diff --git a/Firefox-Config/user.js b/Firefox-Config/user.js index 6c9644e..2e09995 100644 --- a/Firefox-Config/user.js +++ b/Firefox-Config/user.js @@ -214,8 +214,65 @@ user_pref("layout.word_select.eat_space_to_next_word", false); // visit https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening // Enter your personal overrides below this line: +// PREF: restore login manager +user_pref("signon.rememberSignons", true); +// PREF: restore Top Sites on New Tab page +user_pref("browser.newtabpage.activity-stream.feeds.topsites", true); +// PREF: enable container tabs +user_pref("privacy.userContext.enabled", true); + +/*********************************** + * START: HARDENING * + ***********************************/ + +// PREF: disable Firefox Sync +user_pref("identity.fxaccounts.enabled", false); + +// PREF: disable the Firefox View tour from popping up +user_pref("browser.firefox-view.feature-tour", '{"screen":"","complete":true}'); + +// PREF: enable HTTPS-Only Mode +// Warn me before loading sites that don't support HTTPS +// in both Normal and Private Browsing windows. +user_pref("dom.security.https_only_mode", true); +user_pref("dom.security.https_only_mode_error_page_user_suggestions", true); + +// PREF: disable captive portal detection +// [WARNING] Do NOT use for mobile devices! +user_pref("captivedetect.canonicalURL", ""); +user_pref("network.captive-portal-service.enabled", false); +user_pref("network.connectivity-service.enabled", false); + +// PREF: set DoH provider +user_pref("network.trr.uri", "https://family.dns.mullvad.net/dns-query"); +user_pref("network.trr.custom_uri", "https://family.dns.mullvad.net/dns-query"); + +// PREF: enforce DNS-over-HTTPS (DoH) +user_pref("network.trr.mode", 3); + +// PREF: enforce certificate pinning +// [ERROR] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE +// 1 = allow user MiTM (such as your antivirus) (default) +// 2 = strict +user_pref("security.cert_pinning.enforcement_level", 2); + +// PREF: delete all browsing data on shutdown +user_pref("privacy.sanitize.sanitizeOnShutdown", true); +user_pref("privacy.clearOnShutdown_v2.cache", true); +user_pref("privacy.clearOnShutdown_v2.formdata", true); + +// PREF: after crashes or restarts, do not save extra session data +// such as form content, scrollbar positions, and POST data +user_pref("browser.sessionstore.privacy_level", 2); + +// PREF: disable all DRM content +user_pref("media.eme.enabled", false); + +/*********************************** + * END: HARDENING * + ***********************************/ /**************************************************************************** * END: MY OVERRIDES * @@ -225,6 +282,9 @@ user_pref("layout.word_select.eat_space_to_next_word", false); * START: ARKEN FOX MODS * ****************************************************************************/ +// Disable IPv6 +user_pref("network.dns.disableIPv6", true); + // Enforce no "Hyperlink Auditing" (click tracking) user_pref("browser.send_pings", false); // [DEFAULT: false] @@ -263,10 +323,166 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] user_pref("browser.urlbar.clipboard.featureGate", false); +// Disable location bar suggestion types +user_pref("browser.urlbar.suggest.history", false); +// user_pref("browser.urlbar.suggest.bookmark", false); +// user_pref("browser.urlbar.suggest.openpage", false); +// user_pref("browser.urlbar.suggest.topsites", false); + +// Disable Form Autofill +user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] +user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] + +// Limit events that can cause a pop-up +user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); + +// Enable CRLite [FF73+] +/* + * 0 = disabled + * 1 = consult CRLite but only collect telemetry + * 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results + * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default) + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071 + * [2] https://blog.mozilla.org/security/tag/crlite/ +*/ +user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+] + +// Enable HTTPS-Only mode in all windows +/* + * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail) + * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") + * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions) + * [TEST] http://example.com [upgrade] + * [TEST] http://httpforever.com/ | http://http.rip [no upgrade] +*/ +user_pref("dom.security.https_only_mode", true); // [FF76+] +user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] + +// Disable RFP spoof english prompt +// [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... +user_pref("privacy.spoof_english", 1); + +// DOM (DOCUMENT OBJECT MODEL) +// Prevent scripts from moving and resizing open windows +user_pref("dom.disable_window_move_resize", true); + +// Disable UITour backend so there is no chance that a remote page can use it +user_pref("browser.uitour.url", ""); // Defense-in-depth + +// Reset remote debugging to disabled +user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] + +// Enforce PDFJS +user_pref("pdfjs.disabled", false); // [DEFAULT: false] + +// Disable content analysis by DLP (Data Loss Prevention) agents +user_pref("browser.contentanalysis.enabled", false); // [FF121+] [DEFAULT: false] +user_pref("browser.contentanalysis.default_result", 0); // [FF127+] [DEFAULT: 0] + +// DOWNLOADS +/* + * Enable user interaction for security by always asking how to handle new mimetypes [FF101+] + * [SETTING] General>Files and Applications>What should Firefox do with other files +*/ +user_pref("browser.download.always_ask_before_handling_new_types", true); + +// Fingerprint Protection +// Enable FPP in PB mode +user_pref("privacy.fingerprintingProtection.pbmode", true); +// Disable remote FPP overrides +user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); + +// Enfore Firefox blocklist +user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] + +// Enfore no referer spoofing +user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] + +// Security delay on confirmation dialogues +user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] + +// Enfore no First Party Isolation +user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] + +// Enfore SmartBlock shims +user_pref("extensions.webcompat.enable_shims", true); // [HIDDEN PREF] [DEFAULT: true] + +// Enforce no TLS 1.0/1.1 downgrades +user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] + +// Enforce disabling of Web Compatibility Reporter [FF56+] +user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] + +// Enforce Quarantined Domains [FF115+] +user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] + +// Disable using the OS's geolocation service +user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] + +// Disable APIs +/* + * Location-Aware Browsing, Full Screen + * [WHY] The API state is easily fingerprintable. + * Geo is behind a prompt (7002). Full screen requires user interaction +*/ +user_pref("geo.enabled", false); +user_pref("full-screen-api.enabled", false); + +// Enable the DNT (Do Not Track) HTTP header +user_pref("privacy.donottrackheader.enabled", true); + +// Customize Enhanced Tracking Protection (ETP) +user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5] +user_pref("network.cookie.cookieBehavior.optInPartitioning", true); // [ETP FF132+] +user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); +user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] +user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+] +user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] +user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true] +user_pref("privacy.query_stripping.enabled", true); // [FF101+] +user_pref("privacy.trackingprotection.enabled", true); +user_pref("privacy.trackingprotection.socialtracking.enabled", true); +user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] +user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] + +// Disable WebRTC (Web Real-Time Communication) +user_pref("media.peerconnection.enabled", false); + +// Set the proxy server to do any DNS lookups when using SOCKS +user_pref("network.proxy.socks_remote_dns", true); + +// SSL (Secure Sockets Layer) / TLS (Transport Layer Security) +// Require safe negotiation +user_pref("security.ssl.require_safe_negotiation", true); +// Set OCSP fetch failures (non-stapled, see 1211) to hard-fail +user_pref("security.OCSP.require", true); + /**************************************************************************** * END: ARKEN FOX MODS * ****************************************************************************/ +/**************************************************************************** + * START: CUSTOMISABLE * +****************************************************************************/ + +// Disable location bar suggestion types +// user_pref("browser.urlbar.suggest.bookmark", false); +// user_pref("browser.urlbar.suggest.openpage", false); +// user_pref("browser.urlbar.suggest.topsites", false); + +/** disable websites overriding Firefox's keyboard shortcuts [FF58+] + * 0 (default) or 1=allow, 2=block + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts *** +**/ +// user_pref("permissions.default.shortcuts", 2); + +// Disable WebGL (Web Graphics Library) +// user_pref("webgl.disabled", true); + +/**************************************************************************** + * END: CUSTOMISABLE * +****************************************************************************/ + /**************************************************************************** * SECTION: SMOOTHFOX * ****************************************************************************/