... |
... |
@@ -23,7 +23,7 @@ pref("startup.homepage_welcome_url.additional", ""); |
23
|
23
|
pref("browser.aboutwelcome.enabled", false);
|
24
|
24
|
|
25
|
25
|
#if MOZ_UPDATE_CHANNEL == release
|
26
|
|
-// tor-browser#42640: Disable Firefox Flame buttond due to unknown interactions with New Identity
|
|
26
|
+// tor-browser#42640: Disable Firefox Flame button due to unknown interactions with New Identity
|
27
|
27
|
pref("browser.privatebrowsing.resetPBM.enabled", false, locked);
|
28
|
28
|
#endif
|
29
|
29
|
|
... |
... |
@@ -58,7 +58,7 @@ pref("media.aboutwebrtc.hist.enabled", false); |
58
|
58
|
|
59
|
59
|
// Disk Activity
|
60
|
60
|
|
61
|
|
-// Disable auto-downloaing to ~/Downloads and other download tweaks to minimize
|
|
61
|
+// Disable auto-downloading to ~/Downloads and other download tweaks to minimize
|
62
|
62
|
// disk leaks (tor-browser#42050).
|
63
|
63
|
pref("browser.download.useDownloadDir", false);
|
64
|
64
|
pref("browser.download.always_ask_before_handling_new_types", true);
|
... |
... |
@@ -97,7 +97,7 @@ pref("browser.pagethumbnails.capturing_disabled", true); |
97
|
97
|
// disk leaks, e.g., in system logs.
|
98
|
98
|
// For example, it happened that GNOME shell logged the window name that caused
|
99
|
99
|
// JS errors/unexpected conditions for unrelated issues.
|
100
|
|
-// TODO: Enable again after more UX considerations.
|
|
100
|
+// TODO: commented out for now because of UX concerns, to be reconsidered in 14.5
|
101
|
101
|
// pref("privacy.exposeContentTitleInWindow", false);
|
102
|
102
|
// pref("privacy.exposeContentTitleInWindow.pbm", false);
|
103
|
103
|
|
... |
... |
@@ -123,7 +123,7 @@ pref("dom.security.https_only_mode_pbm", true); |
123
|
123
|
// tor-browser#43197, defense in depth if ever https-only got disabled
|
124
|
124
|
pref("dom.security.https_first_add_exception_on_failiure", false);
|
125
|
125
|
|
126
|
|
-// tor-browser#22320: Hide referer when comming from a .onion address
|
|
126
|
+// tor-browser#22320: Hide referer when coming from a .onion address
|
127
|
127
|
// We enable this here (rather than in Tor Browser) in case users of other
|
128
|
128
|
// base-browser derived browsers configure it to use a system Tor daemon
|
129
|
129
|
// to visit onion services.
|
... |
... |
@@ -214,7 +214,6 @@ pref("toolkit.telemetry.bhrPing.enabled", false); |
214
|
214
|
pref("toolkit.telemetry.coverage.opt-out", true);
|
215
|
215
|
pref("toolkit.coverage.opt-out", true);
|
216
|
216
|
pref("toolkit.coverage.endpoint.base", "");
|
217
|
|
-pref("browser.ping-centre.telemetry", false);
|
218
|
217
|
pref("browser.tabs.crashReporting.sendReport", false);
|
219
|
218
|
pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
|
220
|
219
|
// Added in tor-browser#41496 even though false by default
|
... |
... |
@@ -244,7 +243,6 @@ pref("services.sync.engine.passwords", false); |
244
|
243
|
pref("services.sync.engine.prefs", false);
|
245
|
244
|
pref("services.sync.engine.tabs", false);
|
246
|
245
|
pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
|
247
|
|
-pref("browser.fixup.alternate.enabled", false); // Bug #16783: Prevent .onion fixups
|
248
|
246
|
pref("privacy.donottrackheader.enabled", false); // (mullvad-browser#17)
|
249
|
247
|
// Make sure there is no Tracking Protection active in Tor Browser, see: #17898.
|
250
|
248
|
pref("privacy.trackingprotection.enabled", false);
|
... |
... |
@@ -284,9 +282,7 @@ pref("browser.newtabpage.activity-stream.telemetry", false); |
284
|
282
|
// Notice that null is between quotes because it is a JSON string.
|
285
|
283
|
// Keep checked firefox.js to see if new entries are added.
|
286
|
284
|
pref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "null");
|
287
|
|
-pref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "null");
|
288
|
285
|
pref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", "null");
|
289
|
|
-pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "null");
|
290
|
286
|
pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", "null");
|
291
|
287
|
|
292
|
288
|
// Disable fetching asrouter.ftl and related console errors (tor-browser#40763).
|
... |
... |
@@ -312,6 +308,10 @@ pref("browser.preferences.moreFromMozilla", false); |
312
|
308
|
// Disable webcompat reporter
|
313
|
309
|
pref("extensions.webcompat-reporter.enabled", false);
|
314
|
310
|
|
|
311
|
+// Disable Content Analysis SDK (tor-browser#42364)
|
|
312
|
+pref("browser.contentanalysis.enabled", false);
|
|
313
|
+pref("browser.contentanalysis.default_result", 0);
|
|
314
|
+
|
315
|
315
|
// Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867)
|
316
|
316
|
pref("toolkit.contentRelevancy.enabled", false);
|
317
|
317
|
pref("toolkit.contentRelevancy.ingestEnabled", false);
|
... |
... |
@@ -455,12 +455,9 @@ pref("pdfjs.disabled", false, locked); |
455
|
455
|
#endif
|
456
|
456
|
// Bug 40057: Ensure system colors are not used for CSS4 colors
|
457
|
457
|
pref("browser.display.use_system_colors", false);
|
458
|
|
-// tor-browser#41676: Set the TZ environment variable as a defense-in-depth.
|
459
|
|
-// TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582.
|
460
|
|
-pref("privacy.resistFingerprinting.testing.setTZtoUTC", true);
|
461
|
458
|
|
462
|
|
-// tor-browser#41943: lock and revisit after it gets flipped to true in stable Firefox
|
463
|
|
-pref("javascript.options.spectre.disable_for_isolated_content", false, locked);
|
|
459
|
+// tor-browser#41943: defense-in-depth, but do not lock anymore (enabled in Firefox 119, http://bugzil.la/1851162)
|
|
460
|
+pref("javascript.options.spectre.disable_for_isolated_content", false);
|
464
|
461
|
|
465
|
462
|
// Third party stuff
|
466
|
463
|
pref("privacy.firstparty.isolate", true); // Always enforce first party isolation
|
... |
... |
@@ -510,27 +507,6 @@ pref("network.proxy.failover_direct", false, locked); |
510
|
507
|
// alters content load order in a page. See tor-browser#24686
|
511
|
508
|
pref("network.http.tailing.enabled", true, locked);
|
512
|
509
|
|
513
|
|
-// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked
|
514
|
|
-// to firefox defaults to minimize network performance fingerprinting.
|
515
|
|
-// See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128
|
516
|
|
-pref("network.http.http2.enabled", true, locked);
|
517
|
|
-pref("network.http.http2.enabled.deps", true, locked);
|
518
|
|
-pref("network.http.http2.enforce-tls-profile", true, locked);
|
519
|
|
-pref("network.http.http2.chunk-size", 16000, locked);
|
520
|
|
-pref("network.http.http2.timeout", 170, locked);
|
521
|
|
-pref("network.http.http2.coalesce-hostnames", true, locked);
|
522
|
|
-pref("network.http.http2.persistent-settings", false, locked);
|
523
|
|
-pref("network.http.http2.ping-threshold", 58, locked);
|
524
|
|
-pref("network.http.http2.ping-timeout", 8, locked);
|
525
|
|
-pref("network.http.http2.send-buffer-size", 0, locked);
|
526
|
|
-pref("network.http.http2.allow-push", true, locked);
|
527
|
|
-pref("network.http.http2.push-allowance", 131072, locked);
|
528
|
|
-pref("network.http.http2.pull-allowance", 12582912, locked);
|
529
|
|
-pref("network.http.http2.default-concurrent", 100, locked);
|
530
|
|
-pref("network.http.http2.default-hpack-buffer", 65536, locked);
|
531
|
|
-pref("network.http.http2.websockets", true, locked);
|
532
|
|
-pref("network.http.http2.enable-hpack-dump", false, locked);
|
533
|
|
-
|
534
|
510
|
// tor-browser#23044: Make sure we don't have any GIO supported protocols
|
535
|
511
|
// (defense in depth measure).
|
536
|
512
|
// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by
|
... |
... |
@@ -618,8 +594,8 @@ pref("extensions.htmlaboutaddons.recommendations.enabled", false); |
618
|
594
|
// Disable personalized Extension Recommendations in about:addons and
|
619
|
595
|
// addons.mozilla.org
|
620
|
596
|
pref("browser.discovery.enabled", false);
|
621
|
|
-// Bug 26114: Allow NoScript to access addons.mozilla.org etc.
|
622
|
|
-// TODO: Audit again (tor-browser#41445)
|
|
597
|
+// tor-browser#26114: Allow NoScript to work on addons.mozilla.org and other Mozilla sites.
|
|
598
|
+// Revisited and confirmed in tor-browser#41445.
|
623
|
599
|
pref("extensions.webextensions.restrictedDomains", "");
|
624
|
600
|
// Don't give Mozilla-recommended third-party extensions special privileges.
|
625
|
601
|
pref("extensions.postDownloadThirdPartyPrompt", false);
|
... |
... |
@@ -651,16 +627,16 @@ pref("browser.menu.share_url.allow", false, locked); |
651
|
627
|
|
652
|
628
|
// Disable special URL bar behaviors
|
653
|
629
|
pref("browser.urlbar.suggest.topsites", false);
|
|
630
|
+pref("browser.urlbar.quicksuggest.enabled", false);
|
|
631
|
+pref("browser.urlbar.richSuggestions.featureGate", false);
|
|
632
|
+pref("browser.urlbar.yelp.featureGate", false);
|
|
633
|
+pref("browser.urlbar.mdn.featureGate", false);
|
654
|
634
|
|
655
|
635
|
// tor-browser#41884: Do not start a search when clicking on the new tab button
|
656
|
636
|
// with the middle mouse button (to prevent searching for anything you might
|
657
|
637
|
// have selected or already in your clipboard).
|
658
|
638
|
pref("browser.tabs.searchclipboardfor.middleclick", false);
|
659
|
639
|
|
660
|
|
-// Skip checking omni.ja and other files for corruption since the result
|
661
|
|
-// is only reported via telemetry (which is disabled). See tor-browser#40048.
|
662
|
|
-pref("corroborator.enabled", false);
|
663
|
|
-
|
664
|
640
|
// tor-browser#41417: do not allow live reload until we switch to Fluent and
|
665
|
641
|
// stop using .textContent.
|
666
|
642
|
// Even after that, it might be a good idea to keep it off, as it is not handled
|
... |
... |
@@ -678,7 +654,7 @@ pref("privacy.query_stripping.strip_on_share.enabled", true); |
678
|
654
|
pref("privacy.globalprivacycontrol.enabled", true);
|
679
|
655
|
pref("privacy.globalprivacycontrol.pbmode.enabled", true);
|
680
|
656
|
|
681
|
|
-// Disable platform text recogniition functionality (tor-browser#42057)
|
|
657
|
+// Disable platform text recognition functionality (tor-browser#42057)
|
682
|
658
|
pref("dom.text-recognition.enabled", false);
|
683
|
659
|
|
684
|
660
|
// Log levels
|