Update 'config/mozilla.cfg'

⛔️ Disabled `PiP` (Picture-in-Picture) feature ⛔️ Disabled autoplay of HTML5 media if you interacted with the site | FF78 ⛔️ Disabled using the OS's geolocation service | FF78 ⛔️ Disabled one more webextension sync process | FF78 ⛔️ Disabled Top Sites as suggestion from the search bar | FF78 ⛔️ Disabled chrome animations (RFP spoofs this for web content) ⛔️ Disabled FF from sending search terms to ISPs | FF77 ⛔️ Disabled new contentblocking report connections prefs | FF78 ⛔️ Disabled "Open with PdfJS" dialog | FF78 ⛔️ Disabled new stories related activity-stream prefs | FF78 ℹ️ Grouped CBC ciphers ℹ️ Modified some links, tag and descriptions ℹ️ Moved some preferences from FF77+ into deprecated section (keeping them active for ESR68.x.x)
2020-07-26 11:38:00 -04:00 · 2020-07-26 11:38:00 -04:00 · 1be62ea706
parent 11f1133aa4
commit 1be62ea706
1 changed files with 104 additions and 60 deletions
--- a/config/mozilla.cfg
+++ b/config/mozilla.cfg
@ -14,7 +14,6 @@
 //             Librefox     : https://github.com/intika/Librefox
 //             pyllyukko    : https://github.com/pyllyukko/user.js
 //             OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js
-//             CHEF-KOCH    : https://github.com/CHEF-KOCH/FFCK/tree/master/user.js
 //
 // License   : https://git.nixnet.xyz/quindecim/mozilla.cfg/src/branch/master/LICENSE.txt
 //
@ -107,6 +106,10 @@ lockPref("browser.newtabpage.activity-stream.discoverystream.region-basic-layout
 lockPref("browser.newtabpage.activity-stream.discoverystream.region-layout-config", ""); // [DESKTOP]
 lockPref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", ""); // [DESKTOP]
 lockPref("browser.newtabpage.activity-stream.discoverystream.region-stories-config", ""); // [DESKTOP]
+lockPref("browser.newtabpage.activity-stream.discoverystream.recs.personalized", false); // [DESKTOP]
+lockPref("browser.newtabpage.activity-stream.discoverystream.spocs.personalized", false); // [DESKTOP]
+lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); // [DESKTOP]
+lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); // [DESKTOP]
 // -------------------------------------
 // Pref : Disable new tab tile ads & preload
 // https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
@ -125,6 +128,7 @@ lockPref("browser.startup.homepage_override.mstone", "ignore");
 // https://bugzilla.mozilla.org/show_bug.cgi?id=1617783
 lockPref("browser.aboutwelcome.enabled", false); // [DESKTOP]
 lockPref("trailhead.firstrun.branches", ""); // [DESKTOP]
+lockPref("browser.aboutwelcome.overrideContent", ""); // [DESKTOP]
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : Quiet Fox
@ -422,7 +426,6 @@ lockPref("extensions.abuseReport.enabled", false);
 lockPref("extensions.abuseReport.url", "");
 lockPref("extensions.abuseReport.amoDetailsURL", "");
 lockPref("extensions.abuseReport.amWebAPI.enabled", false);
-lockPref("extensions.abuseReport.openDialog", false);
 // -------------------------------------
 // Pref : Disable Firefox Hello metrics collection
 // https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
@ -446,6 +449,9 @@ lockPref("browser.contentblocking.report.social.url", ""); // [DESKTOP]
 lockPref("browser.contentblocking.report.tracker.url", ""); // [DESKTOP]
 lockPref("browser.contentblocking.allowlist.annotations.enabled", false); // [FENNEC]
 lockPref("browser.contentblocking.allowlist.storage.enabled", false); // [FENNEC]
+lockPref("browser.contentblocking.report.endpoint_url", ""); // [DESKTOP]
+lockPref("browser.contentblocking.report.monitor.home_page_url", ""); // [DESKTOP]
+lockPref("browser.contentblocking.report.monitor.preferences_url", ""); // [DESKTOP]
 // -------------------------------------
 // Pref : Disable lockwise app callout to the ETP card
 // https://bugzilla.mozilla.org/show_bug.cgi?id=1612091
@ -562,6 +568,12 @@ lockPref("security.remote_settings.crlite_filters.signer", "");
 // Pref : Disable Default Browser Agent
 // https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html
 lockPref("default-browser-agent.enabled", false); // [WINDOWS] // [DESKTOP]
+// -------------------------------------
+// Pref : Disable location bar leaking single words to a DNS provider (after searching)
+// 0=never resolve single words, 1=heuristic (default), 2=always resolve
+// [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions
+// https://bugzilla.mozilla.org/1642623
+lockPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [DESKTOP]
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : IJWY To Shut Up   
@ -717,6 +729,7 @@ lockPref("browser.snippets.syncPromo.enabled", false); // [FENNEC]
 // Pref : Disable Webextensions sync
 lockPref("webextensions.storage.sync.enabled", false); // [DESKTOP]
 lockPref("webextensions.storage.sync.serverURL", "");
+lockPref("webextensions.storage.sync.kinto", false);
 // -------------------------------------
 // Pref : Force Punycode for Internationalized Domain Names
 // https://www.xudongz.com/blog/2017/idn-phishing/
@ -750,7 +763,7 @@ lockPref("media.webspeech.test.fake_recognition_service", false); // [DEFAULT: f
 lockPref("browser.search.geoSpecificDefaults", false);
 // -------------------------------------
 // Pref : Don't monitor OS online/offline connection state
-// https://trac.torproject.org/projects/tor/ticket/18945
+// https://gitlab.torproject.org/legacy/trac/-/issues/18945
 lockPref("network.manage-offline-status", false); // [DEFAULT: true]
 // -------------------------------------
 // Pref : Set File URI Origin Policy
@ -766,7 +779,7 @@ lockPref("security.dialog_enable_delay", 700);
 // -------------------------------------
 // Pref : Disable ADB extension download
 // https://developer.mozilla.org/docs/Tools/WebIDE
-// https://trac.torproject.org/projects/tor/ticket/16222
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222
 defaultPref("devtools.debugger.remote-enabled", false);
 lockPref("devtools.remote.adb.extensionURL", ""); // [DESKTOP]
 lockPref("devtools.remote.adb.extensionID", ""); // [DESKTOP]
@ -799,7 +812,7 @@ lockPref("mathml.disabled", true);
 lockPref("middlemouse.paste", false);
 // -------------------------------------
 // Pref : Disable middle mouse click opening links from clipboard
-// https://trac.torproject.org/projects/tor/ticket/10089
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089
 lockPref("middlemouse.contentLoadURL", false);
 // -------------------------------------
 // Pref : Limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
@ -920,6 +933,7 @@ lockPref("browser.urlbar.filter.javascript", true); // [DESKTOP]
 defaultPref("pdfjs.disabled", true); // [DEFAULT: false] // [DESKTOP]
 lockPref("pdfjs.enabledCache.state", false); // [DESKTOP]
 lockPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); // [DESKTOP]
+defaultPref("browser.helperApps.showOpenOptionForPdfJS", false); // [DESKTOP]
 // -------------------------------------
 // Pref : Disable exposure of system colors to CSS or canvas
 // [NOTE] See second listed bug: may cause black on black for elements with undefined colors
@ -998,6 +1012,14 @@ lockPref("dom.push.udp.wakeupEnabled", false); // [DESKTOP]
 // -------------------------------------
 // Pref : Disable hiding mime types not associated with a plugin
 lockPref("browser.download.hide_plugins_without_extensions", false); // [DESKTOP]
+// -------------------------------------
+// Pref : Disable PiP (Picture-in-picture)
+lockPref("media.videocontrols.picture-in-picture.enabled", false);
+lockPref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
+lockPref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false); // [FENIX]
+lockPref("media.videocontrols.picture-in-picture.audio-toggle.enabled", false); // [DESKTOP]
+lockPref("media.videocontrols.picture-in-picture.keyboard-controls.enabled", false); // [DESKTOP]
+lockPref("media.videocontrols.picture-in-picture.video-toggle.always-show", false); // [DESKTOP]
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : DOM (Document Object Model) & Javascript
@ -1039,7 +1061,7 @@ lockPref("javascript.options.asmjs", false);
 // [NOTE] In FF75+, when (both) Ion and JIT are disabled, **and** the new hidden pref is enabled, then Ion can still be used by extensions
 // [WARNING] Disabling Ion/JIT can cause some site issues and performance loss
 // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
-// https://trac.torproject.org/projects/tor/ticket/26019
+// https://gitlab.torproject.org/legacy/trac/-/issues/26019
 lockPref("javascript.options.ion", false);
 lockPref("javascript.options.baselinejit", false); // [FENNEC - BUG] Addons issues
 lockPref("javascript.options.jit_trustedprincipals", true); // [HIDDEN PREF] // [DESKTOP ?]
@ -1049,7 +1071,7 @@ lockPref("javascript.options.native_regexp", false);
 // https://webassembly.org/
 // https://developer.mozilla.org/docs/WebAssembly
 // https://en.wikipedia.org/wiki/WebAssembly
-// https://trac.torproject.org/projects/tor/ticket/21549
+// https://gitlab.torproject.org/legacy/trac/-/issues/21549
 lockPref("javascript.options.wasm", false);
 lockPref("javascript.options.wasm_baselinejit", false);
 lockPref("javascript.options.wasm_cranelift", false);
@ -1058,6 +1080,7 @@ lockPref("javascript.options.wasm_ionjit", false);
 lockPref("javascript.options.wasm_reftypes", false);
 lockPref("javascript.options.wasm_trustedprincipals", false);
 lockPref("javascript.options.wasm_verbose", false);
+lockPref("javascript.options.wasm_multi_value", false);
 // -------------------------------------
 // Pref : Disable Intersection Observer API
 // Almost a year to complete, three versions late to stable (as default false), number #1 cause of crashes in nightly numerous times, and is (primarily) an ad network API for "ad viewability checks" down to a pixel level
@ -1069,7 +1092,7 @@ lockPref("dom.IntersectionObserver.enabled", false);
 // Pref : Disable Shared Memory (Spectre mitigation)
 // https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
 // https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
-lockPref("javascript.options.shared_memory", false); // [DEFAULT: false]
+lockPref("javascript.options.shared_memory", false); // [DEFAULT: true]
 // -------------------------------------
 // Pref : Enable (limited but sufficient) window.opener protection
 // Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
@ -1084,7 +1107,7 @@ lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
 // lockPref("general.buildID.override", "");
 // -------------------------------------
 // Pref : Disable raw TCP socket support (mozTCPSocket)
-// https://trac.torproject.org/projects/tor/ticket/18863
+// https://gitlab.torproject.org/legacy/trac/-/issues/18863
 // https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
 // https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
 lockPref("dom.mozTCPSocket.enabled", false); // [DESKTOP]
@ -1139,7 +1162,7 @@ lockPref("media.realtime_decoder.enabled", false); // [DEFAULT: true] // [FENNEC
 lockPref("canvas.capturestream.enabled", false);
 // -------------------------------------
 // Pref : Disable camera image capture
-// https://trac.torproject.org/projects/tor/ticket/16339
+// https://gitlab.torproject.org/legacy/trac/-/issues/16339
 lockPref("dom.imagecapture.enabled", false); // [DEFAULT: false]
 // -------------------------------------
 // Pref : Disable offscreen canvas
@ -1154,7 +1177,9 @@ lockPref("media.autoplay.block-event.enabled", true); // [DEFAULT: false]
 lockPref("media.autoplay.block-webaudio", true); // [DEFAULT: false]
 // -------------------------------------
 // Pref : Disable autoplay of HTML5 media if you interacted with the site
-lockPref("media.autoplay.enabled.user-gestures-needed", true); // [DEFAULT: true]
+// 0=sticky (default), 1=transient, 2=user
+// https://html.spec.whatwg.org/multipage/interaction.html#sticky-activation
+lockPref("media.autoplay.blocking_policy", 2);
 // -------------------------------------
 // Pref : Disable autoplay of HTML5 media in non-active tabs
 // https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
@ -1200,7 +1225,7 @@ defaultPref("browser.formfill.enable", false);
 // -------------------------------------
 // Pref : Disable date/time picker
 // [WARNING] This can leak your locale if not en-US
-// https://trac.torproject.org/projects/tor/ticket/21787
+// https://gitlab.torproject.org/legacy/trac/-/issues/21787
 // https://bugzilla.mozilla.org/show_bug.cgi?id=1287503
 // lockPref("dom.forms.datetime", false);
 // -------------------------------------
@ -1236,6 +1261,7 @@ lockPref("browser.urlbar.autocomplete.enabled", false); // [FENNEC]
 defaultPref("browser.urlbar.suggest.history", false); // [DESKTOP]
 defaultPref("browser.urlbar.suggest.bookmark", false); // [DESKTOP]
 defaultPref("browser.urlbar.suggest.openpage", false); // [DESKTOP]
+defaultPref("browser.urlbar.suggest.topsites", false); // [DESKTOP]
 // -------------------------------------
 // Pref : Disable browsing and download history
 // lockPref("places.history.enabled", false); // [DESKTOP]
@ -1380,7 +1406,10 @@ lockPref("network.predictor.enable-hover-on-ssl", false);
 // Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
 // >>>>>>>>>>>>>>>>>>>>
 // Pref : Disable IPv6
-// If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
+// IPv6 can be abused, especially regarding MAC addresses. They also do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it.
+// [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6
+// [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
+// [TEST] https://ipleak.org/
 lockPref("network.dns.disableIPv6", true);
 // -------------------------------------
 // Pref : Disable HTTP2 (which was based on SPDY which is now deprecated)
@ -1423,7 +1452,7 @@ defaultPref("network.trr.resolvers", "[]");
 lockPref("security.sri.enable", true); // [DEFAULT: true]
 // -------------------------------------
 // Pref : Disable using UNC (Uniform Naming Convention) paths
-// https://trac.torproject.org/projects/tor/ticket/26424
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424
 lockPref("network.file.disable_unc_paths", true); // [HIDDEN PREF] // [DESKTOP]
 // -------------------------------------
 // Pref : Disable HTTP Alternative Services
@ -1456,14 +1485,6 @@ lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
 // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
 lockPref("security.ssl.require_safe_negotiation", true);
 // -------------------------------------
-// Pref : Control TLS versions with min and max
-// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
-// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
-// Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1
-// https://www.ssllabs.com/ssl-pulse/
-// lockPref("security.tls.version.min", 3);
-// lockPref("security.tls.version.max", 4);
-// -------------------------------------
 // Pref : Enforce TLS 1.0 and 1.1 downgrades as session only
 lockPref("security.tls.version.enable-deprecated", false);
 // -------------------------------------
@ -1528,7 +1549,7 @@ lockPref("security.pki.sha1_enforcement_level", 1);
 // 0=disable detecting Family Safety mode and importing the root
 // 1=only attempt to detect Family Safety mode (don't import the root)
 // 2=detect Family Safety mode and import the root
-// https://trac.torproject.org/projects/tor/ticket/21686
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
 lockPref("security.family_safety.mode", 0);
 // -------------------------------------
 // Pref : Enfore Public Key Pinning
@ -1538,7 +1559,7 @@ lockPref("security.family_safety.mode", 0);
 lockPref("security.cert_pinning.enforcement_level", 2);
 // -------------------------------------
 // Pref : Disable insecure active content on https pages
-// https://trac.torproject.org/projects/tor/ticket/21323
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
 lockPref("security.mixed_content.block_active_content", true); // [DEFAULT: true]
 // -------------------------------------
 // Pref : Disable insecure passive content (such as images) on https pages
@ -1589,15 +1610,11 @@ lockPref("security.ssl3.ecdhe_ecdsa_null_sha", false); // [DESKTOP]
 lockPref("security.ssl3.ecdh_rsa_null_sha", false); // [DESKTOP]
 lockPref("security.ssl3.ecdh_ecdsa_null_sha", false); // [DESKTOP]
 // -------------------------------------
-// Pref : Enable GCM ciphers (TLSv1.2 only)
+// Pref : Enable GCM ciphers (TLS 1.2 only)
 // https://en.wikipedia.org/wiki/Galois/Counter_Mode
 lockPref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
 lockPref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
 // -------------------------------------
-// Pref : Disable ciphers with ECDHE and key size > 128bits
-lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // [DEFAULT: true]
-lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
-// -------------------------------------
 // Pref : Enable ChaCha20 and Poly1305
 // https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
 // https://tools.ietf.org/html/rfc7905
@ -1607,9 +1624,11 @@ lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
 lockPref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
 lockPref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
 // -------------------------------------
-// Pref : Disable the remaining non-modern cipher suites (fallbacks)
-lockPref("security.ssl3.rsa_aes_128_sha", false);
-lockPref("security.ssl3.rsa_aes_256_sha", false);
+// Pref : Ciphers with CBC & SHA-1 (disabled)
+lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // [DEFAULT: true]
+lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
+lockPref("security.ssl3.rsa_aes_128_sha", false); // [DEFAULT: true]
+lockPref("security.ssl3.rsa_aes_256_sha", false); // [DEFAULT: true]
 // -------------------------------------
 // Pref : Disable ciphers with DSA (max 1024 bits)
 lockPref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP]
@ -1640,8 +1659,10 @@ lockPref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP]
 // -------------------------------------
 // Pref : Display warning on the padlock for "broken security"
 // [BUG] Warning padlock not indicated for subresources on a secure page!
+// [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation
 // https://wiki.mozilla.org/Security:Renegotiation
 // https://bugzilla.mozilla.org/1353705
+// https://www.ssllabs.com/ssl-pulse/
 lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 // -------------------------------------
 // Pref : Control "Add Security Exception" dialog on SSL warnings
@ -1657,7 +1678,7 @@ lockPref("browser.xul.error_pages.expert_bad_cert", true);
 // Pref : Disable GIO as a potential proxy bypass vector
 // Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far.
 // https://bugzilla.mozilla.org/1433507
-// https://trac.torproject.org/23044
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424
 // https://en.wikipedia.org/wiki/GVfs
 // https://en.wikipedia.org/wiki/GIO_(software)
 lockPref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
@ -1773,7 +1794,7 @@ lockPref("dom.disable_window_move_resize", true); // [DEFAULT: true]
 // This stops malicious window sizes and some screen resolution leaks.
 // You can still right-click a link and open in a new window.
 // [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
-// https://trac.torproject.org/projects/tor/ticket/9881
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
 defaultPref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
 defaultPref("browser.link.open_newwindow.restriction", 0); // [DEFAULT: 0]
 // -------------------------------------
@ -1900,8 +1921,10 @@ lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP]
 lockPref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP]
 lockPref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP]
 lockPref("geo.provider.network.url", "");
-lockPref("geo.provider-country.network.scan", false);
-lockPref("geo.provider-country.network.url", "");
+lockPref("browser.region.update.enabled", false); // [FENIX]
+lockPref("browser.region.log", false);
+lockPref("browser.region.network.scan", false);
+lockPref("browser.region.network.url", "");
 // -------------------------------------
 // Pref : Disable logging geolocation to the console
 lockPref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
@ -1909,7 +1932,7 @@ lockPref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [DE
 // Pref : Enforce fallback text encoding to match en-US
 // When the content or server doesn't declare a charset the browser will fallback to the "Current locale" based on your application language
 // [TEST] https://hsivonen.com/test/moz/check-charset.htm
-// https://trac.torproject.org/projects/tor/ticket/20025
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
 lockPref("intl.charset.fallback.override", "windows-1252");
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@ -1932,7 +1955,7 @@ lockPref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courie
 // Pref : Disable icon fonts (glyphs) and local fallback rendering
 // [NOTE] You can do this with uBlock Origin
 // https://bugzilla.mozilla.org/789788
-// https://trac.torproject.org/projects/tor/ticket/8455
+// https://gitlab.torproject.org/legacy/trac/-/issues/8455
 // https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts
 // defaultPref("gfx.downloadable_fonts.enabled", false);
 // defaultPref("gfx.downloadable_fonts.fallback_delay", -1);
@ -2408,8 +2431,8 @@ lockPref("media.navigator.video.enabled", false);
 // [NOTE] *may* affect core performance, will affect content.
 // Default settings seems to be the best
 // https://bugzilla.mozilla.org/1008453
-// https://trac.torproject.org/projects/tor/ticket/21675
-// https://trac.torproject.org/projects/tor/ticket/22127
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127
 // https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
 // lockPref("dom.maxHardwareConcurrency", 2);
 // -------------------------------------
@ -2424,7 +2447,7 @@ lockPref("dom.enable_performance", false); // [DEFAULT: true]
 lockPref("dom.enable_performance_navigation_timing", false); // [DEFAULT: true]
 // -------------------------------------
 // Pref : Disable sensor API
-// https://trac.torproject.org/projects/tor/ticket/15758
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758
 // https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
 // https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751
 lockPref("device.sensors.enabled", false); // [DEFAULT: true]
@ -2436,7 +2459,7 @@ lockPref("device.sensors.test.events", false); // [DEFAULT: false]
 // -------------------------------------
 // Pref : Disable gamepad API - USB device ID enumeration
 // Optional protection depending on your connected devices
-// https://trac.torproject.org/projects/tor/ticket/13023
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023
 lockPref("dom.gamepad.enabled", false); // [DEFAULT: true]
 lockPref("dom.gamepad.extensions.enabled", false); // [DEFAULT: true]
 lockPref("dom.gamepad.haptic_feedback.enabled", false); // [DEFAULT: false]
@ -2459,7 +2482,7 @@ lockPref("media.webspeech.synth.enabled", false); // [DEFAULT: true]
 lockPref("media.webspeech.synth_force_global_queue", false); // [DEFAULT: false]
 // -------------------------------------
 // Pref : Disable video statistics - JS performance fingerprinting
-// https://trac.torproject.org/projects/tor/ticket/15757
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757
 // https://bugzilla.mozilla.org/654550
 lockPref("media.video_stats.enabled", false); // [DEFAULT: true]
 // -------------------------------------
@ -2468,7 +2491,7 @@ lockPref("media.video_stats.enabled", false); // [DEFAULT: true]
 // 0=disabled, 1=enabled, 2=autodetect
 // This pref is set to 2 by default, which results in the Touch API being exposed only when touch hardware is present. So we should either set it to "1" (enable) or "0" (disable) to ensure that JS code can't fingerprint the user's hardware.
 // https://developer.mozilla.org/docs/Web/API/Touch_events
-// https://trac.torproject.org/projects/tor/ticket/10286
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286
 defaultPref("dom.w3c_touch_events.enabled", 0); // [DEFAULT: 2] // [FENNEC - BUG] ff disabled, disallow copy/paste any text
 // -------------------------------------
 // Pref : Disable MediaDevices change detection
@ -2544,9 +2567,9 @@ lockPref("browser.startup.blankWindow", false); // [DESKTOP]
 // https://www.torproject.org/projects/torbrowser/design/#fingerprinting-defenses
 lockPref("dom.network.enabled", false); // [DESKTOP]
 // -------------------------------------
-// Pref : Enforce prefers-reduced-motion as no-preference
-// 0=no-preference, 1=reduce
-lockPref("ui.prefersReducedMotion", 0); // [HIDDEN PREF]
+// Pref : Disable chrome animations
+// 0=no-preference, 1=reduce. RFP spoofs this for web content
+lockPref("ui.prefersReducedMotion", 1); // [HIDDEN PREF]
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : UI (User Interface)
@ -2559,10 +2582,6 @@ lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); // [DE
 // -------------------------------------
 // Pref : Disable auto hide download button
 defaultPref("browser.download.autohideButton", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable browser animation
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1352069
-defaultPref("toolkit.cosmeticAnimations.enabled", false);
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : Personal
@ -2606,14 +2625,6 @@ defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP]
 defaultPref("view_source.wrap_long_lines", true);
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Hotfix
-// >>>>>>>>>>>>>>>>>>>>>
-// Pref : Disable UNC
-// [NOTE] Disabling UNC can cause extension storage to fail
-// https://github.com/ghacksuserjs/ghacks-user.js/issues/923
-lockPref("network.file.disable_unc_paths", false); // [HIDDEN PREF]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : Deprecated / Removed / Legacy / Renamed
 // >>>>>>>>>>>>>>>>>>>>
 // ESR68.x still uses all the following prefs
@ -2877,7 +2888,7 @@ lockPref("dom.vr.openvr.action_input", false);
 // -------------------------------------
 // Pref : Disable GeoIP-based search defaults
 // [NOTE] May not be hidden if Firefox has changed your settings due to your locale
-// https://trac.torproject.org/projects/tor/ticket/16254
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
 // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
 // lockPref("browser.search.region", "US"); // [HIDDEN PREF]
 // -------------------------------------
@ -2928,3 +2939,36 @@ lockPref("signon.management.overrideURI", "");
 // -------------------------------------
 // FF78+
 // -------------------------------------
+// Pref : Disable autoplay of HTML5 media if you interacted with the site
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1509933
+// https://hg.mozilla.org/mozilla-central/rev/5b34a70e2378
+// https://hg.mozilla.org/mozilla-central/rev/95805db3a142
+lockPref("media.autoplay.enabled.user-gestures-needed", true);
+// -------------------------------------
+// Pref : Disable browser animations
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1640501
+// https://hg.mozilla.org/comm-central/rev/4d4bad93b27d
+lockPref("toolkit.cosmeticAnimations.enabled", false);
+// -------------------------------------
+// Pref : Control TLS versions with min and max
+// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
+// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
+// Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1
+// https://www.ssllabs.com/ssl-pulse/
+// lockPref("security.tls.version.min", 3);
+// lockPref("security.tls.version.max", 4);
+// -------------------------------------
+// Pref : Disable extension's report option in about:addons
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1614653
+// https://hg.mozilla.org/mozilla-central/rev/92e149d41267
+// https://hg.mozilla.org/mozilla-central/rev/682318515715
+lockPref("extensions.abuseReport.openDialog", false);
+// -------------------------------------
+// Pref : Disable using the OS's geolocation service
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1627538
+// https://hg.mozilla.org/mozilla-central/rev/710b5a3282f8
+lockPref("geo.provider-country.network.scan", false);
+lockPref("geo.provider-country.network.url", "");
+// -------------------------------------
+// FF79+
+// -------------------------------------