diff --git a/Optional-Hardening.md b/Optional-Hardening.md index 46f43ec..55b5156 100644 --- a/Optional-Hardening.md +++ b/Optional-Hardening.md @@ -28,20 +28,14 @@ user_pref("browser.firefox-view.feature-tour", "{\"screen\":\"\",\"complete\":tr *** ### Password management across devices -Disable saving passwords, credit cards, and addresses if you use a password manager. +Disable saving passwords, credit cards, and addresses. :bulb: We recommend using [Bitwarden](https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/) to manage your credentials on multiple devices. -#### Logins & passwords -* `☰` *→ Settings → Privacy & Security → Logins and Passwords → Ask to save logins and passwords for websites* ```javascript // PREF: disable password manager user_pref("signon.rememberSignons", false); -``` -#### Addresses & credit cards -* `☰` *→ Settings → Privacy & Security → Forms and Autofill* -```javascript // PREF: disable address and credit card manager user_pref("extensions.formautofill.addresses.enabled", false); user_pref("extensions.formautofill.creditCards.enabled", false); @@ -63,8 +57,8 @@ user_pref("urlclassifier.features.socialtracking.skipURLs", ""); Do not show top sites when you click on the address bar. * `☰` *→ Settings → Privacy & Security → Address Bar → Shortcuts* ```javascript -// PREF: restore top sites dropdown suggestions with empty query -user_pref("browser.urlbar.suggest.topsites", false); // Shortcuts (Top Sites) +// PREF: do not show top sites dropdown suggestions with empty query +user_pref("browser.urlbar.suggest.topsites", false); ``` *** @@ -72,10 +66,6 @@ user_pref("browser.urlbar.suggest.topsites", false); // Shortcuts (Top Sites) ### HTTPS-Only Mode We already [block](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L810-L827) HTTP subresources from loading on HTTPS pages and [attempt to upgrade](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L545-L550) HTTP site navigation to HTTPS. -* `☰` *→ Settings → Privacy & Security → HTTPS-Only Mode* - -To add to your overrides, choose between two options below. - #### Option 1: Private windows only Firefox will get explicit permission from you before connecting to a site insecurely in [Private Browsing](https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history) (Firefox [incognito mode](https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing)). ```javascript @@ -152,19 +142,7 @@ You can allow exceptions if you want to stay logged in to some sites. *** ### Secure DNS -Setup and enforce DNS-over-HTTPS (DoH). - -#### Mode -`3` has site-exceptions with a nice UI on the error page. - -* `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions* - -:warning: Set to `2` if your workplace or university causes issues with alternative DNS. -```javascript -// PREF: enforce DNS-over-HTTPS (DoH) -user_pref("network.trr.mode", 3); -user_pref("network.dns.skipTRR-when-parental-control-enabled", false); -``` +Setup and enforce [DNS-over-HTTPS](https://support.mozilla.org/en-US/kb/firefox-dns-over-https) (DoH). #### Provider Use the provider below for better [threat protection](https://quad9.net/service/threat-blocking/). @@ -175,6 +153,30 @@ Use the provider below for better [threat protection](https://quad9.net/service/ user_pref("network.trr.uri", "https://dns.quad9.net/dns-query"); ``` +#### Option 1: Increased Protection +[Increased Protection](https://support.mozilla.org/en-US/kb/dns-over-https#w_protection-levels-explained) will switch back to your local provider if there are any issues. + +:bulb: Use this setting if your workplace or university causes issues with alternative DNS. + +```javascript +// PREF: enforce DNS-over-HTTPS (DoH) +user_pref("network.trr.mode", 2); +user_pref("network.dns.skipTRR-when-parental-control-enabled", false); +user_pref("network.trr.max-fails", 5); +``` + +#### Option 2: Max Protection +[Max Protection](https://support.mozilla.org/en-US/kb/dns-over-https#w_protection-levels-explained) displays user-friendly error pages with custom exceptions. +```javascript +// PREF: enforce DNS-over-HTTPS (DoH) +user_pref("network.trr.mode", 3); +user_pref("network.dns.skipTRR-when-parental-control-enabled", false); +``` + +#### Manage exceptions +[Add sites to the Exceptions list](https://support.mozilla.org/en-US/kb/dns-over-https#w_off). +* `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions* + *** ### Require Safe Negotiation