... |
... |
@@ -40,6 +40,8 @@ pref("app.update.promptWaitTime", 3600); |
40
|
40
|
pref("app.update.staging.enabled", false);
|
41
|
41
|
#endif
|
42
|
42
|
|
|
43
|
+pref("browser.startup.homepage_override.buildID", "20100101");
|
|
44
|
+
|
43
|
45
|
// Disable the "Refresh" prompt that is displayed for stale profiles.
|
44
|
46
|
pref("browser.disableResetPrompt", true);
|
45
|
47
|
|
... |
... |
@@ -47,7 +49,6 @@ pref("browser.disableResetPrompt", true); |
47
|
49
|
pref("browser.privatebrowsing.autostart", true);
|
48
|
50
|
pref("browser.cache.disk.enable", false);
|
49
|
51
|
pref("permissions.memory_only", true);
|
50
|
|
-pref("network.cookie.lifetimePolicy", 2);
|
51
|
52
|
pref("security.nocertdb", true);
|
52
|
53
|
pref("media.aboutwebrtc.hist.enabled", false);
|
53
|
54
|
|
... |
... |
@@ -66,7 +67,10 @@ pref("browser.download.enable_spam_prevention", true); |
66
|
67
|
// Misc privacy: Disk
|
67
|
68
|
pref("signon.rememberSignons", false);
|
68
|
69
|
pref("browser.formfill.enable", false);
|
|
70
|
+pref("signon.formlessCapture.enabled", false); // Added with tor-browser#41496
|
69
|
71
|
pref("signon.autofillForms", false);
|
|
72
|
+// Do not store extra data (form, scrollbar positions, cookies, POST data) for
|
|
73
|
+// the session restore functionality.
|
70
|
74
|
pref("browser.sessionstore.privacy_level", 2);
|
71
|
75
|
// Use the in-memory media cache and increase its maximum size (#29120)
|
72
|
76
|
pref("browser.privatebrowsing.forceMediaMemoryCache", true);
|
... |
... |
@@ -80,6 +84,8 @@ pref("browser.pagethumbnails.capturing_disabled", true); |
80
|
84
|
|
81
|
85
|
// Enable HTTPS-Only mode (tor-browser#19850)
|
82
|
86
|
pref("dom.security.https_only_mode", true);
|
|
87
|
+// The previous pref automatically sets this to true (see StaticPrefList.yaml),
|
|
88
|
+// but set it anyway only as a defense-in-depth.
|
83
|
89
|
pref("dom.security.https_only_mode_pbm", true);
|
84
|
90
|
|
85
|
91
|
// tor-browser#22320: Hide referer when comming from a .onion address
|
... |
... |
@@ -118,7 +124,8 @@ pref("security.tls.version.enable-deprecated", false, locked); |
118
|
124
|
// Misc privacy: Remote
|
119
|
125
|
pref("browser.send_pings", false);
|
120
|
126
|
// Space separated list of URLs that are allowed to send objects (instead of
|
121
|
|
-// only strings) through webchannels.
|
|
127
|
+// only strings) through webchannels. The default for Firefox is some Mozilla
|
|
128
|
+// domains.
|
122
|
129
|
pref("webchannel.allowObject.urlWhitelist", "");
|
123
|
130
|
pref("geo.enabled", false);
|
124
|
131
|
pref("geo.provider.network.url", "");
|
... |
... |
@@ -127,6 +134,7 @@ pref("geo.provider.use_corelocation", false); |
127
|
134
|
pref("geo.provider.use_gpsd", false);
|
128
|
135
|
pref("geo.provider.use_geoclue", false);
|
129
|
136
|
pref("browser.search.suggest.enabled", false);
|
|
137
|
+pref("browser.search.suggest.enabled.private", false);
|
130
|
138
|
pref("browser.urlbar.suggest.searches", false);
|
131
|
139
|
pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
|
132
|
140
|
pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
|
... |
... |
@@ -143,7 +151,6 @@ pref("browser.safebrowsing.provider.google4.updateURL", ""); |
143
|
151
|
pref("browser.safebrowsing.provider.google4.gethashURL", "");
|
144
|
152
|
pref("browser.safebrowsing.provider.mozilla.updateURL", "");
|
145
|
153
|
pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
|
146
|
|
-pref("extensions.ui.lastCategory", "addons://list/extension");
|
147
|
154
|
pref("datareporting.healthreport.uploadEnabled", false);
|
148
|
155
|
pref("datareporting.policy.dataSubmissionEnabled", false);
|
149
|
156
|
// Make sure Unified Telemetry is really disabled, see: #18738.
|
... |
... |
@@ -152,6 +159,9 @@ pref("toolkit.telemetry.unified", false); |
152
|
159
|
pref("toolkit.telemetry.enabled", false, locked);
|
153
|
160
|
pref("toolkit.telemetry.server", "data:,");
|
154
|
161
|
pref("toolkit.telemetry.archive.enabled", false);
|
|
162
|
+pref("toolkit.telemetry.newProfilePing.enabled", false); // Added in tor-browser#41496
|
|
163
|
+pref("toolkit.telemetry.shutdownPingSender.enabled", false); // Added in tor-browser#41496
|
|
164
|
+pref("toolkit.telemetry.firstShutdownPing.enabled", false); // Added in tor-browser#41496
|
155
|
165
|
pref("toolkit.telemetry.updatePing.enabled", false); // Make sure updater telemetry is disabled; see #25909.
|
156
|
166
|
pref("toolkit.telemetry.bhrPing.enabled", false);
|
157
|
167
|
pref("toolkit.telemetry.coverage.opt-out", true);
|
... |
... |
@@ -160,6 +170,11 @@ pref("toolkit.coverage.endpoint.base", ""); |
160
|
170
|
pref("browser.ping-centre.telemetry", false);
|
161
|
171
|
pref("browser.tabs.crashReporting.sendReport", false);
|
162
|
172
|
pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
|
|
173
|
+// Added in tor-browser#41496 even though false by default
|
|
174
|
+pref("browser.crashReports.unsubmittedCheck.enabled", false);
|
|
175
|
+// Added in tor-browser#41496 even though it shuld be already always disabled
|
|
176
|
+// since we disable MOZ_CRASHREPORTER.
|
|
177
|
+pref("breakpad.reportURL", "data:");
|
163
|
178
|
#ifdef XP_WIN
|
164
|
179
|
// Defense-in-depth: ensure that the Windows default browser agent will
|
165
|
180
|
// not ping Mozilla if it is somehow present (we omit it at build time).
|
... |
... |
@@ -177,10 +192,8 @@ pref("services.sync.engine.passwords", false); |
177
|
192
|
pref("services.sync.engine.prefs", false);
|
178
|
193
|
pref("services.sync.engine.tabs", false);
|
179
|
194
|
pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
|
180
|
|
-pref("browser.search.region", "US"); // The next two prefs disable GeoIP search lookups (#16254)
|
181
|
|
-pref("browser.search.geoip.url", "");
|
182
|
195
|
pref("browser.fixup.alternate.enabled", false); // Bug #16783: Prevent .onion fixups
|
183
|
|
-pref("privacy.donottrackheader.enabled", false); // (privacy-browser#17)
|
|
196
|
+pref("privacy.donottrackheader.enabled", false); // (mullvad-browser#17)
|
184
|
197
|
// Make sure there is no Tracking Protection active in Tor Browser, see: #17898.
|
185
|
198
|
pref("privacy.trackingprotection.enabled", false);
|
186
|
199
|
pref("privacy.trackingprotection.pbmode.enabled", false);
|
... |
... |
@@ -200,15 +213,10 @@ pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); |
200
|
213
|
pref("browser.newtabpage.activity-stream.showSponsored", false);
|
201
|
214
|
pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
|
202
|
215
|
pref("browser.newtabpage.activity-stream.default.sites", "");
|
|
216
|
+// Activity Stream telemetry
|
203
|
217
|
pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
|
204
|
218
|
pref("browser.newtabpage.activity-stream.telemetry", false);
|
205
|
219
|
|
206
|
|
-// tor-browser#41945 - disable automatic cookie banners dismissal until
|
207
|
|
-// we're sure it does not causes fingerprinting risks or other issues.
|
208
|
|
-pref("cookiebanners.service.mode", 0);
|
209
|
|
-pref("cookiebanners.service.mode.privateBrowsing", 0);
|
210
|
|
-pref("cookiebanners.ui.desktop.enabled", false);
|
211
|
|
-
|
212
|
220
|
// tor-browser#40788: disable AS's calls to home.
|
213
|
221
|
// Notice that null is between quotes because it is a JSON string.
|
214
|
222
|
// Keep checked firefox.js to see if new entries are added.
|
... |
... |
@@ -221,6 +229,12 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment |
221
|
229
|
// Disable fetching asrouter.ftl and related console errors (tor-browser#40763).
|
222
|
230
|
pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false);
|
223
|
231
|
|
|
232
|
+// tor-browser#41945 - disable automatic cookie banners dismissal until
|
|
233
|
+// we're sure it does not causes fingerprinting risks or other issues.
|
|
234
|
+pref("cookiebanners.service.mode", 0);
|
|
235
|
+pref("cookiebanners.service.mode.privateBrowsing", 0);
|
|
236
|
+pref("cookiebanners.ui.desktop.enabled", false);
|
|
237
|
+
|
224
|
238
|
// Disable moreFromMozilla pane in the preferences/settings (tor-browser#41292).
|
225
|
239
|
pref("browser.preferences.moreFromMozilla", false);
|
226
|
240
|
|
... |
... |
@@ -228,14 +242,16 @@ pref("browser.preferences.moreFromMozilla", false); |
228
|
242
|
pref("extensions.screenshots.disabled", true);
|
229
|
243
|
pref("extensions.webcompat-reporter.enabled", false);
|
230
|
244
|
|
|
245
|
+pref("browser.search.region", "US"); // Disable GeoIP search lookups (#16254)
|
231
|
246
|
// Disable use of WiFi location information
|
232
|
247
|
pref("browser.region.network.scan", false);
|
233
|
248
|
pref("browser.region.network.url", "");
|
234
|
249
|
pref("browser.region.local-geocoding", false);
|
235
|
|
-// Bug 40083: Make sure Region.jsm fetching is disabled
|
|
250
|
+// Bug 40083: Make sure Region.sys.mjs fetching is disabled
|
236
|
251
|
pref("browser.region.update.enabled", false);
|
237
|
252
|
|
238
|
|
-// Don't load Mozilla domains in a separate tab process
|
|
253
|
+// Don't load Mozilla domains in a separate privileged tab process
|
|
254
|
+pref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false);
|
239
|
255
|
pref("browser.tabs.remote.separatedMozillaDomains", "");
|
240
|
256
|
|
241
|
257
|
// Avoid DNS lookups on search terms
|
... |
... |
@@ -270,12 +286,23 @@ pref("security.pki.crlite_mode", 0); |
270
|
286
|
// Disable website password breach alerts
|
271
|
287
|
pref("signon.management.page.breach-alerts.enabled", false);
|
272
|
288
|
|
273
|
|
-// Disable remote "password recipes"
|
|
289
|
+// Disable remote "password recipes". They are a way to improve the UX of the
|
|
290
|
+// password manager by havinc specific heuristics for some sites.
|
|
291
|
+// It needs remote settings and in general we disable the password manager.
|
|
292
|
+// More information about this feature at
|
|
293
|
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1119454
|
274
|
294
|
pref("signon.recipes.remoteRecipes.enabled", false);
|
275
|
295
|
|
276
|
|
-// Disable ServiceWorkers and push notifications by default
|
|
296
|
+// Disable ServiceWorkers by default. They do not work in PBM in any case.
|
|
297
|
+// See https://bugzilla.mozilla.org/show_bug.cgi?id=1320796
|
277
|
298
|
pref("dom.serviceWorkers.enabled", false);
|
|
299
|
+// Push notifications use an online Mozilla service and a persistent ID stored
|
|
300
|
+// in dom.push.userAgentID, so disable them by default.
|
|
301
|
+// See also https://support.mozilla.org/kb/push-notifications-firefox
|
278
|
302
|
pref("dom.push.enabled", false);
|
|
303
|
+// As a defense in depth measure, also set the push server URL to empty.
|
|
304
|
+// See tor-browser#18801.
|
|
305
|
+pref("dom.push.serverURL", "");
|
279
|
306
|
|
280
|
307
|
// Fingerprinting
|
281
|
308
|
// tor-browser#41797: For release builds, lock RFP
|
... |
... |
@@ -292,7 +319,6 @@ pref("privacy.resistFingerprinting", true); |
292
|
319
|
pref("webgl.disable-fail-if-major-performance-caveat", true);
|
293
|
320
|
// tor-browser#16404: disable until we investigate it further (#22333)
|
294
|
321
|
pref("webgl.enable-webgl2", false);
|
295
|
|
-pref("browser.startup.homepage_override.buildID", "20100101");
|
296
|
322
|
pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
|
297
|
323
|
// Prevent scripts from moving and resizing open windows
|
298
|
324
|
pref("dom.disable_window_move_resize", true);
|
... |
... |
@@ -307,7 +333,9 @@ pref("dom.webmidi.enabled", false); // Bug 41398: Disable Web MIDI API |
307
|
333
|
// randomized IDs when this pref is true).
|
308
|
334
|
// Defense-in-depth (already the default value) from Firefox 119 or 120.
|
309
|
335
|
pref("media.devices.enumerate.legacy.enabled", false);
|
310
|
|
-pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API
|
|
336
|
+// Bug 10286: Always disable Touch API.
|
|
337
|
+// We might need to deepen this topic, see tor-browser#42069.
|
|
338
|
+pref("dom.w3c_touch_events.enabled", 0);
|
311
|
339
|
pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now
|
312
|
340
|
pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now
|
313
|
341
|
// Disable SAB, no matter if the sites are cross-origin isolated.
|
... |
... |
@@ -350,6 +378,7 @@ pref("javascript.options.spectre.disable_for_isolated_content", false, locked); |
350
|
378
|
pref("privacy.firstparty.isolate", true); // Always enforce first party isolation
|
351
|
379
|
// tor-browser#40123 and #40308: Disable for now until audit
|
352
|
380
|
pref("privacy.partition.network_state", false);
|
|
381
|
+// Only accept cookies from the originating site (block third party cookies)
|
353
|
382
|
pref("network.cookie.cookieBehavior", 1);
|
354
|
383
|
pref("network.cookie.cookieBehavior.pbmode", 1);
|
355
|
384
|
pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633
|
... |
... |
@@ -365,7 +394,9 @@ pref("privacy.purge_trackers.enabled", false); |
365
|
394
|
// Do not allow cross-origin sub-resources to open HTTP authentication
|
366
|
395
|
// credentials dialogs. Hardens against potential credentials phishing.
|
367
|
396
|
pref("network.auth.subresource-http-auth-allow", 1);
|
368
|
|
-// Disable sending additional analytics to web servers
|
|
397
|
+// Disable sending additional analytics to web servers.
|
|
398
|
+// This disables navigator.sendBeacon, even though this is discouraged by the
|
|
399
|
+// standard: https://w3c.github.io/beacon/#privacy-and-security
|
369
|
400
|
pref("beacon.enabled", false);
|
370
|
401
|
|
371
|
402
|
pref("network.dns.disablePrefetch", true);
|
... |
... |
@@ -379,13 +410,19 @@ pref("network.protocol-handler.warn-external.mailto", true); |
379
|
410
|
pref("network.protocol-handler.warn-external.news", true);
|
380
|
411
|
pref("network.protocol-handler.warn-external.nntp", true);
|
381
|
412
|
pref("network.protocol-handler.warn-external.snews", true);
|
|
413
|
+#ifdef XP_WIN
|
|
414
|
+ pref("network.protocol-handler.external.ms-windows-store", false);
|
|
415
|
+ pref("network.protocol-handler.warn-external.ms-windows-store", true);
|
|
416
|
+#endif
|
382
|
417
|
pref("network.proxy.allow_bypass", false, locked); // #40682
|
383
|
418
|
// Lock to 'true', which is already the firefox default, to prevent users
|
384
|
419
|
// from making themselves fingerprintable by disabling. This pref
|
385
|
420
|
// alters content load order in a page. See tor-browser#24686
|
386
|
421
|
pref("network.http.tailing.enabled", true, locked);
|
387
|
422
|
|
388
|
|
-// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked to firefox defaults to minimize network performance fingerprinting. See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128
|
|
423
|
+// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked
|
|
424
|
+// to firefox defaults to minimize network performance fingerprinting.
|
|
425
|
+// See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128
|
389
|
426
|
pref("network.http.http2.enabled", true, locked);
|
390
|
427
|
pref("network.http.http2.enabled.deps", true, locked);
|
391
|
428
|
pref("network.http.http2.enforce-tls-profile", true, locked);
|
... |
... |
@@ -395,13 +432,13 @@ pref("network.http.http2.coalesce-hostnames", true, locked); |
395
|
432
|
pref("network.http.http2.persistent-settings", false, locked);
|
396
|
433
|
pref("network.http.http2.ping-threshold", 58, locked);
|
397
|
434
|
pref("network.http.http2.ping-timeout", 8, locked);
|
398
|
|
-pref("network.http.http2.send-buffer-size", 131072, locked);
|
|
435
|
+pref("network.http.http2.send-buffer-size", 0, locked);
|
399
|
436
|
pref("network.http.http2.allow-push", true, locked);
|
400
|
437
|
pref("network.http.http2.push-allowance", 131072, locked);
|
401
|
438
|
pref("network.http.http2.pull-allowance", 12582912, locked);
|
402
|
439
|
pref("network.http.http2.default-concurrent", 100, locked);
|
403
|
440
|
pref("network.http.http2.default-hpack-buffer", 65536, locked);
|
404
|
|
-pref("network.http.http2.websockets", false, locked);
|
|
441
|
+pref("network.http.http2.websockets", true, locked);
|
405
|
442
|
pref("network.http.http2.enable-hpack-dump", false, locked);
|
406
|
443
|
|
407
|
444
|
// tor-browser#23044: Make sure we don't have any GIO supported protocols
|
... |
... |
@@ -467,10 +504,6 @@ pref("network.manage-offline-status", false); |
467
|
504
|
pref("network.captive-portal-service.enabled", false);
|
468
|
505
|
pref("network.connectivity-service.enabled", false);
|
469
|
506
|
pref("captivedetect.canonicalURL", "");
|
470
|
|
-// As a "defense in depth" measure, configure an empty push server URL (the
|
471
|
|
-// DOM Push features are disabled by default via other prefs).
|
472
|
|
-// See tor-browser#18801.
|
473
|
|
-pref("dom.push.serverURL", "");
|
474
|
507
|
|
475
|
508
|
#ifdef XP_WIN
|
476
|
509
|
// tor-browser#41683: Disable the network process on Windows
|
... |
... |
@@ -482,9 +515,7 @@ pref("network.process.enabled", false); |
482
|
515
|
|
483
|
516
|
// Extension support
|
484
|
517
|
pref("extensions.autoDisableScopes", 0);
|
485
|
|
-pref("extensions.databaseSchema", 3);
|
486
|
518
|
pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 | AddonManager.SCOPE_APPLICATION=4
|
487
|
|
-pref("extensions.pendingOperations", false);
|
488
|
519
|
// We don't know what extensions Mozilla is advertising to our users and we
|
489
|
520
|
// don't want to have some random Google Analytics script running either on the
|
490
|
521
|
// about:addons page, see bug 22073, 22900 and 31601.
|
... |
... |
@@ -498,8 +529,8 @@ pref("browser.discovery.enabled", false); |
498
|
529
|
pref("extensions.webextensions.restrictedDomains", "");
|
499
|
530
|
// Don't give Mozilla-recommended third-party extensions special privileges.
|
500
|
531
|
pref("extensions.postDownloadThirdPartyPrompt", false);
|
501
|
|
-// tor-browser#41701: Reporting an extension does not work
|
502
|
|
-// disable extension reporting since the request goes to Mozilla and is rejected anyway (HTTP 400)
|
|
532
|
+// tor-browser#41701: Reporting an extension does not work. The request goes to
|
|
533
|
+// Mozilla and is always rejected anyway (HTTP 400).
|
503
|
534
|
pref("extensions.abuseReport.enabled", false);
|
504
|
535
|
// We are already providing the languages we support in multi-lingual packages.
|
505
|
536
|
// Therefore, do not allow download of additional language packs. They are not a
|
... |
... |
@@ -526,10 +557,6 @@ pref("security.certerrors.mitm.priming.enabled", false); |
526
|
557
|
// Don't automatically enable enterprise roots, see bug 40166
|
527
|
558
|
pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
|
528
|
559
|
|
529
|
|
-// Don't allow any domain overrides access to offscreen rendering, see tor-browser#41135
|
530
|
|
-pref("gfx.offscreencanvas.domain-enabled", false);
|
531
|
|
-pref("gfx.offscreencanvas.domain-allowlist", "");
|
532
|
|
-
|
533
|
560
|
// Disable share menus on Mac and Windows tor-browser#41117
|
534
|
561
|
pref("browser.menu.share_url.allow", false, locked);
|
535
|
562
|
|