diff --git a/config/mozilla.cfg b/config/mozilla.cfg index 5f99a49..2ba0aee 100644 --- a/config/mozilla.cfg +++ b/config/mozilla.cfg @@ -274,6 +274,7 @@ lockPref("services.sync.fxa.termsURL", ""); // [DESKTOP] lockPref("services.sync.lastversion", ""); // [DESKTOP] lockPref("sync.serverURL", ""); // [DEPRECATED] // [DESKTOP] lockPref("sync.jpake.serverURL", ""); // [DEPRECATED] // [DESKTOP] +lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); // [DESKTOP] // ------------------------------------- // Pref : Never check updates for search engines // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking @@ -323,6 +324,9 @@ lockPref("toolkit.telemetry.prompted", 2); // [DESKTOP] lockPref("toolkit.telemetry.rejected", true); // [DESKTOP] lockPref("security.identitypopup.recordEventElemetry", false); // [DESKTOP] lockPref("security.certerrors.recordEventTelemetry", false); // [DESKTOP] +lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); +lockPref("telemetry.origin_telemetry_test_mode.enabled", false); +lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); // [DESKTOP] // ------------------------------------- // Pref : Disable Telemetry Coverage // https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ @@ -392,7 +396,7 @@ lockPref("network.connectivity-service.DNSv6.domain", ""); // ------------------------------------- // Pref : Opt-out of themes (Persona) updates // https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 -lockPref("lightweightThemes.update.enabled",false); // [DESKTOP] +lockPref("lightweightThemes.update.enabled", false); // [DESKTOP] // ------------------------------------- // Pref : Disable auto updating of lightweight themes (LWT) // Not to be confused with themes, which use the Theme API @@ -400,7 +404,7 @@ lockPref("lightweightThemes.update.enabled",false); // [DESKTOP] // https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ lockPref("lightweightThemes.persisted.headerURL", false); lockPref("lightweightThemes.persistedThemeID", ""); // [FENNEC] -lockPref("lightweightThemes.selectedThemeID", ""); // [FENNEC] +// lockPref("lightweightThemes.selectedThemeID", ""); // [BUG - FF doesen't save theme selected by user] lockPref("lightweightThemes.getMoreURL", ""); // [DESKTOP] lockPref("lightweightThemes.persisted.footerURL", false); // [DESKTOP] lockPref("lightweightThemes.recommendedThemes", ""); // [DESKTOP] @@ -420,13 +424,24 @@ lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DESKTO // https://trac.torproject.org/projects/tor/ticket/19047 lockPref("browser.selfsupport.url", ""); // [DESKTOP] // ------------------------------------- -// Pref : Disable about:addons Get Add-ons panel (uses Google Analytics) +// Pref : Disable about:addons Recommendations pane (uses Google Analytics) lockPref("extensions.getAddons.showPane", false); // [HIDDEN PREF] // [DESKTOP] lockPref("extensions.webservice.discoverURL", ""); // [DESKTOP] // ------------------------------------- +// Pref : Disable recommendations in about:addons Extensions and Themes panes +// https://www.ghacks.net/2019/05/15/enable-new-firefox-recommended-extensions-suggestions-in-firefox-68-nightly/ +lockPref("extensions.htmlaboutaddons.discover.enabled", false); // [DESKTOP] +lockPref("extensions.htmlaboutaddons.inline-options.enabled", false); +lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); // [FENNEC] +lockPref("extensions.getAddons.discovery.api_url", ""); // [DESKTOP] +// ------------------------------------- +// Pref : Disable report extension option in about:addons +lockPref("extensions.abuseReport.enabled", false); +lockPref("extensions.abuseReport.url", ""); +// ------------------------------------- // Pref : Disable Firefox Hello metrics collection // https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion -lockPref("loop.logDomains",false); // [DESKTOP] +lockPref("loop.logDomains", false); // [DESKTOP] // ------------------------------------- // Pref : Disable Browser Error Reporter // https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection @@ -533,8 +548,6 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // [DESK lockPref("browser.search.searchEnginesURL", ""); // [DESKTOP] lockPref("extensions.getAddons.themes.browseURL", ""); // [DESKTOP] lockPref("security.content.signature.root_hash", ""); -lockPref("urlclassifier.phishTable", ""); -lockPref("urlclassifier.passwordAllowTable", ""); lockPref("identity.mobilepromo.android", ""); // [DESKTOP] lockPref("identity.mobilepromo.ios", ""); // [DESKTOP] lockPref("prio.publicKeyA", ""); // [DESKTOP] @@ -591,11 +604,6 @@ lockPref("mailnews.mx_service_url", ""); // [DESKTOP] lockPref("browser.newtabpage.activity-stream.default.sites", ""); // [DESKTOP] lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); // [DESKTOP] lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); // [DESKTOP] -// ------------------------------------- -// Pref : Disable FF Recommended Extensions suggestions -// https://www.ghacks.net/2019/05/15/enable-new-firefox-recommended-extensions-suggestions-in-firefox-68-nightly/ -lockPref("extensions.htmlaboutaddons.discover.enabled", false); -lockPref("extensions.htmlaboutaddons.inline-options.enabled", false); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Miscellaneous @@ -609,7 +617,7 @@ lockPref("extensions.update.enabled", true); lockPref("extensions.autoupdate.enabled", true); // ------------------------------------- // Pref : Decrease system information leakage to Mozilla addons update servers -lockPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/%LOCALE%/android/search?q=%TERMS%"); // [URL SANITIZED] +lockPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/firefox/search?q=%TERMS%"); // [URL SANITIZED] // ------------------------------------- // Pref : Disable Web Compatibility Reporter // Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla @@ -972,7 +980,7 @@ lockPref("dom.vibrator.enabled", false); // Pref : Disable clipboard commands (cut/copy) from "non-privileged" content // This disables document.execCommand("cut"/"copy") to protect your clipboard // https://bugzilla.mozilla.org/1170911 -// lockPref("dom.allow_cut_copy", false); // [HIDDEN PREF] +// lockPref("dom.allow_cut_copy", false); // ------------------------------------- // Pref : Disable asm.js // http://asmjs.org/ @@ -1262,6 +1270,22 @@ lockPref("permissions.default.geo", 2); // [DESKTOP] lockPref("permissions.default.camera", 2); // [DESKTOP] lockPref("permissions.default.microphone", 2); // [DESKTOP] lockPref("permissions.default.desktop-notification", 2); // [DESKTOP] +// ------------------------------------- +// Pref : Disable the Enterprise Roots preference +// https://support.mozilla.org/en-US/kb/how-disable-enterprise-roots-preference +lockPref("security.enterprise_roots.enabled", false); +lockPref("security.certerrors.mitm.auto_enable_enterprise_roots", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable access to navigator.mediaDevices features on HTTP web pages +// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/mediaDevices +lockPref("media.devices.insecure.enabled", false); +// ------------------------------------- +// Pref : Disable FF Remote Agent +// https://dxr.mozilla.org/mozilla-central/source/remote/README +// https://dxr.mozilla.org/mozilla-central/source/remote/doc/Prefs.md +lockPref("remote.enabled", false); // [DESKTOP] +lockPref("remote.force-local", true); // [DESKTOP] +lockPref("remote.log.level", ""); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Block Implicit Outbound @@ -1326,10 +1350,6 @@ defaultPref("network.proxy.socks_remote_dns", true); // https://bugzilla.mozilla.org/1255474 defaultPref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false] // ------------------------------------- -// Pref : Defaulting Proxy settings -defaultPref("network.proxy.autoconfig_url", ""); // [DEFAULT: ""] -defaultPref("network.proxy.socks_version", 5); // [DEFAULT: 5] -// ------------------------------------- // Pref : Disable (or setup) DNS-over-HTTPS (DoH) // TRR = Trusted Recursive Resolver // .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result @@ -1337,10 +1357,11 @@ defaultPref("network.proxy.socks_version", 5); // [DEFAULT: 5] // [BUG] This seem to disable socks_remote_dns ?! need to check with wireshark // If true, just settings urls to null should be enough to disable without impacting socks_remote_dns. // https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ -// https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ -lockPref("network.trr.mode", 0); -lockPref("network.trr.bootstrapAddress", ""); -lockPref("network.trr.uri", ""); +// https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ +defaultPref("network.trr.mode", 0); +defaultPref("network.trr.bootstrapAddress", ""); +defaultPref("network.trr.uri", ""); +defaultPref("network.trr.resolvers", "[]"); // ------------------------------------- // Pref : Enable Subresource Integrity // https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity @@ -1601,10 +1622,6 @@ defaultPref("privacy.userContext.enabled", true); // Pref : Enable a private container for thumbnail loads defaultPref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true] // ------------------------------------- -// Pref : Changing block list (Tracking protection) -// Default value "test-track-simple,base-track-digest256" -lockPref("urlclassifier.trackingTable", ""); -// ------------------------------------- // Pref : Enable First Party Isolation // [SETUP-WEB] May break cross-domain logins and site functionality until perfected // https://bugzilla.mozilla.org/1260931 @@ -1711,7 +1728,7 @@ lockPref("dom.popup_maximum", 0); // [DEFAULT: 20] // ------------------------------------- // Pref : Limit events that can cause a popup // http://kb.mozillazine.org/Dom.popup_allowed_events -lockPref("dom.popup_allowed_events", "click dblclick"); // [DEFAULT: "change click dblclick mouseup pointerup notificationclick reset submit touchend"] +lockPref("dom.popup_allowed_events", "click dblclick"); // [DEFAULT: "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend"] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Cache / Session (Re)Store / Favicons @@ -1952,19 +1969,62 @@ lockPref("shumway.disabled", true); // [DESKTOP] // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Blocklists / Safe Browsing / Tracking Protection // >>>>>>>>>>>>>>>>>>>> -// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla +// Pref : Disable add-on and certificate blocklists (OneCRL) from Mozilla +// https://wiki.mozilla.org/Security/Tracking_protection +// https://wiki.mozilla.org/Services/TrackingProtection/Shavar_Server_-_Testing +// https://wiki.mozilla.org/Security/Safe_Browsing // https://wiki.mozilla.org/Blocklisting // https://blocked.cdn.mozilla.net/ // http://kb.mozillazine.org/Extensions.blocklist.enabled // http://kb.mozillazine.org/Extensions.blocklist.url // https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ -lockPref("services.blocklist.update_enabled", true); // [DESKTOP] -lockPref("extensions.blocklist.enabled", true); +lockPref("services.blocklist.update_enabled", false); // [DESKTOP] +lockPref("services.blocklist.plugins.signer", ""); +lockPref("services.blocklist.plugins.collection", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.pinning.enabled", false); +lockPref("services.blocklist.pinning.collection", ""); +lockPref("services.blocklist.pinning.bucket", ""); // [DESKTOP] +lockPref("services.blocklist.onecrl.signer", ""); +lockPref("services.blocklist.onecrl.collection", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.blocklist.gfx.collection", ""); +lockPref("services.blocklist.bucket", ""); +lockPref("services.blocklist.addons.signer", ""); // [DESKTOP] +lockPref("services.blocklist.addons.collection", ""); +// lockPref("extensions.blocklist.level", 2); // [DEFAULT: 2] +lockPref("extensions.blocklist.lastModified", ""); // [DESKTOP] +lockPref("extensions.blocklist.itemURL", ""); +lockPref("extensions.blocklist.enabled", false); +lockPref("extensions.blocklist.detailsURL", ""); +lockPref("services.settings.security.onecrl.bucket", ""); +lockPref("services.settings.security.onecrl.collection", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("urlclassifier.blockedTable", ""); +lockPref("urlclassifier.disallow_completions", ""); +lockPref("urlclassifier.downloadAllowTable", ""); +lockPref("urlclassifier.downloadBlockTable", ""); +lockPref("urlclassifier.flashAllowExceptTable", ""); +lockPref("urlclassifier.flashAllowTable", ""); +lockPref("urlclassifier.flashExceptTable", ""); +lockPref("urlclassifier.flashSubDocExceptTable", ""); +lockPref("urlclassifier.flashSubDocTable", ""); +lockPref("urlclassifier.flashTable", ""); +lockPref("urlclassifier.malwareTable", ""); +lockPref("urlclassifier.passwordAllowTable", ""); +lockPref("urlclassifier.phishTable", ""); +lockPref("urlclassifier.trackingAnnotationSkipURLs", ""); // [DESKTOP] +lockPref("urlclassifier.trackingAnnotationTable", ""); // [DESKTOP] +lockPref("urlclassifier.trackingAnnotationSkipURLs", ""); +lockPref("urlclassifier.trackingAnnotationTable", ""); +lockPref("urlclassifier.trackingAnnotationWhitelistTable", ""); +lockPref("urlclassifier.trackingTable", ""); +lockPref("urlclassifier.trackingWhitelistTable", ""); // ------------------------------------- // Pref : Decrease system information leakage to Mozilla blocklist update servers // https://trac.torproject.org/projects/tor/ticket/16931 // https://www.reddit.com/r/firefox/comments/9v5lue/firefox_tip_sanitize_firefox_blocklist_url_so_it/ -lockPref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/"); // [URL SANITIZED] +lockPref("extensions.blocklist.url", ""); // [URL SANITIZED: https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/] // ------------------------------------- // Pref : Opt-out of add-on metadata updates // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ @@ -2401,6 +2461,7 @@ lockPref("gfx.vr.osvr.clientKitLibPath", ""); lockPref("gfx.vr.osvr.clientLibPath", ""); lockPref("gfx.vr.osvr.commonLibPath", ""); lockPref("gfx.vr.osvr.utilLibPath", ""); +lockPref("dom.vr.process.enabled", false); // ------------------------------------- // Pref : Disable hardware acceleration to reduce graphics fingerprinting // [WARNING] Affects text rendering (fonts will look different), impacts video performance, and parts of Quantum that utilize the GPU will also be affected as they are rolled out @@ -2484,7 +2545,7 @@ lockPref("home.sync.updateMode", 1); // [DEFAULT: 0] // [FENNEC] // lockPref("home.sync.checkIntervalSecs", 3600); // [FENNEC] // ------------------------------------- // Pref : Middle-click mouse enabling auto-scrolling -defaultPref("general.autoScroll",true); // [DESKTOP] +defaultPref("general.autoScroll", true); // [DESKTOP] // ------------------------------------- // Pref : Displaying small density by default defaultPref("browser.uidensity", 1); // [DEFAULT: 0] // [DESKTOP]