diff --git a/Optional-Hardening.md b/Optional-Hardening.md index 5b87fac..6e893b5 100644 --- a/Optional-Hardening.md +++ b/Optional-Hardening.md @@ -27,22 +27,6 @@ user_pref("browser.firefox-view.feature-tour", "{\"screen\":\"\",\"complete\":tr *** -### Password management across devices -Disable saving passwords, credit cards, and addresses. - -:bulb: We recommend using [Bitwarden](https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/) to manage your credentials on multiple devices. - -```javascript -// PREF: disable password manager -user_pref("signon.rememberSignons", false); - -// PREF: disable address and credit card manager -user_pref("extensions.formautofill.addresses.enabled", false); -user_pref("extensions.formautofill.creditCards.enabled", false); -``` - -*** - ### Block embedded social posts on webpages This matches the default behavior of [Strict](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection) Enhanced Tracking Protection. ```javascript @@ -53,16 +37,6 @@ user_pref("urlclassifier.features.socialtracking.skipURLs", ""); *** -### Top Sites in URL bar -Do not show top sites when you click on the address bar. -* `☰` *→ Settings → Privacy & Security → Address Bar → Shortcuts* -```javascript -// PREF: do not show top sites dropdown suggestions with empty query -user_pref("browser.urlbar.suggest.topsites", false); -``` - -*** - ### HTTPS-Only Mode We already [block](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L810-L827) HTTP subresources from loading on HTTPS pages and [attempt to upgrade](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L545-L550) HTTP site navigation to HTTPS. @@ -86,7 +60,7 @@ user_pref("dom.security.https_only_mode", true); user_pref("dom.security.https_only_mode_error_page_user_suggestions", true); ``` -:warning: HTTPS doesn't mean "trust this." It means "this is private." You may be having a private conversation with Satan. — [Scott Hanselman](https://www.hanselman.com/blog/how-do-we-know-if-mobile-apps-are-secure) +:lock: HTTPS doesn't mean "trust this." It means "this is private." You may be having a private conversation with Satan. — [Scott Hanselman](https://www.hanselman.com/blog/how-do-we-know-if-mobile-apps-are-secure) *** @@ -174,7 +148,7 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false); ``` #### Manage exceptions -[Add sites to the Exceptions list](https://support.mozilla.org/en-US/kb/dns-over-https#w_off). +Add sites to the [exceptions list](https://support.mozilla.org/en-US/kb/dns-over-https#w_off). * `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions* ***