diff options
Diffstat (limited to 'librewolf/debian/librewolf_settings')
7 files changed, 2389 insertions, 0 deletions
diff --git a/librewolf/debian/librewolf_settings/LICENSE.txt b/librewolf/debian/librewolf_settings/LICENSE.txt new file mode 100644 index 0000000..a612ad9 --- /dev/null +++ b/librewolf/debian/librewolf_settings/LICENSE.txt @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/librewolf/debian/librewolf_settings/README.md b/librewolf/debian/librewolf_settings/README.md new file mode 100755 index 0000000..0b0edee --- /dev/null +++ b/librewolf/debian/librewolf_settings/README.md @@ -0,0 +1,18 @@ +# LibreWolf settings + +LibreWolf settings for all platforms. + +we encourage users to find **their own setup** and to use our default configuration as something to build on top of. this is now easier thanks to the [overrides](https://librewolf.net/docs/faq/#where-do-i-find-my-librewolfoverridescfg). + +## Useful links +- [website](https://librewolf.net/): read the docs. +- [faq](https://librewolf.net/docs/faq/): for any question you might have, and to help you creating your own pref file. +- [all releases](https://gitlab.com/librewolf-community/browser). +- [issue tracker](https://gitlab.com/librewolf-community/settings/-/issues). issues that have the `provide info` label need user input or they will be quarantined after a week, and closed after ten days. +- find us on [gitter](https://gitter.im/librewolf-community/librewolf) / [matrix](https://matrix.to/#/#librewolf:matrix.org) / [reddit](https://www.reddit.com/r/LibreWolf/) / [lemmy](https://lemmy.ml/c/librewolf). + +## Notes and thanks +- this repository benefits from the knowledge and research provided by [arkenfox](https://github.com/arkenfox), so special thanks to the project. +we do not use arkenfox's user.js but we try to keep up with it, and we also consider it a great resource for users who want to find their own setup. +- some of the older prefs in this project were taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home); +- thanks to the whole LibreWolf community and to all the contributors of this repo.
\ No newline at end of file diff --git a/librewolf/debian/librewolf_settings/defaults/pref/local-settings.js b/librewolf/debian/librewolf_settings/defaults/pref/local-settings.js new file mode 100644 index 0000000..eaecc05 --- /dev/null +++ b/librewolf/debian/librewolf_settings/defaults/pref/local-settings.js @@ -0,0 +1,7 @@ +// Sets up the .cfg file. + +//Specifies the .cfg filename (path cannot be changed) +pref("general.config.filename", "librewolf.cfg"); + +//Allows .cfg file to be stored in plain text without obfuscation +pref("general.config.obscure_value", 0); diff --git a/librewolf/debian/librewolf_settings/distribution/policies.json b/librewolf/debian/librewolf_settings/distribution/policies.json new file mode 100644 index 0000000..50a0eb2 --- /dev/null +++ b/librewolf/debian/librewolf_settings/distribution/policies.json @@ -0,0 +1,94 @@ +{ + "__COMMENT__ More Information": "https://github.com/mozilla/policy-templates/blob/master/README.md", + "policies": { + "AppUpdateURL": "https://localhost", + "DisableAppUpdate": true, + "OverrideFirstRunPage": "", + "OverridePostUpdatePage": "", + "DisableSystemAddonUpdate": true, + "DisableProfileImport": false, + "DisableFirefoxStudies": true, + "DisableTelemetry": true, + "DisableFeedbackCommands": true, + "DisablePocket": true, + "DisableSetDesktopBackground": false, + "DisableDeveloperTools": false, + "DNSOverHTTPS": { + "Enabled": false, + "ProviderURL": "", + "Locked": false + }, + "NoDefaultBookmarks": true, + "WebsiteFilter": { + "Block": [ + "https://localhost/*" + ], + "Exceptions": [ + "https://localhost/*" + ] + }, + "Extensions": { + "Install": [ + "https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.41.8-an+fx.xpi" + ], + "Uninstall": [ + "google@search.mozilla.org", + "bing@search.mozilla.org", + "amazondotcom@search.mozilla.org", + "ebay@search.mozilla.org", + "twitter@search.mozilla.org" + ] + }, + "SearchEngines": { + "PreventInstalls": false, + "Remove": [ + "Google", + "Bing", + "Amazon.com", + "eBay", + "Twitter" + ], + "Default": "DuckDuckGo", + "Add": [ + { + "Name": "DuckDuckGo Lite", + "Description": "Minimal, ad-free version of DuckDuckGo", + "Alias": "", + "Method": "POST", + "URLTemplate": "https://duckduckgo.com/lite/?q={searchTerms}", + "PostData": "q={searchTerms}", + "IconURL": "data:image/x-icon;base64,AAABAAIAEBAAAAEAIABoBAAAJgAAACAgAAABACAAqBAAAI4EAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADVZ4Ss0Wd+PM1nf1Tpd4PM6XeDzM1nf1TRZ3481WeErAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVYD/BjRa3pRQcOP9tMLy/83q2f/m9uv//f7+//L0/P+qu+7/UHDj/TRa3pRVgP8GAAAAAAAAAAAAAAAAVYD/BjNZ372Jnuv/9/j9/8nT9v+D0pj/R71m/02+a/9Kr3z/XreM//f4/f+Jnuv/M1nfvVWA/wYAAAAAAAAAADRa3pSJnuv/4Ob6/1h25P+8yPT/ntyv/6zhuv+Fvrj/PpKY/0Cbjf9YduT/4Ob6/4me6/80Wt6UAAAAADVZ4StQcOP99/j9/1h25P8zWN7/5+z7////////////Z4Lm/zNY3v8zWd3/M1je/1h25P/3+P3/UHDj/TVZ4Ss0Wd+PrLvx/5ut7v8zWN7/Rmfh/////////////////0Jo4P8neuf/IY/s/yZ85/8yXN//m63u/6y78f80Wd+PM1nf1ert+/9ObuL/M1je/3CK5////////////9j4//8RyPv/J3vn/ytx5P8lg+n/KHjm/05u4v/p7fv/M1nf1Tpd4PP4+f3/M1je/zNY3v+bre7////////////X+P//JNL8/yDJ+v8Utvb/II/t/y9j4P8zWN7/+Pn9/zpd4PM6XeDz+Pn9/zNY3v8zWN7/w871///////////////////////k+v//T5zt/xyc7/8UtPX/L2Ph//j5/f86XeDzM1nf1ert+/9ObuL/M1je/9vi+f//////oXZf////////////oXZf/2N/5f8zWN7/M1je/05u4v/q7fv/M1nf1TRZ34+su/H/m63u/zNY3v/H0fX//////////////////////+js+/83W97/M1je/zNY3v+bre7/rLvx/zRZ3481WeErUHDj/ff4/f9YduT/X3zl//Hz/P////////////j5/f9yi+j/M1je/zNY3v9YduT/9/j9/1Bw4/01WeErAAAAADRa3pSJnuv/4Ob6/1h25P9MbOL/2N/4/73J9P9DZeD/M1je/zNY3v9YduT/4Ob6/4me6/80Wt6UAAAAAAAAAABVgP8GM1nfvYme6//3+P3/m63u/05u4v8zWN7/M1je/05u4v+bre7/9/j9/4me6/8zWd+9VYD/BgAAAAAAAAAAAAAAAFWA/wY0Wt6UUHDj/ay78f/p7fv/+Pn9//j5/f/p7fv/rLvx/1Bw4/00Wt6UVYD/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADVZ4Ss0Wd+PM1nf1Tpd4PM6XeDzM1nf1TRZ3481WeErAAAAAAAAAAAAAAAAAAAAAPAPAADAAwAAgAEAAIABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIABAACAAQAAwAMAAPAPAAAoAAAAIAAAAEAAAAABACAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWA/wY2Wt9HM1nelTRY3780WN7ZM1je8zNY3vM0WN7ZNFjfvzNZ3pU2Wt9HVYD/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADVg3xgzWN+WNFne8TNY3v9ceuT/iJ7r/52v7/+ywPL/ssDy/52v7/+Inuv/XHrk/zNY3v80Wd7xM1jfljVg3xgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAElt/wczWOCCM1nf9Ets4v+ouPH/6e37/+vv+//a4Pj/2eD4/9zi+f/c4vn/2eD4/9rg+P/m6vv/6e37/6i48f9LbOL/M1nf9DNY4IJJbf8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1YN8YM1jfxz9i4P+js/D/8fP8/6Cx7/+7x/P/5fbp/1zEd/+o4Lb/9vz4////////////3+T5/zVZ3v9Xed3/obPu//Hz/P+js/D/P2Hf/zNY38c1YN8YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN1njLjRZ3uNTcuP/4eb6/7PB8v9IaeH/M1je/9rg+f/H69D/Rrxl/0a8Zf9NtV//RrRa/063Yv9fpqf/QqWA/0a8Zf87gqv/SGnh/7TC8v/h5vr/U3Lj/zRZ3uMzW+MtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADVg3xg0Wd7jZ4Pm/+/x/P+Emuv/M1je/zNY3v87Xt///P3+/7rmxv9GvGX/Rrxl/0azWv9GvGX/Rrxl/0a8ZP9GvGX/Rrxl/zyIo/8zWN7/M1je/4Sa6//v8fz/Z4Lm/zRZ3uM1YN8YAAAAAAAAAAAAAAAAAAAAAAAAAABJbf8HM1jfx1Ny4//v8fz/aoXm/zNY3v8zWN7/M1je/2N/5f//////tOTB/0a8Zf9HvWb/c8mH/1W+bv9IuWj/Qqp7/0a8Zf9GvGX/PIWo/zNY3v8zWN7/M1je/2qF5v/v8fz/U3Lj/zNY38dJbf8HAAAAAAAAAAAAAAAAAAAAADNY4II/YuD/4eb6/4Sa6/8zWN7/M1je/zNY3v8zWN7/j6Ps///////W8d3/pt+1/+X26v//////8/X9/zhc3v80Wdz/PIek/0a4av85d7j/M1je/zNY3v8zWN7/M1je/4Sa6//h5vr/P2Hf/zNY4IIAAAAAAAAAAAAAAAA1YN8YM1nf9KOz8P+0wvL/M1je/zNY3v8zWN7/M1je/zNY3v+6xvP///////////////////////////+zwfL/M1je/zNY3v8zWN7/NFzY/zNZ3f8zWN7/M1je/zNY3v8zWN7/M1je/7TC8v+js/D/M1nf9DVg3xgAAAAAAAAAADNY35ZLbOL/8fP8/0hp4f8zWN7/M1je/zNY3v8zWN7/M1je/+Xq+v///////////////////////////32U6v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/SGnh//Hz/P9LbOL/M1jflgAAAABVgP8GNFne8ai48f+hsu//M1je/zNY3v8zWN7/M1je/zNY3v9DZeD/////////////////////////////////V3bj/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/obLv/6i48f80Wd7xVYD/BjZa30czWN7/6e37/1Z04/8zWN7/M1je/zNY3v8zWN7/M1je/2+J5/////////////////////////////////9RcOL/Lmfi/yKN7P8XrPP/EML5/w3K+/8Suvf/HZnu/y5n4v8zWN7/M1je/zNY3v9WdOP/6e37/zNY3v82Wt9HM1nelVx65P/j6Pr/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/mavu////////////////////////////7/z//yK79v8K0v3/Fq/0/yKN7P8iiev/IY7s/xqh8P8Suff/Dcr7/y5o4v8zWN7/M1je/zNY3v/j6Pr/XHrk/zNZ3pU0WN+/iJ7r/6++8v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v/DzvX///////////////////////////9k4/7/CtL9/xK59/8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/6++8v+Inuv/NFjfvzRY3tmdr+//mqzu/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/+7x/P///////////////////////////2Xj/v8K0v3/C9D9/xmm8f8YqfP/Gafy/yKN7P8vZuH/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/mqzu/52v7/80WN7ZM1je87LA8v+Fm+v/M1je/zNY3v8zWN7/M1je/zNY3v9La+H/////////////////////////////////+P7//3Pm/v8P0/3/CtL9/wrS/f8K0v3/CtL9/wrR/f8VsvX/JYPp/zNb3v8zWN7/M1je/zNY3v+Fm+v/ssDy/zRZ3vIzWN7zssDy/4Wb6/8zWN7/M1je/zNY3v8zWN7/M1je/3SN6P////////////////////////////////////////////b+///T9///vPP//1q/9v8WrfT/DMv8/wrS/f8K0v3/DsX6/yl25v8zWN7/M1je/4Wb6/+ywPL/M1je8zRY3tmdr+//mqzu/zNY3v8zWN7/M1je/zNY3v8zWN7/m63u////////////0LWn/7qTfv/////////////////////////////+/v//////s8Dy/zNY3v8zWt7/KXbm/x2b7v8bn/D/KnPl/zNY3v8zWN7/mqzu/52v7/80WN7ZNFjfv4me6/+vvvL/M1je/zNY3v8zWN7/M1je/zNY3v+zwPL///////////+sfWT/om5R//v59///////////////////////pHFV/8Cdiv+ruvH/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v+vvvL/iJ7r/zRY378zWd6VXHrk/+Po+v8zWN7/M1je/zNY3v8zWN7/M1je/7/K9P////////////z6+f/38u/////////////////////////////NsKH/4dDH/3uT6f8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/+Po+v9ceuT/M1nelTZa30czWN7/6e37/1Z04/8zWN7/M1je/zNY3v8zWN7/p7fw///////k1c3////////////////////////////////////////////3+f3/Q2Xg/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v9WdOP/6e37/zNY3v82Wt9HVYD/BjRZ3vGouPH/oLHv/zNY3v8zWN7/M1je/zNY3v92j+j//////+7l3//gz8b/+/j2///////////////////////p3db/2MK2/6mz5P8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/6Gy7/+ouPH/NFne8VWA/wYAAAAAM1jflkts4v/x8/z/SGnh/zNY3v8zWN7/M1je/zNY3v/U3Pj////////////////////////////////////////////s7/z/RWfg/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v9IaeH/8fP8/0ts4v8zWN+WAAAAAAAAAAA1YN8YM1nf9KOz8P+zwfL/M1je/zNY3v8zWN7/M1je/0Fj4P/DzvX/////////////////////////////////8PP8/2WB5v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/7TC8v+js/D/M1nf9DVg3xgAAAAAAAAAAAAAAAAzWOCCP2Lg/+Hm+v+Emuv/M1je/zNY3v8zWN7/R2jh/0do4f97k+n/1dz4////////////7/L8/4Oa6/9CZOD/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v+Fm+v/4eb6/z9i4P8zWOCCAAAAAAAAAAAAAAAAAAAAAElt/wczWN/HU3Lj/+/x/P9qheb/M1je/zNY3v+Xqe7/7vH8/////////////////87X9/9TcuP/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/aoXm/+/x/P9TcuP/M1jfx0lt/wcAAAAAAAAAAAAAAAAAAAAAAAAAADVg3xg0Wd7jZ4Lm/+/x/P+Emuv/M1je/2J+5f+puPH/rrzx/5Kl7f9PbuL/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/4Sa6//v8fz/Z4Lm/zRZ3uM1YN8YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdZ4y40Wd7jU3Lj/+Hm+v+0wvL/SGnh/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/0hp4f+0wvL/4eb6/1Ny4/80Wd7jM1vjLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADVg3xgzWN/HP2Lg/6Oz8P/x8/z/obLv/1Z04/8zWN7/M1je/zNY3v8zWN7/M1je/zNY3v8zWN7/M1je/1Z04/+hsu//8fP8/6Oz8P8/Yd//M1jfxzVg3xgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAElt/wczWOCCM1nf9Ets4v+ouPH/6e37/+Po+v+vvvL/mqzu/4Wb6/+Fm+v/mqzu/6++8v/j6Pr/6e37/6i48f9LbOL/M1nf9DNY4IJJbf8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1YN8YM1jfljRZ3vEzWN7/XHrk/4ie6/+dr+//ssDy/7LA8v+dr+//iJ7r/1x65P8zWN7/NFne8TNY35Y1YN8YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVYD/BjZa30czWd6VNFjfvzRY3tkzWN7zM1je8zRY3tk0WN+/M1nelTZa30dVgP8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/AA///AAD//AAAP/gAAB/wAAAP4AAAB8AAAAPAAAADgAAAAYAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAABgAAAAcAAAAPAAAAD4AAAB/AAAA/4AAAf/AAAP/8AAP//wAP/" + }, + { + "Name": "SearXNG", + "Description": "A privacy-respecting, hackable metasearch engine", + "Alias": "", + "Method": "POST", + "URLTemplate": "https://searx.be/?q={searchTerms}", + "PostData": "q={searchTerms}&time_range=&language=en-US&category_general=on", + "IconURL": "data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIiB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiIHhtbG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgaWQ9InN2ZzgiIHZlcnNpb249IjEuMSIgdmlld0JveD0iMCAwIDkyIDkyIiBoZWlnaHQ9IjkybW0iIHdpZHRoPSI5Mm1tIj4KICA8ZGVmcyBpZD0iZGVmczIiLz4KICA8bWV0YWRhdGEgaWQ9Im1ldGFkYXRhNSI+CiAgICA8cmRmOlJERj4KICAgICAgPGNjOldvcmsgcmRmOmFib3V0PSIiPgogICAgICAgIDxkYzpmb3JtYXQ+aW1hZ2Uvc3ZnK3htbDwvZGM6Zm9ybWF0PgogICAgICAgIDxkYzp0eXBlIHJkZjpyZXNvdXJjZT0iaHR0cDovL3B1cmwub3JnL2RjL2RjbWl0eXBlL1N0aWxsSW1hZ2UiLz4KICAgICAgICA8ZGM6dGl0bGUvPgogICAgICA8L2NjOldvcms+CiAgICA8L3JkZjpSREY+CiAgPC9tZXRhZGF0YT4KICA8ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtNDAuOTIxMzAzLC0xNy40MTY1MjYpIiBpZD0ibGF5ZXIxIj4KICAgIDxjaXJjbGUgcj0iMCIgc3R5bGU9ImZpbGw6bm9uZTtzdHJva2U6IzAwMDAwMDtzdHJva2Utd2lkdGg6MTI7c3Ryb2tlLW1pdGVybGltaXQ6NDtzdHJva2UtZGFzaGFycmF5Om5vbmU7c3Ryb2tlLW9wYWNpdHk6MSIgY3k9IjkyIiBjeD0iNzUiIGlkPSJwYXRoMzcxMyIvPgogICAgPGNpcmNsZSByPSIzMCIgY3k9IjUzLjkwMjU1NyIgY3g9Ijc1LjkyMTMwMyIgaWQ9InBhdGg4MzQiIHN0eWxlPSJmaWxsOm5vbmU7ZmlsbC1vcGFjaXR5OjE7c3Ryb2tlOiMzMDUwZmY7c3Ryb2tlLXdpZHRoOjEwO3N0cm9rZS1taXRlcmxpbWl0OjQ7c3Ryb2tlLWRhc2hhcnJheTpub25lO3N0cm9rZS1vcGFjaXR5OjEiLz4KICAgIDxwYXRoIGQ9Im0gNjcuNTE0ODQ5LDM3LjkxNTI0IGEgMTgsMTggMCAwIDEgMjEuMDUxNDc1LDMuMzEyNDA3IDE4LDE4IDAgMCAxIDMuMTM3MzEyLDIxLjA3ODI4MiIgaWQ9InBhdGg4NTIiIHN0eWxlPSJmaWxsOm5vbmU7ZmlsbC1vcGFjaXR5OjE7c3Ryb2tlOiMzMDUwZmY7c3Ryb2tlLXdpZHRoOjU7c3Ryb2tlLW1pdGVybGltaXQ6NDtzdHJva2UtZGFzaGFycmF5Om5vbmU7c3Ryb2tlLW9wYWNpdHk6MSIvPgogICAgPHJlY3QgdHJhbnNmb3JtPSJyb3RhdGUoLTQ2LjIzNDcwOSkiIHJ5PSIxLjg2NjkxMDVlLTEzIiB5PSIxMjIuMDg5OTUiIHg9IjMuNzA2MzUyOSIgaGVpZ2h0PSIzOS45NjMzMDMiIHdpZHRoPSIxOC44NDYzMzEiIGlkPSJyZWN0OTEyIiBzdHlsZT0ib3BhY2l0eToxO2ZpbGw6IzMwNTBmZjtmaWxsLW9wYWNpdHk6MTtzdHJva2U6bm9uZTtzdHJva2Utd2lkdGg6ODtzdHJva2UtbWl0ZXJsaW1pdDo0O3N0cm9rZS1kYXNoYXJyYXk6bm9uZTtzdHJva2Utb3BhY2l0eToxIi8+CiAgPC9nPgo8L3N2Zz4=" + }, + { + "Name": "MetaGer", + "Description": "MetaGer: Privacy Protected Search & Find", + "Alias": "", + "Method": "GET", + "URLTemplate": "https://metager.org/meta/meta.ger3?eingabe={searchTerms}", + "IconURL": "data:image/x-icon;base64,AAABAAEAQEAAAAEACAAoFgAAFgAAACgAAABAAAAAgAAAAAEACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP4AAYD+AACA/wADgf4ABIH+AAWC/gAGgv4ACYT+AAuF/gAMhf4ADYb+AA6G/gAPh/4AEIf+ABGI/gATif4AFIn+ABWK/gAWiv4AF4v+ABmM/gAajP4AG43+AByN/gAejv4AIZD+ACSR/gAmkv4AJ5L+ACmU/gAqlP4ALJX+AC2W/gAulv4AMpj+ADSZ/gA5m/4AO5z+AD6e/gA/n/4AQJ/+AEKg/gBDof4ARKH+AEWi/gBGov4ASKP+AEyl/gBPpv4AU6j+AFWq/gBXq/4AWKv+AFut/gBcrf4AX6/+AGGw/gBksf4AZ7L+AGq0/gBvtv4Acbf+AHO4/gB0uf4Adrr+AHe6/gB4u/4Afr7+AIC//gCBwP4Ah8P+AIjD/gCJxP4AisT+AIvF/gCNxv4AkMf+AJHI/gCSyP4Ak8n+AJTJ/gCVyv4Alsr+AJjL/gCazP4AnM3+AJ7O/gCgz/4AodD+AKLQ/gCk0f4AptL+AKjT/gCq1P4ArdX+AK7W/gCv1v4AsNf+ALXZ/gC22v4At9r+ALjb/gC52/4AvN3+AMPg/gDE4f4AxuL+AMrk/gDM5f4Azub+AM/m/gDQ5/4A0ef+ANLo/gDU6f4A1ur+ANnr/gDb7P4A3+7+AOHv/gDk8f4A5fH+AOby/gDn8v4A6PP+AOnz/gDq9P4A6/T+AO31/gDv9v4A8/j+APX5/gD2+v4A9/r+APj7/gD5+/4A+vz+APv8/gD8/f4A/f3+AP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnyMjIyMHgICAgICAgICAgICAgIDhYyMjIwSAgICAgICAgIEMlVxfoiEfXJeRSYDAgICAgICAgICAgICAgICAgJmjIyMjDQCAgICAgICAgICAgICAm2MjIyMKwICAgICAgIzeIyMjIyMjIyMjIyMgU8dAgICAgICAgICAgICAgICSoyMjIxGAgICAgICAgICAgICAgJXjIyMjD4CAgICAgJMjIyMjIyMjIyMjIyMjIyMhQUCAgICAgICAgICAgICAjaMjIyMYwICAgICAgICAgICAgICPYyMjIxYAgICAgJAjIyMjIyMjIyMjIyMjIyMjIwjAgICAgICAgICAgICAgIhjIyMjHkCAgICAjtoaGIIAgICAiqMjIyMbwICAgIWg4yMjIyMXCoOAQMPJWmMjIyMOwICAgICAgICAgICAgICBYeMjIyMEAICAgJtjIyMUgICAgIQjIyMjIYEAgICQ4yMjIyMOAICAgICAgJCjIyMjFcCAgICAgICAgICAgICAgJwjIyMjCkCAgIVjIyMjIwrAgICAnqMjIyMIAICAmqMjIyMWgICAgICAgICKoyMjIxzAgICAgICAgICAgICAgICWYyMjIw9AgICOYyMjIyMdwsCAgJljIyMjDUCAgJ9jIyMjCcCAgICAgICAgyLjIyMiwoCAgICAgICAgICAgICAj+MjIyMVwICAmCMjIyMjIxWAgICSYyMjIxJAgICh4yMjIwMAgICAgJkjIyMjIyMjIwpAgICAgICAgICAgICAgIsjIyMjG4CAgaCjIyMjIyMjC8CAjWMjIyMZQICAn+MjIyMBAICAgICRoyMjIyMjIyMQgICAgICAgICAgICAgICEoyMjIyGBAIsjIyMjGiMjIx6DgIgjIyMjHsCAgJzjIyMjBMCAgICAjOMjIyMjIyMjF8CAgICAgICAgICAgICAgJ8jIyMjB8CTIyMjHYNeIyMjFsCBIeMjIyMEgICXYyMjIwnAgICAgIcjIyMjIyMjIx4AgICAgICAgICAgICAgICZoyMjIw1AnWMjIxQAi6MjIyMMQJvjIyMjCsCAjqMjIyMRwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkqMjIyMSRuMjIyMLgICVIyMjH4RWYyMjIw+AgIXiIyMjH8KAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI2jIyMjGY9jIyMggYCAgl2jIyMXj+MjIyMWAICAlmMjIyMUQICAgICAgICAgICAgICAgICAgICAgICAgICAgICIYyMjIx8Z4yMjGECAgICKIuMjIxZjIyMjG8CAgIchYyMjIw8AgICAgICAgICAgICAgICAgICAgICAgICAgICAgWHjIyMjImMjIw5AgICAgJOjIyMiYyMjIyGBAICAjyMjIyMjFMMAgICAgICAgIBMGwYAgICAgICAgICAgICAgICcIyMjIyMjIyLFAICAgICB3SMjIyMjIyMjCACAgICXYyMjIyMgUstFgYJGTFNeYyMMwICAgICAgICAgICAgICAlmMjIyMjIyMbAICAgICAgIkioyMjIyMjIw1AgICAgRdjIyMjIyMjIyMjIyMjIyMjE0CAgICAgICAgICAgICAgI/jIyMjIyMjEQCAgICAgICAkiMjIyMjIyMSQICAgICAEGFjIyMjIyMjIyMjIyMjIxrAgICAgICAgICAgICAgICLIyMjIyMjIwjAgICAgICAgIGcoyMjIyMjGUCAgICAgICGliHjIyMjIyMjIyMjIx/TAICAgICAgICAgICAgICAhKMjIyMjIx6AAICAgICAgICAiKIjIyMjIx7AgICAgICAgICDjdWa32FiIBzYEMmBAICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + { + "Name": "StartPage", + "Description": "The world's most private search engine", + "Alias": "", + "Method": "GET", + "URLTemplate": "https://www.startpage.com/sp/search?query={searchTerms}", + "IconURL": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAADb0lEQVRYhb2VXWgUVxiGv2gtWHrXBqExO2d2z5leWC80ilRKDTHunAPWhEi0gYY2mZkorYm7Z260oCiiFaQ3/RNqG/CvqAheKLSUUgpWqBdCKdbc+XMji4mhmk2MXTdvL9r4U+dsZtasH3x3877v852/IapUuzDHz6HF0/jU1/g10CgEIUq+xoMgxLAf4qIX4ksvj3c6O/FiRa8k1dyMF4IQm/0QV4MQiNkFP4+P+/rw0jOFewN4I9D4PUHwk61xrSePVVWF9+agAo2xqsMfdcnLwU8U7ufQHGhMzkL4dJe9EN3xwrdiga9xq4LZXV/jkK+xsTePZT05LPXzaPvvcBZMOj/EvQ/yWDwzgMZRo4nG0a4+vGrSduYxP9DYF4QoG/QXKoa/349M8O+1ippgb6wlJCIvh25fY8rgs6bS9LuiRJ7GT0SoiwtARORpfG5YhWNGURDifJSoR2NlknAiop5+1Psh7kdczYJR5IcYiRAMJw1/OJDGL1EDdYWGc7R9LyY/+QzlLwYxdfgkcPoscO5H/FYtwMQ9HBmfAMaKwOhfwPBt4GYBuH4ddqQAQBFP1+VqAQCcifADgAaT4HLExyXAfPXM1TSvvTNX6NiQH29bPzC2tr2/uLZ9y/i6joERAHMjJVeGrn79/Q/ncejb09i95yA2fbQHbeu3YsmKjTuTxltc9dqOwv+bOfJno6iRq2ykSKiJVCbbFDc8lWpNM0eORHlZXH5YSVtnO+oPA/mIlVEtMSZfYgt1I8rDFvJWfX3zy5UNMqqFCVU2rESZCXU8lZZvEdHj+1hncXcpE+qg7ci/I8MdBYu78f6KjLv7TSaPYOQ4E3KICfWnLdSdGb935KlY4dMTMaEGZzJN0kzI74hoTiIIW7g7bEeVZg/C/SoJABERNablcsbdC7MFYXEV+6/6JIjIvs2EGmRCFcz7rEYZd0+kuHyPOfKmESLjhlVBTJdlZe1GvibLHPkuE7LLymTVa7Z8nR7b44Xp1sXMUaOG8zBl8WzvM0HEAuXyTebIomElSpaQHTWHaOTStR113wAxmUq7rTWHSHF3AxPqQTSEHGMiu6LmECwjNzEhpwyP1O0UdxfVHoLLbRUeqks1ByAisoQ8YNiK0nMBICKyufzmqbdByHPPDYCI5jIu99lCDTNHFhl3TzQ0rH7lHy2g5RVQKFbLAAAAAElFTkSuQmCC" + } + ] + }, + "SupportMenu": { + "Title": "LibreWolf Issue Tracker", + "URL": "https://gitlab.com/librewolf-community/settings/issues" + } + } +} diff --git a/librewolf/debian/librewolf_settings/docs/Changelog.md b/librewolf/debian/librewolf_settings/docs/Changelog.md new file mode 100644 index 0000000..1b1b657 --- /dev/null +++ b/librewolf/debian/librewolf_settings/docs/Changelog.md @@ -0,0 +1,615 @@ +This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version. +Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config. + +# 6.0 + +**target commit**: + +**base librewolf version**: 98.x + +**References**: +- we are going to force history to custom mode and hide the UI for always on PB mode, a bunch of pointers are collected in [this MR](https://gitlab.com/librewolf-community/browser/source/-/merge_requests/21). +- [handlers prefs are deprecated](https://bugzilla.mozilla.org/show_bug.cgi?id=1733497). +- for OCSP see [this issue](https://gitlab.com/librewolf-community/settings/-/issues/150). + +#### Added preferences +``` +pref("privacy.history.custom", true); +pref("browser.privatebrowsing.autostart", false); +defaultPref("browser.preferences.moreFromMozilla", false); // hide about:preferences#moreFromMozilla +defaultPref("security.OCSP.require", true); // set to hard-fail +``` + +#### Removed preferences +``` +/** [SECTION] HANDLERS + * remove the default handlers for several tipe of files and services. + */ +lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.0.name", ""); +lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.mailto.1.name", ""); +lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.irc.0.name", ""); +lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); +lockPref("gecko.handlerService.schemes.ircs.0.name", ""); +``` + +#### Changed preferences +``` +defaultPref("security.OCSP.enabled", 1); +``` + +# 5.5 + +**target commit**: 0fc1ff53c99379d9d4625de65ea51287d57a0a3a + +**base librewolf version**: 97.x + +**References**: +- showing the insecure connection text is redundant as there's already the lock UI for http websites. +- `browser.places.speculativeConnect.enabled` controls speculative connections for bookmarks and will be fully effective only once we hit v98. +- we will no longer disable history but we'll clear it on close. [reasoning](https://gitlab.com/librewolf-community/settings/-/issues/135). +- [download annoyances](https://gitlab.com/librewolf-community/settings/-/issues/144). + +**Notes**: the settings have been re-organized and they should also be documented a bit better now. + +#### Removed preferences +``` +defaultPref("security.insecure_connection_text.enabled", true); // display http websites as insecure in the ui +defaultPref("places.history.enabled", true); +``` + +#### Added preferences +``` +defaultPref("browser.places.speculativeConnect.enabled", false); +defaultPref("browser.download.alwaysOpenPanel", false); // do not expand toolbar menu for every download, we already have enough interaction +``` + +#### Changed preferences +``` +pref("security.tls.version.enable-deprecated", false); // make TLS downgrades session only by enforcing it with pref() +``` + +## 5.4 + +**target commit**: + +**base librewolf version**: 96.x + +**References**: +- [serve custom uBO assets](https://gitlab.com/librewolf-community/settings/-/issues/134) + + +#### Added preferences +``` +defaultPref("librewolf.uBO.assetsBootstrapLocation", "https://gitlab.com/librewolf-community/browser/source/-/raw/main/assets/uBOAssets.json"); +``` + +#### Changed preferences +``` +defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); +``` + +## 5.3 + +**target commit**: c256656f377d3c15a8c7537c65f45dc802904df7 + +**base librewolf version**: 96.x + +**References**: +- [disable sync differently](https://gitlab.com/librewolf-community/settings/-/issues/132); +- [remove tracking query params](https://gitlab.com/librewolf-community/settings/-/issues/128); + + +#### Added preferences +``` +defaultPref("identity.fxaccounts.enabled", false); // sync and firefox account +defaultPref("privacy.query_stripping.enabled", true); +defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid vero_conv vero_id wickedid yclid"); +``` + +## 5.2 + +**target commit**: f3b4414d30953d1ea3eb64a9d75c62c242ee991b + +**base librewolf version**: 96.x + +**References**: +- [fix console issue](https://gitlab.com/librewolf-community/settings/-/issues/129) + +#### Added preferences +``` +defaultPref("devtools.selfxss.count", 0); +``` + +## 5.1 + +**target commit**: f28b218e97acec8935c0c868863a9f4b6a061a39 and 60221803c46bf5cf2cbc5d77035927f9fd249e6a + +**base librewolf version**: 96.x + +**References**: +- [fix language issue](https://gitlab.com/librewolf-community/settings/-/issues/125) + +#### Added preferences +``` +pref("intl.accept_languages", "en-US, en"); +``` + +#### Removed preferences +``` +defaultPref("intl.locale.requested", "en-US"); +defaultPref("privacy.spoof_english", 2); +defaultPref("browser.search.region", "US"); // set a default search region for all users +defaultPref("extensions.getAddons.langpacks.url", ""); // prevent users from adding lang packs, which would cause leaks +``` + +#### Changed preferences +``` +pref("javascript.use_us_english_locale", true); +``` + +## 5.0 + +**target commit**: from 8a98176400e2e44ae1138ea8bdc1991250f75b8e to b219a75b4a0d72b519ce386406f45acead940c9a + +**base librewolf version**: 96.x + +**References**: +- [extension auto-updates](https://gitlab.com/librewolf-community/settings/-/issues/116) +- [remove all the OS specific prefs](https://gitlab.com/librewolf-community/settings/-/issues/124) +- [service workers and push](https://gitlab.com/librewolf-community/settings/-/issues/115) + +#### Added preferences +``` +defaultPref("privacy.partition.serviceWorkers", true); // isolate service workers +``` + +#### Removed preferences +``` +defaultPref("extensions.update.enabled", false); // disable automatic checks for extension updates +defaultPref("extensions.update.autoUpdateDefault", false); // disable automatic installs of extension updates +defaultPref("browser.tabs.loadBookmarksInTabs", true); +defaultPref("clipboard.autocopy", false); +defaultPref("dom.popup_maximum", 4); +defaultPref("general.autoScroll", false); +defaultPref("devtools.selfxss.count", 0); // was set because of https://gitlab.com/librewolf-community/browser/linux/-/issues/80 +defaultPref("dom.push.enabled", false); // disable push notifications +defaultPref("dom.push.serverURL", ""); // default "wss://push.services.mozilla.com/" +defaultPref("dom.serviceWorkers.enabled", false); // disable service workers, must enable for push notifications +``` + +## 4.0 + +**target commit**: 9003f029f8fe087cde5bb081d51ab82340948874 + +**base librewolf version**: 95.x + +**References**: +- [review webrtc](https://gitlab.com/librewolf-community/settings/-/issues/108). +- [stop disabling geo api](https://gitlab.com/librewolf-community/settings/-/issues/102). +- [deprecate RFP dark mode](https://gitlab.com/librewolf-community/browser/common/-/issues/56). +- `offlineApps` change in 3.1 did not respect exceptions, so revert it. +- uncomment prefs to enable CRL without OCSP fallback, although they will fully work only when [this issue is closed](https://gitlab.com/librewolf-community/browser/common/-/issues/57). +- we decided to force a larger new window size by default, to improve usability for RFP users while still keeping a rounded value. see [this comment](https://gitlab.com/librewolf-community/settings/-/issues/104#note_752186737). + +#### Added preferences +``` +defaultPref("privacy.window.maxInnerWidth", 1600); +defaultPref("privacy.window.maxInnerHeight", 900); +``` + +#### Removed preferences +``` +defaultPref("media.peerconnection.enabled", false); +lockPref("privacy.override_rfp_for_color_scheme", false); +defaultPref("geo.enabled", false); +defaultPref("permissions.default.geo", 2); +defaultPref("privacy.clearOnShutdown.offlineApps", true); +defaultPref("privacy.cpd.offlineApps", true); +``` + +#### Changed preferences +``` +defaultPref("security.remote_settings.crlite_filters.enabled", true); +defaultPref("security.pki.crlite_mode", 2); +``` + +## 3.2 + +**target commit**: 19e59813ed483de7ffc8a219da96eb18a942eb01 + +**base librewolf version**: 94.x + +**References**: +- block the new firefox suggests feature in full. +- enforce a sane value for manual sanitizing. + +**Notes**: the suggest prefs might be overkill, we should try to trim to the bare minimum in the next release. + +#### Added preferences +``` +lockPref("browser.urlbar.quicksuggest.enabled", false); // disable suggest and hide its ui +lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // disable suggestions from firefox +lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); // disable sponsored suggestions +lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default +defaultPref("privacy.sanitize.timeSpan", 0); +``` +#### Changed preferences +``` +lockPref("browser.urlbar.quicksuggest.scenario", "history"); // prevent opt-in, doesn't work alone +``` + +## 3.1 + +**target commit**: 6844d4ad1c9ad8bb3ffdc29e0a607c21c0559da4 and 67e6a00b719ecd52782a724cd09a9f08fa4577c0 + +**base librewolf version**: 94.x + +**References**: +- the added prefs are all defense in depth. +- `drawInTitlebar` was causing errors for some users, the bug was reproduced. Linux users might experience a different toolbar behavior because of this change. +- the default value for scopes seems like a better choice than changing it. +- `offlineApps` can be safely cleared without using logins, in fact it was most likely cleared by other sanitazion techniques regardless. + +**Notes**: please notify users about the new website, thanks to @maltejur for helping with the migration. + +#### Added preferences +``` +defaultPref("webchannel.allowObject.urlWhitelist", ""); // remove webchannel whitelist +lockPref("toolkit.telemetry.coverage.opt-out", true); // hidden +defaultPref("privacy.cpd.offlineApps", true); // for consistency with clearOnShutdown prefs +``` + +#### Removed preferences +``` +defaultPref("extensions.autoDisableScopes", 11); // bring back to default +defaultPref("browser.tabs.drawInTitlebar", true); // bring back to default +``` + +#### Changed preferences +``` +defaultPref("privacy.clearOnShutdown.offlineApps", true); // can be cleared +defaultPref("app.support.baseURL", "https://librewolf.net/docs/faq/#"); +defaultPref("browser.search.searchEnginesURL", "https://librewolf.net/docs/faq/#how-do-i-add-a-search-engine"); +defaultPref("browser.geolocation.warning.infoURL", "https://librewolf.net/docs/faq/#how-do-i-enable-location-aware-browsing"); +defaultPref("app.feedback.baseURL", "https://librewolf.net/#questions"); +``` + +## 3.0 + +**target commit**: f0a2d5d70657cc87348282d6faaf72edff8bf304 and 4e0895a299ec99066f119d8ce1a2923fc91aa465 + +**base librewolf version**: 94.x + +**References**: +- as reported in #95 and discussed [here](https://gitlab.com/librewolf-community/browser/linux/-/issues/246) we are re-enabling TP by default, setting it to strict. +- the sponsored shortcuts in about:preferences#home were already locked, now they are properly hidden. +- enable fission as it is being [rolled out to stable](https://bugzilla.mozilla.org/show_bug.cgi?id=1732206). + +**Notes**: all the removed preferences were either related to disabling TP, or unecessary when using strict mode. as a result of this trimming the tracking protection section of the .cfg file doesn't need to exist anymore. + +#### Added preferences +``` +defaultPref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button from about:preferences#home +defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default +defaultPref("fission.autostart", true); // enable fission by default +``` + +#### Removed preferences +``` +lockPref("privacy.trackingprotection.enabled", false); +lockPref("privacy.trackingprotection.pbmode.enabled", false); +lockPref("privacy.trackingprotection.annotate_channels", false); +defaultPref("browser.safebrowsing.provider.mozilla.updateURL", ""); +defaultPref("browser.safebrowsing.provider.mozilla.gethashURL", ""); +defaultPref("privacy.trackingprotection.cryptomining.enabled", false); +defaultPref("privacy.trackingprotection.fingerprinting.enabled", false); +defaultPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +defaultPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); +``` + +#### Changed preferences +``` +pref("browser.contentblocking.category", "strict"); +``` + +## 2.0 + +**target commit**: from 6451faa167568313e5ed065fcb3ee2bb76132063 to b17a1ed657e22ac61b4399699223d36724b842e7 + +**base librewolf version**: 92.x + +**References**: +- [web content can no longer access the battery api](https://bugzilla.mozilla.org/show_bug.cgi?id=1313580). +- http alternative services are [isolated by network partitioning and FPI](https://github.com/arkenfox/user.js/blob/269cf965bd51022ca69823f8f66a8e402280d856/user.js#L1350) and they are unchanged even in tor browser. from a security standpoint, the alternate service will need to provide the certificate of the origin in order to be considered trusthworthy. +- let the user decide what to manually clear, including the timespan. +- drm prefs have been trimmed as a quality of life improvement. the end result is the same, with less hassle for users who want to access drm-protected content. +- DNT header has been proved to not work and it is used to fingerprint. +- VR access is behind a prompt and, despite being unlikely, it could be fingerprinted. with all this on the table it's just not worth and overkill. +- vibrator API is so nieche that even tor does not change it. best to trim where possible. +- `extensions.getAddons.link.url"` is showed only when no extension is installed and it's not a bad suggestion to get addons from addons.mozilla.org so we can remove it. +- `browser.safebrowsing.downloads.remote.*` are all controlled by the prefs already in the .cfg, which is the same approach taken by tor browser. +- graphite [is no longer as concerning](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite) and blocking it is likely fingerprintable. +- the pdf prefs and the bookmark backup are not really relevant to librewolf. +- as reported [here](https://bugzilla.mozilla.org/show_bug.cgi?id=1606624) the shared memory pref is no longer needed, so we can switch it back to default. +- new tab page section now includes a new design and no longer an empty page. all the unnecessary preferences have been removed and users can also customize as the most essential ones have been unlocked. +- UI bug in tracking protection section is fixed. +- a bunch of dead links are fixed. +- for screensharing see [testing provided at this link](https://github.com/arkenfox/user.js/issues/1245) +- disable new firefox suggests feature + +**Notes** +Recent changes in the category `MISC > set librewolf support and releases urls` require to create a couple header for the landing page. + +#### Removed preferences +``` +defaultPref("general.warnOnAboutConfig", false); // deprecated +defaultPref("dom.battery.enabled", false); +lockPref("network.http.altsvc.enabled", false); +lockPref("network.http.altsvc.oe", false); +lockPref("signon.storeWhenAutocompleteOff", false); // we do not suggest lockwise in the first place +defaultPref("signon.management.page.breach-alerts.enabled", false); // no harm for lockwise users +defaultPref("signon.management.page.breachAlertUrl", ""); // no harm for lockwise users +defaultPref("privacy.history.custom", true); // redundant +defaultPref("privacy.cpd.cookies", false); +defaultPref("privacy.cpd.offlineApps", false); // default +defaultPref("privacy.sanitize.timeSpan", 0); +defaultPref("media.gmp-widevinecdm.visible", false); +defaultPref("media.gmp-widevinecdm.enabled", false); +defaultPref("privacy.donottrackheader.enabled", true); +defaultPref("dom.vr.enabled", false); +defaultPref("dom.vibrator.enabled", false); +defaultPref("dom.push.connection.enabled", false); // redundant +defaultPref("dom.security.https_only_mode_pbm", true); // redundant +defaultPref("security.tls.version.fallback-limit", 3); // default is for, no need to enforce further +lockPref("extensions.webextensions.identity.redirectDomain", ""); // outdated and unchanged even in tor +defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ +defaultPref("extensions.getAddons.get.url", ""); // redundant +lockPref("extensions.getAddons.discovery.api_url", ""); // redundant +lockPref("webextensions.storage.sync.serverURL", ""); // sync not supported +lockPref("extensions.webservice.discoverURL", ""); // deprecated +defaultPref("xpinstall.signatures.devInfoURL", ""); // link to wiki page +lockPref("app.normandy.user_id", ""); // redundant +lockPref("app.normandy.shieldLearnMoreUrl", ""); // redundant +lockPref("security.mixed_content.block_active_content", true); // default +defaultPref("security.insecure_connection_text.pbmode.enabled", true); // redundant +lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false); +lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); +lockPref("gfx.font_rendering.graphite.enabled", false); // consider removing +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); +lockPref("remote.enabled", false); // removed in FF90 +lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); // redundant +defaultPref("browser.bookmarks.max_backups", 2); +defaultPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // unharmful +defaultPref("devtools.devices.url", ""); // unharmful +lockPref("media.decoder-doctor.new-issue-endpoint", ""); // redundant +lockPref("identity.sync.tokenserver.uri", ""); // redundant +defaultPref("accessibility.support.url", ""); // redundant +lockPref("browser.dictionaries.download.url", ""); // dictionaries are hidden already +lockPref("browser.uitour.themeOrigin", ""); // redundant +lockPref("toolkit.datacollection.infoURL", ""); // redundant +lockPref("identity.mobilepromo.android", ""); // redundant +lockPref("identity.mobilepromo.ios", ""); // redundant +defaultPref("identity.sendtabpromo.url", ""); // redundant +lockPref("datareporting.healthreport.infoURL", ""); // redundant +lockPref("browser.chrome.errorReporter.infoURL", ""); // redundant +lockPref("datareporting.policy.firstRunURL", ""); // redundant +lockPref("javascript.options.shared_memory", false); +lockPref("app.update.staging.enabled", false); // not relevant +lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); // redundant +lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0"); // redundant +lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); // redundant +lockPref("network.connectivity-service.DNSv6.domain", ""); // redundant +lockPref("network.connectivity-service.DNSv4.domain", ""); // redundant +lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // default +lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // default +lockPref("browser.newtabpage.activity-stream.feeds.newtabinit", false); +lockPref("browser.newtabpage.activity-stream.feeds.places", false); +lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); +lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":false}"); +lockPref("browser.newtabpage.activity-stream.asrouter.devtoolsEnableds", true); +lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); +defaultPref("dom.push.userAgentID", ""); // push notifications are already disabled +lockPref("services.settings.server", ""); // redundant with patches +lockPref("webchannel.allowObject.urlWhitelist", ""); // deprecated +defaultPref("media.getusermedia.browser.enabled", false); +defaultPref("media.getusermedia.screensharing.enabled", false); +defaultPref("media.getusermedia.audiocapture.enabled", false); +defaultPref("dom.storage.next_gen", true); // default from v92.0 +``` + +#### Added preferences +``` +defaultPref("browser.download.useDownloadDir", false); // force user interaction on downloads, by always asking location +// defaultPref("security.remote_settings.crlite_filters.enabled", true); +// defaultPref("security.pki.crlite_mode", 2); +pref("browser.urlbar.quicksuggest.scenario", ""); // disable firefox suggests and hide its UI +``` + +#### Commented preferences +``` +// pref("network.trr.mode", 2); // previously uncommented defaultPref with value 5 +// pref("network.trr.uri", "https://dns.quad9.net/dns-query"); // previously uncommented defaultPref with empty value +``` + +#### Changed preferences +previously empty, set to proper value +``` +defaultPref("network.trr.confirmationNS", "skip"); +defaultPref("browser.search.searchEnginesURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support#search"); +defaultPref("browser.geolocation.warning.infoURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support#location"); +defaultPref("app.feedback.baseURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support"); +defaultPref("app.releaseNotesURL", "https://gitlab.com/librewolf-community/browser"); +defaultPref("app.releaseNotesURL.aboutDialog", "https://gitlab.com/librewolf-community/browser"); +``` + +#### Unlocked preferences +``` +defaultPref("signon.rememberSignons", false); +defaultPref("signon.autofillForms", false); +defaultPref("signon.formlessCapture.enabled", false); +defaultPref("browser.urlbar.speculativeConnect.enabled", false); +defaultPref("browser.contentblocking.report.lockwise.enabled", false); +defaultPref("browser.contentblocking.report.monitor.enabled", false); +defaultPref("network.dns.disablePrefetch", true); +defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +defaultPref("browser.startup.blankWindow", false); +defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false); +defaultPref("extensions.systemAddon.update.enabled", false); +defaultPref("extensions.systemAddon.update.url", ""); +defaultPref("security.mixed_content.block_display_content", true); +defaultPref("security.insecure_connection_text.enabled", true); +defaultPref("gfx.font_rendering.opentype_svg.enabled", false); +defaultPref("browser.shell.shortcutFavicons", false); +defaultPref("network.gio.supported-protocols", ""); +defaultPref("network.IDN_show_punycode", true); +defaultPref("browser.shell.checkDefaultBrowser", false); +defaultPref("middlemouse.contentLoadURL", false); +defaultPref("browser.pagethumbnails.capturing_disabled", true); +defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true); +defaultPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); +defaultPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); +defaultPref("network.protocol-handler.external.ms-windows-store", false); +defaultPref("browser.newtab.preload", false); +defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); +defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); +defaultPref("browser.newtabpage.activity-stream.feeds.topsites", false); +defaultPref("browser.safebrowsing.downloads.enabled", false); +``` + +## 1.6 + +**target commit**: 192f51abe21e9aeb9b01d396079e9b8533cab7bb + +**base librewolf version**: 91.x + +**References**: +- [reasoning on webgl2](https://github.com/arkenfox/user.js/commit/41c3c0ec26ef4392169fa1d04fd5783ac03bfc8e) from arkenfox's maintainer, basically disabling webgl is enough for those who don't need it. users who want it have one less pref to change. + +#### Removed preferences +``` +defaultPref("dom.targetBlankNoOpener.enabled", true); // default since v79.0 +defaultPref("webgl.enable-webgl2", false); +lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); // default +``` + +## 1.5 + +**target commit**: 23d1bff4f4ae3456df8e50e67f657ea6288eef29 + +**base librewolf version**: 91.x + +**References**: +- [comment](https://github.com/arkenfox/user.js/commit/3bb9fc713f141d794fc4adfb38d3fcf86c9307ab#commitcomment-53916786) from arkenfox's maintainer regarding tls version pref +- [mozilla update service](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows) +- extension firewall has been revisited + +#### Removed preferences +``` +lockPref("security.dialog_enable_delay", 700); // default 1000, no need to enforce this +``` + +#### Added preferences +``` +defaultPref("app.update.background.scheduling.enabled", false); // Win specific update service +defaultPref("security.tls.version.enable-deprecated", false); // default but helps resetting the preference +// defaultPref("extensions.webextensions.base-content-security-policy.v3", "default-src 'none'; script-src 'none'; object-src 'none';"); +``` + +#### Changed preferences +``` +// defaultPref("extensions.webextensions.base-content-security-policy", "default-src 'none'; script-src 'none'; object-src 'none';"); +``` + +## 1.4 +**target commit**: 2e21db4c3018321a077d9af2ec44b29675c57adf + +**base librewolf version**: 90.x + +#### Removed preferences +``` +lockPref("security.tls.version.enable-deprecated", false); // default +``` + +## 1.3 +**target commit**: 60e75e30c6018a5c909a2f00f40831ed3f1948a6 + +**base librewolf version**: 90.x + +#### Added preferences +``` +defaultPref("network.http.windows-sso.enabled", false); +``` + +#### Removed preferences +``` +lockPref("browser.cache.offline.storage.enable", false); // pref does not exist anymore as it became default behavior +``` + +## 1.2 +**target commit**: 294724fae38ffa4ebcf6dfb0854787fb7022d1e6 + +**base librewolf version**: 89.x + +**References**: +- issue [#65](https://gitlab.com/librewolf-community/settings/-/issues/65) from settings +- issue [#22](https://gitlab.com/librewolf-community/browser/common/-/issues/22) from common + +#### Removed preferences +``` +defaultPref("dom.webaudio.enabled", false); +defaultPref("media.navigator.enabled", false); +``` + +#### Changed preferences +``` +defaultPref("app.support.baseURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support#"); +``` + +## 1.1 +**target commit**: cf0a2cc88acdbc51b138228353a0d7c9ea0db7c3 + +**base librewolf version**: 89.x + +**References**: +- issue [#54](https://gitlab.com/librewolf-community/settings/-/issues/54) from settings +- merge request [#5](https://gitlab.com/librewolf-community/browser/common/-/merge_requests/5) from common + +#### Removed preferences +``` +defaultPref("security.OCSP.require", false); // default value +defaultPref("extensions.update.url", ""); +defaultPref("extensions.update.background.url", ""); +defaultPref("extensions.getAddons.search.browseURL", ""); +``` + +#### Changed preferences +``` +defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); +``` + +#### Added preferences +``` +lockPref("privacy.override_rfp_for_color_scheme", false); +``` + + +## 1.0 +**target commit**: 2b8dc4ac6d7fb6fdf8f172d04c27912098268257 + +**base librewolf version**: 89.x + +This is the initial release from which we start tagging and versioning settings. For previous changes see +[here](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/changelog-legacy.md).
\ No newline at end of file diff --git a/librewolf/debian/librewolf_settings/docs/changelog-legacy.md b/librewolf/debian/librewolf_settings/docs/changelog-legacy.md new file mode 100755 index 0000000..d87707e --- /dev/null +++ b/librewolf/debian/librewolf_settings/docs/changelog-legacy.md @@ -0,0 +1,711 @@ +## Changelog +This is a list of all the changes in librewolf prefs, in the transition from legacy up to the release of 89.0. After this all the changes will be documented in a better [changelog](./changelod.md) that includes a list of removed and added stuff on each release. + +#### Added +Previously missing, now added +``` +defaultPref("pdfjs.enableScripting", false); +lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway +lockPref("browser.contentblocking.cfr-milestone.enabled", false); +lockPref("browser.contentblocking.database.enabled", false); +lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); +lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); +lockPref("browser.contentblocking.report.hide_vpn_banner", true); +lockPref("browser.contentblocking.report.show_mobile_app", false); +defaultPref("extensions.formautofill.creditCards.available", false); +defaultPref("extensions.formautofill.addresses.capture.enabled", false); +defaultPref("extensions.formautofill.section.enabled", false); // hide formautofill section in settings, which is useless and buggy atm +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); +lockPref("network.trr.send_empty_accept-encoding_headers", false); +lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); +lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); +lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); +lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); +lockPref("app.normandy.dev_mode", false); +lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); +defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); +defaultPref("dom.security.https_only_mode_pbm", true); +lockPref("browser.ping-centre.telemetry", false); +lockPref("browser.region.network.url", ""); +lockPref("browser.region.update.enabled", false); +defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +defaultPref("extensions.postDownloadThirdPartyPrompt", false); +defaultPref("general.warnOnAboutConfig", false); +defaultPref("network.auth.subresource-http-auth-allow", 1); +defaultPref("browser.display.use_system_colors", false); +defaultPref("browser.cache.disk.enable", false); +defaultPref("fission.autostart", true); // commented for now +``` + +#### Modified +Updated some present prefs to better one +``` +defaultPref("network.cookie.cookieBehavior", 5); // dFPI, previously set to 1 +lockPref("browser.cache.offline.storage.enable", false); // Previously browser.cache.offline.insecure.enable +lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // Previously set to 0 +lockPref("network.http.referer.XOriginPolicy", 0); // Previously set to 1 +defaultPref("privacy.clearOnShutdown.offlineApps", false); // For consistency with new cookie behavior +defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cookie behavior +lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242 +defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed +defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384); +``` + +#### Removed +Active prefs that were removed +``` +lockPref("network.cookie.same-site.enabled", true); // Deprecated +lockPref("network.cookie.leave-secure-alone", true); // Deprecated +lockPref("browser.contentblocking.reportBreakage.enabled", false); // Deprecated +lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false); // Deprecated +lockPref("browser.contentblocking.rejecttrackers.ui.enabled", false); // Deprecated +lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); // Deprecated +lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); // Deprecated +pref("signon.management.page.mobileAndroidURL", ""); // Deprecated +pref("signon.management.page.mobileAppleURL", ""); // Deprecated +lockPref("browser.urlbar.openViewOnFocus", false); // Handled through patch +lockPref("browser.urlbar.update1", false); // Handled through patch +lockPref("browser.urlbar.update1.interventions", false); // Handled through patch +lockPref("browser.urlbar.update1.searchTips", false); // Handled through patch +defaultPref("places.history.expiration.max_pages", 2147483647); // Useless +defaultPref("media.gmp-manager.url.override", "data:text/plain,"); // To easily enable DRM +defaultPref("media.gmp-manager.updateEnabled", false); // Deprecated +defaultPref("media.gmp-widevinecdm.autoupdate", false); // Deprecated +defaultPref("media.gmp-eme-adobe.enabled", false); // Deprecated +defaultPref("media.gmp-manager.certs.2.commonName", ""); // To easily enable DRM +defaultPref("media.gmp-manager.certs.1.commonName", ""); // To easily enable DRM +defaultPref("media.gmp.trial-create.enabled", false); // To easily enable DRM +lockPref("dom.indexedDB.enabled", true); // Deprecated +lockPref("dom.w3c_pointer_events.enabled", false); // Deprecated +lockPref("offline-apps.allow_by_default", false); // Deprecated +lockPref("ui.use_standins_for_native_colors", true); // Interferes with RFP +lockPref("dom.event.highrestimestamp.enabled", true); // Deprecated +lockPref("browser.urlbar.usepreloadedtopurls.enabled", false); // Deprecated +lockPref("browser.urlbar.oneOffSearches", false); // Deprecated +lockPref("dom.disable_window_open_feature.close", true); // Deprecated +lockPref("dom.disable_window_open_feature.location", true); // Deprecated +lockPref("dom.disable_window_open_feature.menubar", true); // Deprecated +lockPref("dom.disable_window_open_feature.minimizable", true); // Deprecated +lockPref("dom.disable_window_open_feature.personalbar", true); // Deprecated +lockPref("dom.disable_window_open_feature.resizable", true); // Deprecated +lockPref("dom.disable_window_open_feature.status", true); // Deprecated +lockPref("dom.disable_window_open_feature.titlebar", true); // Deprecated +lockPref("dom.disable_window_open_feature.toolbar", true); // Deprecated +lockPref("security.csp.experimentalEnabled", true); // Deprecated +lockPref("security.csp.enable_violation_events", false); // Deprecated +lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); // Duplicated in the file +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // Deprecated +lockPref("extensions.htmlaboutaddons.discover.enabled", false); // Deprecated +lockPref("browser.messaging-system.fxatoolbarbadge.enabled", false); // Deprecated +lockPref("browser.onboarding.notification.tour-ids-queue", ""); // Deprecated +lockPref("devtools.gcli.lodashSrc", ""); // Deprecated +lockPref("devtools.webide.templatesURL", ""); // Deprecated +lockPref("browser.ping-centre.production.endpoint", ""); // Deprecated +lockPref("gecko.handlerService.schemes.ircs.0.name", ""); // Duplicated in the file +lockPref("services.sync.fxa.privacyURL", ""); // Deprecated +lockPref("services.settings.default_signer", ""); // Deprecated +lockPref("app.productInfo.baseURL", ""); // Deprecated +lockPref("devtools.webide.adbAddonURL", ""); // Deprecated +lockPref("lightweightThemes.recommendedThemes", ""); // Deprecated +defaultPref("media.gmp-gmpopenh264.autoupdate", false); // Adroid FF only +lockPref("browser.newtabpage.activity-stream.prerender", false); // Deprecated +lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // Deprecated +lockPref("browser.newtabpage.activity-stream.disableSnippets", true); // Deprecated +lockPref("privacy.donottrackheader.value", 1); // Deprecated +defaultPref("privacy.userContext.longPressBehavior", 2); // Deprecated +defaultPref("browser.tabs.closeWindowWithLastTab", true); // Already default +lockPref("dom.forms.datetime", false); // Deprecated +lockPref("browser.download.hide_plugins_without_extensions", false); // Deprecated +lockPref("services.sync.clients.lastSync", "0"); // Deprecated +lockPref("services.sync.clients.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.enabled", false); // Deprecated +lockPref("services.sync.jpake.serverURL", ""); // Deprecated +lockPref("services.sync.migrated", true); // Deprecated +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.password", false); // Deprecated +lockPref("services.sync.serverURL", ""); // Deprecated +lockPref("services.sync.tabs.lastSyncLocal", "0"); // Deprecated +lockPref("services.sync.engine.bookmarks.buffer", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); // Deprecated +lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.extensions.personas.current", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); // Deprecated +lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); // Deprecated +lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); // Deprecated +lockPref("services.sync.prefs.sync.security.OCSP.require", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.max", false); // Deprecated +lockPref("services.sync.prefs.sync.security.tls.version.min", false); // Deprecated +lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); // Deprecated +lockPref("prio.publicKeyB", ""); // Deprecated +lockPref("prio.publicKeyA", ""); // Deprecated +lockPref("browser.chrome.errorReporter.publicKey", ""); // Deprecated +lockPref("security.insecure_password.ui.enabled", true); // Deprecated +defaultPref("network.dns.localDomains", "librefox.com"); // Doesn't make sense at all +lockPref("security.ssl.errorReporting.automatic", false); // Deprecated +lockPref("security.ssl.errorReporting.url", ""); // Deprecated +lockPref("security.ssl.errorReporting.enabled", false); // Deprecated +defaultPref("layout.frame_rate.precise", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.enabled", true); // Deprecated +defaultPref("layers.async-video.enabled", true); // Deprecated +defaultPref("layers.offmainthreadcomposition.async-animations", true); // Default true and not important to set +defaultPref("html5.offmainthread", true); // Default true and not important to set +defaultPref("browser.tabs.animate", false); // Deprecated +lockPref("webgl.disable-extensions", true); // Deprecated +lockPref("browser.onboarding.notification.finished", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // Deprecated +lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // Deprecated +lockPref("devtools.onboarding.telemetry.logged", false); // Deprecated +lockPref("pref.general.disable_button.default_browser", false); // Deprecated +lockPref("pref.privacy.disable_button.view_passwords", false); // Deprecated +lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // Deprecated +lockPref("browser.urlbar.searchSuggestionsChoice", false); // Deprecated +lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // Deprecated +lockPref("app.update.silent", false); // Deprecated +lockPref("app.vendorURL", ""); // Deprecated +lockPref("browser.chrome.errorReporter.submitUrl", ""); // Deprecated +lockPref("browser.chrome.errorReporter.enabled", false); // Deprecated +lockPref("browser.ping-centre.staging.endpoint", ""); // Deprecated +lockPref("devtools.devedition.promo.url", ""); // Deprecated +lockPref("devtools.gcli.imgurUploadURL", ""); // Deprecated +lockPref("devtools.gcli.jquerySrc", ""); // Deprecated +lockPref("devtools.gcli.underscoreSrc", ""); // Deprecated +lockPref("devtools.telemetry.supported_performance_marks", ""); // Deprecated +lockPref("dom.permissions.enabled", false); // Deprecated +lockPref("extensions.blocklist.url", ""); // Deprecated +lockPref("geo.wifi.uri", ""); // Deprecated +lockPref("geo.provider-country.network.scan", false); // Deprecated +lockPref("geo.provider-country.network.url", ""); // Deprecated +lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated +lockPref("lpbmode.enabled", true); // Deprecated +lockPref("mailnews.messageid_browser.url", ""); // Deprecated +lockPref("mailnews.mx_service_url", ""); // Deprecated +lockPref("network.predictor.cleaned-up", true); // Deprecated +lockPref("plugins.crash.supportUrl", ""); // Deprecated +lockPref("sync.enabled", false); // Deprecated +lockPref("sync.jpake.serverURL", ""); // Deprecated +lockPref("sync.serverURL", ""); // Deprecated +lockPref("toolkit.telemetry.hybridContent.enabled", false); // Deprecated +lockPref("toolkit.telemetry.infoURL", ""); // Deprecated +lockPref("toolkit.telemetry.prompted", 2); // Deprecated +lockPref("toolkit.telemetry.rejected", true); // Deprecated +lockPref("toolkit.telemetry.coverage.opt-out", true); // Deprecated +lockPref("browser.aboutHomeSnippets.updateUrl", ""); // Deprecated +lockPref("dom.enable_user_timing", false); // Deprecated +lockPref("geo.wifi.logging.enabled", false); // Deprecated +lockPref("browser.search.geoSpecificDefaults.url", ""); // Deprecated +lockPref("browser.search.geoSpecificDefaults", false); // Deprecated +lockPref("browser.fixup.hide_user_pass", true); // Deprecated +lockPref("privacy.storagePrincipal.enabledForTrackers", false); // redundant with dFPI +defaultPref("layout.css.visited_links_enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1632765 +defaultPref("layout.css.always-repaint-on-unvisited", false); // no benefit with RFP enabled -> https://github.com/arkenfox/user.js/issues/933 +defaultPref("layout.css.notify-of-unvisited", false); // no benefit with RFP enabled +defaultPref("dom.event.contextmenu.enabled", false); // causes breakage with no demonstrated privacy benefit +lockPref("dom.registerProtocolHandler.insecure.enabled", true); // Deprecated +defaultPref("dom.security.https_only_mode_ever_enabled", true); // Triggered by dom.security.https_only_mode = true +lockPref("dom.enable_resource_timing", false); // conflicting with RFP +lockPref("device.sensors.enabled", false); // conflicting with RFP +lockPref("dom.gamepad.enabled", false); // conflicting with RFP +lockPref("dom.netinfo.enabled", false); // conflicting with RFP +lockPref("media.video_stats.enabled", false); // conflicting with RFP +lockPref("webgl.enable-debug-renderer-info", false); // conflicting with RFP +defaultPref("extensions.getAddons.themes.browseURL", ""); // Deprecated +lockPref("extensions.getAddons.compatOverides.url", ""); // Used for tests on localhost:8888 +defaultPref("extensions.ui.experiment.hidden", false); // Deprecated +defaultPref("extensions.webextensions.tabhide.enabled", false); // Deprecated +lockPref("dom.enable_performance", false); // conflicting with RFP +lockPref("dom.enable_performance_navigation_timing", false); // conflicting with RFP +lockPref("security.mixed_content.upgrade_display_content", true); // not worth having https://github.com/arkenfox/user.js/issues/754 +lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.rsa_rc4_128_md5", false); // Deprecated +lockPref("security.ssl3.rsa_rc4_128_sha", false); // Deprecated +lockPref("security.tls.unrestricted_rc4_fallback", false); // Deprecated +lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); // Deprecated +lockPref("security.ssl3.rsa_seed_sha", false); // Deprecated +lockPref("security.ssl3.rsa_des_ede3_sha", false); // known to leak and increase fingerprint +lockPref("security.ssl3.rsa_aes_256_sha", false); // known to leak and increase fingerprint +lockPref("security.ssl3.rsa_aes_128_sha", false); // known to leak and increase fingerprint +lockPref("browser.safebrowsing.allowOverride", false); // we do not have SB enabled so we don't care if the bypass button is shown +defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this? +lockPref("services.blocklist.onecrl.collection", ""); // Deprecated +lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint +lockPref("plugin.defaultXpi.state", 1); // Deprecated +lockPref("remote.log.level", "Info"); // already default and not important in any way +lockPref("webgl.min_capability_mode", true); // small to no gain according to arkenfox and TOR, breaks websites on the other side +lockPref("lightweightThemes.update.enabled", false); // Deprecated +lockPref("lightweightThemes.persisted.headerURL", false); // Deprecated +lockPref("lightweightThemes.persisted.footerURL", false); // Deprecated +lockPref("network.protocol-handler.warn-external-default",true); // any real benefit? +lockPref("network.protocol-handler.external.javascript",false); // any real benefit? +lockPref("network.protocol-handler.external.moz-extension",false); // any real benefit? +lockPref("network.protocol-handler.external.ftp",false);// any real benefit? +lockPref("network.protocol-handler.external.file",false);// any real benefit? +lockPref("network.protocol-handler.external.about",false);// any real benefit? +lockPref("network.protocol-handler.external.chrome",false);// any real benefit? +lockPref("network.protocol-handler.external.blob",false);// any real benefit? +lockPref("network.protocol-handler.external.data",false);// any real benefit? +lockPref("network.protocol-handler.expose-all",false);// any real benefit? +lockPref("network.protocol-handler.expose.http",true);// any real benefit? +lockPref("network.protocol-handler.expose.https",true);// any real benefit? +lockPref("network.protocol-handler.expose.javascript",true);// any real benefit? +lockPref("network.protocol-handler.expose.moz-extension",true);// any real benefit? +lockPref("network.protocol-handler.expose.ftp",true);// any real benefit? +lockPref("network.protocol-handler.expose.file",true);// any real benefit? +lockPref("network.protocol-handler.expose.about",true);// any real benefit? +lockPref("network.protocol-handler.expose.chrome",true);// any real benefit? +lockPref("network.protocol-handler.expose.blob",true);// any real benefit? +lockPref("network.protocol-handler.expose.data",true);// any real benefit? +lockPref("network.protocol-handler.external.http",false);// any real benefit? +lockPref("network.protocol-handler.external.https",false);// any real benefit? +lockPref("shumway.disabled", true); // Deprecated +lockPref("plugin.state.libgnome-shell-browser-plugin", 0); // Deprecated +lockPref("plugins.click_to_play", true); // Deprecated +lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); // Deprecated +lockPref("devtools.webide.enabled", false); // Deprecated +lockPref("devtools.webide.autoinstallADBExtension", false); // Deprecated +lockPref("network.allow-experiments", false); // Deprecated +lockPref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // Deprecated +lockPref("network.netlink.route.check.IPv4", "127.0.0.1"); // Deprecated +lockPref("network.netlink.route.check.IPv6", "::1"); // Deprecated +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // Deprecated +lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // Deprecated +lockPref("security.tls.version.max", 4); // increases fingerprint +defaultPref("network.dns.blockDotOnion", true); // TOR is out of scope +lockPref("network.http.referer.hideOnionSource", true); // TOR is out of scope +lockPref("browser.onboarding.enabled", false); // Deprecated +lockPref("dom.mozTCPSocket.enabled", false); // Useless according to https://gitlab.torproject.org/legacy/trac/-/issues/27268#comment:2 +lockPref("devtools.webide.autoinstallADBHelper", false); // Deprecated +lockPref("app.update.enabled", false); // Deprecated +lockPref("browser.casting.enabled", false); // Deprecated, probably Android only +lockPref("browser.newtabpage.activity-stream.enabled", false); // Deprecated +lockPref("browser.newtabpage.directory.ping", "data:text/plain,"); // Deprecated +lockPref("browser.newtabpage.directory.source", "data:text/plain,"); // Deprecated +lockPref("browser.newtabpage.enhanced", false); // Deprecated +lockPref("browser.selfsupport.url", ""); // Deprecated +lockPref("camera.control.face_detection.enabled", false); // Deprecated +lockPref("datareporting.healthreport.about.reportUrl", "data:,"); // Deprecated +lockPref("datareporting.healthreport.service.enabled", false); // Deprecated +lockPref("devtools.webide.autoinstallFxdtAdapters", false); // Deprecated +lockPref("devtools.webide.adaptersAddonURL", ""); // Deprecated +lockPref("dom.flyweb.enabled", false); // Deprecated +lockPref("dom.push.udp.wakeupEnabled", false); // Deprecated +lockPref("dom.telephony.enabled", false); // Deprecated +lockPref("extensions.shield-recipe-client.enabled", false); // Deprecated +lockPref("loop.logDomains", false); // Deprecated +lockPref("network.websocket.enabled", false); // Deprecated +lockPref("security.xpconnect.plugin.unrestricted", false); // Deprecated +lockPref("social.directories", ""); // Deprecated +lockPref("social.remote-install.enabled", false); // Deprecated +lockPref("social.whitelist", ""); // Deprecated +lockPref("pref.privacy.disable_button.change_blocklist", true); // seems to have no effect and probably deprecated +lockPref("pref.privacy.disable_button.tracking_protection_exceptions", true); // seems to have no effect and probably deprecated +lockPref("browser.pocket.enabled", false); // Deprecated +defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", false); // already default value and not that important, can still be flipped easily +lockPref("plugin.scan.plid.all", false); // Win-only, plugins are disabled so it's redundant +lockPref("webgl.dxgl.enabled", false); // Win-only, marked as useless https://github.com/arkenfox/user.js/issues/714 +lockPref("browser.search.countryCode", "US"); // Deprecated +lockPref("experiments.activeExperiment", false); // Deprecated +lockPref("experiments.enabled", false); // Deprecated +lockPref("experiments.manifest.uri", ""); // Deprecated +lockPref("experiments.supported", false); // Deprecated +lockPref("network.jar.block-remote-files", true); // Deprecated +lockPref("network.jar.open-unsafe-types", false); // Deprecated +lockPref("plugin.state.java", 0); // Deprecated +lockPref("trailhead.firstrun.branches", "join-privacy"); // Deprecated +lockPref("services.blocklist.update_enabled", false); // Deprecated +lockPref("shield.savant.enabled", false); // Deprecated +defaultPref("gfx.direct2d.disabled", false); // Win-only, default and probably out of scope +defaultPref("layers.acceleration.disabled", false); // default and probably out of scope +lockPref("browser.taskbar.previews.enable", false); // personal pref +lockPref("browser.taskbar.lists.enabled", false); // personal pref +lockPref("browser.taskbar.lists.frequent.enabled", false); // personal pref +lockPref("browser.taskbar.lists.recent.enabled", false); // personal pref +lockPref("browser.taskbar.lists.tasks.enabled", false); // personal pref +defaultPref("webgl.force-enabled", true); // out of scope, not worth +defaultPref("layers.acceleration.force-enabled", true); // out of scope, not worth +lockPref("privacy.trackingprotection.testing.report_blocked_node", false); // default false and we have tracking protection disabled +lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); // default false and we have tracking protection disabled +lockPref("privacy.trackingprotection.lower_network_priority", false); // default +lockPref("telemetry.origin_telemetry_test_mode.enabled", false); // default false and we have tracking protection disabled +lockPref("signon.storeSignons", false); // Deprecated +lockPref("browser.urlbar.filter.javascript", true); // default +lockPref("browser.search.geoip.url", ""); // Deprecated +defaultPref("privacy.clearOnShutdown.siteSettings", false); // default +defaultPref("privacy.clearOnShutdown.cache", true); // default +defaultPref("privacy.clearOnShutdown.sessions", true); // default +defaultPref("privacy.clearOnShutdown.downloads", true); // default +defaultPref("privacy.clearOnShutdown.formdata", true); // default +defaultPref("privacy.clearOnShutdown.history", true); // default +defaultPref("privacy.cpd.siteSettings", false); // default +defaultPref("privacy.cpd.downloads", true); // default +defaultPref("privacy.cpd.cache", true); // default +defaultPref("privacy.cpd.formdata", true); // default +defaultPref("privacy.cpd.history", true); // default +defaultPref("privacy.cpd.passwords", false); // default +defaultPref("privacy.cpd.sessions", true); // default +defaultPref("extensions.formautofill.addresses.capture.enabled", false); // default +lockPref("signon.autofillForms.http", false); // default +lockPref("network.trr.send_user-agent_headers", false); // default +lockPref("network.dns.disablePrefetchFromHTTPS", true); // default +lockPref("dom.imagecapture.enabled", false); // default +lockPref("dom.reporting.crash.enabled", false); // default +defaultPref("network.proxy.autoconfig_url.include_path", false); // default +lockPref("security.tls.version.min", 3); // default +defaultPref("extensions.webextensions.background-delayed-startup", true); //default +defaultPref("xpinstall.signatures.required", true); // default +lockPref("app.normandy.dev_mode", false); // default +defaultPref("pdfjs.enableWebGL", false); // default +lockPref("browser.cache.offline.enable", false); // apparently increases fingerprinting and redundant with browser.cache.offline.storage.enable +lockPref("network.predictor.enable-prefetch", false); // default +lockPref("network.http.referer.spoofSource", false); // default +defaultPref("network.http.referer.defaultPolicy", 2); // default +defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // default +defaultPref("layout.spellcheckDefault", 2); // why? +lockPref("privacy.trackingprotection.introURL", ""); // Deprecated +defaultPref("general.appname.override", "Netscape"); // no benefit over RFP +defaultPref("general.appversion.override", "5.0 (Windows)"); // no benefit over RFP, and it doesn't spoof +defaultPref("general.platform.override", "Win32"); // no benefit over RFP, and it doesn't spoof +defaultPref("general.oscpu.override", "Windows NT 6.1"); // no benefit over RFP, and it doesn't spoof +lockPref("general.buildID.override", "20100101"); // no benefit over RFP +lockPref("browser.startup.homepage_override.buildID", "20100101"); // no benefit over RFP +defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // no benefit over RFP and without may increase FP +lockPref("security.insecure_connection_icon.enabled", true); // Default +lockPref("security.insecure_connection_icon.pbmode.enabled", true); // Default +lockPref("browser.bookmarks.restore_default_bookmarks", false); // Default +lockPref("browser.contentblocking.cfr-milestone.enabled", false); // not needed with contenblocking disabled +lockPref("app.normandy.first_run", false); // default +lockPref("browser.send_pings", false); // default +lockPref("browser.send_pings.require_same_host", true); // default +defaultPref("browser.tabs.closeTabByDblclick", true); // why? +lockPref("devtools.debugger.force-local", true); // default +lockPref("gfx.offscreencanvas.enabled", false); // default +lockPref("media.webspeech.recognition.enable", false); // default +lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // default +lockPref("remote.force-local", true); // default +lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default +lockPref("security.fileuri.strict_origin_policy", true); // default +lockPref("security.insecure_field_warning.contextual.enabled", true); // default +defaultPref("security.remote_settings.intermediates.enabled", true); // default +lockPref("xpinstall.whitelist.required", true); // default +lockPref("browser.sessionhistory.max_entries", 20); // why? +lockPref("extensions.webapi.testing", false); // hidden but default false +lockPref("canvas.capturestream.enabled", false); // any real benefit? +lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments +defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup +lockPref("webgl.disable-fail-if-major-performance-caveat", true); // default +lockPref("network.trr.send_empty_accept-encoding_headers", false); // why? + +// fxaccounts is disabled in policies +lockPref("identity.fxaccounts.enabled", false); +lockPref("identity.fxaccounts.remote.root", ""); +lockPref("identity.fxaccounts.auth.uri", ""); +lockPref("identity.fxaccounts.commands.enabled", false); +lockPref("identity.fxaccounts.remote.oauth.uri", ""); +lockPref("identity.fxaccounts.remote.profile.uri", ""); +lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); + +// all handled by lockPref("services.settings.server", "") +lockPref("services.blocklist.addons.collection", ""); +lockPref("services.blocklist.plugins.collection", ""); +lockPref("services.blocklist.gfx.collection", ""); +lockPref("services.blocklist.addons.signer", ""); +lockPref("services.blocklist.gfx.signer", ""); +lockPref("services.settings.security.onecrl.signer", ""); +lockPref("services.blocklist.pinning.signer", ""); +lockPref("services.blocklist.plugins.signer", ""); + +// useless as fxaccounts are off +lockPref("services.sync.addons.trustedSourceHostnames", ""); +lockPref("services.sync.lastversion", ""); +lockPref("services.sync.maxResyncs", 0); // 1 +lockPref("services.sync.telemetry.maxPayloadCount", 0); //500 +lockPref("services.sync.addons.ignoreUserEnabledChanges", true); //false +lockPref("services.sync.engine.addons", false); //true +lockPref("services.sync.engine.addresses", false); //false +lockPref("services.sync.engine.addresses.available", false); +lockPref("services.sync.engine.bookmarks", false); //true +lockPref("services.sync.engine.creditcards", false); //false +lockPref("services.sync.engine.creditcards.available", false); //false +lockPref("services.sync.engine.history", false); //true +lockPref("services.sync.engine.passwords", false); //true +lockPref("services.sync.engine.prefs", false); //true +lockPref("services.sync.engine.tabs", false); //true +lockPref("services.sync.log.appender.file.logOnError", false); //true +lockPref("services.sync.log.appender.file.logOnSuccess", false); //false +lockPref("services.sync.log.cryptoDebug", false); //false +lockPref("services.sync.sendVersionInfo", false); //true +lockPref("services.sync.syncedTabs.showRemoteIcons", true); //true +lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); //true +lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); //true +lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); //true +lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); //true +lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //true +lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); //true +lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); //true +lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); //true +lockPref("services.sync.prefs.sync.browser.formfill.enable", false); //true +lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); //true +lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); //true +lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false); //true +lockPref("services.sync.prefs.sync.browser.search.update", false); //true +lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false); //true +lockPref("services.sync.prefs.sync.browser.sessionstore.warnOnQuit", false); //true +lockPref("services.sync.prefs.sync.browser.startup.homepage", false); //true +lockPref("services.sync.prefs.sync.browser.startup.page", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); //true +lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.engines", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.topsites", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.resultBuckets", false); //true +lockPref("services.sync.prefs.sync.browser.urlbar.showSearchSuggestionsFirst", false); //true +lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); //true +lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); //true +lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_ever_enabled_pbm", false); //true +lockPref("services.sync.prefs.sync.dom.security.https_only_mode_pbm", false); //true +lockPref("services.sync.prefs.sync.extensions.activeThemeID", false); //true +lockPref("services.sync.prefs.sync.extensions.update.enabled", false); //true +lockPref("services.sync.prefs.sync.intl.accept_languages", false); //true +lockPref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", false); //true +lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); //true +lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); //true +lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); //true +lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); //true +lockPref("services.sync.prefs.sync.permissions.default.image", false); //true +lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); //true +lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); //true +lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); //true +lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); //true +lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); //true +lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); //true +lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.enabled", false); //true +lockPref("services.sync.prefs.sync.privacy.userContext.newTabContainerOnLeftClick.enabled", false); //true +lockPref("services.sync.prefs.sync.security.default_personal_cert", false); //true +lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); //true +lockPref("services.sync.prefs.sync.signon.rememberSignons", false); +lockPref("services.sync.prefs.sync.signon.management.page.breach-alerts.enabled", false); +lockPref("services.sync.prefs.sync.signon.generation.enabled", false); +lockPref("services.sync.prefs.sync.signon.autofillForms", false); +lockPref("services.sync.declinedEngines", ""); +lockPref("services.sync.globalScore", 0); +lockPref("services.sync.nextSync", 0); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); +lockPref("services.sync.tabs.lastSync", "0"); + +// useless as ui elements are not in the report page +lockPref("browser.contentblocking.report.cookie.url", ""); +lockPref("browser.contentblocking.report.cryptominer.url", ""); +lockPref("browser.contentblocking.report.endpoint_url", ""); +lockPref("browser.contentblocking.report.fingerprinter.url", ""); +lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); +lockPref("browser.contentblocking.report.manage_devices.url", ""); +lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); +lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); +lockPref("browser.contentblocking.report.monitor.home_page_url", ""); +lockPref("browser.contentblocking.report.monitor.preferences", ""); +lockPref("browser.contentblocking.report.monitor.url", ""); +lockPref("browser.contentblocking.report.proxy.enabled", false); +lockPref("browser.contentblocking.report.proxy_extension.url", ""); +lockPref("browser.contentblocking.report.social.url", ""); +lockPref("browser.contentblocking.report.tracker.url", ""); +lockPref("browser.contentblocking.report.vpn.url", ""); +lockPref("browser.contentblocking.report.vpn-promo.url", ""); +lockPref("browser.contentblocking.report.vpn-ios.url", ""); +lockPref("browser.contentblocking.report.vpn-android.url", ""); + +// urls that do not damage and make re-enabling TP a pain +lockPref("browser.contentblocking.reportBreakage.url", ""); +defaultPref("browser.safebrowsing.provider.mozilla.pver", ""); +defaultPref("browser.safebrowsing.provider.mozilla.lists", ""); +defaultPref("browser.safebrowsing.provider.mozilla.lists.base", ""); +defaultPref("browser.safebrowsing.provider.mozilla.lists.content", ""); +defaultPref("browser.safebrowsing.provider.mozilla.lastupdatetime", ""); +defaultPref("browser.safebrowsing.provider.mozilla.nextupdatetime", ""); +lockPref("urlclassifier.trackingTable", ""); +lockPref("browser.contentblocking.database.enabled", false); + +// all covered by previous prefs +// defaultPref("media.navigator.video.enabled", false); +// defaultPref("media.peerconnection.use_document_iceservers", false); +// defaultPref("media.peerconnection.identity.enabled", false); +// defaultPref("media.peerconnection.identity.timeout", 1); +// defaultPref("media.peerconnection.turn.disable", true); +// defaultPref("media.peerconnection.ice.tcp", false); + +lockPref("privacy.trackingprotection.socialtracking.enabled", false); // default +defaultPref("network.stricttransportsecurity.preloadlist", false); // nothing wrong with hsts +lockPref("security.ssl.disable_session_identifiers", true); // covered by isolation, large performance hit +// defaultPref("intl.regional_prefs.use_os_locales", false); // default and already commented +lockPref("extensions.screenshots.upload-disabled", true); // deprecated feature +lockPref("dom.ipc.plugins.reportCrashURL", false); // flash is gone, does nothing +lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); // flash is gone, does nothing +lockPref("plugin.state.flash", 0); // flash is gone, does nothing +defaultPref("alerts.showFavicons", false); // default +lockPref("plugin.default.state", 1); // default +lockPref("extensions.pocket.enabled", false); // pocket is already disabled +lockPref("extensions.pocket.site", ""); // pocket is already disabled +lockPref("extensions.pocket.oAuthConsumerKey", ""); // pocket is already disabled +lockPref("extensions.pocket.api", ""); // pocket is already disabled +defaultPref("accessibility.typeaheadfind", false); // default +defaultPref("reader.parse-on-load.enabled", false); // no need to have it locked, even Tor Browser re-enabled it +lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); // default +defaultPref("network.proxy.socks_version", 5); // default +defaultPref("network.proxy.autoconfig_url", ""); // default +defaultPref("extensions.formautofill.section.enabled", false); // no effect +defaultPref("network.trr.bootstrapAddress", ""); // deprecated +lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); // deprecated +lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); // deprecated +defaultPref("security.ssl.enable_ocsp_stapling", true); // default +lockPref("security.mixed_content.block_object_subrequest", true); // useless as rest of flash prefs +defaultPref("geo.provider.network.logging.enabled", false); // default +lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); // deprecated +lockPref("browser.contentblocking.report.proxy.enabled", false); // default +``` + +#### Commented +Prefs that need to be addressed and that were disabled for now +``` +// blocklist is a security feature, best left at default +// defaultPref("extensions.blocklist.enabled", false); +// defaultPref("extensions.blocklist.detailsURL", ""); +// defaultPref("extensions.blocklist.itemURL", ""); + +// commented all below as they do no harm and make enabling SB painful +// could potentially at some point +// defaultPref("browser.safebrowsing.id", ""); +// defaultPref("browser.safebrowsing.provider.google4.pver", ""); +// defaultPref("browser.safebrowsing.provider.google4.advisoryName", ""); +// defaultPref("browser.safebrowsing.provider.google4.advisoryURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.lists", ""); +// defaultPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.reportURL", ""); +// defaultPref("browser.safebrowsing.provider.google4.lastupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google4.nextupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google.advisoryName", ""); +// defaultPref("browser.safebrowsing.provider.google.advisoryURL", ""); +// defaultPref("browser.safebrowsing.provider.google.lastupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google.lists", ""); +// defaultPref("browser.safebrowsing.provider.google.nextupdatetime", ""); +// defaultPref("browser.safebrowsing.provider.google.pver", ""); +// defaultPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); +// defaultPref("browser.safebrowsing.provider.google.reportURL", ""); +// defaultPref("browser.safebrowsing.reportPhishURL", ""); +``` + +#### Unlocked +Locked prefs that were unlocked, more should be unlocked probably +``` +defaultPref("general.config.filename", "librewolf.cfg"); +defaultPref("privacy.donottrackheader.enabled", true); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("permissions.default.geo", 2); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("extensions.getAddons.themes.browseURL", "") +defaultPref("pdfjs.enableWebGL", false); +defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); +defaultPref("pdfjs.enabledCache.state", false); +defaultPref("alerts.showFavicons", false); // default: false +defaultPref("security.remote_settings.intermediates.enabled", true); +defaultPref("dom.battery.enabled", false); // Unlocked as some think it increases fingerprint, they can now disable it +defaultPref("extensions.blocklist.enabled", false); +defaultPref("extensions.blocklist.detailsURL", ""); +defaultPref("extensions.blocklist.itemURL", ""); +defaultPref("security.OCSP.enabled", 0); // someone might want to have it on for security concerns +defaultPref("security.OCSP.require", false); +defaultPref("reader.parse-on-load.enabled", false); +defaultPref("webgl.enable-webgl2", false); +defaultPref("geo.provider.network.url", ""); +defaultPref("geo.provider.network.logging.enabled", false); +defaultPref("network.http.referer.XOriginTrimmingPolicy", 2); +defaultPref("network.http.referer.XOriginPolicy", 0); +defaultPref("browser.download.manager.addToRecentDocs", false); +defaultPref("accessibility.force_disabled", 1); +defaultPref("network.manage-offline-status", false); +defaultPref("browser.helperApps.deleteTempFileOnExit", true); +defaultPref("dom.push.enabled", false); +defaultPref("dom.push.connection.enabled", false); +defaultPref("dom.push.serverURL", ""); //default "wss://push.services.mozilla.com/" +defaultPref("dom.push.userAgentID", ""); +defaultPref("dom.targetBlankNoOpener.enabled", true); +defaultPref("dom.disable_window_move_resize", true); +defaultPref("dom.disable_beforeunload", true); +defaultPref("dom.popup_maximum", 4); +defaultPref("dom.vr.enabled", false); +defaultPref("dom.vibrator.enabled", false); +defaultPref("network.stricttransportsecurity.preloadlist", false); +defaultPref("browser.ssl_override_behavior", 1); +defaultPref("security.tls.version.fallback-limit", 3); +defaultPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos +defaultPref("extensions.enabledScopes", 5); +defaultPref("extensions.autoDisableScopes", 11); +defaultPref("xpinstall.signatures.devInfoURL", ""); +defaultPref("security.cert_pinning.enforcement_level", 2); +defaultPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Default Value : https://profiler.firefox.com +defaultPref("devtools.devices.url", ""); +defaultPref("devtools.remote.adb.extensionURL", ""); // [FF64+] +defaultPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+] +defaultPref("browser.safebrowsing.blockedURIs.enabled", false); +defaultPref("browser.safebrowsing.provider.google4.gethashURL", "") +defaultPref("browser.safebrowsing.provider.google4.updateURL", ""); +defaultPref("browser.safebrowsing.provider.google.gethashURL", ""); +defaultPref("browser.safebrowsing.provider.google.updateURL", ""); +defaultPref("browser.safebrowsing.provider.mozilla.updateURL", ""); +defaultPref("browser.safebrowsing.provider.mozilla.gethashURL", ""); +defaultPref("browser.safebrowsing.reportPhishURL", ""); +defaultPref("browser.safebrowsing.malware.enabled", false); +defaultPref("browser.safebrowsing.passwords.enabled", false); +defaultPref("browser.safebrowsing.phishing.enabled", false); +defaultPref("browser.urlbar.trimURLs", false); +defaultPref("browser.search.suggest.enabled", false); +defaultPref("browser.search.region", "US"); +defaultPref("browser.urlbar.suggest.searches", false); +defaultPref("browser.search.update", false); +defaultPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); // enable UI elements of TP if you want to use it +defaultPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); // enable UI elements of TP if you want to use it +defaultPref("privacy.trackingprotection.cryptomining.enabled", false); // user can manually choose what to do once he enables UI with the above prefs +defaultPref("privacy.trackingprotection.fingerprinting.enabled", false); // user can manually choose what to do once he enables UI with the above prefs +``` diff --git a/librewolf/debian/librewolf_settings/librewolf.cfg b/librewolf/debian/librewolf_settings/librewolf.cfg new file mode 100755 index 0000000..8525c82 --- /dev/null +++ b/librewolf/debian/librewolf_settings/librewolf.cfg @@ -0,0 +1,571 @@ + +/** LIBREWOLF SETTINGS + * + * please take the time to read and understand, but also to customize the settings to find your own setup. + * the answers to the most common questions are at this link https://librewolf.net/docs/faq/ + * + * WARNING: please make sure the first line of this file is empty. this is a known bug. + */ +defaultPref("librewolf.cfg.version", "6.0"); + + +/** INDEX + * the file is organized in categories, and each one has a number of sections: + * + * PRIVACY [ISOLATION, SANITIZING, CACHE AND STORAGE, HISTORY AND SESSION RESTORE, QUERY STRIPPING] + * NETWORKING [HTTPS, IPv6, REFERERS, WEBRTC, PROXY, DNS, PREFETCHING AND SPECULATIVE CONNECTIONS, OFFLINE] + * FINGERPRINTING [RFP, WEBGL] + * SECURITY [SITE ISOLATION, CERTIFICATES, TLS/SSL, PERMISSIONS, FONTS, SAFE BROWSING, OTHERS] + * REGION [LOCATION, LANGUAGE] + * BEHAVIOR [DRM, SEARCH AND URLBAR, DOWNLOADS, AUTOPLAY, POP-UPS AND WINDOWS, MOUSE] + * EXTENSIONS [USER INSTALLED, SYSTEM, EXTENSION FIREWALL] + * BUILT-IN FEATURES [UPDATER, SYNC, LOCKWISE, CONTAINERS, DEVTOOLS, OTHERS] + * UI [BRANDING, HANDLERS, FIRST LAUNCH, NEW TAB PAGE, ABOUT, RECOMMENDED] + * TELEMETRY + * WINDOWS [UPDATES, OTHERS] + */ + + + +/** [CATEGORY] PRIVACY */ + +/** [SECTION] ISOLATION + * default to strict mode, which includes: + * 1. dFPI for both normal and private windows + * 2. strict blocking lists for trackers + * 3. shims to avoid breakage caused by blocking lists + * 4. stricter policies for xorigin referrers + * 5. dFPI specific cookie cleaning mechanism + * + * the desired category must be set with pref() otherwise it won't stick. + * the UI that allows to change mode manually is hidden. + */ +pref("browser.contentblocking.category", "strict"); +defaultPref("network.cookie.cookieBehavior", 5); // enforce dFPI +defaultPref("privacy.partition.serviceWorkers", true); // isolate service workers + +/** [SECTION] SANITIZING */ +defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, then clear +// make third party and http cookies session-only +defaultPref("network.cookie.thirdparty.sessionOnly", true); +defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true); +/** + * this way of sanitizing cookies would override the exceptions set by the users and just delete everything, + * we disable it but cookies and site data are still cleared per session unless exceptions are set. + * all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want. + */ +defaultPref("privacy.clearOnShutdown.cookies", false); +defaultPref("privacy.sanitize.sanitizeOnShutdown", true); +defaultPref("privacy.sanitize.timeSpan", 0); + +/** [SECTION] CACHE AND STORAGE */ +defaultPref("browser.cache.disk.enable", false); // disable disk cache +/** prevent media cache from being written to disk in pb, but increase max cache size to avoid playback issues */ +defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true); +defaultPref("media.memory_cache_max_size", 65536); +// disable favicons in profile folder and page thumbnail capturing +defaultPref("browser.shell.shortcutFavicons", false); +defaultPref("browser.pagethumbnails.capturing_disabled", true); +defaultPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps + +/** [SECTION] HISTORY AND SESSION RESTORE + * since we hide the UI for modes other than custom we want to reset it for + * everyone. same thing for always on PB mode. + */ +pref("privacy.history.custom", true); +pref("browser.privatebrowsing.autostart", false); +defaultPref("browser.formfill.enable", false); // disable form history +defaultPref("browser.sessionstore.privacy_level", 2); // prevent websites from storing session data like cookies and forms +defaultPref("browser.sessionstore.interval", 60000); // increase time between session saves + +/** [SECTION] QUERY STRIPPING + * enable query stripping and set the strip list. + * currently we use the same one that brave uses: + * https://github.com/brave/brave-core/blob/f337a47cf84211807035581a9f609853752a32fb/browser/net/brave_site_hacks_network_delegate_helper.cc#L29 + */ +defaultPref("privacy.query_stripping.enabled", true); +defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); +/** + * librewolf specific pref that allows to include the query stripping lists in uBO by default. + * the asset file is fetched every 7 days. + */ +defaultPref("librewolf.uBO.assetsBootstrapLocation", "https://gitlab.com/librewolf-community/browser/source/-/raw/main/assets/uBOAssets.json"); + + + +/** [CATEGORY] NETWORKING */ + +/** [SECTION] HTTPS */ +defaultPref("dom.security.https_only_mode", true); // only allow https in all windows, including private browsing +defaultPref("network.auth.subresource-http-auth-allow", 1); // block HTTP authentication credential dialogs +defaultPref("security.mixed_content.block_display_content", true); // block insecure passive content + +/** [SECTION] IPv6 + * privacy extension isn't the default for all linux distros, so we disable ipv6. + */ +defaultPref("network.dns.disableIPv6", true); + +/** [SECTION] REFERERS + * to enhance privacy but keep a certain level of usability we trim cross-origin + * referers, instead of completely avoid sending them. + * as a general rule, the behavior of referes which are not cross-origin should not + * be changed. + */ +defaultPref("network.http.referer.XOriginPolicy", 0); // default, might be worth changing to 2 to stop sending them completely +defaultPref("network.http.referer.XOriginTrimmingPolicy", 2); // trim referer to only send scheme, host and port + +/** [SECTION] WEBRTC + * there's no point in disabling webrtc as mDNS protects the private IP on linux, osx and win10+. + * with the below preference we protect the value even in trusted environments and for win7/8 users, + * although this will likely cause breakage. + */ +defaultPref("media.peerconnection.ice.no_host", true); // don't use any private IPs for ICE candidate +defaultPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used + +/** [SECTION] PROXY */ +defaultPref("network.gio.supported-protocols", ""); // disable gio as it could bypass proxy +defaultPref("network.file.disable_unc_paths", true); // hidden, disable using uniform naming convention to prevent proxy bypass +defaultPref("network.proxy.socks_remote_dns", true); // forces dns query through the proxy when using one +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy when one is used + +/** [SECTION] DNS */ +defaultPref("network.trr.confirmationNS", "skip"); // skip undesired doh test connection +defaultPref("network.dns.disablePrefetch", true); // disable dns prefetching +/** + * librewolf doesn't use DoH, but it can be enabled with the following prefs: + * pref("network.trr.mode", 2); + * pref("network.trr.uri", "https://dns.quad9.net/dns-query"); + * + * the possible modes are: + * 0 = default + * 1 = browser picks faster + * 2 = DoH with system dns fallback + * 3 = DoH without fallback + * 5 = DoH is off, default currently + */ + +/** [SECTION] PREFETCHING AND SPECULATIVE CONNECTIONS + * disable prefecthing for different things such as links, bookmarks and predictors. + */ +lockPref("network.predictor.enabled", false); +lockPref("network.prefetch-next", false); +lockPref("network.http.speculative-parallel-limit", 0); +defaultPref("browser.places.speculativeConnect.enabled", false); +// disable speculative connections and domain guessing from the urlbar +defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); +defaultPref("browser.urlbar.speculativeConnect.enabled", false); +lockPref("browser.fixup.alternate.enabled", false); + +/** [SECTION] OFFLINE + * let users set the browser as offline, without the browser trying to guess. + */ +defaultPref("network.manage-offline-status", false); + + + +/** [CATEGORY] FINGERPRINTING */ + +/** [SECTION] RFP + * librewolf should stick to RFP for fingerprinting. we should not set prefs that interfere with it + * and disabling API for no good reason will be counter productive, so it should also be avoided. + */ +defaultPref("privacy.resistFingerprinting", true); +// rfp related settings +defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // prevents rfp from breaking AMO +defaultPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing +defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP +/** + * increase the size of new RFP windows for better usability, while still using a rounded value. + * if the screen resolution is lower it will stretch to the biggest possible rounded value. + * also, expose hidden letterboxing pref but do not enable it for now. + */ +defaultPref("privacy.window.maxInnerWidth", 1600); +defaultPref("privacy.window.maxInnerHeight", 900); +defaultPref("privacy.resistFingerprinting.letterboxing", false); + +/** [SECTION] WEBGL */ +defaultPref("webgl.disabled", true); + + + +/** [CATEGORY] SECURITY */ + +/** [SECTION] SITE ISOLATION + * https://wiki.mozilla.org/Project_Fission + * this has been rolled out and is now a default on most FF releases + */ +defaultPref("fission.autostart", true); + +/** [SECTION] CERTIFICATES */ +defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs +defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates +/** + * enable safe negotiation and show warning when it is not supported. might cause breakage. + */ +defaultPref("security.ssl.require_safe_negotiation", true); +defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +/** + * our strategy with revocation is to perform all possible checks with CRL, but when a cert + * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and + * increase security. + * switching to crlite mode 3 (v99+) would allow us to detect false positive with OCSP. + */ +defaultPref("security.remote_settings.crlite_filters.enabled", true); +defaultPref("security.pki.crlite_mode", 2); // mode 2 means enforce CRL checks +defaultPref("security.OCSP.enabled", 1); // default +defaultPref("security.OCSP.require", true); // set to hard-fail + +/** [SECTION] TLS/SSL */ +lockPref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security +pref("security.tls.version.enable-deprecated", false); // make TLS downgrades session only by enforcing it with pref() +// show relevant and advanced issues on warnings and error screens +defaultPref("browser.ssl_override_behavior", 1); +defaultPref("browser.xul.error_pages.expert_bad_cert", true); + +/** [SECTION] PERMISSIONS */ +lockPref("permissions.delegation.enabled", false); // force permission request to show real origin +lockPref("permissions.manager.defaultsUrl", ""); // revoke special permissions for some mozilla domains + +/** [SECTION] FONTS */ +defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg opentype fonts + +/** [SECTION] SAFE BROWSING + * disable safe browsing, including the fetch of updates. reverting the 7 prefs below + * allows to perform local checks and to fetch updated lists from google. + */ +defaultPref("browser.safebrowsing.malware.enabled", false); +defaultPref("browser.safebrowsing.phishing.enabled", false); +defaultPref("browser.safebrowsing.blockedURIs.enabled", false); +defaultPref("browser.safebrowsing.provider.google4.gethashURL", ""); +defaultPref("browser.safebrowsing.provider.google4.updateURL", ""); +defaultPref("browser.safebrowsing.provider.google.gethashURL", ""); +defaultPref("browser.safebrowsing.provider.google.updateURL", ""); +/** + * disable safe browsing checks on downloads, both local and remote. the locked prefs + * control remote checks, while the first one is for local checks only. + */ +defaultPref("browser.safebrowsing.downloads.enabled", false); +lockPref("browser.safebrowsing.downloads.remote.enabled", false); +lockPref("browser.safebrowsing.downloads.remote.url", ""); +lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false); +// other safe browsing options, all default but enforce +lockPref("browser.safebrowsing.passwords.enabled", false); +lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); +lockPref("browser.safebrowsing.provider.google4.dataSharingURL", ""); + +/** [SECTION] OTHERS */ +lockPref("security.csp.enable", true); // enforce csp, default +defaultPref("network.IDN_show_punycode", true); // use punycode in idn to prevent spoofing +defaultPref("pdfjs.enableScripting", false); // disable js scripting in the built-in pdf reader + + + +/** [CATEGORY] REGION */ + +/** [SECTION] LOCATION + * replace google with mozilla as the default geolocation provide and prevent use of OS location services + */ +defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); +lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] +lockPref("geo.provider.use_corelocation", false); // [MAC] +lockPref("geo.provider.use_gpsd", false); // [LINUX] + +/** [SECTION] LANGUAGE + * show language as en-US for all users, regardless of their OS language and browser language. + * both prefs must use pref() and not defaultPref to work. + */ +pref("javascript.use_us_english_locale", true); +pref("intl.accept_languages", "en-US, en"); +// disable region specific updates from mozilla +lockPref("browser.region.network.url", ""); +lockPref("browser.region.update.enabled", false); + + + +/** [CATEGORY] BEHAVIOR */ + +/** [SECTION] DRM */ +defaultPref("media.eme.enabled", false); // master switch for drm content +defaultPref("media.gmp-manager.url", "data:text/plain,"); // prevent checks for plugin updates when drm is disabled +// disable the widevine and the openh264 plugins +defaultPref("media.gmp-provider.enabled", false); +defaultPref("media.gmp-gmpopenh264.enabled", false); + +/** [SECTION] SEARCH AND URLBAR + * disable search suggestion by default and do not update opensearch engines. urls should also be + * displayed in full instead of trimming them. + */ +defaultPref("browser.urlbar.suggest.searches", false); +defaultPref("browser.search.suggest.enabled", false); +defaultPref("browser.search.update", false); +defaultPref("browser.urlbar.trimURLs", false); +/** + * quicksuggest is a feature of firefox that shows sponsored suggestions. we disable it in full + * but the list could and should be trimmed at some point. the scenario controls the opt-in, while + * the second pref disables the feature and hides it from the ui. + */ +lockPref("browser.urlbar.quicksuggest.scenario", "history"); +lockPref("browser.urlbar.quicksuggest.enabled", false); +lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); +lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); +lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default + +/** [SECTION] DOWNLOADS + * user interaction should always be required for downloads, as a way to enhance security by asking + * the user to specific a certain save location. + */ +defaultPref("browser.download.useDownloadDir", false); +defaultPref("browser.download.autohideButton", false); // do not hide download button automatically +defaultPref("browser.download.manager.addToRecentDocs", false); // do not add downloads to recents +defaultPref("browser.download.alwaysOpenPanel", false); // do not expand toolbar menu for every download, we already have enough interaction + +/** [SECTION] AUTOPLAY + * block autoplay unless element is clicked, and apply the policy to all elements + * including muted ones. + */ +defaultPref("media.autoplay.blocking_policy", 2); +defaultPref("media.autoplay.default", 5); + +/** [SECTION] POP-UPS AND WINDOWS + * disable annoyin pop-ups and limit events that can trigger them. + */ +defaultPref("dom.disable_beforeunload", true); // disable "confirm you want to leave" pop-ups +defaultPref("dom.disable_open_during_load", true); // block pop-ups windows +defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +/** + * prevent scripts from resizing existing windows and opening new ones, by forcing them into + * new tabs that can't be resized as well. + */ +defaultPref("dom.disable_window_move_resize", true); +defaultPref("browser.link.open_newwindow", 3); +defaultPref("browser.link.open_newwindow.restriction", 0); + +/** [SECTION] MOUSE */ +defaultPref("middlemouse.contentLoadURL", false); // prevent mouse middle click from opening links + + + +/** [CATEGORY] EXTENSIONS */ + +/** [SECTION] USER INSTALLED + * extensions are allowed to operate on restricted domains, while their scope + * is set to profile+applications (https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/). + * an installation prompt should always be displayed. + */ +defaultPref("extensions.webextensions.restrictedDomains", ""); +defaultPref("extensions.enabledScopes", 5); // hidden +defaultPref("extensions.postDownloadThirdPartyPrompt", false); + +/** [SECTION] SYSTEM + * built-in extension are not allowed to auto-update. additionally the reporter extension + * of webcompat is disabled. urls are stripped for defense in depth. + */ +defaultPref("extensions.systemAddon.update.enabled", false); +defaultPref("extensions.systemAddon.update.url", ""); +lockPref("extensions.webcompat-reporter.enabled", false); +lockPref("extensions.webcompat-reporter.newIssueEndpoint", ""); + +/** [SECTION] EXTENSION FIREWALL + * the firewall can be enabled with the below prefs, but it is not a sane default: + * defaultPref("extensions.webextensions.base-content-security-policy", "default-src 'none'; script-src 'none'; object-src 'none';"); + * defaultPref("extensions.webextensions.base-content-security-policy.v3", "default-src 'none'; script-src 'none'; object-src 'none';"); + */ + + + +/** [CATEGORY] BUILT-IN FEATURES */ + +/** [SECTION] UPDATER + * since we do not bake auto-updates in the browser it doesn't make sense at the moment. + */ +lockPref("app.update.auto", false); + +/** [SECTION] SYNC + * this functionality is disabled by default but it can be activated in one click. + * this pref fully controls the feature, including its ui. + */ +defaultPref("identity.fxaccounts.enabled", false); + +/** [SECTION] LOCKWISE + * disable the default password manager built into the browser, including its autofill + * capabilities and formless login capture. + */ +defaultPref("signon.rememberSignons", false); +defaultPref("signon.autofillForms", false); +defaultPref("extensions.formautofill.available", "off"); +defaultPref("extensions.formautofill.addresses.enabled", false); +defaultPref("extensions.formautofill.creditCards.enabled", false); +defaultPref("extensions.formautofill.creditCards.available", false); +defaultPref("extensions.formautofill.heuristics.enabled", false); +defaultPref("signon.formlessCapture.enabled", false); + +/** [SECTION] CONTAINERS + * enable containers and show the settings to control them in the stock ui + */ +defaultPref("privacy.userContext.enabled", true); +defaultPref("privacy.userContext.ui.enabled", true); + +/** [SECTION] DEVTOOLS + * disable chrome and remote debugging. + */ +defaultPref("devtools.chrome.enabled", false); +defaultPref("devtools.debugger.remote-enabled", false); +defaultPref("devtools.remote.adb.extensionURL", ""); +defaultPref("devtools.selfxss.count", 0); // required for devtools console to work + +/** [SECTION] OTHERS */ +lockPref("browser.translation.engine", ""); // remove translation engine +defaultPref("accessibility.force_disabled", 1); // block accessibility services +defaultPref("webchannel.allowObject.urlWhitelist", ""); // do not receive objects through webchannels + + + +/** [CATEGORY] UI */ + +/** [SECTION] BRANDING + * set librewolf support and releases urls in the UI, so that users land in the proper places. + */ +defaultPref("app.support.baseURL", "https://librewolf.net/docs/faq/#"); +defaultPref("browser.search.searchEnginesURL", "https://librewolf.net/docs/faq/#how-do-i-add-a-search-engine"); +defaultPref("browser.geolocation.warning.infoURL", "https://librewolf.net/docs/faq/#how-do-i-enable-location-aware-browsing"); +defaultPref("app.feedback.baseURL", "https://librewolf.net/#questions"); +defaultPref("app.releaseNotesURL", "https://gitlab.com/librewolf-community/browser"); +defaultPref("app.releaseNotesURL.aboutDialog", "https://gitlab.com/librewolf-community/browser"); +defaultPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); +defaultPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); + +/** [SECTION] FIRST LAUNCH + * disable what's new and ui tour on first start and updates. the browser + * should also not stress user about being the default one. + */ +defaultPref("browser.startup.homepage_override.mstone", "ignore"); +defaultPref("startup.homepage_override_url", "about:blank"); +defaultPref("startup.homepage_welcome_url", "about:blank"); +defaultPref("startup.homepage_welcome_url.additional", ""); +lockPref("browser.messaging-system.whatsNewPanel.enabled", false); +lockPref("browser.uitour.enabled", false); +lockPref("browser.uitour.url", ""); +defaultPref("browser.shell.checkDefaultBrowser", false); + +/** [SECTION] NEW TAB PAGE + * we want the new tab page to display nothing but the search bar without anything distracting. + */ +defaultPref("browser.newtab.preload", false); +defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); +defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); +defaultPref("browser.newtabpage.activity-stream.feeds.topsites", false); +// hide pocket and sponsored content, from new tab page and search bar +lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); +lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); +lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); +lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}"); // hide buggy pocket section from about:preferences#home +lockPref("browser.newtabpage.activity-stream.showSponsored", false); +lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); +lockPref("browser.newtabpage.activity-stream.telemetry", false); +lockPref("browser.newtabpage.activity-stream.default.sites", ""); +lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); +lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false); +lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); // default + +/** [SECTION] ABOUT + * remove annoying ui elements from the about pages, including about:protections + */ +defaultPref("browser.contentblocking.report.lockwise.enabled", false); +defaultPref("browser.contentblocking.report.monitor.enabled", false); +lockPref("browser.contentblocking.report.hide_vpn_banner", true); +lockPref("browser.contentblocking.report.vpn.enabled", false); +lockPref("browser.contentblocking.report.show_mobile_app", false); +// ...about:addons recommendations sections and more +defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false); +defaultPref("extensions.getAddons.showPane", false); +defaultPref("extensions.getAddons.cache.enabled", false); // disable fetching of extension metadata +defaultPref("lightweightThemes.getMoreURL", ""); // disable button to get more themes +// ...about:preferences#home +defaultPref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button +// ...and about:config +defaultPref("browser.aboutConfig.showWarning", false); +// hide about:preferences#moreFromMozilla +defaultPref("browser.preferences.moreFromMozilla", false); + +/** [SECTION] RECOMMENDED + * disable all "recommend as you browse" activity. + */ +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); +lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); + + + +/** [CATEGORY] TELEMETRY + * telemetry is already disabled elsewhere and most of the stuff in here is just for redundancy. + */ +lockPref("toolkit.telemetry.unified", false); // master switch +lockPref("toolkit.telemetry.enabled", false); // master switch +lockPref("toolkit.telemetry.server", "data:,"); +lockPref("toolkit.telemetry.archive.enabled", false); +lockPref("toolkit.telemetry.newProfilePing.enabled", false); +lockPref("toolkit.telemetry.updatePing.enabled", false); +lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); +lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); +lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); // default +lockPref("toolkit.telemetry.bhrPing.enabled", false); +lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default +lockPref("toolkit.telemetry.cachedClientID", ""); +lockPref("toolkit.telemetry.previousBuildID", ""); +lockPref("toolkit.telemetry.server_owner", ""); +lockPref("toolkit.coverage.opt-out", true); // hidden +lockPref("toolkit.telemetry.coverage.opt-out", true); // hidden +lockPref("toolkit.coverage.enabled", false); +lockPref("toolkit.coverage.endpoint.base", ""); +lockPref("toolkit.crashreporter.infoURL", ""); +lockPref("datareporting.healthreport.uploadEnabled", false); +lockPref("datareporting.policy.dataSubmissionEnabled", false); +lockPref("security.protectionspopup.recordEventTelemetry", false); +lockPref("browser.ping-centre.telemetry", false); +// opt-out of normandy and studies +lockPref("app.normandy.enabled", false); +lockPref("app.normandy.api_url", ""); +lockPref("app.shield.optoutstudies.enabled", false); +// disable personalized extension recommendations +lockPref("browser.discovery.enabled", false); +lockPref("browser.discovery.containers.enabled", false); +lockPref("browser.discovery.sites", ""); +// disable crash report +lockPref("browser.tabs.crashReporting.sendReport", false); +lockPref("breakpad.reportURL", ""); +// disable connectivity checks +lockPref("network.connectivity-service.enabled", false); +// disable captive portal +lockPref("network.captive-portal-service.enabled", false); +lockPref("captivedetect.canonicalURL", ""); +// prevent sending server side analytics +lockPref("beacon.enabled", false); + +/** [CATEGORY] WINDOWS + * the prefs in this section only apply to windows installations and they don't have any + * effect on linux, macos and bsd users. + */ + +/** [SECTION] UPDATES + * disable windows specific update services. + */ +lockPref("app.update.service.enabled", false); +defaultPref("app.update.background.scheduling.enabled", false); + +/** [SECTION] OTHERS */ +lockPref("default-browser-agent.enabled", false); // disable windows specific telemetry +defaultPref("network.protocol-handler.external.ms-windows-store", false); // prevent links from launching windows store +lockPref("toolkit.winRegisterApplicationRestart", false); // disable automatic start and session restore after reboot +lockPref("security.family_safety.mode", 0); // disable win8.1 family safety cert +defaultPref("network.http.windows-sso.enabled", false); // disable MS auto authentication via sso + + + +/** [CATEGORY] OVERRIDES + * allow settings to be overriden with a file placed in the right location + * https://librewolf.net/docs/settings/#where-do-i-find-my-librewolfoverridescfg + */ +let profile_directory; +if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) { + defaultPref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`); +} |