morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser

Commits:

1 changed file:

Changes:

  • browser/app/profile/001-base-profile.js
    ... ... @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true);
    101 101
     // pref("privacy.exposeContentTitleInWindow", false);
    
    102 102
     // pref("privacy.exposeContentTitleInWindow.pbm", false);
    
    103 103
     
    
    104
    +// tor-browser#42054: Opt-out from any built-in backup system, even though
    
    105
    +// local, as it might be a violation of our standalone mode.
    
    106
    +// Users can still opt-in if they wish.
    
    107
    +pref("browser.backup.enabled", false);
    
    108
    +pref("browser.backup.scheduled.enabled", false);
    
    109
    +
    
    104 110
     // Empty clipboard content from private windows on exit (tor-browser#42154)
    
    105 111
     pref("browser.privatebrowsing.preserveClipboard", false);
    
    106 112
     
    
    ... ... @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false);
    251 257
     pref("privacy.trackingprotection.socialtracking.enabled", false);
    
    252 258
     pref("privacy.socialtracking.block_cookies.enabled", false);
    
    253 259
     pref("privacy.annotate_channels.strict_list.enabled", false);
    
    260
    +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP.
    
    261
    +// Notice that it should not apply to RFP anyway...
    
    262
    +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false);
    
    254 263
     
    
    255 264
     // Disable the Pocket extension (Bug #18886 and #31602)
    
    256 265
     pref("extensions.pocket.enabled", false);
    
    ... ... @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment
    284 293
     // Disable fetching asrouter.ftl and related console errors (tor-browser#40763).
    
    285 294
     pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false);
    
    286 295
     
    
    296
    +// tor-browser#42054: make sure search result telemetry is disabled.
    
    297
    +pref("browser.search.serpEventTelemetryCategorization.enabled", false);
    
    298
    +
    
    287 299
     // tor-browser#42872, #42555: Disable translations.
    
    288 300
     // Translation have a bad UX in 128 (and with our config). Maybe we will
    
    289 301
     // re-enable after auditing and fixing the UX.
    
    ... ... @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked);
    444 456
     #endif
    
    445 457
     // Bug 40057: Ensure system colors are not used for CSS4 colors
    
    446 458
     pref("browser.display.use_system_colors", false);
    
    447
    -// Enforce non-native widget theme (true by default, defense in depth).
    
    448
    -// Provides a uniform look and feel across platforms. Added with tor-browser#41496.
    
    449
    -pref("widget.non-native-theme.enabled", true);
    
    450 459
     // tor-browser#41676: Set the TZ environment variable as a defense-in-depth.
    
    451 460
     // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582.
    
    452 461
     pref("privacy.resistFingerprinting.testing.setTZtoUTC", true);
    
    ... ... @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked);
    524 533
     pref("network.http.http2.enable-hpack-dump", false, locked);
    
    525 534
     
    
    526 535
     // tor-browser#23044: Make sure we don't have any GIO supported protocols
    
    527
    -// (defense in depth measure)
    
    536
    +// (defense in depth measure).
    
    537
    +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by
    
    538
    +// default, but setting it to blank seems a good idea (tor-browser#42054).
    
    528 539
     pref("network.gio.supported-protocols", "");
    
    529 540
     pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
    
    530 541
     // Mullvad Browser enables WebRTC by default, meaning that there the following prefs
    
    ... ... @@ -631,9 +642,6 @@ pref("security.cert_pinning.enforcement_level", 2);
    631 642
     // Don't load OS client certs.
    
    632 643
     pref("security.osclientcerts.autoload", false);
    
    633 644
     
    
    634
    -// Don't allow MitM via Microsoft Family Safety, see bug 21686
    
    635
    -pref("security.family_safety.mode", 0);
    
    636
    -
    
    637 645
     // Don't allow MitM via enterprise roots, see bug 30681
    
    638 646
     pref("security.enterprise_roots.enabled", false);
    
    639 647