notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 07:30:47 +05:30
Code Issues Releases Wiki Activity

SecureFox.js Jan 2022 (#47)

Browse Source 
* change PREF to allow Reddit posts

* disable disk cache

* SSL

* Certs

* SSL / TLS and Region

* disable search engine updates

* disable social tracking (breaks Instagram posts)

* uncomment user_pref("toolkit.coverage.endpoint.base", ""); and user_pref("app.normandy.api_url", "");

* ETP forces Custom if socialtracking disabled

* "network.trr.send_user-agent_headers", false); now default

* referer policy

* SSL update

* security.ssl.require_safe_negotiation still breaks some pages

* comment out xOrigin

* comment out pbmode referer

* enable browser.sessionstore.privacy_level

* comment out require safe nego

* disallowCrossSiteRelaxing now default v. 97

* app.update.background.scheduling.enabled depreciated

* items to clear on shutdown

* SESSION RESTORE

* sanitize options

* favicon storing

* OCSP

* TP is default
This commit is contained in:
yokoffing
2022-01-29 11:52:03 -05:00
committed by GitHub
parent af5fc86ef9
commit b048d5d39e
1 changed files with 249 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SecureFox.js
+249 -48
View File
@@ -11,7 +11,7 @@
* SecureFox *
* "Natura non constristatur." *
* priority: provide sensible security and privacy *
* version: December 2021 *
* version: January 2022 *
* url: https://github.com/yokoffing/Better-Fox *
****************************************************************************/
@@ -28,15 +28,21 @@
// [2] https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
// [3] https://www.reddit.com/r/firefox/comments/l7xetb/network_priority_for_firefoxs_enhanced_tracking/gle2mqn/?web2x&context=3
user_pref("browser.contentblocking.category", "strict");
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.enabled", true); // default
user_pref("privacy.trackingprotection.pbmode.enabled", true); // default
user_pref("privacy.trackingprotection.cryptomining.enabled", true); // default
user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // default
user_pref("privacy.trackingprotection.socialtracking.enabled", true);
user_pref("privacy.trackingprotection.socialtracking.enabled", true); // enabled with "Strict"
user_pref("privacy.socialtracking.block_cookies.enabled", true); // default
// user_pref("browser.contentblocking.customBlockList.preferences.ui.enabled", true);
// PREF: allow embedded tweets and Instagram posts
// PREF: Lower the priority of network loads for resources on the tracking protection list.
user_pref("privacy.trackingprotection.lower_network_priority", true);
// PREF: allow embedded tweets and Reddit posts
// [TEST] https://www.pcgamer.com/amazing-halo-infinite-bugs-are-already-rolling-in/
// [TEST] https://www.ndtv.com/entertainment/bharti-singh-and-husband-haarsh-limbachiyaa-announce-pregnancy-see-trending-post-2646359
// [TEST] https://www.thelineofbestfit.com/news/latest-news/cher-and-saweetie-unite-for-new-mac-cosmetics-campaign
// [1] https://www.reddit.com/r/firefox/comments/l79nxy/firefox_dev_is_ignoring_social_tracking_preference/gl84ukk
// [2] https://www.reddit.com/r/firefox/comments/pvds9m/reddit_embeds_not_loading/
user_pref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com"); // hidden
@@ -79,6 +85,12 @@ user_pref("browser.contentblocking.reject-and-isolate-cookies.preferences.ui.ena
user_pref("privacy.partition.network_state", true); // default
user_pref("privacy.partition.network_state.ocsp_cache", true);
user_pref("privacy.partition.serviceWorkers", true);
// user_pref("privacy.partition.bloburl_per_agent_cluster", true); // currently the only non-partitioned item in TCP is blobs
// PREF: Smartblock
// [1] https://support.mozilla.org/en-US/kb/smartblock-enhanced-tracking-protection
// [2] https://www.youtube.com/watch?v=VE8SrClOTgw
user_pref("extensions.webcompat.enable_shims", true); // default
// PREF: Redirect Tracking Prevention
// All storage is cleared (more or less) daily from origins that are known trackers and that
@@ -108,13 +120,6 @@ user_pref("dom.battery.enabled", false);
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings
// user_pref("permissions.default.xr", 2);
// PREF: CRLite
// This will reduce the number of times an OCSP server needs to be contacted and therefore increase privacy.
// [1] https://blog.mozilla.org/security/2020/01/09/crlite-part-2-end-to-end-design/
// [2] https://github.com/arkenfox/user.js/issues/1065
user_pref("security.pki.crlite_mode", 2);
user_pref("security.remote_settings.crlite_filters.enabled", true);
// PREF: Local Storage Next Generation (LSNG) (DOMStorage)
// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1286798
user_pref("dom.storage.next_gen", true); // default
@@ -122,27 +127,147 @@ user_pref("dom.storage.next_gen", true); // default
// PREF: SameStie Cookies
// [1] https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
// [2] https://web.dev/samesite-cookies-explained/
// user_pref("network.cookie.sameSite.laxByDefault", true);
// user_pref("network.cookie.sameSite.noneRequiresSecure", true);
// user_pref("network.cookie.sameSite.schemeful", false); // default
user_pref("network.cookie.sameSite.laxByDefault", true); // default
user_pref("network.cookie.sameSite.noneRequiresSecure", true); // default
user_pref("network.cookie.sameSite.schemeful", false); // default
// PREF: disable cache
// user_pref("browser.cache.disk.enable", true); // default
// PREF: WebRTC Global Mute Toggles
// user_pref("privacy.webrtc.globalMuteToggles", true);
/****************************************************************************
* SECTION: OSCP & CERTS / HPKP (HTTP Public Key Pinning) *
****************************************************************************/
// PREF: OCSP (Online Certificate Status Protocol)
// [1] https://scotthelme.co.uk/revocation-is-broken/
// [2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
// PREF: enforce OCSP fetching to confirm current validity of certificates
// 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
// OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority)
// It's a trade-off between security (checking) and privacy (leaking info to the CA)
// [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling
// [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers...
// [1] https://en.wikipedia.org/wiki/Ocsp ***/
user_pref("security.OCSP.enabled", 0); // [DEFAULT: 1]
// PREF: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
// When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
// Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
// It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
// could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
// [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/
// user_pref("security.OCSP.require", true);
// PREF: disable or limit SHA-1 certificates
// 0 = allow all
// 1 = block all
// 3 = only allow locally-added roots (e.g. anti-virus) (default)
// 4 = only allow locally-added roots or for certs in 2015 and earlier
// If you have problems, update your software: SHA-1 is obsolete
// [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
user_pref("security.pki.sha1_enforcement_level", 1);
// PREF: enable strict pinning
// PKP (Public Key Pinning) 0=disabled, 1=allow user MiTM (such as your antivirus), 2=strict
// If you rely on an AV (antivirus) to protect your web browsing
// by inspecting ALL your web traffic, then leave at current default=1
// [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
user_pref("security.cert_pinning.enforcement_level", 2);
// PREF: CRLite
// This will reduce the number of times an OCSP server needs to be contacted and therefore increase privacy.
// [1] https://blog.mozilla.org/security/2020/01/09/crlite-part-2-end-to-end-design/
// [2] https://github.com/arkenfox/user.js/issues/1065
user_pref("security.pki.crlite_mode", 2);
user_pref("security.remote_settings.crlite_filters.enabled", true);
/****************************************************************************
* SECTION: SSL (Secure Sockets Layer) / TLS (Transport Layer Security) *
****************************************************************************/
// PREF: display warning on the padlock for "broken security"
// Bug: warning padlock not indicated for subresources on a secure page! [2]
// [TEST] (January 2022) https://www.unibs.it/it
// [1] https://wiki.mozilla.org/Security:Renegotiation
// [2] https://bugzilla.mozilla.org/1353705
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
// PREF: require safe negotiation
// Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 [2]
// as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be
// safe from the attack if it disables renegotiations but the problem is that the browser can't
// know that. Setting this pref to true is the only way for the browser to ensure there will be
// no unsafe renegotiations on the channel between the browser and the server.
// [STATS] SSL Labs (January 2022) reports that over 99.2% of top sites have secure renegotiation [4]
// [1] https://wiki.mozilla.org/Security:Renegotiation
// [2] https://datatracker.ietf.org/doc/html/rfc5746
// [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
// [4] https://www.ssllabs.com/ssl-pulse/
// user_pref("security.ssl.require_safe_negotiation", true);
// PREF: display advanced information on Insecure Connection warning pages
// only works when it's possible to add an exception
// i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/)
// [TEST] https://expired.badssl.com/ ***/
user_pref("browser.xul.error_pages.expert_bad_cert", true);
// PREF: control "Add Security Exception" dialog on SSL warnings
// 0=do neither, 1=pre-populate url, 2=pre-populate url + pre-fetch cert (default)
// [1] https://github.com/pyllyukko/user.js/issues/210
user_pref("browser.ssl_override_behavior", 1);
// PREF: disable TLS1.3 0-RTT (round-trip time) [FF51+]
// This data is not forward secret, as it is encrypted solely under keys derived using
// the offered PSK. There are no guarantees of non-replay between connections
// [1] https://github.com/tlswg/tls13-spec/issues/1001
// [2] https://www.rfc-editor.org/rfc/rfc9001.html#name-replay-attacks-with-0-rtt
// [3] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/
user_pref("security.tls.enable_0rtt_data", false);
/****************************************************************************
* SECTION: DISK AVOIDANCE *
****************************************************************************/
// PREF: disable disk cache
// [NOTE] If you think disk cache helps perf, then feel free to override this
user_pref("browser.cache.disk.enable", false);
// PREF: disable media cache from writing to disk in Private Browsing
// [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB
user_pref("browser.privatebrowsing.forceMediaMemoryCache", true);
user_pref("media.memory_cache_max_size", 65536); // 8x default size of 8192 [performance enhancement]
// PREF: disable storing extra session data
// define on which sites to save extra session data such as form content, cookies and POST data
// 0=everywhere, 1=unencrypted sites, 2=nowhere
user_pref("browser.sessionstore.privacy_level", 2);
// PREF: disable shortcut favicons from being stored in profile
user_pref("browser.shell.shortcutFavicons", false);
// PREF: disable page thumbnails capturing
user_pref("browser.pagethumbnails.capturing_disabled", true); // [depreciated?]
// PREF: set the minimum interval between session save operations
// Increasing this can help on older machines and some websites, as well as reducing writes
// [1] https://bugzilla.mozilla.org/1304389
// user_pref("browser.sessionstore.interval", 30000); // [DEFAULT: 15000]
// PREF: disable automatic Firefox start and session restore after reboot [WINDOWS]
// [1] https://bugzilla.mozilla.org/603903
// user_pref("toolkit.winRegisterApplicationRestart", false);
// PREF: disable offline cache (appCache)
// [WARNING] The API is easily fingerprinted, do not disable!
// [1] https://github.com/arkenfox/user.js/issues/1055
// user_pref("browser.cache.offline.enable", false);
// PREF: WebRTC Global Mute Toggles
// user_pref("privacy.webrtc.globalMuteToggles", true);
// PREF: set third-party cookies to session-only
user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true);
// PREF: delete all cookies after a certain period of time
// ALTERNATIVE: Use a cookie manager extension
// user_pref("network.cookie.lifetimePolicy", 3);
// user_pref("network.cookie.lifetime.days", 7);
@@ -156,13 +281,13 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true);
// Regardless of what you set privacy.cpd.downloads to, as soon as the dialog
// for "Clear Recent History" is opened, it is synced to the same as 'history'.
// user_pref("privacy.cpd.downloads", true); // not used, see note above
user_pref("privacy.cpd.history", true); // Browsing & Download History
user_pref("privacy.cpd.formdata", true); // Form & Search History
user_pref("privacy.cpd.offlineApps", true); // Offline Website Data
user_pref("privacy.cpd.cache", true); // Cache
user_pref("privacy.cpd.history", true); // Browsing & Download History [DEFAULT]
user_pref("privacy.cpd.formdata", true); // Form & Search History [DEFAULT]
user_pref("privacy.cpd.offlineApps", false); // Offline Website Data [DEFAULT]
user_pref("privacy.cpd.cache", true); // Cache [DEFAULT]
user_pref("privacy.cpd.cookies", false); // Cookies
user_pref("privacy.cpd.sessions", false); // Active Logins
user_pref("privacy.cpd.siteSettings", false); // Site Preferences
user_pref("privacy.cpd.sessions", false); // Active Logins [DEFAULT]
// user_pref("privacy.cpd.siteSettings", false); // Site Preferences [DEFAULT]
// PREF: reset default 'Time range to clear' for 'Clear Recent History'.
// Firefox remembers your last choice. This will reset the value when you start Firefox.
@@ -172,9 +297,44 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences
// blank value if they are used, but they do work as advertised.
user_pref("privacy.sanitize.timeSpan", 0);
// PREF: keep cookies until the browser is closed, then delete everything minus exceptions
user_pref("network.cookie.lifetimePolicy", 2);
// PREF: this way of sanitizing would override the exceptions set by the users and just delete everything,
// therefore we tell it to delete everything but ignore data needed to stay logged into websites set
// manually as exceptions.
// PREF: enable Firefox to clear items on shutdown
// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/
// user_pref("privacy.sanitize.sanitizeOnShutdown", true);
// PREF: set what items to clear on shutdown
// These items do not use exceptions, it is all or nothing
// [NOTE] If "history" is true, downloads will also be cleared
// [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies
// [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings
// [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/
user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT]
user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT]
user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT]
user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT]
user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT]
user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT]
user_pref("privacy.clearOnShutdown.cookies", false);
// user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT]
// PREF: set History section to show all options
user_pref("privacy.history.custom", true);
/* override recipe: enable session restore ***/
/* override recipe: keep some cookies (+ other optional site data) on exit ***/
user_pref("browser.startup.page", 3);
// user_pref("places.history.enabled", true);
// user_pref("network.cookie.lifetimePolicy", 2); // session cookies
user_pref("privacy.clearOnShutdown.cookies", false); // 2811
user_pref("privacy.clearOnShutdown.offlineApps", false); // 2811 optional
/******************************************************************************
* SECTION: SPECULATIVE CONNECTIONS *
******************************************************************************/
@@ -289,6 +449,11 @@ user_pref("browser.search.separatePrivateDefault.ui.enabled", true);
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.suggest.enabled.private", false); // default
// PREF: disable location bar leaking single words to a DNS provider after searching
// 0=never resolve single words, 1=heuristic (default), 2=always resolve
// [1] https://bugzilla.mozilla.org/1642623
user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
// PREF: disable Firefox Suggest
user_pref("browser.urlbar.groupLabels.enabled", false);
user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
@@ -303,7 +468,7 @@ user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
// and is a security risk (e.g. common typos & malicious sites set up to exploit this).
user_pref("browser.fixup.alternate.enabled", false);
// PREF: "Not Secure" text in the URL bar on HTTP sites
// PREF: display "Not Secure" text on HTTP sites
user_pref("security.insecure_connection_text.enabled", true);
user_pref("security.insecure_connection_text.pbmode.enabled", true);
@@ -332,6 +497,8 @@ user_pref("network.IDN_show_punycode", true);
// [NOTE] HTTPS-Only Mode needs to be disabled for HTTPS First to work.
// [TEST] http://example.com [upgrade]
// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1706552
// [2] https://web.dev/why-https-matters/
// [3] https://www.cloudflare.com/learning/ssl/why-use-https/
user_pref("dom.security.https_first", true);
user_pref("dom.security.https_first_pbm", true); // default
@@ -347,6 +514,8 @@ user_pref("dom.security.https_first_pbm", true); // default
// [TEST] http://neverssl.org/ [no upgrade]
// [1] https://bugzilla.mozilla.org/1613063
// [2] https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
// [3] https://web.dev/why-https-matters/
// [4] https://www.cloudflare.com/learning/ssl/why-use-https/
// PREF: disable HTTPS-only Mode for Normal Browsing windows
user_pref("dom.security.https_only_mode", false); // default
@@ -378,9 +547,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false);
// [2] https://www.internetsociety.org/blog/2018/12/dns-privacy-support-in-mozilla-firefox/
// 0=off, 2=TRR preferred, 3=TRR only, 5=TRR disabled
user_pref("network.trr.mode", 2);
user_pref("network.trr.request_timeout_ms", 4000); /* default=1500 */
// user_pref("network.trr.request_timeout_mode_trronly_ms", 30000); // default
// user_pref("network.trr.send_user-agent_headers", false); // default
// user_pref("network.trr.request_timeout_ms", 4000); /* default=1500 */
user_pref("network.trr.send_user-agent_headers", false); // default
user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
// Temporary workaround for DNS leak with DOH active:
// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1730418
@@ -542,15 +710,42 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // default
// string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks.
user_pref("privacy.window.name.update.enabled", true); // default
// PREF: Downgrade Cross-Origin (Third-Party) Referers
// CROSS ORIGIN: control when to send a referer
// [1] https://github.com/arkenfox/user.js/issues/1077
/******************************************************************************
* SECTION: HEADERS / REFERERS *
******************************************************************************/
// PREF: Set the default Referrer Policy; to be used unless overriden by the site.
// 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin (default),
// 3=no-referrer-when-downgrade.
// [TEST https://www.sportskeeda.com/mma/news-joe-rogan-accuses-cnn-altering-video-color-make-look-sick
// [1] https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/
// [2] https://web.dev/referrer-best-practices/
// [3] https://plausible.io/blog/referrer-policy
user_pref("network.http.referer.defaultPolicy", 2); // default
user_pref("network.http.referer.defaultPolicy.pbmode", 2); // default
// PREF: Set the default Referrer Policy applied to third-party trackers when the
// default cookie policy is set to reject third-party trackers; to be used
// unless overriden by the site.
// [NOTE] Trim referrers from trackers to origins by default ***/
// 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin (default),
// 3=no-referrer-when-downgrade.
user_pref("network.http.referer.defaultPolicy.trackers", 1);
user_pref("network.http.referer.defaultPolicy.trackers.pbmode", 1);
// PREF: control when to send a cross-origin referer
// 0=always (default), 1=only if base domains match, 2=only if hosts match
user_pref("network.http.referer.XOriginPolicy", 0); // default
// Control the amount of information to send.
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
// [NOTE] Known to cause issues with some sites (e.g., Vimeo, iCloud, Instagram) ***/
// user_pref("network.http.referer.XOriginPolicy", 2);
// PREF: control the amount of cross-origin information to send
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
// PREF: disable relaxing referer for cross-site navigations
user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // default in v. 97
user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode", true); // default
/******************************************************************************
* SECTION: VARIOUS *
******************************************************************************/
@@ -621,27 +816,33 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/
// PREF: Enable logging geolocation to the console
// user_pref("geo.provider.network.logging.enabled", true);
// PREF: disable using the OS's geolocation service
user_pref("geo.provider.ms-windows-location", false); // [WINDOWS]
user_pref("geo.provider.use_corelocation", false); // [MAC]
user_pref("geo.provider.use_gpsd", false); // [LINUX]
// PREF: disable region updates
// [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html
user_pref("browser.region.network.url", "");
user_pref("browser.region.update.enabled", false);
// PREF: Enforce Firefox blocklist for extensions + No hiding tabs
// This includes updates for "revoked certificates".
// [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
// [2] https://trac.torproject.org/projects/tor/ticket/16931
user_pref("extensions.blocklist.enabled", true); // default
// PREF: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+]
// PREF: disable auto-INSTALLING Firefox updates [NON-WINDOWS] [move to Pesky]
// [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed
// [SETTING] General>Firefox Updates>Check for updates but let you choose to install them
user_pref("app.update.auto", false);
// user_pref("app.update.auto", false);
// PREF: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS]
// [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running
// [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows ***/
user_pref("app.update.background.scheduling.enabled", false);
// PREF: disable search engine updates (e.g. OpenSearch) [move to Pesky]
// [NOTE] This does not affect Mozilla's built-in or Web Extension search engines
// user_pref("browser.search.update", false);
// PREF: Disable automatic extension updates
// PREF: Disable automatic extension updates [move to Pesky]
// user_pref("extensions.update.enabled", false);
// user_pref("extensions.autoupdate.enabled", false);
// user_pref("extensions.update.url", "");
// user_pref("extensions.update.background.url", "");
/******************************************************************************
* SECTION: TELEMETRY *
@@ -665,7 +866,7 @@ user_pref("corroborator.enabled", false);
// Telemetry Coverage
user_pref("toolkit.telemetry.coverage.opt-out", true);
user_pref("toolkit.coverage.opt-out", true);
// user_pref("toolkit.coverage.endpoint.base", "");
user_pref("toolkit.coverage.endpoint.base", "");
// Health Reports
// [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical data.
@@ -714,7 +915,7 @@ user_pref("extensions.abuseReport.enabled", false);
// PREF: Normandy/Shield [extensions tracking]
// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
user_pref("app.normandy.enabled", false);
// user_pref("app.normandy.api_url", "");
user_pref("app.normandy.api_url", "");
// PREF: PingCentre telemetry (used in several System Add-ons)
// Currently blocked by 'datareporting.healthreport.uploadEnabled'