked.cdn.mozilla.net/
 // http://kb.mozillazine.org/Extensions.blocklist.enabled
 // http://kb.mozillazine.org/Extensions.blocklist.url
 // https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
-lockPref("services.blocklist.update_enabled", true); // [DESKTOP]
-lockPref("extensions.blocklist.enabled", true);
+lockPref("services.blocklist.update_enabled", false); // [DESKTOP]
+lockPref("services.blocklist.plugins.signer", "");
+lockPref("services.blocklist.plugins.collection", "");
+lockPref("services.blocklist.pinning.signer", "");
+lockPref("services.blocklist.pinning.enabled", false);
+lockPref("services.blocklist.pinning.collection", "");
+lockPref("services.blocklist.pinning.bucket", ""); // [DESKTOP]
+lockPref("services.blocklist.onecrl.signer", "");
+lockPref("services.blocklist.onecrl.collection", "");
+lockPref("services.blocklist.gfx.signer", "");
+lockPref("services.blocklist.gfx.collection", "");
+lockPref("services.blocklist.bucket", "");
+lockPref("services.blocklist.addons.signer", ""); // [DESKTOP]
+lockPref("services.blocklist.addons.collection", "");
+// lockPref("extensions.blocklist.level", 2); // [DEFAULT: 2]
+lockPref("extensions.blocklist.lastModified", ""); // [DESKTOP]
+lockPref("extensions.blocklist.itemURL", "");
+lockPref("extensions.blocklist.enabled", false);
+lockPref("extensions.blocklist.detailsURL", "");
+lockPref("services.settings.security.onecrl.bucket", "");
+lockPref("services.settings.security.onecrl.collection", "");
+lockPref("services.settings.security.onecrl.signer", "");
+lockPref("urlclassifier.blockedTable", "");
+lockPref("urlclassifier.disallow_completions", "");
+lockPref("urlclassifier.downloadAllowTable", "");
+lockPref("urlclassifier.downloadBlockTable", "");
+lockPref("urlclassifier.flashAllowExceptTable", "");
+lockPref("urlclassifier.flashAllowTable", "");
+lockPref("urlclassifier.flashExceptTable", "");
+lockPref("urlclassifier.flashSubDocExceptTable", "");
+lockPref("urlclassifier.flashSubDocTable", "");
+lockPref("urlclassifier.flashTable", "");
+lockPref("urlclassifier.malwareTable", "");
+lockPref("urlclassifier.passwordAllowTable", "");
+lockPref("urlclassifier.phishTable", "");
+lockPref("urlclassifier.trackingAnnotationSkipURLs", ""); // [DESKTOP]
+lockPref("urlclassifier.trackingAnnotationTable", ""); // [DESKTOP]
+lockPref("urlclassifier.trackingAnnotationSkipURLs", "");
+lockPref("urlclassifier.trackingAnnotationTable", "");
+lockPref("urlclassifier.trackingAnnotationWhitelistTable", "");
+lockPref("urlclassifier.trackingTable", "");
+lockPref("urlclassifier.trackingWhitelistTable", "");
 // -------------------------------------
 // Pref : Decrease system information leakage to Mozilla blocklist update servers
 // https://trac.torproject.org/projects/tor/ticket/16931
 // https://www.reddit.com/r/firefox/comments/9v5lue/firefox_tip_sanitize_firefox_blocklist_url_so_it/
-lockPref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/"); // [URL SANITIZED]
+lockPref("extensions.blocklist.url", ""); // [URL SANITIZED: https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/]
 // -------------------------------------
 // Pref : Opt-out of add-on metadata updates
 // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
@ -2401,6 +2461,7 @@ lockPref("gfx.vr.osvr.clientKitLibPath", "");
 lockPref("gfx.vr.osvr.clientLibPath", "");
 lockPref("gfx.vr.osvr.commonLibPath", "");
 lockPref("gfx.vr.osvr.utilLibPath", "");
+lockPref("dom.vr.process.enabled", false);
 // -------------------------------------
 // Pref : Disable hardware acceleration to reduce graphics fingerprinting
 // [WARNING] Affects text rendering (fonts will look different), impacts video performance, and parts of Quantum that utilize the GPU will also be affected as they are rolled out
@ -2484,7 +2545,7 @@ lockPref("home.sync.updateMode", 1); // [DEFAULT: 0] // [FENNEC]
 // lockPref("home.sync.checkIntervalSecs", 3600); // [FENNEC]
 // -------------------------------------
 // Pref : Middle-click mouse enabling auto-scrolling
-defaultPref("general.autoScroll",true); // [DESKTOP]
+defaultPref("general.autoScroll", true); // [DESKTOP]
 // -------------------------------------
 // Pref : Displaying small density by default
 defaultPref("browser.uidensity", 1); // [DEFAULT: 0] // [DESKTOP]