-
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: celenity <[email protected]>
- Loading branch information
Showing
18 changed files
with
1,744 additions
and
1,102 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,304 @@ | ||
|
|
||
|
|
||
| // Kill Firefox Sync | ||
|
|
||
| lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); | ||
| lockPref("identity.fxaccounts.auth.uri", ""); | ||
| lockPref("identity.fxaccounts.autoconfig.uri", ""); | ||
| lockPref("identity.fxaccounts.commands.remoteTabManagement.enabled", false); | ||
| lockPref("identity.fxaccounts.enabled", false); | ||
| lockPref("identity.fxaccounts.oauth.enabled", false); | ||
| lockPref("identity.fxaccounts.pairing.enabled", false); | ||
| lockPref("identity.fxaccounts.remote.oauth.uri", ""); | ||
| lockPref("identity.fxaccounts.remote.pairing.uri", ""); | ||
| lockPref("identity.fxaccounts.remote.profile.uri", ""); | ||
| lockPref("identity.fxaccounts.remote.root", ""); | ||
| lockPref("identity.fxaccounts.toolbar.defaultVisible", false); | ||
| lockPref("identity.fxaccounts.toolbar.enabled", false); | ||
| lockPref("identity.sync.tokenserver.uri", ""); | ||
| lockPref("services.sync.declinedEngines", "addons,bookmarks,forms,history,creditcards,passwords,addresses,tabs,prefs"); | ||
| lockPref("services.sync.engine.addons", false); | ||
| lockPref("services.sync.engine.addresses", false); | ||
| lockPref("services.sync.engine.bookmarks", false); | ||
| lockPref("services.sync.engine.creditcards", false); | ||
| lockPref("services.sync.engine.history", false); | ||
| lockPref("services.sync.engine.passwords", false); | ||
| lockPref("services.sync.engine.prefs", false); | ||
| lockPref("services.sync.engine.tabs", false); | ||
|
|
||
| lockPref("browser.phoenix.cfg.no-sync.status", "successfully applied :D"); | ||
|
|
||
|
|
||
| // Advanced hardening. | ||
|
|
||
| // We can do better. | ||
|
|
||
| // This is what I generally use for my primary profile & browsing needs. | ||
|
|
||
| // Some of these will be configured as "pref", which allows overriding if needed, but resets on next launch. | ||
|
|
||
| // 001 NETWORKING | ||
|
|
||
| // Require safe renegotiations - Disables RFC 5746 (Per session) | ||
|
|
||
| defaultPref("security.ssl.require_safe_negotiation", false); // [DEFAULT] | ||
| pref("security.ssl.require_safe_negotiation", true); | ||
|
|
||
| // Hard-fail OCSP per session | ||
|
|
||
| defaultPref("security.OCSP.require", false); // [DEFAULT] | ||
| pref("security.OCSP.require", true); | ||
|
|
||
| lockPref("browser.phoenix.cfg.extended.status", "001"); | ||
|
|
||
| // 002 ADVANCED FINGERPRINTING PROTECTION | ||
|
|
||
| /// Further harden FPP... | ||
| // As explained here: https://codeberg.org/celenity/Phoenix/issues/46 | ||
|
|
||
| defaultPref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-FrameRate"); | ||
|
|
||
| /// Enable dynamic rounding of content dimensions | ||
| // https://bugzilla.mozilla.org/show_bug.cgi?id=1407366 | ||
|
|
||
| defaultPref("privacy.resistFingerprinting.letterboxing", true); | ||
|
|
||
| /// Disable WebGL | ||
| // https://blog.browserscan.net/docs/webgl-fingerprinting | ||
| // https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern | ||
|
|
||
| defaultPref("webgl.disabled", true); | ||
|
|
||
| lockPref("browser.phoenix.cfg.extended.status", "002"); | ||
|
|
||
| /// 003 WEBRTC | ||
|
|
||
| // Never leak IP address - This *will* break WebRTC | ||
|
|
||
| defaultPref("media.peerconnection.ice.default_address_only", true); | ||
| defaultPref("media.peerconnection.ice.no_host", true); | ||
|
|
||
| lockPref("browser.phoenix.cfg.extended.status", "003"); | ||
|
|
||
| // 004 MISC. PRIVACY | ||
|
|
||
| /// Block Camera & Microphone permission by default | ||
|
|
||
| defaultPref("permissions.default.camera", 2); | ||
| defaultPref("permissions.default.microphone", 2); | ||
|
|
||
| /// Disable dFPI Heuristics | ||
| // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#15404 | ||
|
|
||
| defaultPref("privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction", false); | ||
| defaultPref("privacy.restrict3rdpartystorage.heuristic.recently_visited", false); | ||
| defaultPref("privacy.restrict3rdpartystorage.heuristic.redirect", false); | ||
| defaultPref("privacy.restrict3rdpartystorage.heuristic.window_open", false); | ||
|
|
||
| /// Only send cross-origin referers if hosts match | ||
|
|
||
| defaultPref("network.http.referer.XOriginPolicy", 2); | ||
|
|
||
| lockPref("browser.phoenix.cfg.extended.status", "004"); | ||
|
|
||
| // 005 ATTACK SURFACE REDUCTION | ||
|
|
||
| /// Disable WebAssembly | ||
| // https://spectrum.ieee.org/more-worries-over-the-security-of-web-assembly | ||
|
|
||
| defaultPref("javascript.options.wasm", false); | ||
|
|
||
| lockPref("browser.phoenix.cfg.extended.status", "005"); | ||
|
|
||
| // 006 MISC. | ||
|
|
||
| /// Prevent sites from automatically refreshing | ||
|
|
||
| defaultPref("accessibility.blockautorefresh", true); | ||
| defaultPref("browser.meta_refresh_when_inactive.disabled", true); | ||
|
|
||
| /// Stricter Autoplay Blocking | ||
|
|
||
| defaultPref("media.autoplay.blocking_policy", 2); | ||
|
|
||
| /// Prevent websites from hijacking keyboard shortcuts by default | ||
| /// Can be overriden per site as needed | ||
|
|
||
| defaultPref("permissions.default.shortcuts", 2); | ||
|
|
||
| lockPref("browser.phoenix.cfg.extended.status", "006"); | ||
|
|
||
| lockPref("browser.phoenix.cfg.extended.status", "successfully applied :D"); | ||
|
|
||
|
|
||
| // This is for shared preferences across Phoenix's 'specialized' configs... | ||
| // Do not apply these settings on profiles you actually plan to browse on or actively use... | ||
| // Goal here is to make these profile as light-weight & minimal as possible. | ||
| // 001 Set Firefox to always ask for container selection on new tabs | ||
| defaultPref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "001"); | ||
| // 002 Disable Reader Mode | ||
| defaultPref("reader.parse-on-load.enabled", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "002"); | ||
| // 003 Disable Printing | ||
| defaultPref("print.enabled", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "003"); | ||
| // 004 Reset Phoenix's FPP overrides + disable Mozilla's remote overrides | ||
| // Unnecessary/undesired for our use case... | ||
| defaultPref("privacy.fingerprintingProtection.granularOverrides", ""); // [DEFAULT] | ||
| defaultPref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "004"); | ||
| // 005 Disable Gecko Media Plugins & OpenH264 | ||
| defaultPref("media.gmp-gmpopenh264.enabled", false); | ||
| defaultPref("media.gmp-gmpopenh264.provider.enabled", false); | ||
| defaultPref("media.gmp-gmpopenh264.visible", false); | ||
| defaultPref("media.gmp-provider.enabled", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "005"); | ||
| // 006 Remove undesired links & connections | ||
| defaultPref("app.feedback.baseURL", ""); | ||
| defaultPref("app.support.baseURL", ""); | ||
| defaultPref("browser.geolocation.warning.infoURL", ""); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "006"); | ||
| // 007 Fully disable browsing history | ||
| defaultPref("places.history.enabled", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "007"); | ||
| // 008 Remove unnecessary URL Bar shortcuts | ||
| defaultPref("browser.urlbar.shortcuts.bookmarks", false); | ||
| defaultPref("browser.urlbar.shortcuts.history", false); | ||
| defaultPref("browser.urlbar.shortcuts.tabs", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "008"); | ||
| // 009 Never back-up/export bookmarks | ||
| defaultPref("browser.bookmarks.autoExportHTML", false); | ||
| defaultPref("browser.bookmarks.max_backups", 0); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "009"); | ||
| // 010 Disable image placeholders | ||
| defaultPref("browser.display.show_image_placeholders", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "010"); | ||
| // 011 Never show "Other Bookmarks" | ||
| defaultPref("browser.toolbars.bookmarks.showOtherBookmarks", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "011"); | ||
| // 012 Prevent caching previous tabs | ||
| defaultPref("browser.sessionstore.max_tabs_undo", 0); | ||
| defaultPref("browser.sessionhistory.max_total_viewers", 0); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "012"); | ||
| // 013 Disable Cookie Banner Blocking, no point | ||
| defaultPref("cookiebanners.bannerClicking.enabled", false); | ||
| defaultPref("cookiebanners.cookieInjector.enabled", false); | ||
| defaultPref("cookiebanners.service.enableGlobalRules", false); | ||
| defaultPref("cookiebanners.service.enableGlobalRules.subFrames", false); | ||
| defaultPref("cookiebanners.service.mode", 0); | ||
| defaultPref("cookiebanners.service.mode.privateBrowsing", 0); | ||
| defaultPref("cookiebanners.ui.desktop.enabled", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "013"); | ||
| // 014 Misc. URL Bar Suggestions | ||
| defaultPref("browser.search.separatePrivateDefault.urlbarResult.enabled", false); | ||
| defaultPref("browser.urlbar.clipboard.featureGate", false); | ||
| defaultPref("browser.urlbar.maxHistoricalSearchSuggestions", 0); | ||
| defaultPref("browser.urlbar.maxRichResults", 0); | ||
| defaultPref("browser.urlbar.richSuggestions.featureGate", false); | ||
| defaultPref("browser.urlbar.suggest.calculator", false); | ||
| defaultPref("browser.urlbar.suggest.clipboard", false); | ||
| defaultPref("browser.urlbar.suggest.engines", false); | ||
| defaultPref("browser.urlbar.suggest.history", false); | ||
| defaultPref("browser.urlbar.suggest.openpage", false); | ||
| defaultPref("browser.urlbar.suggest.remotetab", false); | ||
| defaultPref("browser.urlbar.unitConversion.enabled", false); | ||
| defaultPref("keyword.enabled", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "014"); | ||
| // 015 No Android Debugging | ||
| defaultPref("devtools.remote.adb.extensionID", ""); | ||
| defaultPref("devtools.remote.adb.extensionURL", ""); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "015"); | ||
| // 016 Disable Quarantined Domains (Unnecessary for our use case...) | ||
| defaultPref("extensions.quarantinedDomains.enabled", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "016"); | ||
| // 017 Disable Animations | ||
| defaultPref("toolkit.cosmeticAnimations.enabled", false); | ||
| defaultPref("ui.prefersReducedMotion", 1); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "017"); | ||
| // 018 Disable 'Migration' functionality... | ||
| defaultPref("browser.migrate.bookmarks-file.enabled", false); | ||
| defaultPref("browser.migrate.brave.enabled", false); | ||
| defaultPref("browser.migrate.canary.enabled", false); | ||
| defaultPref("browser.migrate.chrome.enabled", false); | ||
| defaultPref("browser.migrate.chrome.extensions.enabled", false); | ||
| defaultPref("browser.migrate.chrome.get_permissions.enabled", false); | ||
| defaultPref("browser.migrate.chrome.payment_methods.enabled", false); | ||
| defaultPref("browser.migrate.chrome-beta.enabled", false); | ||
| defaultPref("browser.migrate.chrome-dev.enabled", false); | ||
| defaultPref("browser.migrate.chromium.enabled", false); | ||
| defaultPref("browser.migrate.chromium-360se.enabled", false); | ||
| defaultPref("browser.migrate.chromium-edge.enabled", false); | ||
| defaultPref("browser.migrate.chromium-edge-beta.enabled", false); | ||
| defaultPref("browser.migrate.content-modal.import-all.enabled", false); | ||
| defaultPref("browser.migrate.edge.enabled", false); | ||
| defaultPref("browser.migrate.firefox.enabled", false); | ||
| defaultPref("browser.migrate.ie.enabled", false); | ||
| defaultPref("browser.migrate.interactions.bookmarks", false); | ||
| defaultPref("browser.migrate.interactions.csvpasswords", false); | ||
| defaultPref("browser.migrate.interactions.history", false); | ||
| defaultPref("browser.migrate.interactions.passwords", false); | ||
| defaultPref("browser.migrate.opera.enabled", false); | ||
| defaultPref("browser.migrate.opera-gx.enabled", false); | ||
| defaultPref("browser.migrate.preferences-entrypoint.enabled", false); | ||
| defaultPref("browser.migrate.safari.enabled", false); | ||
| defaultPref("browser.migrate.vivaldi.enabled", false); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "018"); | ||
| lockPref("browser.phoenix.cfg.specialized.status", "successfully applied :D"); |
Oops, something went wrong.