|
|
|
|
@@ -1,9 +1,7 @@
|
|
|
|
|
{
|
|
|
|
|
settings = {
|
|
|
|
|
# data privacy
|
|
|
|
|
"browser.contentblocking.category" = "strict";
|
|
|
|
|
"browser.discovery.enabled" = false;
|
|
|
|
|
"datareporting.healthreport.uploadEnabled" = false;
|
|
|
|
|
"dom.security.https_only_mode" = true;
|
|
|
|
|
# no autofill
|
|
|
|
|
"extensions.formautofill.addresses.enabled" = false;
|
|
|
|
|
@@ -15,7 +13,7 @@
|
|
|
|
|
# dont offer to save passwords
|
|
|
|
|
"signon.rememberSignons" = false;
|
|
|
|
|
# home page
|
|
|
|
|
"browser.startup.homepage" = "chrome://browser/content/blanktab.html";
|
|
|
|
|
"browser.startup.homepage" = "about:blank";
|
|
|
|
|
# blank new tab
|
|
|
|
|
"browser.newtabpage.enabled" = false;
|
|
|
|
|
# compact density
|
|
|
|
|
@@ -57,6 +55,82 @@
|
|
|
|
|
"media.hardwaremediakeys.enabled" = false;
|
|
|
|
|
# restore tabs on startup
|
|
|
|
|
"browser.startup.page" = 3;
|
|
|
|
|
|
|
|
|
|
/* Arkenfox Begin */
|
|
|
|
|
|
|
|
|
|
/* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/
|
|
|
|
|
"extensions.getAddons.showPane" = false;
|
|
|
|
|
|
|
|
|
|
/* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/
|
|
|
|
|
"extensions.htmlaboutaddons.recommendations.enabled" = false;
|
|
|
|
|
|
|
|
|
|
/* 0330: disable new data submission [FF41+]
|
|
|
|
|
* If disabled, no policy is shown or upload takes place, ever
|
|
|
|
|
* [1] https://bugzilla.mozilla.org/1195552 ***/
|
|
|
|
|
"datareporting.policy.dataSubmissionEnabled" = false;
|
|
|
|
|
|
|
|
|
|
/* 0340: disable Studies
|
|
|
|
|
* [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to install and run studies ***/
|
|
|
|
|
"app.shield.optoutstudies.enabled" = false;
|
|
|
|
|
|
|
|
|
|
/* 0341: disable Normandy/Shield [FF60+]
|
|
|
|
|
* Shield is a telemetry system that can push and test "recipes"
|
|
|
|
|
* [1] https://mozilla.github.io/normandy/ ***/
|
|
|
|
|
"app.normandy.enabled" = false;
|
|
|
|
|
"app.normandy.api_url" = "";
|
|
|
|
|
|
|
|
|
|
/* 0350: disable Crash Reports ***/
|
|
|
|
|
"breakpad.reportURL" = "";
|
|
|
|
|
"browser.tabs.crashReporting.sendReport" = false;
|
|
|
|
|
|
|
|
|
|
/* 0351: enforce no submission of backlogged Crash Reports [FF58+]
|
|
|
|
|
* [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/
|
|
|
|
|
"browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
|
|
|
|
|
|
|
|
|
|
/* 0403: disable SB checks for downloads (remote)
|
|
|
|
|
* To verify the safety of certain executable files, Firefox may submit some information about the
|
|
|
|
|
* file, including the name, origin, size and a cryptographic hash of the contents, to the Google
|
|
|
|
|
* Safe Browsing service which helps Firefox determine whether or not the file should be blocked
|
|
|
|
|
* [SETUP-SECURITY] If you do not understand this, or you want this protection, then override this ***/
|
|
|
|
|
"browser.safebrowsing.downloads.remote.enabled" = false;
|
|
|
|
|
"browser.safebrowsing.downloads.remote.url" = "";
|
|
|
|
|
|
|
|
|
|
/* 1201: require safe negotiation
|
|
|
|
|
* Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a
|
|
|
|
|
* MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations
|
|
|
|
|
* but the problem is that the browser can't know that. Setting this pref to true is the only way for the
|
|
|
|
|
* browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
|
|
|
|
|
* [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
|
|
|
|
|
* [STATS] SSL Labs (May 2024) reports over 99.7% of top sites have secure renegotiation [4]
|
|
|
|
|
* [1] https://wiki.mozilla.org/Security:Renegotiation
|
|
|
|
|
* [2] https://datatracker.ietf.org/doc/html/rfc5746
|
|
|
|
|
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
|
|
|
|
|
* [4] https://www.ssllabs.com/ssl-pulse/ ***/
|
|
|
|
|
"security.ssl.require_safe_negotiation" = true;
|
|
|
|
|
/* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+]
|
|
|
|
|
* This data is not forward secret, as it is encrypted solely under keys derived using
|
|
|
|
|
* the offered PSK. There are no guarantees of non-replay between connections
|
|
|
|
|
* [1] https://github.com/tlswg/tls13-spec/issues/1001
|
|
|
|
|
* [2] https://www.rfc-editor.org/rfc/rfc9001.html#name-replay-attacks-with-0-rtt
|
|
|
|
|
* [3] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
|
|
|
|
|
"security.tls.enable_0rtt_data" = false;
|
|
|
|
|
|
|
|
|
|
/* 2002: force WebRTC inside the proxy [FF70+] ***/
|
|
|
|
|
"media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
|
|
|
|
|
/* 2003: force a single network interface for ICE candidates generation [FF42+]
|
|
|
|
|
* When using a system-wide proxy, it uses the proxy interface
|
|
|
|
|
* [1] https://developer.mozilla.org/docs/Web/API/RTCIceCandidate
|
|
|
|
|
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
|
|
|
|
|
"media.peerconnection.ice.default_address_only" = true;
|
|
|
|
|
|
|
|
|
|
/* 2701: enable ETP Strict Mode [FF86+]
|
|
|
|
|
* ETP Strict Mode enables Total Cookie Protection (TCP)
|
|
|
|
|
* [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of
|
|
|
|
|
* cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared
|
|
|
|
|
* [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
|
|
|
|
|
* [SETTING] to add site exceptions: Urlbar>ETP Shield
|
|
|
|
|
* [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/
|
|
|
|
|
"browser.contentblocking.category" = "strict";
|
|
|
|
|
};
|
|
|
|
|
userChrome = ''
|
|
|
|
|
/* Hide tab bar in FF Quantum */
|
|
|
|
|
|
