// Base Phoenix Mozilla.cfg :p /// DEFENSE IN DEPTH to harden security & protect users // Below prefs are likely unnecessary and/or redundant, as Firefox reads them early in runtime, but better be safe than sorry. https://codeberg.org/celenity/Phoenix/issues/18#issuecomment-2490737 // I could see this being beneficial in certain cases, such as for users who manually/locally install Phoenix. lockPref("general.config.sandbox_enabled", true); lockPref("security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", false); // This is a real pref... https://searchfox.org/mozilla-central/source/testing/profiles/common/user.js lockPref("mail.identity.useremail", ""); lockPref("autoadmin.append_emailaddr", false); lockPref("general.config.filename", "phoenix.cfg"); lockPref("general.config.vendor", "phoenix"); lockPref("autoadmin.global_config_url", "https://phoenix.celenity.dev/configs/Dev/dev.cfg"); // The Phoenix shall rise from the ashes of what fell before it. defaultPref("browser.aboutConfig.showWarning", false); defaultPref("general.warnOnAboutConfig", false); // 001 DATA COLLECTION // A lot of defense in depth... /// Shield Studies/Normandy/Nimbus // We also set "DisableFirefoxStudies" in policies // https://mozilla.github.io/policy-templates/#disablefirefoxstudies // https://mozilla.github.io/normandy/ // https://wiki.mozilla.org/Firefox/Shield/Shield_Studies // https://support.mozilla.org/kb/shield // https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections#w_experiments-or-studies // https://wiki.mozilla.org/Advocacy/heartbeat // https://experimenter.info/ // resource://nimbus/ExperimentAPI.sys.mjs lockPref("app.normandy.api_url", ""); lockPref("app.normandy.enabled", false); lockPref("app.normandy.first_run", false); lockPref("app.normandy.last_seen_buildid", ""); lockPref("app.normandy.logging.level", 70); // Limits logging to fatal only lockPref("app.normandy.user_id", ""); lockPref("app.shield.optoutstudies.enabled", false); lockPref("messaging-system.log", "off"); // Disables logging lockPref("messaging-system.rsexperimentloader.enabled", false); lockPref("messaging-system.rsexperimentloader.collection_id", ""); lockPref("nimbus.appId", ""); // https://searchfox.org/mozilla-central/source/toolkit/components/backgroundtasks/defaults/backgroundtasks_browser.js lockPref("toolkit.telemetry.pioneer-new-studies-available", false); /// WebVTT Testing Events // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml lockPref("media.webvtt.testing.events", false); /// Origin Trials // https://wiki.mozilla.org/Origin_Trials lockPref("dom.origin-trials.enabled", false); /// Crash Reporting // https://github.com/mozilla-services/socorro // https://wiki.mozilla.org/Socorro // https://firefox-source-docs.mozilla.org/tools/sanitizer/asan_nightly.html lockPref("asanreporter.apiurl", ""); lockPref("asanreporter.clientid", ""); lockPref("breakpad.reportURL", ""); lockPref("browser.crashReports.chancesUntilSuppress", 0); lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT] lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // [DEFAULT] lockPref("browser.tabs.crashReporting.includeURL", false); // Defense in depth lockPref("browser.tabs.crashReporting.sendReport", false); lockPref("toolkit.crashreporter.include_context_heap", false); // Defense in depth /// X-Frame Options Error Reporting // https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/xfocsp-error-report-ping.html lockPref("security.xfocsp.errorReporting.automatic", false); // [DEFAULT] lockPref("security.xfocsp.errorReporting.enabled", false); /// Coverage // https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ lockPref("toolkit.coverage.enabled", false); lockPref("toolkit.coverage.endpoint.base", ""); lockPref("toolkit.coverage.opt-out", true); // [HIDDEN] lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN] /// Default Browser Agent /// We also configure "DisableDefaultBrowserAgent" in policies // https://mozilla.github.io/policy-templates/#disabledefaultbrowseragent // https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html lockPref("default-browser-agent.enabled", false); /// Misc. Telemetry /// We also configure "DisableTelemetry" & "ImproveSuggest" in policies // https://mozilla.github.io/policy-templates/#disabletelemetry // https://mozilla.github.io/policy-templates/#firefoxsuggest // https://searchfox.org/mozilla-central/source/testing/geckodriver/src/prefs.rs // https://wiki.mozilla.org/QA/Telemetry // https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml // https://searchfox.org/mozilla-central/source/remote/shared/RecommendedPreferences.sys.mjs // https://searchfox.org/mozilla-central/source/testing/profiles/perf/user.js lockPref("browser.aboutwelcome.log", "off"); // Disable logging lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); lockPref("browser.newtabpage.activity-stream.impressionId", ""); lockPref("browser.newtabpage.activity-stream.telemetry", false); lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); lockPref("browser.newtabpage.activity-stream.telemetry.ut.events", false); lockPref("browser.places.interactions.enabled", false); // https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js lockPref("browser.privacySegmentation.preferences.show", false); lockPref("browser.rights.3.shown", true); lockPref("browser.search.serpEventTelemetryCategorization.enabled", false); lockPref("browser.search.serpEventTelemetryCategorization.regionEnabled", false); lockPref("browser.search.serpMetricsRecordedCounter", 0); lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); lockPref("browser.urlbar.quicksuggest.onboardingDialogChoice", "reject_2"); // [HIDDEN] https://searchfox.org/mozilla-central/source/browser/components/urlbar/docs/firefox-suggest-telemetry.rst https://searchfox.org/mozilla-central/source/toolkit/components/telemetry/docs/data/environment.rst https://searchfox.org/mozilla-central/source/browser/components/urlbar/tests/quicksuggest/browser/browser_quicksuggest_onboardingDialog.js lockPref("datareporting.dau.cachedUsageProfileID", "beefbeef-beef-beef-beef-beeefbeefbee"); // [HIDDEN] https://searchfox.org/mozilla-central/source/toolkit/components/telemetry/app/ClientID.sys.mjs#44 lockPref("datareporting.healthreport.documentServerURI", ""); // [HIDDEN] lockPref("datareporting.healthreport.logging.consoleEnabled", false); // [HIDDEN] lockPref("datareporting.healthreport.service.enabled", false); // [HIDDEN] lockPref("datareporting.healthreport.service.firstRun", false); // [HIDDEN] lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); lockPref("datareporting.policy.dataSubmissionPolicyAccepted", false); lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); lockPref("datareporting.policy.firstRunURL", ""); lockPref("dom.security.unexpected_system_load_telemetry_enabled", false); lockPref("network.jar.record_failure_reason", false); // https://searchfox.org/mozilla-release/source/modules/libpref/init/StaticPrefList.yaml#14271 lockPref("network.traffic_analyzer.enabled", false); // https://searchfox.org/mozilla-release/source/modules/libpref/init/StaticPrefList.yaml#13191 lockPref("network.trr.confirmation_telemetry_enabled", false); lockPref("identity.fxaccounts.telemetry.clientAssociationPing.enabled", false); lockPref("identity.fxaccounts.account.telemetry.sanitized_uid", ""); lockPref("privacy.trackingprotection.emailtracking.data_collection.enabled", false); lockPref("toolkit.content-background-hang-monitor.disabled", true); lockPref("toolkit.telemetry.archive.enabled", false); lockPref("toolkit.telemetry.bhrPing.enabled", false); lockPref("toolkit.telemetry.cachedClientID", "c0ffeec0-ffee-c0ff-eec0-ffeec0ffeec0"); lockPref("toolkit.telemetry.cachedProfileGroupID", "decafdec-afde-cafd-ecaf-decafdecafde"); lockPref("toolkit.telemetry.dap.helper.hpke", ""); lockPref("toolkit.telemetry.dap.helper.url", ""); lockPref("toolkit.telemetry.dap.leader.hpke", ""); lockPref("toolkit.telemetry.dap.leader.url", ""); lockPref("toolkit.telemetry.dap_enabled", false); lockPref("toolkit.telemetry.dap_helper", ""); lockPref("toolkit.telemetry.dap_helper_owner", ""); lockPref("toolkit.telemetry.dap_leader", ""); lockPref("toolkit.telemetry.dap_leader_owner", ""); lockPref("toolkit.telemetry.dap.logLevel", "Off"); lockPref("toolkit.telemetry.dap_task1_enabled", false); lockPref("toolkit.telemetry.dap_task1_taskid", ""); lockPref("toolkit.telemetry.dap_visit_counting_enabled", false); lockPref("toolkit.telemetry.dap_visit_counting_experiment_list", "[]"); lockPref("toolkit.telemetry.debugSlowSql", false); lockPref("toolkit.telemetry.enabled", false); lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); lockPref("toolkit.telemetry.geckoview.streaming", false); // [Android specific?] lockPref("toolkit.telemetry.healthping.enabled", false); // [HIDDEN] lockPref("toolkit.telemetry.newProfilePing.enabled", false); lockPref("toolkit.telemetry.pioneerId", ""); // [HIDDEN] lockPref("toolkit.telemetry.previousBuildID", ""); lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); lockPref("toolkit.telemetry.server", "data;"); lockPref("toolkit.telemetry.server_owner", ""); lockPref("toolkit.telemetry.shutdownPingSender.backgroundtask.enabled", false); lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); lockPref("toolkit.telemetry.testing.suppressPingsender", true); // [HIDDEN] lockPref("toolkit.telemetry.translations.logLevel", "Off"); lockPref("toolkit.telemetry.unified", false); lockPref("toolkit.telemetry.updatePing.enabled", false); lockPref("toolkit.telemetry.user_characteristics_ping.current_version", 0); lockPref("toolkit.telemetry.user_characteristics_ping.last_version_sent", 0); lockPref("toolkit.telemetry.user_characteristics_ping.logLevel", "Off"); lockPref("toolkit.telemetry.user_characteristics_ping.opt-out", true); lockPref("toolkit.telemetry.user_characteristics_ping.send-once", false); // [DEFAULT] lockPref("toolkit.telemetry.user_characteristics_ping.uuid", ""); /// Misc. UX - Harmless but does not apply to us lockPref("app.normandy.shieldLearnMoreUrl", ""); lockPref("datareporting.healthreport.infoURL", ""); lockPref("extensions.recommendations.privacyPolicyUrl", ""); lockPref("toolkit.crashreporter.infoURL", ""); lockPref("toolkit.datacollection.infoURL", ""); // 002 MOZILLA CRAP™ /// Firefox Recommendations & "Discovery" // We also set "ExtensionRecommendations" & "FeatureRecommendations" in policies // https://mozilla.github.io/policy-templates/#usermessaging // https://support.mozilla.org/kb/recommendations-firefox // https://support.mozilla.org/kb/personalized-extension-recommendations lockPref("browser.dataFeatureRecommendations.enabled", false); lockPref("browser.discovery.enabled", false); lockPref("browser.discovery.sites", ""); lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); lockPref("extensions.getAddons.browseAddons", ""); // Android lockPref("extensions.getAddons.discovery.api_url", "data:;"); // https://searchfox.org/mozilla-central/source/testing/profiles/common/user.js lockPref("extensions.getAddons.showPane", false); lockPref("extensions.htmlaboutaddons.recommendations.enabled", false); lockPref("extensions.recommendations.themeRecommendationUrl", ""); lockPref("extensions.webservice.discoverURL", ""); /// Fakespot lockPref("browser.newtabpage.activity-stream.contextualContent.fakespot.ctaCopy", ""); lockPref("browser.newtabpage.activity-stream.contextualContent.fakespot.ctaUrl", ""); lockPref("browser.newtabpage.activity-stream.contextualContent.fakespot.defaultCategoryTitle", ""); lockPref("browser.newtabpage.activity-stream.contextualContent.fakespot.enabled", false); lockPref("browser.newtabpage.activity-stream.contextualContent.fakespot.footerCopy", ""); lockPref("browser.shopping.experience2023.ads.enabled", false); lockPref("browser.shopping.experience2023.ads.exposure", false); lockPref("browser.shopping.experience2023.ads.userEnabled", false); lockPref("browser.shopping.experience2023.active", false); lockPref("browser.shopping.experience2023.autoOpen.enabled", false); lockPref("browser.shopping.experience2023.autoOpen.userEnabled", false); lockPref("browser.shopping.experience2023.enabled", false); lockPref("browser.shopping.experience2023.integratedSidebar", false); lockPref("browser.shopping.experience2023.optedIn", 2); lockPref("browser.shopping.experience2023.survey.enabled", false); lockPref("browser.shopping.experience2023.survey.hasSeen", true); lockPref("browser.urlbar.fakespot.featureGate", false); lockPref("browser.urlbar.fakespot.suggestedIndex", 0); lockPref("browser.urlbar.suggest.fakespot", false); lockPref("toolkit.shopping.ohttpConfigURL", ""); lockPref("toolkit.shopping.ohttpRelayURL", ""); /// Pocket // We also set "DisablePocket", "Pocket", & "SponsoredPocket" in policies // https://mozilla.github.io/policy-templates/#disablepocket // https://mozilla.github.io/policy-templates/#firefoxhome // https://searchfox.org/mozilla-central/source/toolkit/components/nimbus/FeatureManifest.yaml lockPref("browser.newtabpage.activity-stream.discoverystream.descLines", 0); lockPref("browser.newtabpage.activity-stream.discoverystream.fourCardLayout.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.hideCardBackground.enabled", true); lockPref("browser.newtabpage.activity-stream.discoverystream.hideDescriptions.enabled", true); lockPref("browser.newtabpage.activity-stream.discoverystream.newFooterSection.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.pocket-feed-parameters", ""); defaultPref("browser.newtabpage.activity-stream.discoverystream.recentSaves.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.region-stories-config", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.saveToPocketCard.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.saveToPocketCardRegions", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled", false); lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); lockPref("browser.newtabpage.activity-stream.pocketCta", ""); lockPref("browser.urlbar.pocket.featureGate", false); lockPref("browser.urlbar.suggest.pocket", false); lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); lockPref("extensions.pocket.api", ""); lockPref("extensions.pocket.bffApi", ""); lockPref("extensions.pocket.bffRecentSaves", false); lockPref("extensions.pocket.enabled", false); lockPref("extensions.pocket.oAuthConsumerKey", ""); lockPref("extensions.pocket.oAuthConsumerKeyBff", ""); lockPref("extensions.pocket.refresh.emailButton.enabled", false); lockPref("extensions.pocket.refresh.hideRecentSaves.enabled", true); lockPref("extensions.pocket.showHome", false); lockPref("extensions.pocket.site", ""); /// Firefox Relay lockPref("signon.firefoxRelay.base_url", ""); lockPref("signon.firefoxRelay.feature", "disabled"); lockPref("signon.firefoxRelay.learn_more_url", ""); lockPref("signon.firefoxRelay.manage_url", ""); lockPref("signon.firefoxRelay.privacy_policy_url", ""); lockPref("signon.firefoxRelay.terms_of_service_url", ""); /// "Interest-based Content Relevance Ranking" // https://bugzilla.mozilla.org/show_bug.cgi?id=1886207 lockPref("toolkit.contentRelevancy.enabled", false); lockPref("toolkit.contentRelevancy.ingestEnabled", false); lockPref("toolkit.contentRelevancy.log", false); /// "Top Sites" // We also set "SponsoredTopSites" in policies // https://mozilla.github.io/policy-templates/#firefoxhome // https://searchfox.org/mozilla-central/source/toolkit/components/nimbus/FeatureManifest.yaml defaultPref("browser.newtabpage.activity-stream.default.sites", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.contile-topsites-positions", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.spoc-topsites-positions", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.spocTopsitesAdTypes", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.spocTopsitesZoneIds", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.spocTopsitesPlacement.enabled", false); lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); lockPref("browser.newtabpage.activity-stream.improvesearch.noDefaultSearchTile", true); // [DEFAULT] lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); defaultPref("browser.newtabpage.pinned", ""); lockPref("browser.partnerlink.attributionURL", ""); lockPref("browser.partnerlink.campaign.topsites", ""); lockPref("browser.topsites.component.enabled", false); lockPref("browser.topsites.contile.cachedTiles", ""); lockPref("browser.topsites.contile.enabled", false); // Make sure still active lockPref("browser.topsites.contile.endpoint", ""); lockPref("browser.topsites.useRemoteSetting", false); lockPref("browser.urlbar.sponsoredTopSites", false); /// Misc. Activity Stream (about:home) // We also configure "FirefoxHome" in policies // https://mozilla.github.io/policy-templates/#firefoxhome // https://searchfox.org/mozilla-central/source/testing/geckodriver/src/prefs.rs // https://searchfox.org/mozilla-central/source/toolkit/components/nimbus/FeatureManifest.yaml lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "null"); lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "null"); lockPref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", "null"); lockPref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", "null"); lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", "null"); lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "null"); lockPref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); lockPref("browser.newtabpage.activity-stream.discoverystream.ctaButtonSponsors", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.config", "[]"); lockPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.feeds", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.listFeedTitle", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.locale-content-config", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.region-content-config", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.selectedFeed", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.editorsPicksHeader.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.endpointSpocsClear", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.essentialReadsHeader.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.isCollectionDismissible", true); lockPref("browser.newtabpage.activity-stream.discoverystream.locale-list-config", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.newSponsoredLabel.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.onboardingExperience.dismissed", true); lockPref("browser.newtabpage.activity-stream.discoverystream.onboardingExperience.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.personalization.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.personalization.modelKeys", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.placements.spocs", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.placements.spocs.counts", "0"); lockPref("browser.newtabpage.activity-stream.discoverystream.recs.personalized", false); lockPref("browser.newtabpage.activity-stream.discoverystream.region-bff-config", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.spocs.personalized", false); lockPref("browser.newtabpage.activity-stream.discoverystream.spocs.startupCache.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.spocs-endpoint", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.spocs-endpoint-query", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.spocAdTypes", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.spocSiteId", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.spocZoneIds", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.sponsored-collections.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.topicLabels.locale-topic-label-config", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.topicLabels.region-topic-label-config", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.locale-topics-config", ""); lockPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.onboarding.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.region-topics-config", ""); lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); lockPref("browser.newtabpage.activity-stream.feeds.recommendationprovider", false); lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}"); lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); lockPref("browser.newtabpage.activity-stream.showSponsored", false); lockPref("browser.newtabpage.activity-stream.system.showSponsored", false); lockPref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", ""); lockPref("browser.newtabpage.activity-stream.unifiedAds.enabled", false); lockPref("browser.newtabpage.activity-stream.unifiedAds.endpoint", ""); lockPref("browser.newtabpage.activity-stream.unifiedAds.spocs.enabled", false); lockPref("browser.newtabpage.activity-stream.unifiedAds.tiles.enabled", false); lockPref("messaging-system.askForFeedback", false); /// Firefox Suggest // We also configure "FirefoxSuggest" & "UrlbarInterventions" in policies // https://mozilla.github.io/policy-templates/#firefoxsuggest // https://mozilla.github.io/policy-templates/#usermessaging // https://mozilla-services.github.io/merino/firefox.html // https://github.com/mozilla-services/merino-py lockPref("browser.newtabpage.activity-stream.discoverystream.merino-feed-experiment", false); lockPref("browser.newtabpage.activity-stream.discoverystream.merino-provider.enabled", false); lockPref("browser.newtabpage.activity-stream.discoverystream.merino-provider.endpoint", ""); lockPref("browser.urlbar.addons.featureGate", false); lockPref("browser.urlbar.groupLabels.enabled", false); lockPref("browser.urlbar.mdn.featureGate", false); lockPref("browser.urlbar.merino.endpointURL", ""); lockPref("browser.urlbar.merino.providers", ""); lockPref("browser.urlbar.quicksuggest.contextualOptIn", false); lockPref("browser.urlbar.quicksuggest.enabled", false); lockPref("browser.urlbar.quicksuggest.hideSettingsUI", true); lockPref("browser.urlbar.quicksuggest.nonSponsoredIndex", 0); lockPref("browser.urlbar.quicksuggest.scenario", "offline"); lockPref("browser.urlbar.quicksuggest.shouldShowOnboardingDialog", false); lockPref("browser.urlbar.quicksuggest.showedOnboardingDialog", true); lockPref("browser.urlbar.quicksuggest.sponsoredIndex", 0); lockPref("browser.urlbar.quicksuggest.sponsoredPriority", false); lockPref("browser.urlbar.suggest.addons", false); lockPref("browser.urlbar.suggest.mdn", false); lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); lockPref("browser.urlbar.suggest.trending", false); lockPref("browser.urlbar.suggest.weather", false); lockPref("browser.urlbar.suggest.yelp", false); lockPref("browser.urlbar.trending.featureGate", false); lockPref("browser.urlbar.weather.featureGate", false); lockPref("browser.urlbar.yelp.featureGate", false); /// Web Notifications /// I have yet to see a legitimate use-case for websites using push notifications... but I have very commonly seen it abused for malicious purposes & spam /// We also set "Notifications" in policies // https://mozilla.github.io/policy-templates/#permissions // https://mozilla-push-service.readthedocs.io/en/latest/ // https://mozilla-services.github.io/autopush-rs/ lockPref("dom.push.enabled", true); // [DEFAULT] - Fingerprintable & unnecessary with other prefs defaultPref("permissions.default.desktop-notification", 2); /// Misc. Promotions // We also set "MoreFromMozilla" in policies // https://mozilla.github.io/policy-templates/#usermessaging lockPref("browser.contentblocking.report.hide_vpn_banner", true); lockPref("browser.contentblocking.report.proxy.enabled", false); lockPref("browser.contentblocking.report.proxy_extension.url", ""); lockPref("browser.contentblocking.report.show_mobile_app", false); lockPref("browser.contentblocking.report.vpn_sub_id", ""); lockPref("browser.contentblocking.report.vpn.url", ""); lockPref("browser.contentblocking.report.vpn-android.url", ""); lockPref("browser.contentblocking.report.vpn-ios.url", ""); lockPref("browser.contentblocking.report.vpn-promo.url", ""); lockPref("browser.newtabpage.activity-stream.newtabWallpapers.highlightDismissed", true); lockPref("browser.newtabpage.activity-stream.newtabWallpapers.highlightEnabled", false); lockPref("browser.preferences.moreFromMozilla", false); lockPref("browser.preferences.moreFromMozilla.template", "simple"); lockPref("browser.privatebrowsing.vpnpromourl", ""); lockPref("browser.promo.cookiebanners.enabled", false); lockPref("browser.promo.focus.enabled", false); lockPref("browser.promo.pin.enabled", false); lockPref("browser.protections_panel.infoMessage.seen", true); // Disables ETP Banner lockPref("browser.vpn_promo.enabled", false); lockPref("cookiebanners.ui.desktop.showCallout", false); lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled", false); lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled.monitorEnabled", false); lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled.relayEnabled", false); lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled.vpnEnabled", false); lockPref("identity.mobilepromo.android", ""); lockPref("identity.mobilepromo.ios", ""); lockPref("identity.sendtabpromo.url", ""); /// Kill about:welcome & Onboarding /// We also set "OverrideFirstRunPage", "OverridePostUpdatePage", & "SkipOnboarding" in policies // https://mozilla.github.io/policy-templates/#overridefirstrunpage // https://mozilla.github.io/policy-templates/#overridepostupdatepage // https://mozilla.github.io/policy-templates/#usermessaging lockPref("browser.aboutwelcome.enabled", false); lockPref("browser.aboutwelcome.screens", ""); lockPref("browser.aboutwelcome.showModal", false); lockPref("browser.aboutwelcome.toolbarButtonEnabled", false); lockPref("browser.EULA.override", true); // https://searchfox.org/mozilla-central/source/testing/profiles/perf/user.js lockPref("browser.migrate.content-modal.about-welcome-behavior", "autoclose"); lockPref("browser.startup.homepage_override.mstone", "ignore"); lockPref("browser.suppress_first_window_animation", true); lockPref("browser.usedOnWindows10.introURL", ""); // https://searchfox.org/mozilla-central/source/remote/shared/RecommendedPreferences.sys.mjs lockPref("startup.homepage_override_url", ""); lockPref("startup.homepage_override_url_nimbus", ""); lockPref("startup.homepage_welcome_url", ""); lockPref("startup.homepage_welcome_url.additional", ""); /// Kill UI Tour & Misc. "Feature Tours" lockPref("browser.firefox-view.feature-tour", "{\"screen\":\"\",\"complete\":true}"); lockPref("browser.firefox-view.view-count", 0); // Prevent logging # of times you use View lockPref("browser.pdfjs.feature-tour", "{\"screen\":\"\",\"complete\":true}"); lockPref("browser.uitour.enabled", false); lockPref("browser.uitour.loglevel", "Off"); lockPref("browser.uitour.requireSecure", true); // [DEFAULT] lockPref("browser.uitour.surveyDuration", 0); lockPref("browser.uitour.url", ""); /// Prevent Mozilla domains from having special privileges // https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#privileged-mozilla-content lockPref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false); lockPref("browser.tabs.remote.separatedMozillaDomains", ""); lockPref("dom.ipc.processCount.privilegedmozilla", 0); defaultPref("extensions.webextensions.restrictedDomains", ""); lockPref("permissions.manager.defaultsUrl", ""); lockPref("privacy.resistFingerprinting.block_mozAddonManager", true); lockPref("services.sync.addons.trustedSourceHostnames", ""); lockPref("svg.context-properties.content.allowed-domains", ""); lockPref("webchannel.allowObject.urlWhitelist", ""); /// Remove Mozilla URL tracking params defaultPref("app.releaseNotesURL", "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes"); defaultPref("app.releaseNotesURL.aboutDialog", "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes"); defaultPref("app.releaseNotesURL.prompt", "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes"); defaultPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%"); /// Firefox View defaultPref("browser.firefox-view.search.enabled", false); defaultPref("browser.firefox-view.virtual-list.enabled", false); defaultPref("browser.tabs.firefox-view-newIcon", false); defaultPref("browser.tabs.firefox-view-next", false); /// Disable Mozilla Web Compatibility Reporter // Harmless from a privacy perspective - We just don't want to waste Mozilla's time due to our custom set-up... // Also acts as attack surface reduction & a potential performance improvement lockPref("extensions.webcompat-reporter.enabled", false); // [DEFAULT] lockPref("extensions.webcompat-reporter.newIssueEndpoint", ""); lockPref("ui.new-webcompat-reporter.enabled", false); // https://searchfox.org/mozilla-central/source/toolkit/components/nimbus/FeatureManifest.yaml#3604 lockPref("ui.new-webcompat-reporter.send-more-info-link", false); // [DEFAULT] /// Set homepage to about:home, this is typically default, but overriden by some distro-packaged versions of Firefox like Fedora defaultPref("browser.startup.homepage", "about:home"); // [DEFAULT] // 003 Search & URL Bar /// Allow adding custom search engines in about:preferences#search defaultPref("browser.urlbar.update2.engineAliasRefresh", true); /// Never trim URLs lockPref("browser.urlbar.trimHttps", false); lockPref("browser.urlbar.trimURLs", false); /// Allow using a different search engine in Private Windows vs. Normal Windows defaultPref("browser.search.separatePrivateDefault.ui.enabled", true); // Prompt to use Private Browsing defaultPref("browser.search.separatePrivateDefault.urlbarResult.enabled", true); // Remove Search Engine Placeholders lockPref("browser.urlbar.placeholderName", ""); lockPref("browser.urlbar.placeholderName.private", ""); /// Always show Punycode - Helps prevent phishing & IDN Homograph Attacks // https://wikipedia.org/wiki/IDN_homograph_attack defaultPref("network.IDN_show_punycode", true); /// Do not autofill/autocomplete URLs by default defaultPref("browser.urlbar.autoFill", false); // Always show URL instead of search terms lockPref("browser.urlbar.showSearchTerms.enabled", false); lockPref("browser.urlbar.showSearchTerms.featureGate", false); /// Enforce that JavaScript URLS are excluded from results lockPref("browser.urlbar.filter.javascript", true); // [DEFAULT] /// Disable "Recent Searches" being suggested since we disable Search & Form History anyways lockPref("browser.urlbar.recentsearches.featureGate", false); lockPref("browser.urlbar.suggest.recentsearches", false); // Nice to have defaultPref("browser.urlbar.clipboard.featureGate", false); defaultPref("browser.urlbar.suggest.bookmark", true); defaultPref("browser.urlbar.suggest.calculator", true); defaultPref("browser.urlbar.suggest.clipboard", false); defaultPref("browser.urlbar.suggest.engines", false); defaultPref("browser.urlbar.suggest.history", false); defaultPref("browser.urlbar.suggest.openpage", true); defaultPref("browser.urlbar.unitConversion.enabled", true); // 004 Implicit Connections /// Disable Network Prefetching // We also set "NetworkPrediction" in policies // https://mozilla.github.io/policy-templates/#networkprediction // https://developer.mozilla.org/docs/Glossary/Prefetch lockPref("browser.places.speculativeConnect.enabled", false); lockPref("browser.urlbar.speculativeConnect.enabled", false); lockPref("network.dns.disablePrefetch", true); lockPref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT] lockPref("network.http.speculative-parallel-limit", 0); lockPref("network.predictor.enable-hover-on-ssl", false); // [DEFAULT] lockPref("network.predictor.enable-prefetch", false); // [DEFAULT] lockPref("network.predictor.enabled", false); lockPref("network.prefetch-next", false); /// Disable Search Suggestions /// We also set "SearchSuggestEnabled" in policies // https://mozilla.github.io/policy-templates/#searchsuggestenabled lockPref("browser.search.suggest.enabled", false); lockPref("browser.search.suggest.enabled.private", false); lockPref("browser.urlbar.showSearchSuggestionsFirst", false); lockPref("browser.urlbar.suggest.searches", false); /// Prevent leaking single word searches to DNS provider /// We also set "GoToIntranetSiteForSingleWordEntryInAddressBar" in policies // https://mozilla.github.io/policy-templates/#gotointranetsiteforsinglewordentryinaddressbar lockPref("browser.fixup.dns_first_for_single_words", false); // [DEFAULT] lockPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); /// Prevent middle click on new tab button opening URLs or searches from clipboard lockPref("browser.tabs.searchclipboardfor.middleclick", false); // 005 HTTP(S) - Mixed Content & General Network Hardening /// Enforce using HTTPS as much as possible lockPref("dom.security.https_first", true); lockPref("dom.security.https_first_for_custom_ports", true); // [DEFAULT, DEFENSE IN DEPTH] lockPref("dom.security.https_first_pbm", true); // [DEFAULT] lockPref("dom.security.https_first_schemeless", true); lockPref("dom.security.https_only_mode", true); lockPref("dom.security.https_only_mode.upgrade_local", true); lockPref("dom.security.https_only_mode_pbm", true); lockPref("security.mixed_content.block_active_content", true); lockPref("security.mixed_content.block_display_content", true); lockPref("security.mixed_content.upgrade_display_content", true); lockPref("security.mixed_content.upgrade_display_content.audio", true); // [DEFAULT] lockPref("security.mixed_content.upgrade_display_content.image", true); // [DEFAULT] lockPref("security.mixed_content.upgrade_display_content.video", true); // [DEFAULT] /// Prevent sending HTTP requests to websites that do not respond quickly to check if they support HTTPS defaultPref("dom.security.https_only_mode_send_http_background_request", false); /// Show suggestions when an HTTPS page can not be found defaultPref("dom.security.https_only_mode_error_page_user_suggestions", true); /// Always warn on insecure webpages lockPref("security.insecure_connection_text.enabled", true); lockPref("security.insecure_connection_text.pbmode.enabled", true); lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); lockPref("security.warn_submit_secure_to_insecure", true); // Warn when submitting a form from HTTP to HTTPS /// Show detailed information on insecure warning pages defaultPref("browser.xul.error_pages.expert_bad_cert", true); /// Disable TLS1.3 0-RTT (Not forward secret) // https://github.com/tlswg/tls13-spec/issues/1001 lockPref("security.tls.enable_0rtt_data", false); /// Enforce preloading intermediates // https://wiki.mozilla.org/Security/CryptoEngineering/Intermediate_Preloading lockPref("security.remote_settings.intermediates.enabled", true); // [DEFAULT] /// Never downgrade to insecure TLS 1.0/1.1 lockPref("security.tls.insecure_fallback_hosts", ""); // [DEFAULT] lockPref("security.tls.version.enable-deprecated", false); // [DEFAULT] /// Enforce TLS 1.3 downgrade protection // https://bugzilla.mozilla.org/show_bug.cgi?id=1576790 lockPref("security.tls.hello_downgrade_check", true); // [DEFAULT] /// Only load secure websockets from HTTPS pages lockPref("network.websocket.allowInsecureFromHTTPS", false); // [DEFAULT] /// Enforce blocking additional ports lockPref("network.security.ports.banned.override", ""); // [DEFAULT] /// Enable Post Quantum Key Agreement (Kyber) /// We also set "PostQuantumKeyAgreementEnabled" in policies // https://mozilla.github.io/policy-templates/#postquantumkeyagreementenabled lockPref("media.webrtc.enable_pq_dtls", true); lockPref("network.http.http3.enable_kyber", true); lockPref("security.tls.enable_kyber", true); /// Enforce MITM Detection // https://bugzilla.mozilla.org/show_bug.cgi?id=1529643 lockPref("security.certerrors.mitm.priming.enabled", true); // [DEFAULT] /// Disable Captive Portal & Connectivity Checks // We also set "CaptivePortal" in policies // https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections#w_network-detection // https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy lockPref("captivedetect.canonicalContent", ""); lockPref("captivedetect.canonicalURL", ""); lockPref("network.captive-portal-service.enabled", false); lockPref("network.connectivity-service.DNSv4.domain", ""); lockPref("network.connectivity-service.DNSv6.domain", ""); lockPref("network.connectivity-service.enabled", false); lockPref("network.connectivity-service.IPv4.url", ""); lockPref("network.connectivity-service.IPv6.url", ""); /// Proxy // We also set "UseProxyForDNS" in policies // https://mozilla.github.io/policy-templates/#proxy defaultPref("network.file.disable_unc_paths", true); defaultPref("network.gio.supported-protocols", ""); defaultPref("network.proxy.allow_bypass", false); defaultPref("network.proxy.failover_direct", false); defaultPref("network.proxy.socks_remote_dns", true); defaultPref("network.proxy.socks5_remote_dns", true); // 006 DNS /// We also set "DNSOverHTTPS" in policies // https://mozilla.github.io/policy-templates/#dnsoverhttps /// Disable Mozilla DoH Rollout lockPref("doh-rollout.disable-heuristics", true); lockPref("doh-rollout.enabled", false); lockPref("doh-rollout.skipHeuristicsCheck", true); lockPref("doh-rollout.uri", ""); lockPref("network.trr.default_provider_uri", ""); /// Enable DoH & Set to Quad9 by default /// We also set "DNSOverHTTPS" in policies // https://mozilla.github.io/policy-templates/#dnsoverhttps defaultPref("network.trr.custom_uri", "https://dns.quad9.net/dns-query"); defaultPref("network.trr.mode", 3); defaultPref("network.trr.uri", "https://dns.quad9.net/dns-query"); /// Improve list of built-in DoH Providers defaultPref("doh-rollout.provider-list", '[{"UIName":"Quad9 - Real-time Malware Protection","uri":"https://dns.quad9.net/dns-query"}, {"UIName":"DNS0 (ZERO) - Hardened Real-time Malware Protection","uri":"https://zero.dns0.eu"}, {"UIName":"DNS0 - Real-time Malware Protection","uri":"https://dns0.eu"}, {"UIName":"Mullvad - Ad/Tracking/Limited Malware Protection","uri":"https://base.dns.mullvad.net/dns-query"}, {"UIName":"AdGuard (Public) - Ad/Tracking Protection","uri":"https://dns.adguard-dns.com/dns-query"}, {"UIName":"Mullvad - No Filtering","uri":"https://dns.mullvad.net/dns-query"}, {"UIName":"Wikimedia - No Filtering","uri":"https://wikimedia-dns.org/dns-query"}, {"UIName":"AdGuard (Public) - No Filtering","uri":"https://unfiltered.adguard-dns.com/dns-query"}, {"UIName":"DNS0 - Kids","uri":"https://kids.dns0.eu"}, {"UIName":"Mullvad - Family","uri":"https://family.dns.mullvad.net/dns-query"}, {"UIName":"AdGuard (Public) - Family Protection","uri":"https://family.adguard-dns.com/dns-query"}, {"UIName":"Mullvad - Ad/Tracking/Limited Malware/Social Media Protection","uri":"https://extended.dns.mullvad.net/dns-query"}, {"UIName":"Mullvad - Ad/Tracking/Limited Malware/Social Media/Adult/Gambling Protection","uri":"https://all.dns.mullvad.net/dns-query"}]'); /// Skip DoH Connectivity Checks lockPref("network.connectivity-service.DNS_HTTPS.domain", ""); lockPref("network.trr.confirmationNS", "skip"); /// Never disable DoH from registry checks // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml lockPref("network.notify.checkForNRPT", false); lockPref("network.notify.checkForProxies", false); /// Enforce EncryptedClientHello // We also set "DisableEncryptedClientHello" in policies // https://mozilla.github.io/policy-templates/#disableencryptedclienthello // https://blog.cloudflare.com/announcing-encrypted-client-hello lockPref("network.dns.echconfig.enabled", true); // [DEFAULT] lockPref("network.dns.http3_echconfig.enabled", true); // [DEFAULT] /// Enable Native DNS HTTPS Lookups defaultPref("network.dns.native_https_query", true); // 007 CERTIFICATES /// Enforce OCSP & Stapling lockPref("security.OCSP.enabled", 1); // [DEFAULT] lockPref("security.ssl.enable_ocsp_must_staple", true); // [DEFAULT] lockPref("security.ssl.enable_ocsp_stapling", true); // [DEFAULT] /// Hard-fail OCSP by default // Personally have not ran into any issues from this in YEARS... & it provides a fairly significant security improvement // Can reconsider if people start having issues defaultPref("security.OCSP.require", true); /// Enable CRLite & use where possible lockPref("security.pki.crlite_mode", 2); lockPref("security.remote_settings.crlite_filters.enabled", true); /// Make exceptions for certificate errors session only lockPref("security.certerrors.permanentOverride", false); /// Enforce Strict Certificate Pinning lockPref("security.cert_pinning.enforcement_level", 2); /// Enable & Enforce Certificate Transparency // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#15868 lockPref("security.pki.certificate_transparency.mode", 2); // [DEFAULT: 0] lockPref("security.pki.certificate_transparency.disable_for_hosts", ""); // [DEFAULT] lockPref("security.pki.certificate_transparency.disable_for_spki_hashes", ""); // [DEFAULT] // 008 DOWNLOADS /// Always prompt before downloading files /// We also set "PromptForDownloadLocation" in policies // https://mozilla.github.io/policy-templates/#promptfordownloadlocation lockPref("browser.download.always_ask_before_handling_new_types", true); lockPref("browser.download.useDownloadDir", false); // Always notify when downloading files lockPref("browser.download.alwaysOpenPanel", true); // [DEFAULT] // Enforce blocking insecure downloads lockPref("dom.block_download_insecure", true); // [DEFAULT] // 009 SAFE BROWSING /// Enable Safe Browsing by default // Harmless from a privacy perspective due to the below changes, also effective at preventing real-time malicious domains and downloads. // We will of course **ALWAYS** give users the ability to disable. defaultPref("browser.safebrowsing.blockedURIs.enabled", true); // [DEFAULT] defaultPref("browser.safebrowsing.downloads.enabled", true); // [DEFAULT] defaultPref("browser.safebrowsing.malware.enabled", true); // [DEFAULT] defaultPref("browser.safebrowsing.phishing.enabled", true); // [DEFAULT] // I would rather not touch the below prefs, but they are important for ex. LibreWolf... defaultPref("browser.safebrowsing.provider.google.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2"); // [DEFAULT] defaultPref("browser.safebrowsing.provider.google.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_SAFEBROWSING_API_KEY%"); // [DEFAULT] defaultPref("browser.safebrowsing.provider.google4.gethashURL", "https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST"); // [DEFAULT] defaultPref("browser.safebrowsing.provider.google4.updateURL", "https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST"); // [DEFAULT] /// Prevent sending metadata of downloaded files to Google // https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work#w_how-does-phishing-and-malware-protection-work-in-firefox // https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ lockPref("browser.safebrowsing.downloads.remote.enabled", false); lockPref("browser.safebrowsing.downloads.remote.url", ""); /// Enforce that no data is shared with Google // https://bugzilla.mozilla.org/show_bug.cgi?id=1351147 lockPref("browser.safebrowsing.provider.google.dataSharing.enabled", false); // [DEFAULT] Android lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); // [DEFAULT] lockPref("browser.safebrowsing.provider.google4.dataSharingURL", ""); /// Show advanced details on pages blocked by Safe Browsing by default defaultPref("browser.xul.error_pages.show_safe_browsing_details_on_load", true); /// By default, when you report a Safe Browsing false positive, it sends the URL to both Mozilla & Google (NOT PROXIED), as well as your locale to Mozilla // Ex. https://en-us.phish-error.mozilla.com/?url=example.org - Which redirects you directly to https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=example.org // We can improve privacy & speed by sending the domain *only* to Google & without sending your locale to anyone // We could also potentially strip tpl=mozilla which tells Google the request is from Firefox - though it looks like there is a different page for Firefox users with a better privacy policy, so we will leave it for now // Unclear whether 'MalwareMistake' is used, but we can set it anyways defaultPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url="); defaultPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url="); defaultPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url="); defaultPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url="); //// Similar behavior also appears to happen when you report a URL to Safe Browsing defaultPref("browser.safebrowsing.reportPhishURL", "https://safebrowsing.google.com/safebrowsing/report_phish/?tpl=mozilla&url="); /// Unclear whether these are actually used or not, but looks like Firefox has some kind of functionality to view a "report" from Safe Browsing about the safety, history, & general status of a site // By default, it unnecessarily redirects from ex. https://safebrowsing.google.com/safebrowsing/diagnostic?site=example.org to https://transparencyreport.google.com/safe-browsing/search?url=example.org // We can skip the redirect to improve speed defaultPref("browser.safebrowsing.provider.google.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url="); defaultPref("browser.safebrowsing.provider.google4.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url="); // 010 GEOLOCATION /// Prevent Wi-Fi Scanning lockPref("browser.region.network.scan", false); // [DEFAULT] lockPref("geo.wifi.scan", false); /// Disable "Region Updates" // https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html lockPref("browser.region.network.url", ""); lockPref("browser.region.update.enabled", false); /// Deny websites geo permission by default /// We also set "Location" in policies // https://mozilla.github.io/policy-templates/#permissions defaultPref("permissions.default.geo", 2); /// Geo Provider defaultPref("geo.provider.network.url", "https://beacondb.net/v1/geolocate"); // Enable experimental geolocation support for BeaconDB, better than nothing for Windows/Linux users defaultPref("geo.provider.use_corelocation", true); // Enable Apple Location Services for macOS defaultPref("geo.provider.use_geoclue", false); // Disable Geoclue for Linux distros (at least for now) defaultPref("geo.provider.ms-windows-location", false); // Disable Microsoft Location Services for Windows users /// Update info URL to ours so that users receive accurate information defaultPref("browser.geolocation.warning.infoURL", "https://phoenix.celenity.dev/geo"); // 011 AI // https://support.mozilla.org/kb/ai-chatbot /// Ensure that AI functionality is disabled by default defaultPref("browser.ml.chat.enabled", false); // [DEFAULT] - AI Chatbot defaultPref("browser.ml.chat.shortcuts", false); // Pop-up when highlighting text defaultPref("browser.ml.enable", false); // [DEFAULT] - "Experimental Machine Learning Inference Engine" /// If AI Chatbot is enabled, set it to DuckDuckGo AI Chat by default /// Unfortunately this is not compatible with the pop-up when selecting text. There is also not a way at the moment to add it as a persistent option. defaultPref("browser.ml.chat.provider", "https://duckduckgo.com/?q=DuckDuckGo+AI+Chat&ia=chat"); /// If AI Chatbot is enabled, remove built-in Anthropic Claude, ChatGPT, Google Gemini, & Le Chat Mistral options due to the terrible privacy policies... /// HuggingChat is generally solid, though it does leave room for some questions, best option out of the built-in defaultPref("browser.ml.chat.providers", "huggingchat"); /// Allow toggling AI via about:preferences#experimental by default defaultPref("browser.ml.chat.hideFromLabs", false); /// If pop-up when highlighting text is enabled, allow typing a custom prompt based on your selection defaultPref("browser.ml.chat.shortcuts.custom", true); // [DEFAULT] // 012 WEBRTC defaultPref("media.peerconnection.ice.obfuscate_host_addresses", true); defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); lockPref("privacy.webrtc.allowSilencingNotifications", true); defaultPref("privacy.webrtc.globalMuteToggles", true); lockPref("privacy.webrtc.hideGlobalIndicator", false); lockPref("privacy.webrtc.sharedTabWarning", true); /// Always sandbox Media Transport // https://searchfox.org/mozilla-central/source/security/sandbox/common/SandboxSettings.cpp lockPref("media.peerconnection.mtransport_process", true); // [DEFAULT] // 013 DISK AVOIDANCE /// Disable Search & Form History - Can be leaked to sites // We also set "DisableFormHistory" in policies // https://mozilla.github.io/policy-templates/#disableformhistory // https://blog.mindedsecurity.com/2011/10/autocompleteagain.html lockPref("browser.formfill.enable", false); /// Disable caching, might reconsider since we clear cache on exit anyways defaultPref("browser.cache.disk.enable", false); defaultPref("browser.cache.disk_cache_ssl", false); defaultPref("browser.cache.memory.enable", false); defaultPref("browser.cache.memory.capacity", 0); defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true); /// Prevent storing unnecessary extra session data defaultPref("browser.sessionstore.privacy_level", 2); /// Sanitize on exit // We also configure "SanitizeOnShutdown" in policies // https://mozilla.github.io/policy-templates/#sanitizeonshutdown-selective lockPref("privacy.clearHistory.cache", true); defaultPref("privacy.clearHistory.historyFormDataAndDownloads", true); lockPref("privacy.clearSiteData.cache", true); defaultPref("privacy.clearSiteData.historyFormDataAndDownloads", true); lockPref("privacy.clearOnShutdown.cache", true); defaultPref("privacy.clearOnShutdown.cookies", true); defaultPref("privacy.clearOnShutdown.downloads", true); lockPref("privacy.clearOnShutdown.formdata", true); defaultPref("privacy.clearOnShutdown.history", true); defaultPref("privacy.clearOnShutdown.offlineApps", true); defaultPref("privacy.clearOnShutdown.sessions", true); lockPref("privacy.clearOnShutdown_v2.cache", true); defaultPref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); defaultPref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); lockPref("privacy.cpd.cache", true); lockPref("privacy.cpd.formdata", true); lockPref("privacy.sanitize.sanitizeOnShutdown", true); // Allows selectively clearing data on shutdown /// Set time range when manually clearing data to "everything" by default defaultPref("privacy.sanitize.timeSpan", 0); /// Prevent logging blocked domains in about:protections defaultPref("browser.contentblocking.cfr-milestone.enabled", false); defaultPref("browser.contentblocking.database.enabled", false); /// Disable favicons in shortcuts, prevents .ico files from persisting even after deletion defaultPref("browser.shell.shortcutFavicons", false); /// Delete cached files from windows opened with external applications /// We also set "StartDownloadsInTempDirectory" in policies // https://mozilla.github.io/policy-templates/#startdownloadsintempdirectory defaultPref("browser.download.start_downloads_in_tmp_dir", true); defaultPref("browser.helperApps.deleteTempFileOnExit", true); // Prevent exposing content in the window title for Private Browsing windows // https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js defaultPref("privacy.exposeContentTitleInWindow.pbm", false); /// When a file is deleted in Firefox, also remove from session list & history // https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js defaultPref("browser.download.clearHistoryOnDelete", 2); /// Adds a fire button in Private Browsing Windows to reset session defaultPref("browser.privatebrowsing.resetPBM.enabled", true); /// Prevent automatically starting Firefox & restoring session after reboot on Windows lockPref("toolkit.winRegisterApplicationRestart", false); /// Disable LaterRun - Tracks profile creation time & number of browser uses // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41568 // https://bugzilla.mozilla.org/show_bug.cgi?id=1200639 lockPref("browser.laterrun.bookkeeping.profileCreationTime", 0); lockPref("browser.laterrun.bookkeeping.sessionCount", 0); lockPref("browser.laterrun.enabled", false); /// Prevent coloring visited links defaultPref("layout.css.visited_links_enabled", false); /// Disable collecting & generating background thumbnails defaultPref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN] // 014 EXTENSIONS // Only allow signed extensions lockPref("extensions.langpacks.signatures.required", true); lockPref("xpinstall.signatures.required", true); // {DEFAULT} lockPref("xpinstall.whitelist.required", true); // {DEFAULT} // Block extensions signed with weak signature algorithms lockPref("xpinstall.signatures.weakSignaturesTemporarilyAllowed", false); // Enforce Extension Blocklist lockPref("extensions.blocklist.enabled", true); // [DEFAULT] // Never bypass 3rd party extension install prompts lockPref("extensions.postDownloadThirdPartyPrompt", false); // Allow LocalCDN to work on quarantined domains defaultPref("extensions.quarantineIgnoredByUser.{b86e4813-687a-43e6-ab65-0bde4ab75758}", true); // Allow Mullvads extension to work on quarantined domains defaultPref("extensions.quarantineIgnoredByUser.{d19a89b9-76c1-4a61-bcd4-49e8de916403}", true); // 015 PDF.js /// Disable JavaScript lockPref("pdfjs.enableScripting", false); /// Never allow documents to prevent copying text /// We also set `EnablePermissions` in policies // https://mozilla.github.io/policy-templates/#pdfjs lockPref("pdfjs.enablePermissions", false); // [DEFAULT] /// Prevent checking if default PDF viewer // https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js lockPref("browser.shell.checkDefaultPDF", false); lockPref("browser.shell.checkDefaultPDF.silencedByUser", true); /// Never open Microsoft Edge for PDFs // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml lockPref("browser.pdf.launchDefaultEdgeAsApp", false); /// Open PDFs in browser where possible defaultPref("browser.download.open_pdf_attachments_inline", true); /// Show sidebar by default when viewing PDFs defaultPref("pdfjs.sidebarViewOnLoad", 2); // 016 FINGERPRINTING PROTECTION /// Set US English as locale by default defaultPref("intl.accept_languages", "en-US, en"); defaultPref("intl.locale.requested", "en-US"); defaultPref("privacy.spoof_english", 2); /// Round window sizes defaultPref("privacy.window.maxInnerHeight", 900); defaultPref("privacy.window.maxInnerWidth", 1600); /// Expose RFP letterboxing to users, but do not enable by default defaultPref("privacy.resistFingerprinting.letterboxing", false); // [DEFAULT, HIDDEN] /// If RFP is enabled, always randomize canvas lockPref("privacy.resistFingerprinting.randomDataOnCanvasExtract", true); // [DEFAULT] /// If RFP is enabled, unbreak Apple Maps by default defaultPref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid,beta.maps.apple.com"); /// Disable WebGPU // https://browserleaks.com/webgpu lockPref("dom.webgpu.enabled", false); // [DEFAULT] /// Enforce that WebGL stays disabled if it is disabled lockPref("webgl.disable-fail-if-major-performance-caveat", false); /// Prevent using system colors lockPref("browser.display.use_system_colors", false); // 017 MISC. PRIVACY /// Enable ETP Strict lockPref("browser.contentblocking.category", "strict"); /// Set LibreWolf/forks to use our custom enhanced uBlock Origin config by default // We do not support LibreWolf at the moment, but this will be beneficial if that ever changes in the future. defaultPref("librewolf.uBO.assetsBootstrapLocation", "https://phoenix.celenity.dev/uBlock/assets.json"); /// Enforce container isolation of about:home content lockPref("browser.discovery.containers.enabled", true); // [DEFAULT] /// Enforce Do Not Track & Global Privacy Control lockPref("privacy.donottrackheader.enabled", true); lockPref("privacy.globalprivacycontrol.enabled", true); lockPref("privacy.globalprivacycontrol.functionality.enabled", true); lockPref("privacy.globalprivacycontrol.pbmode.enabled", true); // [DEFAULT] /// Disable "Privacy-Preserving Attribution" // https://support.mozilla.org/kb/privacy-preserving-attribution lockPref("dom.origin-trials.private-attribution.state", 0); lockPref("dom.private-attribution.submission.enabled", false); /// Disable Reporting API // https://w3c.github.io/reporting/ // https://bugzilla.mozilla.org/show_bug.cgi?id=1492036 lockPref("dom.reporting.enabled", false); // [DEFAULT] lockPref("dom.reporting.crash.enabled", false); lockPref("dom.reporting.featurePolicy.enabled", false); lockPref("dom.reporting.header.enabled", false); /// Trim cross-origin referers (Like Safari) lockPref("network.http.referer.XOriginTrimmingPolicy", 2); /// Restrict referers for trackers lockPref("network.http.referer.defaultPolicy.trackers", 1); lockPref("network.http.referer.defaultPolicy.trackers.pbmode", 1); /// Disable Hyperlink Auditing (Click Tracking) // https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ lockPref("browser.send_pings", false); // [DEFAULT] lockPref("browser.send_pings.max_per_link", 0); // [DEFENSE IN DEPTH] lockPref("browser.send_pings.require_same_host", true); // [DEFENSE IN DEPTH] /// Improve built-in query stripping to be on par with LibreWolf & Brave // https://codeberg.org/librewolf/settings/src/branch/master/librewolf.cfg#L77 defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); /// Strip tracking parameters from URLs when shared by default defaultPref("privacy.query_stripping.strip_on_share.enabled", true); // [DEFAULT] // 018 PASSWORDS & AUTHENTICATION /// Never Autofill lockPref("signon.autofillForms", false); lockPref("signon.autofillForms.http", false); // [DEFAULT] lockPref("signon.formlessCapture.enabled", false); lockPref("signon.privateBrowsingCapture.enabled", false); /// Always allow showing password when hidden defaultPref("layout.forms.reveal-password-button.enabled", true); defaultPref("layout.forms.reveal-password-context-menu.enabled", true); // [DEFAULT] /// Prevent websites from dictating whether to allow filling passwords // https://blog.0xbadc0de.be/archives/124 defaultPref("signon.storeWhenAutocompleteOff", false); /// Never truncate passwords // https://www.ghacks.net/2020/05/18/firefox-77-wont-truncate-text-exceeding-max-length-to-address-password-pasting-issues/ defaultPref("editor.truncate_user_pastes", false); /// Disable Password Manager by default - Insecure & unencrypted /// You should instead use something like Bitwarden or Proton Pass defaultPref("extensions.formautofill.addresses.enabled", false); defaultPref("extensions.formautofill.creditCards.enabled", false); defaultPref("services.sync.engine.passwords", false); defaultPref("signon.rememberSignons", false); /// If password manager is enabled, enable alerts for breached & vulnerable passwords by default, harmless and never sends passwords or sensitive data to Mozilla // https://support.mozilla.org/kb/mozilla-monitor-faq#w_does-mozilla-monitor-know-my-passwords // https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/ // https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js defaultPref("signon.management.page.breach-alerts.enabled", true); // [DEFAULT] defaultPref("signon.management.page.vulnerable-passwords.enabled", true); // [DEFAULT] /// If password manager is enabled, enable strong password generation by default defaultPref("signon.generation.enabled", true); // [DEFAULT] /// Prevent cross-origin sub-resources from opening HTTP authentication dialogs lockPref("network.auth.subresource-http-auth-allow", 1); /// Disable Windows SSO /// We also configure "WindowsSSO" in policies // https://mozilla.github.io/policy-templates/#windowssso lockPref("network.http.windows-sso.enabled", false); // [DEFAULT] lockPref("network.http.windows-sso.container-enabled.0", false); /// Disable Microsoft Entra /// We also configure "MicrosoftEntraSSO" in policies // https://mozilla.github.io/policy-templates/#microsoftentrasso lockPref("network.http.microsoft-entra-sso.enabled", false); // [DEFAULT] lockPref("network.http.microsoft-entra-sso.container-enabled.0", false); lockPref("network.microsoft-sso-authority-list", ""); // DEFENSE IN DEPTH /// Prevent using Negotiate authentication by default // https://people.redhat.com/mikeb/negotiate/ defaultPref("network.negotiate-auth.trusted-uris", ""); // [DEFAULT] /// Enforce crashing on insecure password input lockPref("intl.allow-insecure-text-input", false); // [DEFAULT] /// Protect against password spoofing for cross-domain auth requests // https://bugzilla.mozilla.org/show_bug.cgi?id=791594 // https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js lockPref("privacy.authPromptSpoofingProtection", true); // [DEFAULT] // 019 ATTACK SURFACE REDUCTION /// Disable JavaScript Just-in-time Compilation (JIT) // https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ defaultPref("javascript.options.baselinejit", false); defaultPref("javascript.options.ion", false); defaultPref("javascript.options.native_regexp", false); // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21865 https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml defaultPref("javascript.options.wasm_baselinejit", false); /// Disable ASM.JS (More JIT) // https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ defaultPref("javascript.options.asmjs", false); /// Disable MathML // https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mathml defaultPref("mathml.disabled", true); /// Disable Graphite & SVG OpenType fonts // https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite // https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+svg defaultPref("gfx.font_rendering.graphite.enabled", false); defaultPref("gfx.font_rendering.opentype_svg.enabled", false); /// Disable WebXR // https://developer.mozilla.org/docs/Web/API/WebXR_Device_API defaultPref("browser.xr.warning.infoURL", ""); // Harmless but does not apply to us defaultPref("permissions.default.xr", 2); // 022 MISC. SECURITY /// Disable Accessibility Services // https://support.mozilla.org/kb/accessibility-services#w_malware-and-adware lockPref("accessibility.force_disabled", 1); lockPref("devtools.accessibility.enabled", false); /// Enforce that Content Analysis is disabled /// We also set "ContentAnalysis" in policies // https://mozilla.github.io/policy-templates/#contentanalysis // https://github.com/chromium/content_analysis_sdk lockPref("browser.contentanalysis.default_result", 0); // [DEFAULT] lockPref("browser.contentanalysis.enabled", false); // [DEFAULT] lockPref("browser.contentanalysis.interception_point.clipboard.enabled", false); lockPref("browser.contentanalysis.interception_point.drag_and_drop.enabled", false); lockPref("browser.contentanalysis.interception_point.file_upload.enabled", false); lockPref("browser.contentanalysis.interception_point.print.enabled", false); /// Enforce Site Isolation & Isolate all websites lockPref("dom.ipc.processCount.webIsolated", 1); lockPref("fission.autostart", true); // [DEFAULT] /// Enable GPU Sandboxing // https://www.ghacks.net/2023/01/17/firefox-110-will-launch-with-gpu-sandboxing-on-windows/ lockPref("security.sandbox.gpu.level", 1); /// Disable GNOME Integration // https://searchfox.org/mozilla-central/source/browser/components/shell/nsGNOMEShellService.cpp lockPref("browser.gnome-search-provider.enabled", false); /// Protect against CSRF Attacks (Like Chromium) // https://groups.google.com/a/mozilla.org/g/dev-platform/c/6PZtLH7c6JQ // https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/ // https://web.dev/articles/samesite-cookies-explained // https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions defaultPref("network.cookie.sameSite.laxByDefault", true); defaultPref("network.cookie.sameSite.noneRequiresSecure", true); defaultPref("network.cookie.sameSite.schemeful", true); /// Enforce Strict file:// Origin Policy // https://stuffandnonsense.co.uk/blog/firefoxs_file_uri_origin_policy_and_web_fonts // https://stackoverflow.com/questions/2856502/css-font-face-not-working-with-firefox-but-working-with-chrome-and-ie lockPref("security.fileuri.strict_origin_policy", true); // [DEFAULT] /// Always protect against MIME Exploits // https://www.pcmag.com/encyclopedia/term/mime-exploit lockPref("security.block_fileuri_script_with_wrong_mime", true); lockPref("security.block_Worker_with_wrong_mime", true); // [DEFAULT] /// Never load Navigator Media Objects & getUserMedia Support in insecure contexts // https://developer.mozilla.org/docs/Web/API/Navigator/mediaDevices // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml lockPref("media.devices.insecure.enabled", false); // [DEFAULT] lockPref("media.getusermedia.insecure.enabled", false); // [DEFAULT] // 023 BLOCK COOKIE BANNERS defaultPref("cookiebanners.service.mode", 1); defaultPref("cookiebanners.service.mode.privateBrowsing", 1); defaultPref("cookiebanners.service.enableGlobalRules", true); defaultPref("cookiebanners.ui.desktop.enabled", true); // 024 MEDIA /// Always sandbox GMP // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml lockPref("media.gmp.insecure.allow", false); // [DEFAULT] /// Enforce validating signature for GMP when updating // https://searchfox.org/mozilla-central/source/modules/libpref/init/all.js lockPref("media.gmp-manager.cert.checkAttributes", true); // [DEFAULT] lockPref("media.gmp-manager.cert.requireBuiltIn", true); // [DEFAULT] lockPref("media.gmp-manager.checkContentSignature", true); // [DEFAULT] /// Disable Autoplay by default defaultPref("media.autoplay.default", 5); defaultPref("userContent.player.click_to_play", true); // https://github.com/black7375/Firefox-UI-Fix/wiki/Options#defaults-6 /// DRM // Garbage technology with freedom, privacy, & security concerns // We also set "EncryptedMediaExtensions" in policies // https://mozilla.github.io/policy-templates/#encryptedmediaextensions // https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next lockPref("browser.eme.ui.enabled", false); lockPref("media.clearkey.persistent-license.enabled", false); // [DEFAULT] lockPref("media.clearkey.test-key-systems.enabled", false); // [DEFAULT] lockPref("media.eme.enabled", false); lockPref("media.eme.encrypted-media-encryption-scheme.enabled", false); lockPref("media.eme.hdcp-policy-check.enabled", false); lockPref("media.eme.playready.enabled", false); lockPref("media.eme.require-app-approval", true); // [DEFENSE IN DEPTH]: Enforce locking DRM behind permission https://searchfox.org/mozilla-central/source/mobile/android/app/geckoview-prefs.js#304 lockPref("media.eme.wmf.clearkey.enabled", false); // [DEFAULT] lockPref("media.gmp-widevinecdm.enabled", false); lockPref("media.gmp-widevinecdm.visible", false); lockPref("media.gmp-widevinecdm-l1.enabled", false); lockPref("media.gmp-widevinecdm-l1.visible", false); lockPref("media.mediadrm-widevinecdm.visible", false); // [ANDROID]: https://searchfox.org/mozilla-central/source/mobile/android/app/geckoview-prefs.js#320 // 025 UPDATES /// Browser Updates defaultPref("app.update.badgeWaitTime", 0); // Immediately show badge on hamburger menu when update is available defaultPref("app.update.notifyDuringDownload", true); // Ensure that users are notified when an update is downloaded defaultPref("app.update.promptWaitTime", 3600); // Decrease time between update prompts, default is very generous... defaultPref("browser.startup.upgradeDialog.enabled", true); // Enables showing a dialog/pop-up on major upgrades /// Enforce Extension Updates /// We also set "ExtensionUpdate" in policies // https://mozilla.github.io/policy-templates/#extensionupdate lockPref("extensions.systemAddon.update.enabled", true); // [DEFAULT] lockPref("extensions.update.autoUpdateDefault", true); // [DEFAULT] lockPref("extensions.update.enabled", true); // [DEFAULT] lockPref("media.gmp-manager.updateEnabled", true); // 026 DEBUGGING /// Enforce local debugging only lockPref("devtools.debugger.force-local", true); lockPref("devtools.debugger.prompt-connection", true); lockPref("devtools.debugger.remote-enabled", false); lockPref("devtools.inspector.remote", false); /// Ensure that URLs are not being logged in Reader errors lockPref("reader.errors.includeURLs", false); /// 027 MISC. /// Enable Containers & isolate permissions per container defaultPref("permissions.isolateBy.userContext", true); defaultPref("privacy.userContext.enabled", true); defaultPref("privacy.userContext.ui.enabled", true); /// Never hide any extensions in about:debugging lockPref("devtools.aboutdebugging.showHiddenAddons", true); /// Enable Profiles UI defaultPref("browser.profiles.enabled", true); /// Force pop-up windows to open in new tabs instead lockPref("browser.link.open_newwindow", 3); // [DEFAULT] lockPref("browser.link.open_newwindow.disabled_in_fullscreen", true); lockPref("browser.link.open_newwindow.restriction", 0); /// Always block pop-ups by default /// We also configure "PopupBlocking" in policies // https://mozilla.github.io/policy-templates/#popupblocking defaultPref("dom.disable_open_during_load", true); // [DEFAULT] /// Limit what events can cause pop-ups defaultPref("dom.popup_allowed_events", "click dblclick"); /// Notify on Pop-up blocking by default defaultPref("privacy.popups.showBrowserMessage", true); /// Prevent scripts from moving, resizing, and messing with windows lockPref("dom.disable_window_flip", true); // {DEFAULT} lockPref("dom.disable_window_move_resize", true); /// Never check default browser /// We also set "DontCheckDefaultBrowser" in policies // https://mozilla.github.io/policy-templates/#dontcheckdefaultbrowser lockPref("browser.shell.checkDefaultBrowser", false); lockPref("browser.shell.skipDefaultBrowserCheckOnFirstRun", true); /// Disable annoying Web Speech API errors lockPref("media.webspeech.synth.dont_notify_on_error", true); /// Disable weather on Home by default defaultPref("browser.newtabpage.activity-stream.showWeather", false); /// Prevent websites from hijacking keyboard shortcuts by default /// Can be overriden per site as needed defaultPref("permissions.default.shortcuts", 2); /// Disable Firefox "Reset/Refresh Profile" prompt /// This could cause Phoenix users serious issues, especially those using user.js files /// We also configure "DisableProfileRefresh" in policies // https://mozilla.github.io/policy-templates/#disableprofilerefresh lockPref("browser.disableResetPrompt", true); // 028 PERFORMANCE // A lot of these taken from https://github.com/yokoffing/Betterfox/blob/main/Fastfox.js defaultPref("browser.cache.disk.metadata_memory_limit", 500); defaultPref("browser.cache.jsbc_compression_level", 3); defaultPref("browser.sessionstore.interval", 60000); defaultPref("browser.sessionstore.max_tabs_undo", 7); defaultPref("browser.sessionhistory.max_total_viewers", 7); defaultPref("browser.tabs.min_inactive_duration_before_unload", 300000); defaultPref("browser.toolbars.bookmarks.visibility", "always"); defaultPref("content.notify.interval", 100000); // https://searchfox.org/mozilla-central/rev/c1180ea13e73eb985a49b15c0d90e977a1aa919c/modules/libpref/init/StaticPrefList.yaml#1824-1834 defaultPref("dom.enable_web_task_scheduling", true); // https://blog.mozilla.org/performance/2022/06/02/prioritized-task-scheduling-api-is-prototyped-in-nightly/ defaultPref("extensions.logging.enabled", false); // [DEFAULT] https://searchfox.org/mozilla-central/source/mobile/android/app/geckoview-prefs.js#232 defaultPref("gfx.canvas.accelerated.cache-items", 4096); defaultPref("gfx.canvas.accelerated.cache-size", 512); defaultPref("gfx.content.skia-font-cache-size", 20); defaultPref("gfx.webrender.all", true); defaultPref("gfx.webrender.compositor", true); defaultPref("image.mem.decode_bytes_at_a_time", 32768); defaultPref("image.mem.shared.unmap.min_expiration_ms", 120000); defaultPref("layout.css.grid-template-masonry-value.enabled", true); // https://developer.mozilla.org/docs/Web/CSS/CSS_Grid_Layout/Masonry_Layout defaultPref("layout.css.report_errors", false); // https://searchfox.org/mozilla-central/source/mobile/android/app/geckoview-prefs.js#299 defaultPref("media.cache_readahead_limit", 7200); defaultPref("media.cache_resume_threshold", 3600); defaultPref("media.ffmpeg.vaapi.enabled", true); // Enable VA-API by default defaultPref("network.buffer.cache.count", 128); defaultPref("network.buffer.cache.size", 262144); defaultPref("network.dnsCacheEntries", 1000); defaultPref("network.dnsCacheExpiration", 3600); defaultPref("network.dnsCacheExpirationGracePeriod", 240); defaultPref("network.http.max-connections", 1800); defaultPref("network.http.max-persistent-connections-per-proxy", 48); defaultPref("network.http.max-persistent-connections-per-server", 10); defaultPref("network.http.max-urgent-start-excessive-connections-per-host", 5); defaultPref("media.memory_cache_max_size", 65536); // 029 SMOOTH SCROLLING defaultPref("general.smoothScroll", true); defaultPref("general.smoothScroll.currentVelocityWeighting", "1"); defaultPref("general.smoothScroll.msdPhysics.continuousMotionMaxDeltaMS", 12); defaultPref("general.smoothScroll.msdPhysics.enabled", true); defaultPref("general.smoothScroll.msdPhysics.motionBeginSpringConstant", 600); defaultPref("general.smoothScroll.msdPhysics.regularSpringConstant", 650); defaultPref("general.smoothScroll.msdPhysics.slowdownMinDeltaMS", 25); defaultPref("general.smoothScroll.msdPhysics.slowdownMinDeltaRatio", "2"); defaultPref("general.smoothScroll.msdPhysics.slowdownSpringConstant", 250); defaultPref("general.smoothScroll.stopDecelerationWeighting", "1"); defaultPref("mousewheel.default.delta_multiplier_y", 300); // Personal Touch 💜 /// Things that are nice to have™ defaultPref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"_testpilot-containers-browser-action\",\"fxa-toolbar-menu-button\",\"reset-pbm-toolbar-button\",\"developer-button\",\"ublock0_raymondhill_net-browser-action\",\"downloads-button\",\"unified-extensions-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\"],\"vertical-tabs\":[],\"PersonalToolbar\":[\"personal-bookmarks\"]},\"seen\":[\"reset-pbm-toolbar-button\",\"developer-button\",\"_testpilot-containers-browser-action\",\"ublock0_raymondhill_net-browser-action\"],\"dirtyAreaCache\":[\"nav-bar\",\"vertical-tabs\",\"PersonalToolbar\",\"unified-extensions-area\",\"TabsToolbar\"],\"currentVersion\":20,\"newElementCount\":4}"); // Clean-up default UI defaultPref("browser.bookmarks.autoExportHTML", true); defaultPref("browser.bookmarks.openInTabClosesMenu", false); defaultPref("browser.compactmode.show", true); defaultPref("browser.mailto.dualPrompt", false); // Prevent prompting to use as mailto handler defaultPref("browser.mailto.prompt.os", false); // Prevent prompting to use as mailto handlerreduced defaultPref("browser.menu.showViewImageInfo", true); defaultPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.enabled", true); defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.v2.enabled", true); defaultPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); defaultPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); defaultPref("browser.newtabpage.activity-stream.section.highlights.rows", 0); defaultPref("browser.newtabpage.activity-stream.showRecentSaves", false); defaultPref("browser.preferences.experimental", true); defaultPref("browser.privateWindowSeparation.enabled", false); defaultPref("browser.search.openintab", true); defaultPref("browser.search.widget.inNavBar", true); defaultPref("browser.spin_cursor_while_busy", true); defaultPref("browser.tabs.loadBookmarksInTabs", true); defaultPref("browser.translations.alwaysTranslateLanguages", "de,ru,bg,ca,hr,cs,da,nl,et,fi,fr,el,hu,id,it,lv,lt,pl,pt,ro,sr,sk,sl,es,sv,tr,uk,vi"); defaultPref("browser.translations.automaticallyPopup", true); // [DEFAULT] defaultPref("browser.translations.enable", true); // [DEFAULT] defaultPref("browser.translations.newSettingsUI.enable", true); defaultPref("browser.translations.select.enable", true); // [DEFAULT] defaultPref("browser.urlbar.openintab", true); defaultPref("devtools.debugger.ui.editor-wrapping", true); defaultPref("findbar.highlightAll", true); defaultPref("full-screen-api.transition-duration.enter", "0 0"); defaultPref("full-screen-api.transition-duration.leave", "0 0"); defaultPref("full-screen-api.warning.delay", -1); defaultPref("full-screen-api.warning.timeout", 0); defaultPref("security.xfocsp.hideOpenInNewWindow", false); defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", true); defaultPref("view_source.wrap_long_lines", true); // Misc. lockPref("identity.fxaccounts.migrateToDevEdition", false); defaultPref("media.gmp-gmpopenh264.enabled", false); // Dev stuff :p defaultPref("devtools.chrome.enabled", true); defaultPref("devtools.command-button-measure.enabled", true); defaultPref("devtools.command-button-rulers.enabled", true); defaultPref("devtools.command-button-screenshot.enabled", true); defaultPref("devtools.dom.enabled", true); // DO NOT TOUCH // These are prefs that do more harm than good and should not be touched by users // Locking them so users are not misled into thinking they improve privacy/security // If any of these have legitimate use cases, please let me know! Freedom is important to this project. lockPref("beacon.enabled", true); // [DEFAULT] - Useless & fingerprintable, the websites can get the data from this API anyways... lockPref("device.sensors.enabled", true); // [DEFAULT] - Useless & fingerprintable, covered by RFP/FPP lockPref("dom.enable_performance", true); // [DEFAULT] - Useless & fingerprintable, covered by RFP/FPP lockPref("dom.enable_resource_timing", true); // [DEFAULT] - Useless & fingerprintable, covered by RFP/FPP lockPref("dom.gamepad.enabled", true); // [DEFAULT] - Useless & fingerprintable, covered by RFP/FPP lockPref("dom.serviceWorkers.enabled", true); // [DEFAULT] - Useless, isolated, fingerprintable, does more harm than good lockPref("dom.webaudio.enabled", true); // [DEFAULT] - Useless & does more harm than good, covered by FPP/RFP lockPref("dom.webnotifications.enabled", true); // [DEFAULT] - Notifications are locked behind a permission prompt (Which we block anyways), unnecessary & fingerprintable lockPref("geo.enabled", true); // [DEFAULT] - Geolocation is locked behind a permission prompt (Which we block anyways), unnecessary & fingerprintable lockPref("media.navigator.enabled", true); // [DEFAULT] - Useless & does more harm than good, covered by FPP/RFP lockPref("media.ondevicechange.enabled", true); // [DEFAULT] - Useless & does more harm than good, covered by FPP/RFP lockPref("media.peerconnection.enabled", true); // [DEFAULT] - Only necessary to disable on Android, uses mDNS Host Obfuscation on desktop & Private IP is only exposed in trusted scenarios lockPref("media.video_stats.enabled", true); // [DEFAULT] - Useless & does more harm than good, covered by FPP/RFP lockPref("media.webspeech.synth.enabled", true); // [DEFAULT] - Useless & does more harm than good, covered by FPP/RFP lockPref("network.http.altsvc.enabled", true); // [DEFAULT] - Isolated with network partitioning, no point, more harm than good lockPref("privacy.firstparty.isolate", false); // [DEFAULT] - Deprecated, covered by TCP/ETP lockPref("security.ssl.disable_session_identifiers", false); // [DEFAULT] - These are session only, disabling is fingerprintable, useless, & even hurts performance lockPref("ui.use_standins_for_native_colors", false); // [DEFAULT] - Useless & does more harm than good, covered by FPP/RFP lockPref("webgl.enable-debug-renderer-info", true); // [DEFAULT] - Useless & does more harm than good, covered by FPP/RFP // Sync more prefs // Note that for this to work, the below prefs must be set on BOTH the device you are syncing from & to... // Useful especially if you override our defaults defaultPref("services.sync.prefs.sync.browser.aboutConfig.showWarning", true); defaultPref("services.sync.prefs.sync.browser.bookmarks.autoExportHTML", true); defaultPref("services.sync.prefs.sync.browser.bookmarks.openInTabClosesMenu", true); defaultPref("services.sync.prefs.sync.browser.compactmode.show", true); defaultPref("services.sync.prefs.sync.browser.mailto.dualPrompt", true); defaultPref("services.sync.prefs.sync.browser.mailto.prompt.os", true); defaultPref("services.sync.prefs.sync.browser.meta_refresh_when_inactive.disabled", true); defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.discoverystream.recentSaves.enabled", true); defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.places", true); defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", true); defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.newtabWallpapers.enabled", true); defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.newtabWallpapers.v2.enabled", true); defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.showRecentSaves", true); defaultPref("services.sync.prefs.sync.browser.preferences.experimental", true); defaultPref("services.sync.prefs.sync.browser.privateWindowSeparation.enabled", true); defaultPref("services.sync.prefs.sync.browser.search.openintab", true); defaultPref("services.sync.prefs.sync.browser.spin_cursor_while_busy", true); defaultPref("services.sync.prefs.sync.browser.tabs.loadBookmarksInTabs", true); defaultPref("services.sync.prefs.sync.browser.translations.alwaysTranslateLanguages", true); defaultPref("services.sync.prefs.sync.browser.translations.automaticallyPopup", true); defaultPref("services.sync.prefs.sync.browser.translations.enable", true); defaultPref("services.sync.prefs.sync.browser.translations.newSettingsUI.enable", true); defaultPref("services.sync.prefs.sync.browser.translations.select.enable", true); defaultPref("services.sync.prefs.sync.browser.urlbar.openintab", true); defaultPref("services.sync.prefs.sync.devtools.chrome.enabled", true); defaultPref("services.sync.prefs.sync.devtools.command-button-measure.enabled", true); defaultPref("services.sync.prefs.sync.devtools.command-button-rulers.enabled", true); defaultPref("services.sync.prefs.sync.devtools.command-button-screenshot.enabled", true); defaultPref("services.sync.prefs.sync.devtools.debugger.ui.editor-wrapping", true); defaultPref("services.sync.prefs.sync.devtools.dom.enabled", true); defaultPref("services.sync.prefs.sync.findbar.highlightAll", true); defaultPref("services.sync.prefs.sync.full-screen-api.transition-duration.enter", true); defaultPref("services.sync.prefs.sync.full-screen-api.transition-duration.leave", true); defaultPref("services.sync.prefs.sync.full-screen-api.warning.delay", true); defaultPref("services.sync.prefs.sync.full-screen-api.warning.timeout", true); defaultPref("services.sync.prefs.sync.security.xfocsp.hideOpenInNewWindow", true); defaultPref("services.sync.prefs.sync.toolkit.legacyUserProfileCustomizations.stylesheets", true); defaultPref("services.sync.prefs.sync.view_source.wrap_long_lines", true); defaultPref("services.sync.prefs.sync.media.autoplay.blocking_policy", true); defaultPref("services.sync.prefs.sync.media.gmp-gmpopenh264.enabled", true); defaultPref("services.sync.prefs.sync.media.gmp-gmpopenh264.provider.enabled", true); defaultPref("services.sync.prefs.sync.media.gmp-gmpopenh264.visible", true); defaultPref("services.sync.prefs.sync.media.gmp-gmpopenh264.provider.enabled", true); defaultPref("services.sync.prefs.sync.media.gmp-provider.enabled", true); defaultPref("services.sync.prefs.sync.general.warnOnAboutConfig", true); defaultPref("services.sync.prefs.sync.extensions.webextensions.restrictedDomains", true); defaultPref("services.sync.prefs.sync.app.releaseNotesURL", true); defaultPref("services.sync.prefs.sync.app.releaseNotesURL.aboutDialog", true); defaultPref("services.sync.prefs.sync.app.releaseNotesURL.prompt", true); defaultPref("services.sync.prefs.sync.extensions.getAddons.search.browseURL", true); defaultPref("services.sync.prefs.sync.browser.firefox-view.search.enabled", true); defaultPref("services.sync.prefs.sync.browser.firefox-view.virtual-list.enabled", true); defaultPref("services.sync.prefs.sync.browser.tabs.firefox-view-newIcon", true); defaultPref("services.sync.prefs.sync.browser.tabs.firefox-view-next", true); defaultPref("services.sync.prefs.sync.browser.urlbar.update2.engineAliasRefresh", true); defaultPref("services.sync.prefs.sync.browser.search.separatePrivateDefault.ui.enabled", true); defaultPref("services.sync.prefs.sync.browser.search.separatePrivateDefault.urlbarResult.enabled", true); defaultPref("services.sync.prefs.sync.network.IDN_show_punycode", true); defaultPref("services.sync.prefs.sync.browser.urlbar.clipboard.featureGate", true); defaultPref("services.sync.prefs.sync.browser.urlbar.suggest.calculator", true); defaultPref("services.sync.prefs.sync.browser.urlbar.suggest.clipboard", true); defaultPref("services.sync.prefs.sync.browser.urlbar.unitConversion.enabled", true); defaultPref("services.sync.prefs.sync.dom.security.https_only_mode_error_page_user_suggestions", true); defaultPref("services.sync.prefs.sync.browser.xul.error_pages.expert_bad_cert", true); defaultPref("services.sync.prefs.sync.network.trr.custom_uri", true); defaultPref("services.sync.prefs.sync.network.trr.mode", true); defaultPref("services.sync.prefs.sync.network.trr.uri", true); defaultPref("services.sync.prefs.sync.doh-rollout.provider-list", true); defaultPref("services.sync.prefs.sync.network.dns.native_https_query", true); defaultPref("services.sync.prefs.sync.security.OCSP.require", true); defaultPref("services.sync.prefs.sync.security.ssl.require_safe_negotiation", true); defaultPref("services.sync.prefs.sync.browser.xul.error_pages.show_safe_browsing_details_on_load", true); defaultPref("services.sync.prefs.sync.browser.safebrowsing.provider.google.reportMalwareMistakeURL", true); defaultPref("services.sync.prefs.sync.browser.safebrowsing.provider.google.reportPhishMistakeURL", true); defaultPref("services.sync.prefs.sync.browser.safebrowsing.provider.google4.reportMalwareMistakeURL", true); defaultPref("services.sync.prefs.sync.browser.safebrowsing.provider.google4.reportPhishMistakeURL", true); defaultPref("services.sync.prefs.sync.browser.safebrowsing.reportPhishURL", true); defaultPref("services.sync.prefs.sync.browser.safebrowsing.provider.google.reportURL", true); defaultPref("services.sync.prefs.sync.browser.safebrowsing.provider.google4.reportURL", true); defaultPref("services.sync.prefs.sync.permissions.default.camera", true); defaultPref("services.sync.prefs.sync.permissions.default.geo", true); defaultPref("services.sync.prefs.sync.permissions.default.microphone", true); defaultPref("services.sync.prefs.sync.geo.provider.network.url", true); defaultPref("services.sync.prefs.sync.geo.provider.use_corelocation", true); defaultPref("services.sync.prefs.sync.geo.provider.use_geoclue", true); defaultPref("services.sync.prefs.sync.geo.provider.ms-windows-location", true); defaultPref("services.sync.prefs.sync.browser.geolocation.warning.infoURL", true); defaultPref("services.sync.prefs.sync.privacy.webrtc.globalMuteToggles", true); defaultPref("services.sync.prefs.sync.browser.cache.disk.enable", true); defaultPref("services.sync.prefs.sync.browser.cache.disk_cache_ssl", true); defaultPref("services.sync.prefs.sync.browser.cache.memory.enable", true); defaultPref("services.sync.prefs.sync.browser.cache.memory.capacity", true); defaultPref("services.sync.prefs.sync.privacy.clearHistory.historyFormDataAndDownloads", true); defaultPref("services.sync.prefs.sync.privacy.clearSiteData.historyFormDataAndDownloads", true); defaultPref("services.sync.prefs.sync.privacy.sanitize.timeSpan", true); defaultPref("services.sync.prefs.sync.browser.privatebrowsing.resetPBM.enabled", true); defaultPref("services.sync.prefs.sync.extensions.quarantineIgnoredByUser.{b86e4813-687a-43e6-ab65-0bde4ab75758}", true); defaultPref("services.sync.prefs.sync.extensions.quarantineIgnoredByUser.{d19a89b9-76c1-4a61-bcd4-49e8de916403}", true); defaultPref("services.sync.prefs.sync.browser.download.open_pdf_attachments_inline", true); defaultPref("services.sync.prefs.sync.pdfjs.sidebarViewOnLoad", true); defaultPref("services.sync.prefs.sync.intl.accept_languages", true); defaultPref("services.sync.prefs.sync.intl.locale.requested", true); defaultPref("services.sync.prefs.sync.privacy.antitracking.enableWebcompat", true); defaultPref("services.sync.prefs.sync.privacy.fingerprintingProtection.remoteOverrides.enabled", true); defaultPref("services.sync.prefs.sync.privacy.spoof_english", true); defaultPref("services.sync.prefs.sync.privacy.resistFingerprinting", true); defaultPref("services.sync.prefs.sync.privacy.resistFingerprinting.letterboxing", true); defaultPref("services.sync.prefs.sync.privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction", true); defaultPref("services.sync.prefs.sync.privacy.restrict3rdpartystorage.heuristic.recently_visited", true); defaultPref("services.sync.prefs.sync.privacy.restrict3rdpartystorage.heuristic.redirect", true); defaultPref("services.sync.prefs.sync.privacy.restrict3rdpartystorage.heuristic.window_open", true); defaultPref("services.sync.prefs.sync.privacy.query_stripping.strip_list", true); defaultPref("services.sync.prefs.sync.layout.forms.reveal-password-button.enabled", true); defaultPref("services.sync.prefs.sync.layout.forms.reveal-password-context-menu.enabled", true); defaultPref("services.sync.prefs.sync.signon.management.page.vulnerable-passwords.enabled", true); defaultPref("services.sync.prefs.sync.network.negotiate-auth.trusted-uris", true); defaultPref("services.sync.prefs.sync.cookiebanners.service.mode", true); defaultPref("services.sync.prefs.sync.cookiebanners.service.mode.privateBrowsing", true); defaultPref("services.sync.prefs.sync.cookiebanners.service.enableGlobalRules", true); defaultPref("services.sync.prefs.sync.cookiebanners.ui.desktop.enabled", true); defaultPref("services.sync.prefs.sync.userContent.player.click_to_play", true); defaultPref("services.sync.prefs.sync.app.update.badgeWaitTime", true); defaultPref("services.sync.prefs.sync.app.update.notifyDuringDownload", true); defaultPref("services.sync.prefs.sync.app.update.promptWaitTime", 3600); defaultPref("services.sync.prefs.sync.privacy.userContext.ui.enabled", true); defaultPref("services.sync.prefs.sync.browser.profiles.enabled", true); defaultPref("services.sync.prefs.sync.privacy.popups.showBrowserMessage", true); defaultPref("services.sync.prefs.sync.browser.cache.disk.metadata_memory_limit", true); defaultPref("services.sync.prefs.sync.browser.cache.jsbc_compression_level", true); defaultPref("services.sync.prefs.sync.browser.sessionstore.interval", true); defaultPref("services.sync.prefs.sync.browser.sessionstore.max_tabs_undo", true); defaultPref("services.sync.prefs.sync.browser.sessionhistory.max_total_viewers", true); defaultPref("services.sync.prefs.sync.browser.tabs.min_inactive_duration_before_unload", true); defaultPref("services.sync.prefs.sync.browser.toolbars.bookmarks.visibility", true); defaultPref("services.sync.prefs.sync.content.notify.interval", true); defaultPref("services.sync.prefs.sync.dom.enable_web_task_scheduling", true); defaultPref("services.sync.prefs.sync.dom.security.https_only_mode_send_http_background_request", true); defaultPref("services.sync.prefs.sync.extensions.logging.enabled", true); defaultPref("services.sync.prefs.sync.general.smoothScroll.currentVelocityWeighting", true); defaultPref("services.sync.prefs.sync.general.smoothScroll.msdPhysics.continuousMotionMaxDeltaMS", true); defaultPref("services.sync.prefs.sync.general.smoothScroll.msdPhysics.enabled", true); defaultPref("services.sync.prefs.sync.general.smoothScroll.msdPhysics.motionBeginSpringConstant", true); defaultPref("services.sync.prefs.sync.general.smoothScroll.msdPhysics.regularSpringConstant", true); defaultPref("services.sync.prefs.sync.general.smoothScroll.msdPhysics.slowdownMinDeltaMS", true); defaultPref("services.sync.prefs.sync.general.smoothScroll.msdPhysics.slowdownMinDeltaRatio", true); defaultPref("services.sync.prefs.sync.general.smoothScroll.msdPhysics.slowdownSpringConstant", true); defaultPref("services.sync.prefs.sync.general.smoothScroll.stopDecelerationWeighting", true); defaultPref("services.sync.prefs.sync.gfx.canvas.accelerated.cache-items", true); defaultPref("services.sync.prefs.sync.gfx.canvas.accelerated.cache-size", true); defaultPref("services.sync.prefs.sync.gfx.content.skia-font-cache-size", true); defaultPref("services.sync.prefs.sync.gfx.webrender.all", true); defaultPref("services.sync.prefs.sync.gfx.webrender.compositor", true); defaultPref("services.sync.prefs.sync.image.mem.decode_bytes_at_a_time", true); defaultPref("services.sync.prefs.sync.image.mem.shared.unmap.min_expiration_ms", true); defaultPref("services.sync.prefs.sync.javascript.options.wasm", true); defaultPref("services.sync.prefs.sync.layout.css.grid-template-masonry-value.enabled", true); defaultPref("services.sync.prefs.sync.layout.css.report_errors", true); defaultPref("services.sync.prefs.sync.media.cache_readahead_limit", true); defaultPref("services.sync.prefs.sync.media.cache_resume_threshold", true); defaultPref("services.sync.prefs.sync.media.ffmpeg.vaapi.enabled", true); defaultPref("services.sync.prefs.sync.media.memory_cache_max_size", true); defaultPref("services.sync.prefs.sync.media.peerconnection.ice.default_address_only", true); defaultPref("services.sync.prefs.sync.media.peerconnection.ice.no_host", true); defaultPref("services.sync.prefs.sync.mousewheel.default.delta_multiplier_y", true); defaultPref("services.sync.prefs.sync.network.buffer.cache.count", true); defaultPref("services.sync.prefs.sync.network.buffer.cache.size", true); defaultPref("services.sync.prefs.sync.network.dnsCacheEntries", true); defaultPref("services.sync.prefs.sync.network.dnsCacheExpiration", true); defaultPref("services.sync.prefs.sync.network.dnsCacheExpirationGracePeriod", true); defaultPref("services.sync.prefs.sync.network.http.max-connections", true); defaultPref("services.sync.prefs.sync.network.http.max-connections", true); defaultPref("services.sync.prefs.sync.network.http.max-persistent-connections-per-proxy", true); defaultPref("services.sync.prefs.sync.network.http.max-persistent-connections-per-server", true); defaultPref("services.sync.prefs.sync.network.http.max-urgent-start-excessive-connections-per-host", true); defaultPref("services.sync.prefs.sync.network.http.referer.XOriginPolicy", true); defaultPref("services.sync.prefs.sync.webgl.disabled", true); // Prefs we previously toggled but do not anymore, not recommended: // Prefs below are harmless & just have misleading names - actually related to Shortcuts functionality, which is harmless & manually set by users // We still disable all the sponsored crap & clear Mozilla default sites //lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); //lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); //lockPref("browser.newtabpage.activity-stream.topSitesRows", 0); //lockPref("browser.newtabpage.pinned", ""); //lockPref("browser.urlbar.suggest.topsites", false); /// Mozilla Push & Web Notifications /// I have yet to see a legitimate use-case for websites using push notifications... but I have very commonly seen it abused for malicious purposes & spam // https://mozilla-push-service.readthedocs.io/en/latest/ // https://mozilla-services.github.io/autopush-rs/ // We still block notifications by default, because I stand my point above - these ARE almost exclusively abused // But they can occasionally serve legitimate purposes (like chat apps), so if people really want to go out of their way and enable notifs for a specific site... fine // Push has also previously been required for important security checks https://github.com/arkenfox/user.js/issues/1811 which I am definitely not interested in breaking... // Mozillas push server is also pretty solid from a privacy & security standpoint - E2EE https://support.mozilla.org/kb/push-notifications-firefox //lockPref("dom.push.connection.enabled", false); //lockPref("dom.push.serverURL", ""); //lockPref("dom.push.userAgentID", ""); /// Disable fetching AMO Metadata // https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections#w_add-on-metadata-updating // Completely harmless - see https://github.com/arkenfox/user.js/issues/615 //lockPref("extensions.getAddons.cache.enabled", false); /// Disable Search Engine Updates // Completely harmless & likely actually doing harm, updating search engines is useful & does not have any privacy gain //lockPref("browser.search.update", false); /// Disables annoying "tab manager" dropdown always showing - sadly Pref has been removed //defaultPref("browser.tabs.tabmanager.enabled", false); //defaultPref("services.sync.prefs.sync.browser.tabs.tabmanager.enabled", true); /// Enforce using standard cross-platform widget theme, pref removed //lockPref("widget.non-native-theme.enabled", true); // [DEFAULT] // TELEMETRY // Removed https://github.com/arkenfox/user.js/issues/1918 //lockPref("security.app_menu.recordEventTelemetry", false); //lockPref("security.certerrors.recordEventTelemetry", false); //lockPref("security.protectionspopup.recordEventTelemetry", false); // Harmless, actually useful to know when a site/plugin is misbehaving... // https://searchfox.org/mozilla-release/source/modules/libpref/init/StaticPrefList.yaml#3013 //lockPref("dom.ipc.processHangMonitor", false); //lockPref("dom.ipc.reportProcessHangs", false); //lockPref("hangmonitor.timeout", 0); // Advanced hardening. // We can do better. // This is what I generally use for my primary profile & browsing needs. // Some of these will be configured as "pref", which allows overriding if needed, but resets on next launch. // 001 NETWORKING // Require safe renegotiations - Disables RFC 5746 (Per session) pref("security.ssl.require_safe_negotiation", true); // Hard-fail OCSP per session defaultPref("security.OCSP.require", false); // [DEFAULT] pref("security.OCSP.require", true); // 002 FINGERPRINTING PROTECTION /// Enable RFP (resistFingerprinting) // https://github.com/arkenfox/user.js/blob/master/user.js#L745 // NOTE: You can add site exceptions to `privacy.resistFingerprinting.exemptedDomains` in your about:config defaultPref("privacy.resistFingerprinting", true); defaultPref("privacy.resistFingerprinting.letterboxing", true); /// Disable FPP Overrides/WebCompat defaultPref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); /// Disable WebGL // https://blog.browserscan.net/docs/webgl-fingerprinting // https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern defaultPref("webgl.disabled", true); /// 003 WEBRTC // Never leak IP address - This *will* break WebRTC lockPref("media.peerconnection.ice.default_address_only", true); lockPref("media.peerconnection.ice.no_host", true); lockPref("media.peerconnection.ice.obfuscate_host_addresses", true); lockPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // 004 MISC. PRIVACY /// Block Camera & Microphone permission by default defaultPref("permissions.default.camera", 2); defaultPref("permissions.default.microphone", 2); /// Disable ETP WebCompat & Heuristics defaultPref("privacy.antitracking.enableWebcompat", false); defaultPref("privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction", false); defaultPref("privacy.restrict3rdpartystorage.heuristic.recently_visited", false); defaultPref("privacy.restrict3rdpartystorage.heuristic.redirect", false); defaultPref("privacy.restrict3rdpartystorage.heuristic.window_open", false); /// Only send cross-origin referers if hosts match defaultPref("network.http.referer.XOriginPolicy", 2); // 005 ATTACK SURFACE REDUCTION /// Disable WebAssembly // https://spectrum.ieee.org/more-worries-over-the-security-of-web-assembly defaultPref("javascript.options.wasm", false); // 006 MISC. /// Prevent sites from automatically refreshing defaultPref("accessibility.blockautorefresh", true); defaultPref("browser.meta_refresh_when_inactive.disabled", true); /// Stricter Autoplay Blocking defaultPref("media.autoplay.blocking_policy", 2); // Stuff for developing/testing... // DO NOT USE ON MAIN BROWSING PROFILES // Allow enabling remote debugging per session unlockPref("devtools.debugger.remote-enabled"); pref("devtools.debugger.remote-enabled", false);