From 7b480248d9251932a6937f258346ca433161cc29 Mon Sep 17 00:00:00 2001 From: quindecim Date: Wed, 8 Apr 2020 16:55:09 -0400 Subject: [PATCH] Update 'config/mozilla.cfg' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ✅ Enforced no system colors (they can be fingerprinted) ⛔️ Disabled Firefox to autoupdate without user consent ⛔️ Disabled Default Browser Agent | FF75 | [WINDOWS] ⛔️ Disabled Crash Report for Reporting API | FF75 ⛔️ Disabled lockwise app callout to the ETP card | FF75 ⛔️ Disabled Remote Settings | FF75 ⛔️ Disabled permissions delegation | FF73 ⛔️ Disabled geo -country.network.scan and -country.network.url ⛔️ Disabled purge site data after identifying tracking site via cookies feature (relax this with privacy.clearOnShutdown.* enabled) ⛔️ Disabled caching content of the homepage (not needed when set to about:blank) | FF75 ⛔️ Disabled few more browser.newtabpage.activity-stream.* prefs | FF75 ⛔️ Disabled JSWindowActors to separate about:welcome page ℹ️ Fixed a typo that didn't allow the correct deactivation of extensions.getAddons.cache.enabled pref ℹ️ Added some links and descriptions ℹ️ Moved some preferences from FF74+ into deprecated section (keeping them active for ESR68.x.x) --- config/mozilla.cfg | 133 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 105 insertions(+), 28 deletions(-) diff --git a/config/mozilla.cfg b/config/mozilla.cfg index 6a15f6b..fd4ab4e 100644 --- a/config/mozilla.cfg +++ b/config/mozilla.cfg @@ -43,7 +43,7 @@ lockPref("browser.startup.page", 0); // [DESKTOP] lockPref("browser.newtabpage.enabled", false); // [DESKTOP] lockPref("browser.newtab.url", "about:blank"); // [DESKTOP] // ------------------------------------- -// Pref : Disable Extension Recommendations (CFR: "Contextual Feature Recommender" +// Pref : Disable Extension Recommendations (CFR: "Contextual Feature Recommender") // https://support.mozilla.org/en-US/kb/extension-recommendations lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // [DESKTOP] lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // [DESKTOP] @@ -57,8 +57,9 @@ lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); lockPref("browser.newtabpage.activity-stream.pocketCta", ""); // [DESKTOP] lockPref("browser.newtabpage.activity-stream.sectionOrder", ""); // [DESKTOP] // ------------------------------------- -// Pref : Set Homepage +// Pref : Set Homepage and disable caching content lockPref("browser.startup.homepage", "about:blank"); // [DESKTOP] +lockPref("browser.startup.homepage.abouthome_cache.enabled", false); // [DESKTOP] // ------------------------------------- // Pref : Disable Activity Stream Snippets // Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server @@ -100,6 +101,12 @@ lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [DESKTOP] lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [DESKTOP] lockPref("browser.newtabpage.activity-stream.discoverystream.personalization.modelKeys", ""); // [DESKTOP] +lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); // [DESKTOP] +lockPref("browser.newtabpage.activity-stream.discoverystream.isCollectionDismissible", false); // [DESKTOP] +lockPref("browser.newtabpage.activity-stream.discoverystream.region-basic-layout", false); // [DESKTOP] +lockPref("browser.newtabpage.activity-stream.discoverystream.region-layout-config", ""); // [DESKTOP] +lockPref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", ""); // [DESKTOP] +lockPref("browser.newtabpage.activity-stream.discoverystream.region-stories-config", ""); // [DESKTOP] // ------------------------------------- // Pref : Disable new tab tile ads & preload // https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping @@ -113,13 +120,20 @@ lockPref("browser.newtabpage.activity-stream.asrouter.messageProviders", ""); // // Value taken from Tor Browser // https://bugzilla.mozilla.org/show_bug.cgi?id=583181 lockPref("browser.startup.homepage_override.mstone", "ignore"); +// ------------------------------------- +// Pref : Disable separate about:welcome page and log level to console +// https://bugzilla.mozilla.org/show_bug.cgi?id=1617783 +lockPref("browser.aboutwelcome.enabled", false); // [DESKTOP] +lockPref("browser.aboutwelcome.log", ""); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Quiet Fox // >>>>>>>>>>>>>>>>>>>>> // Pref : Disable app from auto-update -// lockPref("app.update.auto", false); // [DESKTOP] -// lockPref("app.update.autodownload", "never"); // [TEST] // [FENNEC] +// true=application updates are installed without user approval. +// false=application updates are downloaded but the user can choose when to install the update. +lockPref("app.update.auto", false); // [DESKTOP] +// lockPref("app.update.autodownload", "never"); // [FENNEC] // lockPref("app.update.channel", ""); lockPref("app.update.url", "https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED] // [DESKTOP] lockPref("app.update.url.details", "https://www.mozilla.org/en-US/firefox/notes"); // [URL SANITIZED] // [DESKTOP] @@ -354,6 +368,10 @@ lockPref("browser.tabs.crashReporting.sendReport", false); // [DESKTOP] lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // [DESKTOP] lockPref("toolkit.crashreporter.infoURL", ""); // [DESKTOP] // ------------------------------------- +// Pref : Disable Crash Report for Reporting API +// https://bugzilla.mozilla.org/show_bug.cgi?id=1607364 +lockPref("dom.reporting.crash.enabled", false); +// ------------------------------------- // Pref : Disable automatic captive portal detection // https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy // https://wiki.mozilla.org/Necko/CaptivePortal @@ -418,7 +436,6 @@ lockPref("browser.contentblocking.report.cryptominer.url", ""); // [DESKTOP] lockPref("browser.contentblocking.report.fingerprinter.url", ""); // [DESKTOP] lockPref("browser.contentblocking.report.lockwise.enabled", false); // [DESKTOP] lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); // [DESKTOP] -lockPref("browser.contentblocking.report.lockwise.url", ""); // [DESKTOP] lockPref("browser.contentblocking.report.manage_devices.url", ""); // [DESKTOP] lockPref("browser.contentblocking.report.monitor.enabled", false); // [DESKTOP] lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); // [DESKTOP] @@ -431,6 +448,15 @@ lockPref("browser.contentblocking.report.tracker.url", ""); // [DESKTOP] lockPref("browser.contentblocking.allowlist.annotations.enabled", false); // [FENNEC] lockPref("browser.contentblocking.allowlist.storage.enabled", false); // [FENNEC] // ------------------------------------- +// Pref : Disable lockwise app callout to the ETP card +// https://bugzilla.mozilla.org/show_bug.cgi?id=1612091 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1612088 +lockPref("browser.contentblocking.report.show_mobile_app", false); +lockPref("browser.contentblocking.report.lockwise.mobile-android.url", ""); +lockPref("browser.contentblocking.report.lockwise.mobile-ios.url", ""); +lockPref("browser.contentblocking.report.mobile-android.url", ""); +lockPref("browser.contentblocking.report.mobile-ios.url", ""); +// ------------------------------------- // Pref : Disable send content blocking log to about:protections // https://bugzilla.mozilla.org/show_bug.cgi?id=1549832 lockPref("browser.contentblocking.database.enabled", false); @@ -521,6 +547,22 @@ lockPref("network.tickle-wifi.enabled", false); // Pref : Disable Corroborate.jsm telemetry // https://bugzilla.mozilla.org/show_bug.cgi?id=1608308 lockPref("corroborator.enabled", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Remote Settings +// https://github.com/mozilla-services/remote-settings-lambdas +// https://remote-settings.readthedocs.io/en/latest/ +lockPref("security.remote_settings.intermediates.enabled", false); +lockPref("security.remote_settings.intermediates.bucket", ""); +lockPref("security.remote_settings.intermediates.collection", ""); +lockPref("security.remote_settings.intermediates.signer", ""); +lockPref("security.remote_settings.crlite_filters.enabled", false); +lockPref("security.remote_settings.crlite_filters.bucket", ""); +lockPref("security.remote_settings.crlite_filters.collection", ""); +lockPref("security.remote_settings.crlite_filters.signer", ""); +// ------------------------------------- +// Pref : Disable Default Browser Agent +// https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html +lockPref("default-browser-agent.enabled", false); // [WINDOWS] // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : IJWY To Shut Up @@ -908,6 +950,22 @@ lockPref("permissions.manager.defaultsUrl", ""); // [DESKTOP] // Pref : Enable FF Process Priority Manager // https://bugzilla.mozilla.org/show_bug.cgi?id=1548364 lockPref("dom.ipc.processPriorityManager.enabled", true); // [DESKTOP] // [TEST] +// ------------------------------------- +// Pref : Enforce no system colors +// [NOTE] They can be fingerprinted +lockPref("browser.display.use_system_colors", false); // [DEFAULT: false] +// ------------------------------------- +// Pref : Disable purge site data after identifying tracking site via cookies +// [NOTE] Relax this with 'privacy.clearOnShutdown.*' enabled +// https://bugzilla.mozilla.org/show_bug.cgi?id=1599262 +// https://www.ghacks.net/2020/03/04/firefox-75-will-purge-site-data-if-associated-with-tracking-cookies/ +lockPref("privacy.purge_trackers.enabled", false); +lockPref("privacy.purge_trackers.logging.enabled", false); +// ------------------------------------- +// Pref : Disable permissions delegation +// Currently applies to cross-origin geolocation, camera, mic and screen-sharing permissions, and fullscreen requests. Disabling delegation means any prompts for these will show/use their correct 3rd party origin +// https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion +lockPref("permissions.delegation.enabled", false); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Web Workers @@ -982,7 +1040,7 @@ lockPref("dom.vibrator.enabled", false); lockPref("javascript.options.asmjs", false); // ------------------------------------- // Pref : Disable Ion, baseline JIT and RegExp to help harden JS against exploits -// If false, causes the odd site issue and there is also a performance loss +// [WARNING] Disabling Ion/JIT can cause some site issues and performance loss // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 // https://trac.torproject.org/projects/tor/ticket/26019 // lockPref("javascript.options.ion", false); // [DESKTOP - BUG] Navigation issues @@ -1093,7 +1151,7 @@ lockPref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] // 0=Allow all, 1=Block non-muted media, 5=Block all // [NOTE] You can set exceptions under site permissions lockPref("media.autoplay.default", 5); -lockPref("media.autoplay.allow-muted", false); +lockPref("media.autoplay.allow-muted", false); // [FENNEC] lockPref("media.autoplay.block-event.enabled", true); // [DEFAULT: false] lockPref("media.autoplay.block-webaudio", true); // [DEFAULT: false] // ------------------------------------- @@ -1391,7 +1449,14 @@ lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP] // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 lockPref("security.ssl.require_safe_negotiation", true); // ------------------------------------- -// Pref : Disable deprecated TLS versions +// Pref : Control TLS versions with min and max +// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 +// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. +// https://www.ssllabs.com/ssl-pulse/ +// lockPref("security.tls.version.min", 3); +// lockPref("security.tls.version.max", 4); +// ------------------------------------- +// Pref : Enforce TLS 1.0 and 1.1 downgrades as session only lockPref("security.tls.version.enable-deprecated", false); // ------------------------------------- // Pref : Disable SSL Error Reporting @@ -1756,7 +1821,7 @@ lockPref("browser.sessionstore.max_tabs_undo", 0); lockPref("browser.sessionstore.privacy_level", 2); // ------------------------------------- // Pref : Disable resuming session from crash -// lockPref("browser.sessionstore.resume_from_crash", false); +lockPref("browser.sessionstore.resume_from_crash", false); // ------------------------------------- // Pref : Set the minimum interval between session save operations // Increasing this can help on older machines and some websites, as well as reducing writes. Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc. @@ -1806,7 +1871,6 @@ lockPref("geo.enabled", false); // https://trac.torproject.org/projects/tor/ticket/16254 // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine lockPref("browser.search.region", "US"); -lockPref("browser.search.geoip.url", ""); lockPref("browser.search.geoSpecificDefaults.url", ""); lockPref("browser.snippets.geoUrl", ""); // ------------------------------------- @@ -1822,8 +1886,8 @@ lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP] lockPref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP] lockPref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP] lockPref("geo.provider.network.url", ""); -lockPref("geo.provider-country.network.scan", false); // [FENIX] -lockPref("geo.provider-country.network.url", ""); // [FENIX] +lockPref("geo.provider-country.network.scan", false); +lockPref("geo.provider-country.network.url", ""); // ------------------------------------- // Pref : Disable logging geolocation to the console lockPref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP] @@ -1999,7 +2063,7 @@ lockPref("extensions.blocklist.url", ""); // [URL SANITIZED: https://blocklists. // ------------------------------------- // Pref : Opt-out of add-on metadata updates // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -lockPref("extensions.getAddons.cache.enabled", false) +lockPref("extensions.getAddons.cache.enabled", false); // ------------------------------------- // Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents) lockPref("browser.safebrowsing.enabled", false); // [DESKTOP] @@ -2417,7 +2481,6 @@ lockPref("dom.vr.enabled", false); // [DEFAULT: true] lockPref("dom.vr.autoactivate.enabled", false); lockPref("dom.vr.oculus.enabled", false); lockPref("dom.vr.oculus.invisible.enabled", false); -lockPref("dom.vr.openvr.action_input", false); lockPref("dom.vr.openvr.enabled", false); lockPref("dom.vr.osvr.enabled", false); lockPref("dom.vr.poseprediction.enabled", false); @@ -2519,12 +2582,6 @@ defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP] // ------------------------------------- // Pref : Display long lines in view-source page defaultPref("view_source.wrap_long_lines", true); -// ------------------------------------- -// Pref : Enable one-click select all URL bar -defaultPref("browser.urlbar.clickSelectsAll", true); -// ------------------------------------- -// Pref : Enable double click selects a string segment in URL bar -defaultPref("browser.urlbar.doubleClickSelectsAll", false); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Deprecated / Removed / Legacy / Renamed @@ -2573,7 +2630,7 @@ lockPref("plugins.click_to_play", true); // Pref : Disable autoplay of HTML5 media // https://bugzilla.mozilla.org/1562331 // https://hg.mozilla.org/mozilla-central/rev/3780202d7104 -lockPref("media.autoplay.allow-muted", false); +lockPref("media.autoplay.allow-muted", false); // [FENNEC] // ------------------------------------- // FF70+ // ------------------------------------- @@ -2761,12 +2818,32 @@ lockPref("geo.wifi.logging.enabled", false); // [HIDDEN PREF] // https://hg.mozilla.org/mozilla-central/rev/4a6071f143a5 defaultPref("privacy.userContext.longPressBehavior", 2); // ------------------------------------- -// Pref : Control TLS versions with min and max -// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 -// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. -// https://bugzilla.mozilla.org/show_bug.cgi?id=1606734 -// lockPref("security.tls.version.min", 3); -// lockPref("security.tls.version.max", 4); -// ------------------------------------- // FF75+ +// ------------------------------------- +// Pref : Disable contentblocking reports +// https://bugzilla.mozilla.org/show_bug.cgi?id=1612088 +// https://hg.mozilla.org/mozilla-central/rev/b582c518daeb +lockPref("browser.contentblocking.report.lockwise.url", ""); +// ------------------------------------- +// Pref : Disable GeoIP lookup on your address to set default search engine region +// https://bugzilla.mozilla.org/show_bug.cgi?id=1589618 +// https://hg.mozilla.org/mozilla-central/rev/eeda4bdcd130 +lockPref("browser.search.geoip.url", ""); +// ------------------------------------- +// Pref : Enable one-click select all URL bar +// https://bugzilla.mozilla.org/show_bug.cgi?id=333714 +// https://hg.mozilla.org/mozilla-central/rev/9d574c79405d +defaultPref("browser.urlbar.clickSelectsAll", true); +// ------------------------------------- +// Pref : Enable double click selects a string segment in URL bar +// https://bugzilla.mozilla.org/show_bug.cgi?id=333714 +// https://hg.mozilla.org/mozilla-central/rev/9d574c79405d +defaultPref("browser.urlbar.doubleClickSelectsAll", false); +// ------------------------------------- +// Pref : Disable virtual reality devices APIs +// https://bugzilla.mozilla.org/show_bug.cgi?id=1602102 +// https://hg.mozilla.org/mozilla-central/rev/bb85b121d2ac +lockPref("dom.vr.openvr.action_input", false); +// ------------------------------------- +// FF76+ // ------------------------------------- \ No newline at end of file