From 826a2e7f8c7786acb3b5d2217f19814f314289ab Mon Sep 17 00:00:00 2001
From: "B. Stack" <bgstack15@gmail.com>
Date: Wed, 5 Jan 2022 16:21:31 -0500
Subject: add initial lw d/ contents

---
 .../debian/librewolf_settings/docs/Changelog.md    | 436 +++++++++++++++++++++
 1 file changed, 436 insertions(+)
 create mode 100644 librewolf/debian/librewolf_settings/docs/Changelog.md

(limited to 'librewolf/debian/librewolf_settings/docs/Changelog.md')

diff --git a/librewolf/debian/librewolf_settings/docs/Changelog.md b/librewolf/debian/librewolf_settings/docs/Changelog.md
new file mode 100644
index 0000000..c43dc60
--- /dev/null
+++ b/librewolf/debian/librewolf_settings/docs/Changelog.md
@@ -0,0 +1,436 @@
+This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
+Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
+
+## 4.0
+
+**target commit**: 9003f029f8fe087cde5bb081d51ab82340948874
+
+**base librewolf version**: 95.x
+
+**References**:
+- [review webrtc](https://gitlab.com/librewolf-community/settings/-/issues/108).
+- [stop disabling geo api](https://gitlab.com/librewolf-community/settings/-/issues/102).
+- [deprecate RFP dark mode](https://gitlab.com/librewolf-community/browser/common/-/issues/56).
+- `offlineApps` change in 3.1 did not respect exceptions, so revert it.
+- uncomment prefs to enable CRL without OCSP fallback, although they will fully work only when [this issue is closed](https://gitlab.com/librewolf-community/browser/common/-/issues/57).
+- we decided to force a larger new window size by default, to improve usability for RFP users while still keeping a rounded value. see [this comment](https://gitlab.com/librewolf-community/settings/-/issues/104#note_752186737).
+
+#### Added preferences
+```
+defaultPref("privacy.window.maxInnerWidth", 1600);
+defaultPref("privacy.window.maxInnerHeight", 900);
+```
+
+#### Removed preferences
+```
+defaultPref("media.peerconnection.enabled", false);
+lockPref("privacy.override_rfp_for_color_scheme", false);
+defaultPref("geo.enabled", false);
+defaultPref("permissions.default.geo", 2);
+defaultPref("privacy.clearOnShutdown.offlineApps", true);
+defaultPref("privacy.cpd.offlineApps", true);
+```
+
+#### Changed preferences
+```
+defaultPref("security.remote_settings.crlite_filters.enabled", true);
+defaultPref("security.pki.crlite_mode", 2);
+```
+
+## 3.2
+
+**target commit**: 19e59813ed483de7ffc8a219da96eb18a942eb01
+
+**base librewolf version**: 94.x
+
+**References**:
+- block the new firefox suggests feature in full.
+- enforce a sane value for manual sanitizing.
+
+**Notes**: the suggest prefs might be overkill, we should try to trim to the bare minimum in the next release.
+
+#### Added preferences
+```
+lockPref("browser.urlbar.quicksuggest.enabled", false); // disable suggest and hide its ui
+lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // disable suggestions from firefox
+lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); // disable sponsored suggestions
+lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default
+defaultPref("privacy.sanitize.timeSpan", 0);
+```
+#### Changed preferences
+```
+lockPref("browser.urlbar.quicksuggest.scenario", "history"); // prevent opt-in, doesn't work alone
+```
+
+## 3.1
+
+**target commit**: 6844d4ad1c9ad8bb3ffdc29e0a607c21c0559da4 and 67e6a00b719ecd52782a724cd09a9f08fa4577c0
+
+**base librewolf version**: 94.x
+
+**References**:
+- the added prefs are all defense in depth.
+- `drawInTitlebar` was causing errors for some users, the bug was reproduced. Linux users might experience a different toolbar behavior because of this change.
+- the default value for scopes seems like a better choice than changing it.
+- `offlineApps` can be safely cleared without using logins, in fact it was most likely cleared by other sanitazion techniques regardless.
+
+**Notes**: please notify users about the new website, thanks to @maltejur for helping with the migration.
+
+#### Added preferences
+```
+defaultPref("webchannel.allowObject.urlWhitelist", ""); // remove webchannel whitelist
+lockPref("toolkit.telemetry.coverage.opt-out", true); // hidden
+defaultPref("privacy.cpd.offlineApps", true); // for consistency with clearOnShutdown prefs
+```
+
+#### Removed preferences
+```
+defaultPref("extensions.autoDisableScopes", 11); // bring back to default
+defaultPref("browser.tabs.drawInTitlebar", true); // bring back to default
+```
+
+#### Changed preferences
+```
+defaultPref("privacy.clearOnShutdown.offlineApps", true); // can be cleared
+defaultPref("app.support.baseURL", "https://librewolf.net/docs/faq/#");
+defaultPref("browser.search.searchEnginesURL", "https://librewolf.net/docs/faq/#how-do-i-add-a-search-engine");
+defaultPref("browser.geolocation.warning.infoURL", "https://librewolf.net/docs/faq/#how-do-i-enable-location-aware-browsing");
+defaultPref("app.feedback.baseURL", "https://librewolf.net/#questions");
+```
+
+## 3.0
+
+**target commit**: f0a2d5d70657cc87348282d6faaf72edff8bf304 and 4e0895a299ec99066f119d8ce1a2923fc91aa465
+
+**base librewolf version**: 94.x
+
+**References**:
+- as reported in #95 and discussed [here](https://gitlab.com/librewolf-community/browser/linux/-/issues/246) we are re-enabling TP by default, setting it to strict.
+- the sponsored shortcuts in about:preferences#home were already locked, now they are properly hidden.
+- enable fission as it is being [rolled out to stable](https://bugzilla.mozilla.org/show_bug.cgi?id=1732206).
+
+**Notes**: all the removed preferences were either related to disabling TP, or unecessary when using strict mode. as a result of this trimming the tracking protection section of the .cfg file doesn't need to exist anymore.
+
+#### Added preferences
+```
+defaultPref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button from about:preferences#home
+defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default
+defaultPref("fission.autostart", true); // enable fission by default
+```
+
+#### Removed preferences
+```
+lockPref("privacy.trackingprotection.enabled", false);
+lockPref("privacy.trackingprotection.pbmode.enabled", false);
+lockPref("privacy.trackingprotection.annotate_channels", false);
+defaultPref("browser.safebrowsing.provider.mozilla.updateURL", "");
+defaultPref("browser.safebrowsing.provider.mozilla.gethashURL", "");
+defaultPref("privacy.trackingprotection.cryptomining.enabled", false);
+defaultPref("privacy.trackingprotection.fingerprinting.enabled", false);
+defaultPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false);
+defaultPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false);
+```
+
+#### Changed preferences
+```
+pref("browser.contentblocking.category", "strict");
+```
+
+## 2.0
+
+**target commit**: from 6451faa167568313e5ed065fcb3ee2bb76132063 to b17a1ed657e22ac61b4399699223d36724b842e7
+
+**base librewolf version**: 92.x
+
+**References**:
+- [web content can no longer access the battery api](https://bugzilla.mozilla.org/show_bug.cgi?id=1313580).
+- http alternative services are [isolated by network partitioning and FPI](https://github.com/arkenfox/user.js/blob/269cf965bd51022ca69823f8f66a8e402280d856/user.js#L1350) and they are unchanged even in tor browser. from a security standpoint, the alternate service will need to provide the certificate of the origin in order to be considered trusthworthy.
+- let the user decide what to manually clear, including the timespan.
+- drm prefs have been trimmed as a quality of life improvement. the end result is the same, with less hassle for users who want to access drm-protected content.
+- DNT header has been proved to not work and it is used to fingerprint.
+- VR access is behind a prompt and, despite being unlikely, it could be fingerprinted. with all this on the table it's just not worth and overkill.
+- vibrator API is so nieche that even tor does not change it. best to trim where possible.
+- `extensions.getAddons.link.url"` is showed only when no extension is installed and it's not a bad suggestion to get addons from addons.mozilla.org so we can remove it.
+- `browser.safebrowsing.downloads.remote.*` are all controlled by the prefs already in the .cfg, which is the same approach taken by tor browser.
+- graphite [is no longer as concerning](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite) and blocking it is likely fingerprintable.
+- the pdf prefs and the bookmark backup are not really relevant to librewolf.
+- as reported [here](https://bugzilla.mozilla.org/show_bug.cgi?id=1606624) the shared memory pref is no longer needed, so we can switch it back to default.
+- new tab page section now includes a new design and no longer an empty page. all the unnecessary preferences have been removed and users can also customize as the most essential ones have been unlocked.
+- UI bug in tracking protection section is fixed.
+- a bunch of dead links are fixed.
+- for screensharing see [testing provided at this link](https://github.com/arkenfox/user.js/issues/1245)
+- disable new firefox suggests feature
+
+**Notes**
+Recent changes in the category `MISC > set librewolf support and releases urls` require to create a couple header for the landing page.
+
+#### Removed preferences
+```
+defaultPref("general.warnOnAboutConfig", false); // deprecated
+defaultPref("dom.battery.enabled", false);
+lockPref("network.http.altsvc.enabled", false);
+lockPref("network.http.altsvc.oe", false);
+lockPref("signon.storeWhenAutocompleteOff", false); // we do not suggest lockwise in the first place
+defaultPref("signon.management.page.breach-alerts.enabled", false); // no harm for lockwise users
+defaultPref("signon.management.page.breachAlertUrl", ""); // no harm for lockwise users
+defaultPref("privacy.history.custom", true); // redundant
+defaultPref("privacy.cpd.cookies", false);
+defaultPref("privacy.cpd.offlineApps", false); // default
+defaultPref("privacy.sanitize.timeSpan", 0);
+defaultPref("media.gmp-widevinecdm.visible", false);
+defaultPref("media.gmp-widevinecdm.enabled", false);
+defaultPref("privacy.donottrackheader.enabled", true);
+defaultPref("dom.vr.enabled", false);
+defaultPref("dom.vibrator.enabled", false);
+defaultPref("dom.push.connection.enabled", false); // redundant
+defaultPref("dom.security.https_only_mode_pbm", true); // redundant
+defaultPref("security.tls.version.fallback-limit", 3); // default is for, no need to enforce further
+lockPref("extensions.webextensions.identity.redirectDomain", ""); // outdated and unchanged even in tor
+defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/
+defaultPref("extensions.getAddons.get.url", ""); // redundant
+lockPref("extensions.getAddons.discovery.api_url", ""); // redundant
+lockPref("webextensions.storage.sync.serverURL", ""); // sync not supported
+lockPref("extensions.webservice.discoverURL", ""); // deprecated
+defaultPref("xpinstall.signatures.devInfoURL", ""); // link to wiki page
+lockPref("app.normandy.user_id", ""); // redundant
+lockPref("app.normandy.shieldLearnMoreUrl", ""); // redundant
+lockPref("security.mixed_content.block_active_content", true); // default
+defaultPref("security.insecure_connection_text.pbmode.enabled", true); // redundant
+lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false);
+lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
+lockPref("gfx.font_rendering.graphite.enabled", false); // consider removing
+defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
+defaultPref("pdfjs.enabledCache.state", false);
+lockPref("remote.enabled", false); // removed in FF90
+lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); // redundant
+defaultPref("browser.bookmarks.max_backups", 2);
+defaultPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // unharmful
+defaultPref("devtools.devices.url", ""); // unharmful
+lockPref("media.decoder-doctor.new-issue-endpoint", ""); // redundant
+lockPref("identity.sync.tokenserver.uri", ""); // redundant
+defaultPref("accessibility.support.url", ""); // redundant
+lockPref("browser.dictionaries.download.url", ""); // dictionaries are hidden already
+lockPref("browser.uitour.themeOrigin", ""); // redundant
+lockPref("toolkit.datacollection.infoURL", ""); // redundant
+lockPref("identity.mobilepromo.android", ""); // redundant
+lockPref("identity.mobilepromo.ios", ""); // redundant
+defaultPref("identity.sendtabpromo.url", ""); // redundant
+lockPref("datareporting.healthreport.infoURL", ""); // redundant
+lockPref("browser.chrome.errorReporter.infoURL", ""); // redundant
+lockPref("datareporting.policy.firstRunURL", ""); // redundant
+lockPref("javascript.options.shared_memory", false);
+lockPref("app.update.staging.enabled", false); // not relevant
+lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0); // redundant
+lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0"); // redundant
+lockPref("network.connectivity-service.IPv4.url", "http://0.0.0.0"); // redundant
+lockPref("network.connectivity-service.DNSv6.domain", ""); // redundant
+lockPref("network.connectivity-service.DNSv4.domain", ""); // redundant
+lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // default
+lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // default
+lockPref("browser.newtabpage.activity-stream.feeds.newtabinit", false);
+lockPref("browser.newtabpage.activity-stream.feeds.places", false);
+lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false);
+lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false);
+lockPref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", "");
+lockPref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", "");
+lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "");
+lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "");
+lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":false}");
+lockPref("browser.newtabpage.activity-stream.asrouter.devtoolsEnableds", true);
+lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", "");
+lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false);
+lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false);
+lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", "");
+lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", "");
+defaultPref("dom.push.userAgentID", ""); // push notifications are already disabled
+lockPref("services.settings.server", ""); // redundant with patches
+lockPref("webchannel.allowObject.urlWhitelist", ""); // deprecated
+defaultPref("media.getusermedia.browser.enabled", false);
+defaultPref("media.getusermedia.screensharing.enabled", false);
+defaultPref("media.getusermedia.audiocapture.enabled", false);
+defaultPref("dom.storage.next_gen", true); // default from v92.0
+```
+
+#### Added preferences
+```
+defaultPref("browser.download.useDownloadDir", false); // force user interaction on downloads, by always asking location
+// defaultPref("security.remote_settings.crlite_filters.enabled", true);
+// defaultPref("security.pki.crlite_mode", 2);
+pref("browser.urlbar.quicksuggest.scenario", ""); // disable firefox suggests and hide its UI
+```
+
+#### Commented preferences
+```
+// pref("network.trr.mode", 2); // previously uncommented defaultPref with value 5 
+// pref("network.trr.uri", "https://dns.quad9.net/dns-query"); // previously uncommented defaultPref with empty value
+```
+
+#### Changed preferences
+previously empty, set to proper value
+```
+defaultPref("network.trr.confirmationNS", "skip");
+defaultPref("browser.search.searchEnginesURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support#search");
+defaultPref("browser.geolocation.warning.infoURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support#location");
+defaultPref("app.feedback.baseURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support");
+defaultPref("app.releaseNotesURL", "https://gitlab.com/librewolf-community/browser");
+defaultPref("app.releaseNotesURL.aboutDialog", "https://gitlab.com/librewolf-community/browser");
+```
+
+#### Unlocked preferences
+```
+defaultPref("signon.rememberSignons", false);
+defaultPref("signon.autofillForms", false);
+defaultPref("signon.formlessCapture.enabled", false);
+defaultPref("browser.urlbar.speculativeConnect.enabled", false);
+defaultPref("browser.contentblocking.report.lockwise.enabled", false);
+defaultPref("browser.contentblocking.report.monitor.enabled", false);
+defaultPref("network.dns.disablePrefetch", true);
+defaultPref("security.ssl.treat_unsafe_negotiation_as_broken",	true);
+defaultPref("browser.startup.blankWindow", false);
+defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false);
+defaultPref("extensions.systemAddon.update.enabled", false);
+defaultPref("extensions.systemAddon.update.url", "");
+defaultPref("security.mixed_content.block_display_content", true);
+defaultPref("security.insecure_connection_text.enabled", true);
+defaultPref("gfx.font_rendering.opentype_svg.enabled", false);
+defaultPref("browser.shell.shortcutFavicons", false);
+defaultPref("network.gio.supported-protocols", "");
+defaultPref("network.IDN_show_punycode", true);
+defaultPref("browser.shell.checkDefaultBrowser", false);
+defaultPref("middlemouse.contentLoadURL", false);
+defaultPref("browser.pagethumbnails.capturing_disabled", true);
+defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true);
+defaultPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser");
+defaultPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser");
+defaultPref("network.protocol-handler.external.ms-windows-store", false);
+defaultPref("browser.newtab.preload", false);
+defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
+defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
+defaultPref("browser.newtabpage.activity-stream.feeds.topsites", false);
+defaultPref("browser.safebrowsing.downloads.enabled", false);
+```
+
+## 1.6
+
+**target commit**: 192f51abe21e9aeb9b01d396079e9b8533cab7bb
+
+**base librewolf version**: 91.x
+
+**References**:
+- [reasoning on webgl2](https://github.com/arkenfox/user.js/commit/41c3c0ec26ef4392169fa1d04fd5783ac03bfc8e) from arkenfox's maintainer, basically disabling webgl is enough for those who don't need it. users who want it have one less pref to change.
+
+#### Removed preferences
+```
+defaultPref("dom.targetBlankNoOpener.enabled", true); // default since v79.0
+defaultPref("webgl.enable-webgl2", false);
+lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); // default
+```
+
+## 1.5
+
+**target commit**: 23d1bff4f4ae3456df8e50e67f657ea6288eef29
+
+**base librewolf version**: 91.x
+
+**References**:
+- [comment](https://github.com/arkenfox/user.js/commit/3bb9fc713f141d794fc4adfb38d3fcf86c9307ab#commitcomment-53916786) from arkenfox's maintainer regarding tls version pref
+- [mozilla update service](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows)
+- extension firewall has been revisited
+
+#### Removed preferences
+```
+lockPref("security.dialog_enable_delay", 700); // default 1000, no need to enforce this
+```
+
+#### Added preferences
+```
+defaultPref("app.update.background.scheduling.enabled", false); // Win specific update service
+defaultPref("security.tls.version.enable-deprecated", false); // default but helps resetting the preference
+// defaultPref("extensions.webextensions.base-content-security-policy.v3", "default-src 'none'; script-src 'none'; object-src 'none';");
+```
+
+#### Changed preferences
+```
+// defaultPref("extensions.webextensions.base-content-security-policy", "default-src 'none'; script-src 'none'; object-src 'none';");
+```
+
+## 1.4
+**target commit**: 2e21db4c3018321a077d9af2ec44b29675c57adf
+
+**base librewolf version**: 90.x
+
+#### Removed preferences
+```
+lockPref("security.tls.version.enable-deprecated", false); // default
+```
+
+## 1.3
+**target commit**: 60e75e30c6018a5c909a2f00f40831ed3f1948a6
+
+**base librewolf version**: 90.x
+
+#### Added preferences
+```
+defaultPref("network.http.windows-sso.enabled", false);
+```
+
+#### Removed preferences
+```
+lockPref("browser.cache.offline.storage.enable", false); // pref does not exist anymore as it became default behavior
+```
+
+## 1.2
+**target commit**: 294724fae38ffa4ebcf6dfb0854787fb7022d1e6
+
+**base librewolf version**: 89.x
+
+**References**:
+- issue [#65](https://gitlab.com/librewolf-community/settings/-/issues/65) from settings
+- issue [#22](https://gitlab.com/librewolf-community/browser/common/-/issues/22) from common
+
+#### Removed preferences
+```
+defaultPref("dom.webaudio.enabled", false);
+defaultPref("media.navigator.enabled", false);
+```
+
+#### Changed preferences
+```
+defaultPref("app.support.baseURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support#");
+```
+
+## 1.1
+**target commit**: cf0a2cc88acdbc51b138228353a0d7c9ea0db7c3
+
+**base librewolf version**: 89.x
+
+**References**:
+- issue [#54](https://gitlab.com/librewolf-community/settings/-/issues/54) from settings
+- merge request [#5](https://gitlab.com/librewolf-community/browser/common/-/merge_requests/5) from common
+
+#### Removed preferences
+```
+defaultPref("security.OCSP.require", false); // default value
+defaultPref("extensions.update.url", "");
+defaultPref("extensions.update.background.url", "");
+defaultPref("extensions.getAddons.search.browseURL", "");
+```
+
+#### Changed preferences
+```
+defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
+```
+
+#### Added preferences
+```
+lockPref("privacy.override_rfp_for_color_scheme", false);
+```
+
+
+## 1.0
+**target commit**: 2b8dc4ac6d7fb6fdf8f172d04c27912098268257
+
+**base librewolf version**: 89.x
+
+This is the initial release from which we start tagging and versioning settings. For previous changes see 
+[here](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/changelog-legacy.md).
\ No newline at end of file
-- 
cgit