notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 15:40:48 +05:30
Code Issues Releases Wiki Activity

Updated Optional Hardening (markdown)

yokoffing
2023-10-15 20:19:27 -04:00
parent 7b159e6e60
commit 490bb8a03a
1 changed files with 2 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Optional-Hardening.md
+2 -28
@@ -27,22 +27,6 @@ user_pref("browser.firefox-view.feature-tour", "{\"screen\":\"\",\"complete\":tr
***
### Password management across devices
Disable saving passwords, credit cards, and addresses.
:bulb: We recommend using [Bitwarden](https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/) to manage your credentials on multiple devices.
```javascript
// PREF: disable password manager
user_pref("signon.rememberSignons", false);
// PREF: disable address and credit card manager
user_pref("extensions.formautofill.addresses.enabled", false);
user_pref("extensions.formautofill.creditCards.enabled", false);
```
***
### Block embedded social posts on webpages
This matches the default behavior of [Strict](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection) Enhanced Tracking Protection.
```javascript
@@ -53,16 +37,6 @@ user_pref("urlclassifier.features.socialtracking.skipURLs", "");
***
### Top Sites in URL bar
Do not show top sites when you click on the address bar.
* `☰` *→ Settings → Privacy & Security → Address Bar → Shortcuts*
```javascript
// PREF: do not show top sites dropdown suggestions with empty query
user_pref("browser.urlbar.suggest.topsites", false);
```
***
### HTTPS-Only Mode
We already [block](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L810-L827) HTTP subresources from loading on HTTPS pages and [attempt to upgrade](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L545-L550) HTTP site navigation to HTTPS.
@@ -86,7 +60,7 @@ user_pref("dom.security.https_only_mode", true);
user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
```
:warning: HTTPS doesn't mean "trust this." It means "this is private." You may be having a private conversation with Satan. — [Scott Hanselman](https://www.hanselman.com/blog/how-do-we-know-if-mobile-apps-are-secure)
:lock: HTTPS doesn't mean "trust this." It means "this is private." You may be having a private conversation with Satan. — [Scott Hanselman](https://www.hanselman.com/blog/how-do-we-know-if-mobile-apps-are-secure)
***
@@ -174,7 +148,7 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
```
#### Manage exceptions
[Add sites to the Exceptions list](https://support.mozilla.org/en-US/kb/dns-over-https#w_off).
Add sites to the [exceptions list](https://support.mozilla.org/en-US/kb/dns-over-https#w_off).
* `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions*
***