Secure Oct 2021 (#41)

* Secure Oct 2021 * note for TRR * allow for reddit embeds * Firefox Suggest * HTTP alternative services
2026-06-12 15:40:48 +05:30 · 2021-10-30 14:58:43 -04:00
parent 54f2c72a37
commit 41d94c01d1
1 changed files with 25 additions and 11 deletions
@@ -11,7 +11,7 @@
 * SecureFox                                                                *
 * "Natura non constristatur."                                              *     
 * priority: provide sensible security and privacy                          *  
- * version: September 2021                                                  *
+ * version: October 2021                                                    *
 * url: https://github.com/yokoffing/Better-Fox                             *                   
 ****************************************************************************/
@@ -38,7 +38,8 @@ user_pref("privacy.socialtracking.block_cookies.enabled", true); // default
 // PREF: allow embedded tweets and Instagram posts
 // [1] https://www.reddit.com/r/firefox/comments/l79nxy/firefox_dev_is_ignoring_social_tracking_preference/gl84ukk
-user_pref("urlclassifier.trackingSkipURLs", "*.twitter.com, *.twimg.com"); // hidden
+// [2] https://www.reddit.com/r/firefox/comments/pvds9m/reddit_embeds_not_loading/
 user_pref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com"); // hidden
 user_pref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.twitter.com, *.twimg.com"); // hidden
 // PREF: Site Isolation
@@ -120,7 +121,7 @@ user_pref("dom.storage.next_gen", true);
 // [2] https://web.dev/samesite-cookies-explained/
 user_pref("network.cookie.sameSite.laxByDefault", true);
 user_pref("network.cookie.sameSite.noneRequiresSecure", true);
-user_pref("network.cookie.sameSite.schemeful", true);
+user_pref("network.cookie.sameSite.schemeful", false);
 // PREF: disable cache
 // user_pref("browser.cache.disk.enable", true); // default
@@ -283,6 +284,11 @@ user_pref("browser.search.separatePrivateDefault.ui.enabled", true);
 user_pref("browser.search.suggest.enabled", false);
 user_pref("browser.search.suggest.enabled.private", false); // default
 // PREF: disable Firefox Suggest
 user_pref("browser.urlbar.groupLabels.enabled", false);
 user_pref("browser.urlbar.suggest.quicksuggest", false);
 user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
 // PREF: URL bar domain guessing
 // Domain guessing intercepts DNS "hostname not found errors" and resends a
 // request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work
@@ -371,11 +377,15 @@ user_pref("network.trr.request_timeout_ms", 4000); /* default=1500 */
 // user_pref("network.trr.request_timeout_mode_trronly_ms", 30000); // default
 // user_pref("network.trr.send_user-agent_headers", false); // default
 user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
 // Temporary workaround for DNS leak with DOH active:
 // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1730418
 // user_pref("network.dns.upgrade_with_https_rr", false);
 // PREF: Force FF to always use your custom DNS resolver
 // You will type between the "" for both prefs.
 // I recommend creating your own URI with NextDNS for both privacy and security.
 // https://nextdns.io
 // [1] https://github.com/uBlockOrigin/uBlock-issues/issues/1710
 user_pref("network.trr.uri", "");
 user_pref("network.trr.custom_uri", "");
@@ -384,12 +394,15 @@ user_pref("network.trr.custom_uri", "");
 ******************************************************************************/
 // PREF: Enable Encrypted Client Hello (ECH)
-// Evolution of ESNI.
+// [1] https://blog.cloudflare.com/encrypted-client-hello/
-// [!] Breaks Discord login through Firefox.
+// [2] https://www.youtube.com/watch?v=tfyrVYqXQRE
-// ESNI: https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https/
+// user_pref("network.dns.echconfig.enabled", true);
-// ECH: https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/
+// user_pref("network.dns.use_https_rr_as_altsvc", true); // default
-user_pref("network.dns.echconfig.enabled", true);
+
-user_pref("network.dns.use_https_rr_as_altsvc", true);
+// PREF: disable HTTP Alternative Services [FF37+]
 // [WHY] Already isolated by network partitioning (FF85+) or FPI ***/
 // user_pref("network.http.altsvc.enabled", false);
 // user_pref("network.http.altsvc.oe", false);
 /******************************************************************************
 * SECTION: PASSWORDS                             *
@@ -596,10 +609,11 @@ user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
 * SECTION: MOZILLA                                                   *
 ******************************************************************************/
 // PREF: Disable annoying location requests from websites
 user_pref("permissions.default.geo", 2);
 // PREF: Use Mozilla geolocation service instead of Google when geolocation is enabled
 // user_pref("permissions.default.geo", 0);
 user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
-// Enable logging geolocation to the console
+// PREF: Enable logging geolocation to the console
 // user_pref("geo.provider.network.logging.enabled", true);
 // PREF: Enforce Firefox blocklist for extensions + No hiding tabs