From b9691a95527a66019002fe56aa2e2eccb9e31bc6 Mon Sep 17 00:00:00 2001 From: Gaming4JC Date: Sun, 25 Sep 2016 23:42:36 -0400 Subject: remove privacy settings, split to non-prism --- libre-testing/iceweasel/PKGBUILD | 16 +- libre-testing/iceweasel/vendor.js | 535 ++++++++++++++------------------------ 2 files changed, 208 insertions(+), 343 deletions(-) (limited to 'libre-testing') diff --git a/libre-testing/iceweasel/PKGBUILD b/libre-testing/iceweasel/PKGBUILD index 889cdf305..74fbb8e3f 100644 --- a/libre-testing/iceweasel/PKGBUILD +++ b/libre-testing/iceweasel/PKGBUILD @@ -30,8 +30,8 @@ _pkgname=firefox pkgname=iceweasel epoch=1 pkgver=$_debver.$_debrel -pkgrel=3 - +pkgrel=1 +pkgrel=4 pkgdesc="A libre version of Debian Iceweasel, the standalone web browser based on Mozilla Firefox." arch=(i686 x86_64 armv7h) license=(MPL GPL LGPL) @@ -76,7 +76,7 @@ sha256sums=('2f463afd3c74eb9477f58525214f06498357ff90f01b45fb2675fc77c57bcffe' '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6' '87034dbb640f70454b27d1695a6f03b6fd1ab81c82eb4d8c771db925ae03d408' '3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d' - '3cd59a1fa5a32895f91f7a639fc64401736467044a2e4b9145379b044eb04227' + 'd388b63d0b5fcb26260f9b1354c15b785edf28d0ac0067e6ffb29e28286d5a90' 'e260e555b261aabab1e48786dd514eeea056e4402af7cfd4dfd1d32858441484' 'fbb6011501a74a8ea6d01c041870fcefb7ef2859c134aedc676e5f6452833f65' '56eecee8162c138c442773d66483886f1242c8dd2b16eed5711ae5e63d9b0e3a') @@ -111,11 +111,6 @@ prepare() { # Install to /usr/lib/$pkgname patch -Np1 -i "$srcdir/$pkgname-install-dir.patch" - # Disable various components at the source level - sed -i 's|1|0|' toolkit/components/telemetry/TelemetryStartup.manifest || die "failed break telemetry startup" - sed -i 's|1|0|' browser/experiments/Experiments.manifest || die "failed to break ExperimentsService" - sed -i '/pocket/d' browser/extensions/moz.build || die "failed to wipe pocket" - # Patch and remove anything that's left patch -Np1 -i "$srcdir/libre.patch" sed -i 's|Adobe Flash|SWF Player|g; @@ -136,6 +131,11 @@ prepare() { # Load our searchplugins rm -rv browser/locales/en-US/searchplugins cp -av /usr/lib/mozilla/searchplugins browser/locales/en-US + + # Disable various components at the source level + sed -i 's|1|0|' toolkit/components/telemetry/TelemetryStartup.manifest || die "failed break telemetry startup" + sed -i 's|1|0|' browser/experiments/Experiments.manifest || die "failed to break ExperimentsService" + sed -i '/pocket/d' browser/extensions/moz.build || die "failed to wipe pocket" # ARM-specific changes: if [[ "$CARCH" == arm* ]]; then diff --git a/libre-testing/iceweasel/vendor.js b/libre-testing/iceweasel/vendor.js index 64f4e9710..a91133d47 100644 --- a/libre-testing/iceweasel/vendor.js +++ b/libre-testing/iceweasel/vendor.js @@ -1,351 +1,216 @@ -pref("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat"); -pref("extensions.getAddons.link.url", "https://directory.fsf.org/wiki/GNU_IceCat"); -pref("extensions.getAddons.search.browseURL", "https://directory.fsf.org/wiki/GNU_IceCat"); -//pref("accessibility.blockautorefresh", true); -//pref("browser.meta_refresh_when_inactive.disabled", true); -pref("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat"); -pref("app.faqURL", "https://libreplanet.org/wiki/Group:IceCat/FAQ"); -pref("app.update.auto", false); -pref("app.update.checkInstallTime", false); -pref("app.update.enabled", false); -pref("app.update.staging.enabled", false); -pref("app.update.url", "about:blank"); -pref("beacon.enabled", false); -pref("breakpad.reportURL", "about:blank"); -pref("browser.EULA.override", true); -pref("browser.aboutHomeSnippets.updateUrl", "about:blank"); -pref("browser.apps.URL", "about:blank"); -pref("browser.cache.disk.enable", false); -pref("browser.cache.offline.enable", false); -pref("browser.casting.enabled", false); -pref("browser.search.order.US.1", ""); -pref("browser.search.order.US.2", ""); -pref("browser.search.order.US.3", ""); -pref("gecko.handlerService.schemes.mailto.0.name", ""); -pref("browser.disableResetPrompt", true); -pref("browser.display.max_font_attempts",10); -pref("browser.display.max_font_count",10); -pref("browser.display.use_document_fonts", 0); // Prevent font fingerprinting -pref("browser.download.manager.addToRecentDocs", false); -pref("browser.download.manager.retention", 1); -pref("browser.download.manager.scanWhenDone", false); // prevents AV remote reporting of downloads -pref("browser.download.useDownloadDir", false); -pref("browser.eme.ui.enabled", false); -// pref("browser.fixup.alternate.enabled", false); -// pref("browser.formfill.enable", false); -pref("browser.history.allowPopState", false); // HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328 -pref("browser.history.allowPushState", false); -pref("browser.history.allowReplaceState", false); -pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups) -pref("browser.newtab.preload", false); -pref("browser.newtabpage.directory.ping", "about:blank"); -pref("browser.newtabpage.directory.source", "about:blank"); -pref("browser.newtabpage.enabled", false); -pref("browser.newtabpage.enhanced", false); -pref("browser.newtabpage.introShown", true); +// Use LANG environment variable to choose locale +pref("intl.locale.matchOS", true); + +// Disable default browser checking. +pref("browser.shell.checkDefaultBrowser", false); + +// Don't disable our bundled extensions in the application directory +pref("extensions.autoDisableScopes", 11); +pref("extensions.shownSelectionUI", true); + +// Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier +pref("ui.key.menuAccessKeyFocuses", false); + +// Disable the GeoLocation API for content +pref("geo.enabled", false); + +// Make sure that the request URL of the GeoLocation backend is empty +pref("geo.wifi.uri", ""); + +// Disable Pocket and make sure that the request URLs of the Pocket are empty pref("browser.pocket.api", "about:blank"); pref("browser.pocket.enabled", false); pref("browser.pocket.enabledLocales", "about:blank"); pref("browser.pocket.oAuthConsumerKey", "about:blank"); pref("browser.pocket.site", "about:blank"); pref("browser.pocket.useLocaleList", false); -pref("browser.preferences.inContent",false); -//pref("browser.privatebrowsing.autostart", true); -pref("browser.rights.3.shown", true); -pref("browser.safebrowsing.appRepURL", "about:blank"); -pref("browser.safebrowsing.enabled", false); -pref("browser.safebrowsing.malware.enabled", false); -pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank"); -pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank"); -pref("browser.safebrowsing.downloads.remote.block_dangerous", false); -pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); -pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -pref("browser.safebrowsing.downloads.remote.block_uncommon", false); -pref("browser.safebrowsing.downloads.remote.enabled", false); -pref("browser.safebrowsing.downloads.remote.url", ""); -pref("browser.safebrowsing.provider.google.gethashURL", ""); -pref("browser.safebrowsing.provider.google.updateURL", ""); -pref("browser.safebrowsing.provider.google.lists", ""); -pref("browser.search.geoSpecificDefaults.url", "about:blank"); -pref("browser.search.geoSpecificDefaults", false); -pref("browser.search.geoip.url", "about:blank"); -pref("browser.search.suggest.enabled", false); -pref("browser.search.update", false); -pref("browser.selfsupport.url", "about:blank"); -pref("browser.send_pings", false); -pref("browser.sessionstore.privacy_level", 2); -pref("browser.shell.checkDefaultBrowser", false); -pref("browser.slowStartup.maxSamples", 0); -pref("browser.slowStartup.notificationDisabled", true); -pref("browser.slowStartup.samples", 0); -pref("browser.snippets.enabled", false); -pref("browser.snippets.geoUrl", "about:blank"); -pref("browser.snippets.statsUrl", "about:blank"); -pref("browser.snippets.syncPromo.enabled", false); -pref("browser.snippets.updateUrl", "about:blank"); -pref("browser.startup.homepage_override.buildID", "20100101"); -pref("browser.startup.homepage_override.mstone", "9001.0.0"); -pref("browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmarks\":0}"); // Don't promote sync -pref("browser.newtabpage.remote", false); -pref("browser.tabs.crashReporting.sendReport", false); -pref("browser.tabs.remote.desktopbehavior", false); -pref("browser.toolbarbuttons.introduced.pocket-button", true); -pref("browser.uitour.enabled", false); // https://trac.torproject.org/projects/tor/ticket/19047 -pref("browser.urlbar.maxRichResults", 0); -pref("browser.webapps.checkForUpdates", 0); -pref("browser.webapps.updateCheckUrl", "about:blank"); -pref("browser.zoom.siteSpecific", false); -pref("camera.control.autofocus_moving_callback.enabled", false); -pref("camera.control.face_detection.enabled", false); -pref("captivedetect.canonicalURL", "about:blank"); -pref("datareporting.healthreport.about.reportUrl", "about:blank"); -pref("datareporting.healthreport.documentServerURI", "about:blank"); -pref("datareporting.healthreport.service.enabled", false); // Yes, all three of these must be set -pref("datareporting.healthreport.uploadEnabled", false); -pref("datareporting.policy.dataSubmissionEnabled", false); -pref("datareporting.policy.dataSubmissionPolicyVersion", 2); -pref("datareporting.policy.firstRunTime", 0); -pref("device.sensors.enabled", false); -pref("devtools.debugger.remote-enabled", false); // https://developer.mozilla.org/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Enable_remote_debugging -pref("devtools.devices.url", "about:blank"); -pref("devtools.gcli.imgurUploadURL", "about:blank"); -pref("devtools.gcli.jquerySrc", "about:blank"); -pref("devtools.gcli.lodashSrc", "about:blank"); -pref("devtools.gcli.underscoreSrc", "about:blank"); -pref("devtools.remote.wifi.scan", false); // http://forum.top-hat-sec.com/index.php?topic=4951.5;wap2 -pref("devtools.remote.wifi.visible", false); -pref("devtools.webide.adaptersAddonURL", "about:blank"); -pref("devtools.webide.adbAddonURL", "about:blank"); -pref("devtools.webide.addonsURL", "about:blank"); -pref("devtools.webide.enabled", false); //https://trac.torproject.org/projects/tor/ticket/16222 -pref("devtools.webide.simulatorAddonsURL", "about:blank"); -pref("devtools.webide.templatesURL", "about:blank"); -pref("dom.battery.enabled", false); // fingerprinting due to differing OS implementations -pref("dom.enable_performance", false); -pref("dom.event.clipboardevents.enabled",false); -pref("dom.gamepad.enabled", false); // bugs.torproject.org/13023 -pref("dom.indexedDB.enabled", false); -pref("dom.enable_user_timing", false); -pref("dom.event.highrestimestamp.enabled", false); -pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); -pref("dom.mozApps.signed_apps_installable_from", "about:blank"); -pref("dom.netinfo.enabled", false); // Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) -pref("dom.network.enabled",false); // fingerprinting due to differing OS implementations -pref("dom.push.enabled", false); -pref("dom.push.serverURL", ""); -pref("dom.presentation.discovery.enabled", false); -pref("dom.presentation.discoverable", false); -pref("dom.storage.enabled", false); -pref("dom.telephony.enabled", false); // https://wiki.mozilla.org/WebAPI/Security/WebTelephony -pref("dom.vibrator.enabled", false); -pref("dom.vr.enabled", false); -pref("dom.vr.cardboard.enabled", false); -pref("dom.vr.oculus.enabled", false); -pref("dom.vr.oculus050.enabled", false); -pref("dom.vr.poseprediction.enabled", false); -pref("dom.vr.add-test-devices", 0); -pref("dom.workers.sharedWorkers.enabled", false); // See https://bugs.torproject.org/15562 -pref("dom.idle-observers-api.enabled", false); // disable idle observation -pref("experiments.enabled", false); -pref("experiments.manifest.uri", "about:blank"); -pref("extensions.blocklist.detailsURL", "about:blank"); + +// Disable Freedom Violating DRM Feature +pref("browser.eme.ui.enabled", false); +pref("media.eme.enabled", false); +pref("media.eme.apiVisible", false); + +// Default to classic view for about:newtab +pref("browser.newtabpage.enhanced", false); + +// Override add-on signing +pref("xpinstall.signatures.required", false); + +// Poodle attack +pref("security.tls.version.min", 1); + +// Don't call home for blacklisting pref("extensions.blocklist.enabled", false); -pref("extensions.blocklist.itemURL", "about:blank"); -pref("extensions.blocklist.url", "about:blank"); -pref("extensions.bootstrappedAddons", "{}"); -pref("extensions.databaseSchema", 3); -pref("extensions.enabledScopes", 1); -// Don't disable our bundled extensions in the application directory -pref("extensions.autoDisableScopes", 11); -pref("extensions.shownSelectionUI", true); -pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -pref("extensions.getAddons.get.url", "about:blank"); -pref("extensions.getAddons.getWithPerformance.url", "about:blank"); -pref("extensions.getAddons.recommended.url", "about:blank"); -pref("extensions.pendingOperations", false); -pref("extensions.pocket.api", "about:blank"); -pref("extensions.pocket.enabled", false); -pref("extensions.shownSelectionUI", true); -pref("extensions.ui.lastCategory", "addons://list/extension"); -pref("extensions.update.autoUpdateDefault", false); -pref("extensions.update.enabled", false); // Fingerprints all installed addons, best to let the user decide when to run updates manually. -pref("extensions.update.background.url", ""); // User can still update manually, but we disable background updates. -pref("extensions.systemAddon.update.url", ""); // The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox -pref("font.default.x-western", "sans-serif"); + +// Disable plugin installer +pref("plugins.hide_infobar_for_missing_plugin", true); +pref("plugins.hide_infobar_for_outdated_plugin", true); +pref("plugins.notifyMissingFlash", false); + +//https://developer.mozilla.org/en-US/docs/Web/API/MediaSource +//pref("media.mediasource.enabled",true); + +//Speeding it up +pref("network.http.pipelining", true); +pref("network.http.proxy.pipelining", true); +pref("network.http.pipelining.maxrequests", 10); +pref("nglayout.initialpaint.delay", 0); + +// Disable third party cookies +pref("network.cookie.cookieBehavior", 1); + +// Prevent EULA dialog to popup on first run +pref("browser.EULA.override", true); + +// disable app updater url +pref("app.update.url", "http://127.0.0.1/"); + +// Set useragent to Firefox compatible +//pref("general.useragent.compatMode.firefox", true); +// Spoof the useragent to a generic one +pref("general.useragent.compatMode.firefox", true); +// Spoof the useragent to a generic one +pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"); pref("general.appname.override", "Netscape"); -pref("general.appversion.override", "5.0 (Windows)"); -pref("general.buildID.override", "20100101"); +pref("general.appversion.override", "48.0"); +pref("general.buildID.override", "Gecko/20100101"); pref("general.oscpu.override", "Windows NT 6.1"); pref("general.platform.override", "Win32"); -pref("general.productSub.override", "20100101"); -pref("general.useragent.compatMode.firefox", true); -pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0"); -pref("general.useragent.vendor", ""); -pref("general.useragent.vendorSub", ""); -//pref("general.warnOnAboutConfig", false); -pref("geo.enabled", false); -pref("geo.wifi.uri", "about:blank"); -pref("gfx.direct2d.disabled", true); -pref("gfx.downloadable_fonts.fallback_delay", -1); -pref("gfx.font_rendering.opentype_svg.enabled", false); // https://wiki.mozilla.org/SVGOpenTypeFonts - iSEC Partners Report recommends to disable this + +// Privacy & Freedom Issues +// https://webdevelopmentaid.wordpress.com/2013/10/21/customize-privacy-settings-in-mozilla-firefox-part-1-aboutconfig/ +// https://panopticlick.eff.org +// http://ip-check.info +// http://browserspy.dk +// https://wiki.mozilla.org/Fingerprinting +// http://www.browserleaks.com +// http://fingerprint.pet-portal.eu +pref("privacy.donottrackheader.enabled", true); +pref("privacy.donottrackheader.value", 1); +pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); +pref("browser.safebrowsing.enabled", false); +pref("browser.safebrowsing.malware.enabled", false); +//pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/"); +pref("social.enabled", false); +pref("social.remote-install.enabled", false); +pref("datareporting.healthreport.uploadEnabled", false); +pref("datareporting.healthreport.about.reportUrl", "127.0.0.1"); +pref("datareporting.healthreport.documentServerURI", "127.0.0.1"); pref("healthreport.uploadEnabled", false); -pref("identity.fxaccounts.auth.uri", "about:blank"); -pref("intl.charset.default", "windows-1252"); -pref("intl.locale.matchOS", true); -pref("javascript.options.asmjs", false); // Multiple security advisories, low level js -pref("javascript.options.wasm", false); // https://hacks.mozilla.org/2016/03/a-webassembly-milestone/ -pref("javascript.use_us_english_locale", true); -pref("javascript.options.typeinference", false); -pref("javascript.options.baselinejit.content", false); -pref("javascript.options.ion.content", false); // https://trac.torproject.org/projects/tor/ticket/9387#comment:43 -// pref("keyword.enabled", false); -// pref("layers.acceleration.disabled", true); -pref("layout.css.visited_links_enabled", false); -pref("lightweightThemes.update.enabled", false); // We can update our themes manually, may fingerprint the user. -pref("loop.copy.throttler", "about:blank"); -pref("loop.enabled",false); //Disable Firefox Hello -pref("loop.facebook.appId", "about:blank"); -pref("loop.facebook.enabled", false); -pref("loop.facebook.fallbackUrl", "about:blank"); -pref("loop.facebook.shareUrl", "about:blank"); -pref("loop.feedback.baseUrl", "about:blank"); -pref("loop.feedback.formURL", "about:blank"); -pref("loop.feedback.manualFormURL", "about:blank"); -pref("loop.gettingStarted.url", "about:blank"); -pref("loop.learnMoreUrl", "about:blank"); -pref("loop.legal.ToS_url", "about:blank"); -pref("loop.legal.privacy_url", "about:blank"); -pref("loop.linkClicker.url", "about:blank"); -pref("loop.oauth.google.redirect_uri", "about:blank"); -pref("loop.oauth.google.scope", "about:blank"); -pref("loop.remote.autostart", false); -pref("loop.server", "about:blank"); -pref("loop.soft_start_hostname", "about:blank"); -pref("loop.support_url", "about:blank"); -pref("loop.throttled2",false); -pref("mathml.disabled", true); // https://www.torproject.org/projects/torbrowser/design -pref("media.audio_data.enabled", false); -pref("media.autoplay.enabled", false); -pref("media.cache_size", 0); -pref("media.eme.apiVisible", false); // Disable Freedom Violating DRM Feature -pref("media.eme.enabled", false); -pref("media.getusermedia.screensharing.allowed_domains", ""); // We really don't want to be promoting Cisco and Cloudflare in a whitelist here. -pref("media.getusermedia.screensharing.enabled", false); -pref("media.gmp-eme-adobe.enabled", false); -pref("media.gmp-gmpopenh264.enabled", false); -pref("media.gmp-manager.url", "about:blank"); // Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins -pref("media.gmp-manager.url.override", "data:text/plain"); -pref("media.gmp-provider.enabled", false); -pref("media.gmp.trial-create.enabled", false); -pref("media.navigator.enabled", false); -pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces -pref("media.peerconnection.ice.default_address_only", true); -pref("media.video_stats.enabled", false); -pref("media.webspeech.recognition.enable", false); -pref("media.webspeech.synth.enabled", false); -pref("network.allow-experiments", false); -pref("network.http.altsvc.enabled", false); -pref("network.http.altsvc.oe", false); // https://trac.torproject.org/projects/tor/ticket/16673 +pref("social.toast-notifications.enabled", false); +pref("datareporting.policy.dataSubmissionEnabled", false); +pref("datareporting.healthreport.service.enabled", false); +pref("browser.slowStartup.notificationDisabled", true); +pref("network.http.sendRefererHeader", 2); +//pref("network.http.referer.spoofSource", true); +//http://grack.com/blog/2010/01/06/3rd-party-cookies-dom-storage-and-privacy/ +//pref("dom.storage.enabled", false); +pref("dom.event.clipboardevents.enabled",false); +pref("network.prefetch-next", false); pref("network.dns.disablePrefetch", true); -pref("network.http.connection-retry-timeout", 0); -pref("network.http.max-persistent-connections-per-proxy", 256); -pref("network.http.pipelining", true); -pref("network.http.pipelining.aggressive", true); -pref("network.http.pipelining.max-optimistic-requests", 3); -pref("network.http.pipelining.maxrequests", 10); -pref("network.http.pipelining.maxrequests", 12); -pref("network.http.pipelining.read-timeout", 60000); -pref("network.http.pipelining.reschedule-timeout", 15000); -pref("network.http.pipelining.ssl", true); -pref("network.http.proxy.pipelining", true); +pref("network.http.sendSecureXSiteReferrer", false); +pref("toolkit.telemetry.enabled", false); +// Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html +pref("plugins.enumerable_names", ""); +pref("plugin.state.flash", 1); +// Do not autoupdate search engines +pref("browser.search.update", false); +// Warn when the page tries to redirect or refresh +//pref("accessibility.blockautorefresh", true); +pref("dom.battery.enabled", false); +pref("device.sensors.enabled", false); +pref("camera.control.face_detection.enabled", false); +pref("camera.control.autofocus_moving_callback.enabled", false); pref("network.http.speculative-parallel-limit", 0); -pref("network.jar.block-remote-files", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 -pref("network.jar.open-unsafe-types", false); -pref("network.manage-offline-status", false); // https://trac.torproject.org/projects/tor/ticket/18945 -pref("network.predictor.enabled", false); // https://trac.torproject.org/projects/tor/ticket/16625 -pref("network.prefetch-next", false); -pref("network.protocol-handler.external-default", false); -pref("network.protocol-handler.external.mailto", false); -pref("network.protocol-handler.external.news", false); -pref("network.protocol-handler.external.nntp", false); -pref("network.protocol-handler.external.snews", false); -pref("network.protocol-handler.warn-external.mailto", true); -pref("network.protocol-handler.warn-external.news", true); -pref("network.protocol-handler.warn-external.nntp", true); -pref("network.protocol-handler.warn-external.snews", true); -pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419) -pref("network.proxy.socks", "127.0.0.1"); -pref("network.proxy.socks_port", 9050); -pref("network.proxy.socks_remote_dns", true); -pref("network.proxy.type", 0); // Setup for TOR for default proxy, but do not enable by default. -pref("network.security.ports.banned", "9050,9051,9150,9151"); -pref("network.websocket.max-connections", 0); -// pref("nglayout.initialpaint.delay", 0); http://www.mozdev.org/pipermail/fasterfox/2006-January/000509.html -pref("noscript.forbidMedia", true); -pref("offline-apps.allow_by_default", false); // https://support.mozilla.org/en-US/questions/1014708 -//pref("pdfjs.disabled", true); // https://www.exploit-db.com/exploits/37958/ -pref("permissions.memory_only", true); -pref("pfs.datasource.url", "about:blank"); // Fingerprints the user, not HTTPS. Remove it. -pref("pfs.filehint.url", "about:blank"); -pref("plugin.disable", true); // Disable to search plugins on first start -pref("plugin.expose_full_path", false); -pref("plugin.state.flash", 0); -pref("plugin.state.libgnome-shell-browser-plugin", 0); // disable Gnome Shell Integration -pref("plugins.click_to_play", true); -pref("plugins.enumerable_names", "about:blank"); -pref("plugins.hideMissingPluginsNotification", true); -pref("plugins.hide_infobar_for_missing_plugin", true); -pref("plugins.hide_infobar_for_outdated_plugin", true); -pref("plugins.notifyMissingFlash", false); + +// Crypto hardening +// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 +//General settings +//pref("security.tls.unrestricted_rc4_fallback", false); +//pref("security.tls.insecure_fallback_hosts.use_static_list", false); +//pref("security.tls.version.min", 1); +//pref("security.ssl.require_safe_negotiation", true); +//pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +//pref("security.ssl3.rsa_seed_sha", true); +//pref("security.OCSP.enabled", 1); +//pref("security.OCSP.require", true); + +// Disable channel updates +pref("app.update.enabled", false); +pref("app.update.auto", false); + +pref("font.default.x-western", "sans-serif"); + +// Preferences for the Get Add-ons panel +pref ("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat"); +pref ("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat"); + +// Mobile pref("privacy.announcements.enabled", false); -pref("privacy.donottrackheader.enabled", false); // http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/ -pref("privacy.donottrackheader.value", 1); -pref("privacy.thirdparty.isolate", 2); // Always enforce third party isolation -pref("privacy.trackingprotection.enabled", true); -pref("privacy.trackingprotection.pbmode.enabled", true); -pref("security.OCSP.enabled", 0); // https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol#Privacy_concerns -pref("security.OCSP.require", false); -pref("security.ask_for_password", 0); -pref("security.cert_pinning.enforcement_level", 2); // https://trac.torproject.org/projects/tor/ticket/16206 -pref("security.enable_tls_session_tickets", false); -pref("security.mixed_content.block_active_content", true); // Note: Can be disabled for user experience. https://bugzilla.mozilla.org/show_bug.cgi?id=878890 -pref("security.nocertdb", false); -pref("security.ssl.errorReporting.url", ""); -pref("security.ssl.errorReporting.enabled", false); -pref("security.ssl.disable_session_identifiers", true); -pref("security.ssl.enable_false_start", true); -pref("security.ssl.require_safe_negotiation", true); -pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -pref("security.ssl3.rsa_seed_sha", true); -pref("security.tls.insecure_fallback_hosts.use_static_list", false); -pref("security.tls.unrestricted_rc4_fallback", false); -pref("security.tls.version.max", 3); -pref("security.tls.version.min", 1); -pref("services.kinto.base", ""); -pref("services.sync.engine.addons", false); -pref("services.sync.engine.prefs", false); // Never sync prefs, addons, or tabs with other browsers -pref("services.sync.engine.tabs", false); -pref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", false); -pref("services.sync.prefs.sync.extensions.update.enabled", false); -pref("services.sync.serverURL", "about:blank"); -pref("services.sync.jpake.serverURL", "about:blank"); -//pref("signon.autofillForms", false); // disable cross-site form exposure from password manager - http://kb.mozillazine.org/Signon.autofillForms -//pref("signon.rememberSignons", false); +pref("browser.snippets.enabled", false); +pref("browser.snippets.syncPromo.enabled", false); +pref("browser.snippets.geoUrl", "http://127.0.0.1/"); +pref("browser.snippets.updateUrl", "http://127.0.0.1/"); +pref("browser.snippets.statsUrl", "http://127.0.0.1/"); +pref("datareporting.policy.firstRunTime", 0); +pref("datareporting.policy.dataSubmissionPolicyVersion", 2); +pref("browser.webapps.checkForUpdates", 0); +pref("browser.webapps.updateCheckUrl", "http://127.0.0.1/"); +pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ"); + +// PFS url +pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%"); +pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%"); + +// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins +pref("media.gmp-manager.url", "http://127.0.0.1/"); +pref("media.gmp-manager.url.override", "data:text/plain,"); +pref("media.gmp-provider.enabled", false); +// Don't install openh264 codec +pref("media.gmp-gmpopenh264.enabled", false); + +//Disable heartbeat +pref("browser.selfsupport.url", ""); + +//Disable Link to FireFox Marketplace, currently loaded with non-free "apps" +pref("browser.apps.URL", ""); + +//Disable Firefox Hello +pref("loop.enabled",false); +pref("loop.feedback.baseUrl", ""); +pref("loop.gettingStarted.url", ""); +pref("loop.learnMoreUrl", ""); +pref("loop.legal.ToS_url", ""); +pref("loop.legal.privacy_url", ""); +pref("loop.oauth.google.redirect_uri", ""); +pref("loop.oauth.google.scope", ""); +pref("loop.server", ""); +pref("loop.soft_start_hostname", ""); +pref("loop.support_url", ""); +pref("loop.throttled2",false); + +// Use old style preferences, that allow javascript to be disabled +pref("browser.preferences.inContent",false); + +// Don't download ads for the newtab page +pref("browser.newtabpage.directory.source", ""); +pref("browser.newtabpage.directory.ping", ""); +pref("browser.newtabpage.introShown", true); + +// Disable home snippets +pref("browser.aboutHomeSnippets.updateUrl", "data:text/html"); + +// Disable hardware acceleration and WebGL +//pref("layers.acceleration.disabled", false); +pref("webgl.disabled", false); + +// Disable SSDP +pref("browser.casting.enabled", false); + +//Disable directory service pref("social.directories", ""); -pref("social.enabled", false); -pref("social.remote-install.enabled", false); -pref("social.shareDirectory", ""); -pref("social.toast-notifications.enabled", false); pref("social.whitelist", ""); -pref("startup.homepage_override_url", ""); -pref("startup.homepage_welcome_url", ""); -pref("svg.in-content.enabled", true); -pref("toolkit.telemetry.enabled", false); -pref("toolkit.telemetry.server", "about:blank"); -pref("toolkit.telemetry.archive.enabled", false); -pref("ui.key.menuAccessKeyFocuses", false); // Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier -//pref("webgl.disable-extensions", true); -//pref("webgl.disabled", true); -//pref("webgl.min_capability_mode", true); -pref("xpinstall.signatures.required", true); // Requires AMO signing key for addons -pref("xpinstall.whitelist.add", ""); +pref("social.shareDirectory", ""); + +// Disable Barlog +pref("app.update.url", "about:blank"); \ No newline at end of file -- cgit v1.2.3