richard pushed to branch tor-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits: 8085f615 by Pier Angelo Vendrame at 2023-09-27T14:55:14+02:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
Bug 41496: Pref review for 115/13.0
- - - - - c978614e by Pier Angelo Vendrame at 2023-09-27T14:55:16+02:00 fixup! Firefox preference overrides.
Bug 41496: Pref review for 115/13.0
- - - - -
2 changed files:
- browser/app/profile/000-tor-browser.js - browser/app/profile/001-base-profile.js
Changes:
===================================== browser/app/profile/000-tor-browser.js ===================================== @@ -41,14 +41,19 @@ pref("dom.security.https_only_mode.upgrade_onion", false);
// Bug 40423/41137: Disable http/3 // We should re-enable it as soon as Tor gets UDP support -pref("network.http.http3.enabled", false); +pref("network.http.http3.enable", false);
// 0 = do not use a second connection, see all.js and #7656 pref("network.http.connection-retry-timeout", 0);
#expand pref("torbrowser.version", __BASE_BROWSER_VERSION_QUOTED__);
-// Old torbutton pref +// Tor Browser used to be compatible with non-Tor proxies. This feature is not +// available anymore, but this legacy preference can be still used to disable +// first-party domain circuit isolation. +// In general, it should not be used. This use-case is still supported only for +// sites that break with this isolation (and even in that case, its use should +// be reduced to the strictly required time). pref("extensions.torbutton.use_nontor_proxy", false);
// Browser home page: @@ -61,8 +66,6 @@ pref("browser.download.showTorWarning", true); pref("extensions.torbutton.pref_fixup_version", 0);
// Formerly tor-launcher defaults -// When presenting the setup wizard, first prompt for locale. -pref("intl.locale.matchOS", true);
pref("extensions.torlauncher.start_tor", true); pref("extensions.torlauncher.prompt_at_startup", true); @@ -112,7 +115,7 @@ pref("extensions.torlauncher.bridgedb_reflector", "https://moat.torproject.org.g pref("extensions.torlauncher.moat_service", "https://bridges.torproject.org/moat"); pref("extensions.torlauncher.bridgedb_bridge_type", "obfs4");
-// Recommended default bridge type (can be set per localized bundle). +// Recommended default bridge type. // pref("extensions.torlauncher.default_bridge_recommended_type", "obfs3");
// Default bridges.
===================================== browser/app/profile/001-base-profile.js ===================================== @@ -40,6 +40,8 @@ pref("app.update.promptWaitTime", 3600); pref("app.update.staging.enabled", false); #endif
+pref("browser.startup.homepage_override.buildID", "20100101"); + // Disable the "Refresh" prompt that is displayed for stale profiles. pref("browser.disableResetPrompt", true);
@@ -47,7 +49,6 @@ pref("browser.disableResetPrompt", true); pref("browser.privatebrowsing.autostart", true); pref("browser.cache.disk.enable", false); pref("permissions.memory_only", true); -pref("network.cookie.lifetimePolicy", 2); pref("security.nocertdb", true); pref("media.aboutwebrtc.hist.enabled", false);
@@ -66,7 +67,10 @@ pref("browser.download.enable_spam_prevention", true); // Misc privacy: Disk pref("signon.rememberSignons", false); pref("browser.formfill.enable", false); +pref("signon.formlessCapture.enabled", false); // Added with tor-browser#41496 pref("signon.autofillForms", false); +// Do not store extra data (form, scrollbar positions, cookies, POST data) for +// the session restore functionality. pref("browser.sessionstore.privacy_level", 2); // Use the in-memory media cache and increase its maximum size (#29120) pref("browser.privatebrowsing.forceMediaMemoryCache", true); @@ -80,6 +84,8 @@ pref("browser.pagethumbnails.capturing_disabled", true);
// Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); +// The previous pref automatically sets this to true (see StaticPrefList.yaml), +// but set it anyway only as a defense-in-depth. pref("dom.security.https_only_mode_pbm", true);
// tor-browser#22320: Hide referer when comming from a .onion address @@ -118,7 +124,8 @@ pref("security.tls.version.enable-deprecated", false, locked); // Misc privacy: Remote pref("browser.send_pings", false); // Space separated list of URLs that are allowed to send objects (instead of -// only strings) through webchannels. +// only strings) through webchannels. The default for Firefox is some Mozilla +// domains. pref("webchannel.allowObject.urlWhitelist", ""); pref("geo.enabled", false); pref("geo.provider.network.url", ""); @@ -127,6 +134,7 @@ pref("geo.provider.use_corelocation", false); pref("geo.provider.use_gpsd", false); pref("geo.provider.use_geoclue", false); pref("browser.search.suggest.enabled", false); +pref("browser.search.suggest.enabled.private", false); pref("browser.urlbar.suggest.searches", false); pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); pref("browser.urlbar.suggest.quicksuggest.sponsored", false); @@ -143,7 +151,6 @@ pref("browser.safebrowsing.provider.google4.updateURL", ""); pref("browser.safebrowsing.provider.google4.gethashURL", ""); pref("browser.safebrowsing.provider.mozilla.updateURL", ""); pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); -pref("extensions.ui.lastCategory", "addons://list/extension"); pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); // Make sure Unified Telemetry is really disabled, see: #18738. @@ -152,6 +159,9 @@ pref("toolkit.telemetry.unified", false); pref("toolkit.telemetry.enabled", false, locked); pref("toolkit.telemetry.server", "data:,"); pref("toolkit.telemetry.archive.enabled", false); +pref("toolkit.telemetry.newProfilePing.enabled", false); // Added in tor-browser#41496 +pref("toolkit.telemetry.shutdownPingSender.enabled", false); // Added in tor-browser#41496 +pref("toolkit.telemetry.firstShutdownPing.enabled", false); // Added in tor-browser#41496 pref("toolkit.telemetry.updatePing.enabled", false); // Make sure updater telemetry is disabled; see #25909. pref("toolkit.telemetry.bhrPing.enabled", false); pref("toolkit.telemetry.coverage.opt-out", true); @@ -160,6 +170,11 @@ pref("toolkit.coverage.endpoint.base", ""); pref("browser.ping-centre.telemetry", false); pref("browser.tabs.crashReporting.sendReport", false); pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); +// Added in tor-browser#41496 even though false by default +pref("browser.crashReports.unsubmittedCheck.enabled", false); +// Added in tor-browser#41496 even though it shuld be already always disabled +// since we disable MOZ_CRASHREPORTER. +pref("breakpad.reportURL", "data:"); #ifdef XP_WIN // Defense-in-depth: ensure that the Windows default browser agent will // not ping Mozilla if it is somehow present (we omit it at build time). @@ -177,10 +192,8 @@ pref("services.sync.engine.passwords", false); pref("services.sync.engine.prefs", false); pref("services.sync.engine.tabs", false); pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -pref("browser.search.region", "US"); // The next two prefs disable GeoIP search lookups (#16254) -pref("browser.search.geoip.url", ""); pref("browser.fixup.alternate.enabled", false); // Bug #16783: Prevent .onion fixups -pref("privacy.donottrackheader.enabled", false); // (privacy-browser#17) +pref("privacy.donottrackheader.enabled", false); // (mullvad-browser#17) // Make sure there is no Tracking Protection active in Tor Browser, see: #17898. pref("privacy.trackingprotection.enabled", false); pref("privacy.trackingprotection.pbmode.enabled", false); @@ -200,15 +213,10 @@ pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); pref("browser.newtabpage.activity-stream.showSponsored", false); pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); pref("browser.newtabpage.activity-stream.default.sites", ""); +// Activity Stream telemetry pref("browser.newtabpage.activity-stream.feeds.telemetry", false); pref("browser.newtabpage.activity-stream.telemetry", false);
-// tor-browser#41945 - disable automatic cookie banners dismissal until -// we're sure it does not causes fingerprinting risks or other issues. -pref("cookiebanners.service.mode", 0); -pref("cookiebanners.service.mode.privateBrowsing", 0); -pref("cookiebanners.ui.desktop.enabled", false); - // tor-browser#40788: disable AS's calls to home. // Notice that null is between quotes because it is a JSON string. // Keep checked firefox.js to see if new entries are added. @@ -221,6 +229,12 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false);
+// tor-browser#41945 - disable automatic cookie banners dismissal until +// we're sure it does not causes fingerprinting risks or other issues. +pref("cookiebanners.service.mode", 0); +pref("cookiebanners.service.mode.privateBrowsing", 0); +pref("cookiebanners.ui.desktop.enabled", false); + // Disable moreFromMozilla pane in the preferences/settings (tor-browser#41292). pref("browser.preferences.moreFromMozilla", false);
@@ -228,14 +242,16 @@ pref("browser.preferences.moreFromMozilla", false); pref("extensions.screenshots.disabled", true); pref("extensions.webcompat-reporter.enabled", false);
+pref("browser.search.region", "US"); // Disable GeoIP search lookups (#16254) // Disable use of WiFi location information pref("browser.region.network.scan", false); pref("browser.region.network.url", ""); pref("browser.region.local-geocoding", false); -// Bug 40083: Make sure Region.jsm fetching is disabled +// Bug 40083: Make sure Region.sys.mjs fetching is disabled pref("browser.region.update.enabled", false);
-// Don't load Mozilla domains in a separate tab process +// Don't load Mozilla domains in a separate privileged tab process +pref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false); pref("browser.tabs.remote.separatedMozillaDomains", "");
// Avoid DNS lookups on search terms @@ -270,12 +286,23 @@ pref("security.pki.crlite_mode", 0); // Disable website password breach alerts pref("signon.management.page.breach-alerts.enabled", false);
-// Disable remote "password recipes" +// Disable remote "password recipes". They are a way to improve the UX of the +// password manager by havinc specific heuristics for some sites. +// It needs remote settings and in general we disable the password manager. +// More information about this feature at +// https://bugzilla.mozilla.org/show_bug.cgi?id=1119454 pref("signon.recipes.remoteRecipes.enabled", false);
-// Disable ServiceWorkers and push notifications by default +// Disable ServiceWorkers by default. They do not work in PBM in any case. +// See https://bugzilla.mozilla.org/show_bug.cgi?id=1320796 pref("dom.serviceWorkers.enabled", false); +// Push notifications use an online Mozilla service and a persistent ID stored +// in dom.push.userAgentID, so disable them by default. +// See also https://support.mozilla.org/kb/push-notifications-firefox pref("dom.push.enabled", false); +// As a defense in depth measure, also set the push server URL to empty. +// See tor-browser#18801. +pref("dom.push.serverURL", "");
// Fingerprinting // tor-browser#41797: For release builds, lock RFP @@ -292,7 +319,6 @@ pref("privacy.resistFingerprinting", true); pref("webgl.disable-fail-if-major-performance-caveat", true); // tor-browser#16404: disable until we investigate it further (#22333) pref("webgl.enable-webgl2", false); -pref("browser.startup.homepage_override.buildID", "20100101"); pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups) // Prevent scripts from moving and resizing open windows pref("dom.disable_window_move_resize", true); @@ -307,7 +333,9 @@ pref("dom.webmidi.enabled", false); // Bug 41398: Disable Web MIDI API // randomized IDs when this pref is true). // Defense-in-depth (already the default value) from Firefox 119 or 120. pref("media.devices.enumerate.legacy.enabled", false); -pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API +// Bug 10286: Always disable Touch API. +// We might need to deepen this topic, see tor-browser#42069. +pref("dom.w3c_touch_events.enabled", 0); pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now // Disable SAB, no matter if the sites are cross-origin isolated. @@ -350,6 +378,7 @@ pref("javascript.options.spectre.disable_for_isolated_content", false, locked); pref("privacy.firstparty.isolate", true); // Always enforce first party isolation // tor-browser#40123 and #40308: Disable for now until audit pref("privacy.partition.network_state", false); +// Only accept cookies from the originating site (block third party cookies) pref("network.cookie.cookieBehavior", 1); pref("network.cookie.cookieBehavior.pbmode", 1); pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633 @@ -365,7 +394,9 @@ pref("privacy.purge_trackers.enabled", false); // Do not allow cross-origin sub-resources to open HTTP authentication // credentials dialogs. Hardens against potential credentials phishing. pref("network.auth.subresource-http-auth-allow", 1); -// Disable sending additional analytics to web servers +// Disable sending additional analytics to web servers. +// This disables navigator.sendBeacon, even though this is discouraged by the +// standard: https://w3c.github.io/beacon/#privacy-and-security pref("beacon.enabled", false);
pref("network.dns.disablePrefetch", true); @@ -379,13 +410,19 @@ pref("network.protocol-handler.warn-external.mailto", true); pref("network.protocol-handler.warn-external.news", true); pref("network.protocol-handler.warn-external.nntp", true); pref("network.protocol-handler.warn-external.snews", true); +#ifdef XP_WIN + pref("network.protocol-handler.external.ms-windows-store", false); + pref("network.protocol-handler.warn-external.ms-windows-store", true); +#endif pref("network.proxy.allow_bypass", false, locked); // #40682 // Lock to 'true', which is already the firefox default, to prevent users // from making themselves fingerprintable by disabling. This pref // alters content load order in a page. See tor-browser#24686 pref("network.http.tailing.enabled", true, locked);
-// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked to firefox defaults to minimize network performance fingerprinting. See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128 +// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked +// to firefox defaults to minimize network performance fingerprinting. +// See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128 pref("network.http.http2.enabled", true, locked); pref("network.http.http2.enabled.deps", true, locked); pref("network.http.http2.enforce-tls-profile", true, locked); @@ -395,13 +432,13 @@ pref("network.http.http2.coalesce-hostnames", true, locked); pref("network.http.http2.persistent-settings", false, locked); pref("network.http.http2.ping-threshold", 58, locked); pref("network.http.http2.ping-timeout", 8, locked); -pref("network.http.http2.send-buffer-size", 131072, locked); +pref("network.http.http2.send-buffer-size", 0, locked); pref("network.http.http2.allow-push", true, locked); pref("network.http.http2.push-allowance", 131072, locked); pref("network.http.http2.pull-allowance", 12582912, locked); pref("network.http.http2.default-concurrent", 100, locked); pref("network.http.http2.default-hpack-buffer", 65536, locked); -pref("network.http.http2.websockets", false, locked); +pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked);
// tor-browser#23044: Make sure we don't have any GIO supported protocols @@ -467,10 +504,6 @@ pref("network.manage-offline-status", false); pref("network.captive-portal-service.enabled", false); pref("network.connectivity-service.enabled", false); pref("captivedetect.canonicalURL", ""); -// As a "defense in depth" measure, configure an empty push server URL (the -// DOM Push features are disabled by default via other prefs). -// See tor-browser#18801. -pref("dom.push.serverURL", "");
#ifdef XP_WIN // tor-browser#41683: Disable the network process on Windows @@ -482,9 +515,7 @@ pref("network.process.enabled", false);
// Extension support pref("extensions.autoDisableScopes", 0); -pref("extensions.databaseSchema", 3); pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 | AddonManager.SCOPE_APPLICATION=4 -pref("extensions.pendingOperations", false); // We don't know what extensions Mozilla is advertising to our users and we // don't want to have some random Google Analytics script running either on the // about:addons page, see bug 22073, 22900 and 31601. @@ -498,8 +529,8 @@ pref("browser.discovery.enabled", false); pref("extensions.webextensions.restrictedDomains", ""); // Don't give Mozilla-recommended third-party extensions special privileges. pref("extensions.postDownloadThirdPartyPrompt", false); -// tor-browser#41701: Reporting an extension does not work -// disable extension reporting since the request goes to Mozilla and is rejected anyway (HTTP 400) +// tor-browser#41701: Reporting an extension does not work. The request goes to +// Mozilla and is always rejected anyway (HTTP 400). pref("extensions.abuseReport.enabled", false); // We are already providing the languages we support in multi-lingual packages. // Therefore, do not allow download of additional language packs. They are not a @@ -526,10 +557,6 @@ pref("security.certerrors.mitm.priming.enabled", false); // Don't automatically enable enterprise roots, see bug 40166 pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
-// Don't allow any domain overrides access to offscreen rendering, see tor-browser#41135 -pref("gfx.offscreencanvas.domain-enabled", false); -pref("gfx.offscreencanvas.domain-allowlist", ""); - // Disable share menus on Mac and Windows tor-browser#41117 pref("browser.menu.share_url.allow", false, locked);
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/eae5ea5...
tbb-commits@lists.torproject.org