diff --git a/SecureFox.js b/SecureFox.js index 3cc716e..9a4fed6 100644 --- a/SecureFox.js +++ b/SecureFox.js @@ -11,7 +11,7 @@ * SecureFox * * "Natura non constristatur." * * priority: provide sensible security and privacy * - * version: December 2021 * + * version: January 2022 * * url: https://github.com/yokoffing/Better-Fox * ****************************************************************************/ @@ -28,15 +28,21 @@ // [2] https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop // [3] https://www.reddit.com/r/firefox/comments/l7xetb/network_priority_for_firefoxs_enhanced_tracking/gle2mqn/?web2x&context=3 user_pref("browser.contentblocking.category", "strict"); -user_pref("privacy.trackingprotection.enabled", true); +user_pref("privacy.trackingprotection.enabled", true); // default user_pref("privacy.trackingprotection.pbmode.enabled", true); // default user_pref("privacy.trackingprotection.cryptomining.enabled", true); // default user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // default -user_pref("privacy.trackingprotection.socialtracking.enabled", true); +user_pref("privacy.trackingprotection.socialtracking.enabled", true); // enabled with "Strict" user_pref("privacy.socialtracking.block_cookies.enabled", true); // default // user_pref("browser.contentblocking.customBlockList.preferences.ui.enabled", true); -// PREF: allow embedded tweets and Instagram posts +// PREF: Lower the priority of network loads for resources on the tracking protection list. +user_pref("privacy.trackingprotection.lower_network_priority", true); + +// PREF: allow embedded tweets and Reddit posts +// [TEST] https://www.pcgamer.com/amazing-halo-infinite-bugs-are-already-rolling-in/ +// [TEST] https://www.ndtv.com/entertainment/bharti-singh-and-husband-haarsh-limbachiyaa-announce-pregnancy-see-trending-post-2646359 +// [TEST] https://www.thelineofbestfit.com/news/latest-news/cher-and-saweetie-unite-for-new-mac-cosmetics-campaign // [1] https://www.reddit.com/r/firefox/comments/l79nxy/firefox_dev_is_ignoring_social_tracking_preference/gl84ukk // [2] https://www.reddit.com/r/firefox/comments/pvds9m/reddit_embeds_not_loading/ user_pref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com"); // hidden @@ -79,6 +85,12 @@ user_pref("browser.contentblocking.reject-and-isolate-cookies.preferences.ui.ena user_pref("privacy.partition.network_state", true); // default user_pref("privacy.partition.network_state.ocsp_cache", true); user_pref("privacy.partition.serviceWorkers", true); +// user_pref("privacy.partition.bloburl_per_agent_cluster", true); // currently the only non-partitioned item in TCP is blobs + +// PREF: Smartblock +// [1] https://support.mozilla.org/en-US/kb/smartblock-enhanced-tracking-protection +// [2] https://www.youtube.com/watch?v=VE8SrClOTgw +user_pref("extensions.webcompat.enable_shims", true); // default // PREF: Redirect Tracking Prevention // All storage is cleared (more or less) daily from origins that are known trackers and that @@ -108,13 +120,6 @@ user_pref("dom.battery.enabled", false); // [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings // user_pref("permissions.default.xr", 2); -// PREF: CRLite -// This will reduce the number of times an OCSP server needs to be contacted and therefore increase privacy. -// [1] https://blog.mozilla.org/security/2020/01/09/crlite-part-2-end-to-end-design/ -// [2] https://github.com/arkenfox/user.js/issues/1065 -user_pref("security.pki.crlite_mode", 2); -user_pref("security.remote_settings.crlite_filters.enabled", true); - // PREF: Local Storage Next Generation (LSNG) (DOMStorage) // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1286798 user_pref("dom.storage.next_gen", true); // default @@ -122,27 +127,147 @@ user_pref("dom.storage.next_gen", true); // default // PREF: SameStie Cookies // [1] https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/ // [2] https://web.dev/samesite-cookies-explained/ -// user_pref("network.cookie.sameSite.laxByDefault", true); -// user_pref("network.cookie.sameSite.noneRequiresSecure", true); -// user_pref("network.cookie.sameSite.schemeful", false); // default +user_pref("network.cookie.sameSite.laxByDefault", true); // default +user_pref("network.cookie.sameSite.noneRequiresSecure", true); // default +user_pref("network.cookie.sameSite.schemeful", false); // default -// PREF: disable cache -// user_pref("browser.cache.disk.enable", true); // default +// PREF: WebRTC Global Mute Toggles +// user_pref("privacy.webrtc.globalMuteToggles", true); + +/**************************************************************************** + * SECTION: OSCP & CERTS / HPKP (HTTP Public Key Pinning) * +****************************************************************************/ +// PREF: OCSP (Online Certificate Status Protocol) +// [1] https://scotthelme.co.uk/revocation-is-broken/ +// [2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ + +// PREF: enforce OCSP fetching to confirm current validity of certificates +// 0=disabled, 1=enabled (default), 2=enabled for EV certificates only +// OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) +// It's a trade-off between security (checking) and privacy (leaking info to the CA) +// [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling +// [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers... +// [1] https://en.wikipedia.org/wiki/Ocsp ***/ +user_pref("security.OCSP.enabled", 0); // [DEFAULT: 1] + +// PREF: set OCSP fetch failures (non-stapled, see 1211) to hard-fail +// When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) +// Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) +// It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it +// could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers) +// [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ +// [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/ +// user_pref("security.OCSP.require", true); + +// PREF: disable or limit SHA-1 certificates +// 0 = allow all +// 1 = block all +// 3 = only allow locally-added roots (e.g. anti-virus) (default) +// 4 = only allow locally-added roots or for certs in 2015 and earlier +// If you have problems, update your software: SHA-1 is obsolete +// [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ +user_pref("security.pki.sha1_enforcement_level", 1); + +// PREF: enable strict pinning +// PKP (Public Key Pinning) 0=disabled, 1=allow user MiTM (such as your antivirus), 2=strict +// If you rely on an AV (antivirus) to protect your web browsing +// by inspecting ALL your web traffic, then leave at current default=1 +// [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 +user_pref("security.cert_pinning.enforcement_level", 2); + +// PREF: CRLite +// This will reduce the number of times an OCSP server needs to be contacted and therefore increase privacy. +// [1] https://blog.mozilla.org/security/2020/01/09/crlite-part-2-end-to-end-design/ +// [2] https://github.com/arkenfox/user.js/issues/1065 +user_pref("security.pki.crlite_mode", 2); +user_pref("security.remote_settings.crlite_filters.enabled", true); + +/**************************************************************************** + * SECTION: SSL (Secure Sockets Layer) / TLS (Transport Layer Security) * +****************************************************************************/ + +// PREF: display warning on the padlock for "broken security" +// Bug: warning padlock not indicated for subresources on a secure page! [2] +// [TEST] (January 2022) https://www.unibs.it/it +// [1] https://wiki.mozilla.org/Security:Renegotiation +// [2] https://bugzilla.mozilla.org/1353705 +user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); + +// PREF: require safe negotiation +// Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 [2] +// as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be +// safe from the attack if it disables renegotiations but the problem is that the browser can't +// know that. Setting this pref to true is the only way for the browser to ensure there will be +// no unsafe renegotiations on the channel between the browser and the server. +// [STATS] SSL Labs (January 2022) reports that over 99.2% of top sites have secure renegotiation [4] +// [1] https://wiki.mozilla.org/Security:Renegotiation +// [2] https://datatracker.ietf.org/doc/html/rfc5746 +// [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 +// [4] https://www.ssllabs.com/ssl-pulse/ +// user_pref("security.ssl.require_safe_negotiation", true); + +// PREF: display advanced information on Insecure Connection warning pages +// only works when it's possible to add an exception +// i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) +// [TEST] https://expired.badssl.com/ ***/ +user_pref("browser.xul.error_pages.expert_bad_cert", true); + +// PREF: control "Add Security Exception" dialog on SSL warnings +// 0=do neither, 1=pre-populate url, 2=pre-populate url + pre-fetch cert (default) +// [1] https://github.com/pyllyukko/user.js/issues/210 +user_pref("browser.ssl_override_behavior", 1); + +// PREF: disable TLS1.3 0-RTT (round-trip time) [FF51+] +// This data is not forward secret, as it is encrypted solely under keys derived using +// the offered PSK. There are no guarantees of non-replay between connections +// [1] https://github.com/tlswg/tls13-spec/issues/1001 +// [2] https://www.rfc-editor.org/rfc/rfc9001.html#name-replay-attacks-with-0-rtt +// [3] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ +user_pref("security.tls.enable_0rtt_data", false); + +/**************************************************************************** + * SECTION: DISK AVOIDANCE * +****************************************************************************/ + +// PREF: disable disk cache +// [NOTE] If you think disk cache helps perf, then feel free to override this +user_pref("browser.cache.disk.enable", false); + +// PREF: disable media cache from writing to disk in Private Browsing +// [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB +user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); +user_pref("media.memory_cache_max_size", 65536); // 8x default size of 8192 [performance enhancement] + +// PREF: disable storing extra session data +// define on which sites to save extra session data such as form content, cookies and POST data +// 0=everywhere, 1=unencrypted sites, 2=nowhere +user_pref("browser.sessionstore.privacy_level", 2); + +// PREF: disable shortcut favicons from being stored in profile +user_pref("browser.shell.shortcutFavicons", false); + +// PREF: disable page thumbnails capturing +user_pref("browser.pagethumbnails.capturing_disabled", true); // [depreciated?] + +// PREF: set the minimum interval between session save operations +// Increasing this can help on older machines and some websites, as well as reducing writes +// [1] https://bugzilla.mozilla.org/1304389 +// user_pref("browser.sessionstore.interval", 30000); // [DEFAULT: 15000] + +// PREF: disable automatic Firefox start and session restore after reboot [WINDOWS] +// [1] https://bugzilla.mozilla.org/603903 +// user_pref("toolkit.winRegisterApplicationRestart", false); // PREF: disable offline cache (appCache) // [WARNING] The API is easily fingerprinted, do not disable! // [1] https://github.com/arkenfox/user.js/issues/1055 // user_pref("browser.cache.offline.enable", false); -// PREF: WebRTC Global Mute Toggles -// user_pref("privacy.webrtc.globalMuteToggles", true); - // PREF: set third-party cookies to session-only user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // PREF: delete all cookies after a certain period of time -// ALTERNATIVE: Use a cookie manager extension // user_pref("network.cookie.lifetimePolicy", 3); // user_pref("network.cookie.lifetime.days", 7); @@ -156,13 +281,13 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // Regardless of what you set privacy.cpd.downloads to, as soon as the dialog // for "Clear Recent History" is opened, it is synced to the same as 'history'. // user_pref("privacy.cpd.downloads", true); // not used, see note above -user_pref("privacy.cpd.history", true); // Browsing & Download History -user_pref("privacy.cpd.formdata", true); // Form & Search History -user_pref("privacy.cpd.offlineApps", true); // Offline Website Data -user_pref("privacy.cpd.cache", true); // Cache +user_pref("privacy.cpd.history", true); // Browsing & Download History [DEFAULT] +user_pref("privacy.cpd.formdata", true); // Form & Search History [DEFAULT] +user_pref("privacy.cpd.offlineApps", false); // Offline Website Data [DEFAULT] +user_pref("privacy.cpd.cache", true); // Cache [DEFAULT] user_pref("privacy.cpd.cookies", false); // Cookies -user_pref("privacy.cpd.sessions", false); // Active Logins -user_pref("privacy.cpd.siteSettings", false); // Site Preferences +user_pref("privacy.cpd.sessions", false); // Active Logins [DEFAULT] +// user_pref("privacy.cpd.siteSettings", false); // Site Preferences [DEFAULT] // PREF: reset default 'Time range to clear' for 'Clear Recent History'. // Firefox remembers your last choice. This will reset the value when you start Firefox. @@ -172,9 +297,44 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences // blank value if they are used, but they do work as advertised. user_pref("privacy.sanitize.timeSpan", 0); +// PREF: keep cookies until the browser is closed, then delete everything minus exceptions +user_pref("network.cookie.lifetimePolicy", 2); + +// PREF: this way of sanitizing would override the exceptions set by the users and just delete everything, +// therefore we tell it to delete everything but ignore data needed to stay logged into websites set +// manually as exceptions. + +// PREF: enable Firefox to clear items on shutdown +// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ +// user_pref("privacy.sanitize.sanitizeOnShutdown", true); + +// PREF: set what items to clear on shutdown +// These items do not use exceptions, it is all or nothing +// [NOTE] If "history" is true, downloads will also be cleared +// [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies +// [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) +// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings +// [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ +user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT] +user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT] +user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT] +user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT] +user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT] +user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT] +user_pref("privacy.clearOnShutdown.cookies", false); +// user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT] + // PREF: set History section to show all options user_pref("privacy.history.custom", true); +/* override recipe: enable session restore ***/ +/* override recipe: keep some cookies (+ other optional site data) on exit ***/ +user_pref("browser.startup.page", 3); + // user_pref("places.history.enabled", true); + // user_pref("network.cookie.lifetimePolicy", 2); // session cookies +user_pref("privacy.clearOnShutdown.cookies", false); // 2811 +user_pref("privacy.clearOnShutdown.offlineApps", false); // 2811 optional + /****************************************************************************** * SECTION: SPECULATIVE CONNECTIONS * ******************************************************************************/ @@ -289,6 +449,11 @@ user_pref("browser.search.separatePrivateDefault.ui.enabled", true); user_pref("browser.search.suggest.enabled", false); user_pref("browser.search.suggest.enabled.private", false); // default +// PREF: disable location bar leaking single words to a DNS provider after searching +// 0=never resolve single words, 1=heuristic (default), 2=always resolve +// [1] https://bugzilla.mozilla.org/1642623 +user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); + // PREF: disable Firefox Suggest user_pref("browser.urlbar.groupLabels.enabled", false); user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); @@ -303,7 +468,7 @@ user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // and is a security risk (e.g. common typos & malicious sites set up to exploit this). user_pref("browser.fixup.alternate.enabled", false); -// PREF: "Not Secure" text in the URL bar on HTTP sites +// PREF: display "Not Secure" text on HTTP sites user_pref("security.insecure_connection_text.enabled", true); user_pref("security.insecure_connection_text.pbmode.enabled", true); @@ -332,6 +497,8 @@ user_pref("network.IDN_show_punycode", true); // [NOTE] HTTPS-Only Mode needs to be disabled for HTTPS First to work. // [TEST] http://example.com [upgrade] // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1706552 +// [2] https://web.dev/why-https-matters/ +// [3] https://www.cloudflare.com/learning/ssl/why-use-https/ user_pref("dom.security.https_first", true); user_pref("dom.security.https_first_pbm", true); // default @@ -347,6 +514,8 @@ user_pref("dom.security.https_first_pbm", true); // default // [TEST] http://neverssl.org/ [no upgrade] // [1] https://bugzilla.mozilla.org/1613063 // [2] https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ +// [3] https://web.dev/why-https-matters/ +// [4] https://www.cloudflare.com/learning/ssl/why-use-https/ // PREF: disable HTTPS-only Mode for Normal Browsing windows user_pref("dom.security.https_only_mode", false); // default @@ -378,9 +547,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); // [2] https://www.internetsociety.org/blog/2018/12/dns-privacy-support-in-mozilla-firefox/ // 0=off, 2=TRR preferred, 3=TRR only, 5=TRR disabled user_pref("network.trr.mode", 2); -user_pref("network.trr.request_timeout_ms", 4000); /* default=1500 */ -// user_pref("network.trr.request_timeout_mode_trronly_ms", 30000); // default -// user_pref("network.trr.send_user-agent_headers", false); // default +// user_pref("network.trr.request_timeout_ms", 4000); /* default=1500 */ +user_pref("network.trr.send_user-agent_headers", false); // default user_pref("network.dns.skipTRR-when-parental-control-enabled", false); // Temporary workaround for DNS leak with DOH active: // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1730418 @@ -542,15 +710,42 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // default // string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks. user_pref("privacy.window.name.update.enabled", true); // default -// PREF: Downgrade Cross-Origin (Third-Party) Referers -// CROSS ORIGIN: control when to send a referer -// [1] https://github.com/arkenfox/user.js/issues/1077 +/****************************************************************************** + * SECTION: HEADERS / REFERERS * +******************************************************************************/ + +// PREF: Set the default Referrer Policy; to be used unless overriden by the site. +// 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin (default), +// 3=no-referrer-when-downgrade. +// [TEST https://www.sportskeeda.com/mma/news-joe-rogan-accuses-cnn-altering-video-color-make-look-sick +// [1] https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/ +// [2] https://web.dev/referrer-best-practices/ +// [3] https://plausible.io/blog/referrer-policy +user_pref("network.http.referer.defaultPolicy", 2); // default +user_pref("network.http.referer.defaultPolicy.pbmode", 2); // default + +// PREF: Set the default Referrer Policy applied to third-party trackers when the +// default cookie policy is set to reject third-party trackers; to be used +// unless overriden by the site. +// [NOTE] Trim referrers from trackers to origins by default ***/ +// 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin (default), +// 3=no-referrer-when-downgrade. +user_pref("network.http.referer.defaultPolicy.trackers", 1); +user_pref("network.http.referer.defaultPolicy.trackers.pbmode", 1); + +// PREF: control when to send a cross-origin referer // 0=always (default), 1=only if base domains match, 2=only if hosts match -user_pref("network.http.referer.XOriginPolicy", 0); // default -// Control the amount of information to send. -// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port +// [NOTE] Known to cause issues with some sites (e.g., Vimeo, iCloud, Instagram) ***/ +// user_pref("network.http.referer.XOriginPolicy", 2); + +// PREF: control the amount of cross-origin information to send +// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); +// PREF: disable relaxing referer for cross-site navigations +user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // default in v. 97 +user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode", true); // default + /****************************************************************************** * SECTION: VARIOUS * ******************************************************************************/ @@ -621,27 +816,33 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/ // PREF: Enable logging geolocation to the console // user_pref("geo.provider.network.logging.enabled", true); +// PREF: disable using the OS's geolocation service +user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] +user_pref("geo.provider.use_corelocation", false); // [MAC] +user_pref("geo.provider.use_gpsd", false); // [LINUX] + +// PREF: disable region updates +// [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html +user_pref("browser.region.network.url", ""); +user_pref("browser.region.update.enabled", false); + // PREF: Enforce Firefox blocklist for extensions + No hiding tabs // This includes updates for "revoked certificates". // [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ // [2] https://trac.torproject.org/projects/tor/ticket/16931 user_pref("extensions.blocklist.enabled", true); // default -// PREF: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+] +// PREF: disable auto-INSTALLING Firefox updates [NON-WINDOWS] [move to Pesky] // [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them -user_pref("app.update.auto", false); +// user_pref("app.update.auto", false); -// PREF: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS] -// [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running -// [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows ***/ -user_pref("app.update.background.scheduling.enabled", false); +// PREF: disable search engine updates (e.g. OpenSearch) [move to Pesky] +// [NOTE] This does not affect Mozilla's built-in or Web Extension search engines +// user_pref("browser.search.update", false); -// PREF: Disable automatic extension updates +// PREF: Disable automatic extension updates [move to Pesky] // user_pref("extensions.update.enabled", false); -// user_pref("extensions.autoupdate.enabled", false); -// user_pref("extensions.update.url", ""); -// user_pref("extensions.update.background.url", ""); /****************************************************************************** * SECTION: TELEMETRY * @@ -665,7 +866,7 @@ user_pref("corroborator.enabled", false); // Telemetry Coverage user_pref("toolkit.telemetry.coverage.opt-out", true); user_pref("toolkit.coverage.opt-out", true); -// user_pref("toolkit.coverage.endpoint.base", ""); +user_pref("toolkit.coverage.endpoint.base", ""); // Health Reports // [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical data. @@ -714,7 +915,7 @@ user_pref("extensions.abuseReport.enabled", false); // PREF: Normandy/Shield [extensions tracking] // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" user_pref("app.normandy.enabled", false); -// user_pref("app.normandy.api_url", ""); +user_pref("app.normandy.api_url", ""); // PREF: PingCentre telemetry (used in several System Add-ons) // Currently blocked by 'datareporting.healthreport.uploadEnabled'