[tor-commits] [tor-browser/tor-browser-52.7.2esr-8.0-1] Orfox: Added tbb prefs to mobile.js Bug #5404 - We need a mobile friendly user-agent. Moving back to the default user-agent used by the esr38 build

Tue Mar 20 11:26:33 UTC 2018

commit 908389c3fdbcd76ec7e2f6f4b57741253e9757a6
Author: Amogh Pradeep <amoghbl1 at gmail.com>
Date:   Thu Jun 11 09:43:09 2015 -0400

    Orfox: Added tbb prefs to mobile.js Bug #5404 - We need a mobile friendly user-agent. Moving back to the default user-agent used by the esr38 build
    
    Signed-off-by: Amogh Pradeep <amoghbl1 at gmail.com>
---
 mobile/android/app/mobile.js | 226 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 216 insertions(+), 10 deletions(-)

diff --git a/mobile/android/app/mobile.js b/mobile/android/app/mobile.js
index 2a64297c4bbe..437177a67250 100644
--- a/mobile/android/app/mobile.js
+++ b/mobile/android/app/mobile.js
@@ -905,16 +905,222 @@ pref("identity.fxaccounts.remote.oauth.uri", "https://oauth.accounts.firefox.com
 // Token server used by Firefox Account-authenticated Sync.
 pref("identity.sync.tokenserver.uri", "https://token.services.mozilla.com/1.0/sync/1.5");
 
-// Enable Presentation API
-pref("dom.presentation.enabled", false);
-pref("dom.presentation.discovery.enabled", true);
-pref("dom.presentation.discovery.legacy.enabled", true); // for TV 2.5 backward capability
+# Default Preferences
+# Tor Browser Bundle
+# Do not edit this file.
 
-pref("dom.audiochannel.audioCompeting", true);
-pref("dom.audiochannel.mediaControl", true);
+// Please maintain unit tests at ./tbb-tests/browser_tor_TB4.js
 
-// Space separated list of URLS that are allowed to send objects (instead of
-// only strings) through webchannels. This list is duplicated in browser/app/profile/firefox.js
-pref("webchannel.allowObject.urlWhitelist", "https://accounts.firefox.com https://content.cdn.mozilla.net https://input.mozilla.org https://support.mozilla.org https://install.mozilla.org");
+// Disable browser auto updaters and associated homepage notifications
+pref("app.update.auto", false);
+pref("app.update.enabled", false);
+pref("browser.search.update", false);
+pref("browser.rights.3.shown", true);
+pref("browser.startup.homepage_override.mstone", "ignore");
+pref("startup.homepage_welcome_url", "");
+pref("startup.homepage_override_url", "");
+
+// Disable "Slow startup" warnings and associated disk history
+// (bug #13346)
+pref("browser.slowStartup.notificationDisabled", true);
+pref("browser.slowStartup.maxSamples", 0);
+pref("browser.slowStartup.samples", 0);
+
+// Disk activity: Disable Browsing History Storage
+pref("browser.privatebrowsing.autostart", true);
+pref("browser.cache.disk.enable", false);
+pref("browser.cache.offline.enable", false);
+pref("dom.indexedDB.enabled", false);
+pref("permissions.memory_only", true);
+pref("network.cookie.lifetimePolicy", 2);
+pref("browser.download.manager.retention", 1);
+pref("security.nocertdb", true);
+
+// Disk activity: TBB Directory Isolation
+pref("browser.download.useDownloadDir", false);
+pref("browser.shell.checkDefaultBrowser", false);
+pref("browser.download.manager.addToRecentDocs", false);
+
+// Misc privacy: Disk
+pref("signon.rememberSignons", false);
+pref("browser.formfill.enable", false);
+pref("signon.autofillForms", false);
+pref("browser.sessionstore.privacy_level", 2);
+pref("media.cache_size", 0);
+
+// Misc privacy: Remote
+pref("browser.send_pings", false);
+pref("geo.enabled", false);
+pref("geo.wifi.uri", "");
+pref("browser.search.suggest.enabled", false);
+pref("browser.safebrowsing.enabled", false);
+pref("browser.safebrowsing.malware.enabled", false);
+pref("browser.download.manager.scanWhenDone", false); // prevents AV remote reporting of downloads
+pref("extensions.ui.lastCategory", "addons://list/extension");
+pref("datareporting.healthreport.service.enabled", false); // Yes, all three of these must be set
+pref("datareporting.healthreport.uploadEnabled", false);
+pref("datareporting.policy.dataSubmissionEnabled", false);
+pref("security.mixed_content.block_active_content", false); // Disable until https://bugzilla.mozilla.org/show_bug.cgi?id=878890 is patched
+pref("browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmarks\":0}"); // Don't promote sync
+pref("services.sync.engine.prefs", false); // Never sync prefs, addons, or tabs with other browsers
+pref("services.sync.engine.addons", false);
+pref("services.sync.engine.tabs", false);
+pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
+
+// Fingerprinting
+pref("webgl.min_capability_mode", true);
+pref("webgl.disable-extensions", true);
+pref("dom.battery.enabled", false); // fingerprinting due to differing OS implementations
+pref("dom.network.enabled",false); // fingerprinting due to differing OS implementations
+pref("browser.display.max_font_attempts",10);
+pref("browser.display.max_font_count",10);
+pref("gfx.downloadable_fonts.fallback_delay", -1);
+// pref("general.appname.override", "Netscape");
+// pref("general.appversion.override", "5.0 (Windows)");
+// pref("general.oscpu.override", "Windows NT 6.1");
+// pref("general.platform.override", "Win32");
+pref("general.useragent.override", "Mozilla/5.0 (Android; Mobile; rv:38.0) Gecko/38.0 Firefox/38.0");
+// pref("general.productSub.override", "20100101");
+// pref("general.buildID.override", "20100101");
+// pref("browser.startup.homepage_override.buildID", "20100101");
+pref("general.useragent.vendor", "");
+pref("general.useragent.vendorSub", "");
+pref("dom.enable_performance", false);
+pref("plugin.expose_full_path", false);
+pref("browser.zoom.siteSpecific", false);
+pref("intl.charset.default", "windows-1252");
+pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
+pref("dom.gamepad.enabled", false); // bugs.torproject.org/13023
+pref("javascript.use_us_english_locale", true);
+// pref("intl.accept_languages", "en-us, en"); // Set by Torbutton
+// pref("intl.accept_charsets", "iso-8859-1,*,utf-8"); // Set by Torbutton
+// pref("intl.charsetmenu.browser.cache", "UTF-8"); // Set by Torbutton
+// Disable video statistics fingerprinting vector (bug 15757)
+pref("media.video_stats.enabled", false);
+// Disable device sensors as possible fingerprinting vector (bug 15758)
+pref("device.sensors.enabled", false);
+
+// Third party stuff
+pref("network.cookie.cookieBehavior", 1);
+pref("security.enable_tls_session_tickets", false);
+pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable)
+pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case
+pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case
+pref("privacy.thirdparty.isolate", 2); // Always enforce third party isolation
+pref("dom.workers.sharedWorkers.enabled", false); // See https://bugs.torproject.org/15562
+
+// Proxy and proxy security
+pref("network.proxy.socks", "127.0.0.1");
+pref("network.proxy.socks_port", 9050);
+pref("network.proxy.socks_remote_dns", true);
+pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
+pref("network.proxy.type", 1);
+pref("network.security.ports.banned", "9050,9051,9150,9151");
+pref("network.dns.disablePrefetch", true);
+pref("network.protocol-handler.external-default", false);
+pref("network.protocol-handler.external.mailto", false);
+pref("network.protocol-handler.external.news", false);
+pref("network.protocol-handler.external.nntp", false);
+pref("network.protocol-handler.external.snews", false);
+pref("network.protocol-handler.warn-external.mailto", true);
+pref("network.protocol-handler.warn-external.news", true);
+pref("network.protocol-handler.warn-external.nntp", true);
+pref("network.protocol-handler.warn-external.snews", true);
+pref("plugin.disable", true); // Disable to search plugins on first start
+pref("plugins.click_to_play", true);
+pref("plugin.state.flash", 1);
+pref("plugins.hide_infobar_for_missing_plugin", true);
+pref("plugins.hideMissingPluginsNotification", true);
+pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
+
+// Security slider
+pref("svg.in-content.enabled", true);
+pref("mathml.disabled", false);
+
+// Network and performance
+pref("network.http.pipelining", true);
+pref("network.http.pipelining.aggressive", true);
+pref("network.http.pipelining.maxrequests", 12);
+pref("network.http.pipelining.ssl", true);
+pref("network.http.proxy.pipelining", true);
+pref("security.ssl.enable_false_start", true);
+pref("network.http.connection-retry-timeout", 0);
+pref("network.http.max-persistent-connections-per-proxy", 256);
+pref("network.http.pipelining.reschedule-timeout", 15000);
+pref("network.http.pipelining.read-timeout", 60000);
+// Hacked pref: Now means "Attempt to pipeline at least this many requests together"
+pref("network.http.pipelining.max-optimistic-requests", 3);
+pref("security.ssl.disable_session_identifiers", true);
+
+// Extension support
+pref("extensions.autoDisableScopes", 0);
+pref("extensions.bootstrappedAddons", "{}");
+pref("extensions.checkCompatibility.4.*", false);
+pref("extensions.databaseSchema", 3);
+pref("extensions.enabledAddons", "https-everywhere%40eff.org:3.1.4,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,tor-launcher%40torproject.org:0.1.1pre-alpha,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5");
+pref("extensions.enabledItems", "langpack-en-US at firefox.mozilla.org:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8");
+pref("extensions.enabledScopes", 1);
+pref("extensions.pendingOperations", false);
+pref("xpinstall.whitelist.add", "");
+pref("xpinstall.whitelist.add.36", "");
+
+
+// Putting the search engine prefs into this file to fix #11236.
+// Default search engine
+pref("browser.search.defaultenginename", "Search");
+
+// Search engine order (order displayed in the search bar dropdown)
+// Somewhat surprisingly we get some random behavior if we specify more than
+// two search engines as below. See
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1126722 for details.
+pref("browser.search.order.extra.1", "Search");
+pref("browser.search.order.extra.2", "YouTube");
+
+// Audio_data is deprecated in future releases, but still present
+// in FF24. This is a dangerous combination (spotted by iSec)
+pref("media.audio_data.enabled", false);
+
+// If true, remote JAR files will not be opened, regardless of content type
+// Patch done by Jeff Gibat (iSEC). We bind it to the security slider but allow
+// jar: in default mode.
+pref("network.jar.block-remote-files", false);
+
+// Enable TLS 1.1 and 1.2:
+// https://trac.torproject.org/projects/tor/ticket/11253
+pref("security.tls.version.max", 3);
+
+#ifdef TOR_BROWSER_VERSION
+#expand pref("torbrowser.version", __TOR_BROWSER_VERSION__);
+#endif
 
-pref("media.openUnsupportedTypeWithExternalApp", true);
+// More Orfox specific flags (some might be redundant)
+pref("privacy.clearOnShutdown.cache", true);
+pref("privacy.clearOnShutdown.cookies",true);
+pref("privacy.clearOnShutdown.downloads",true);
+pref("privacy.clearOnShutdown.formdata",true);
+pref("privacy.clearOnShutdown.history",true);
+pref("privacy.clearOnShutdown.offlineApps",true);
+pref("privacy.clearOnShutdown.passwords",true);
+pref("privacy.clearOnShutdown.sessions",true);
+pref("privacy.clearOnShutdown.siteSettings",true);
+
+// Do Not Track!
+pref("privacy.donottrackheader.enabled",false);
+pref("privacy.donottrackheader.value",1);
+
+// Don't send a referrer:
+pref("network.http.sendRefererHeader", 0);
+
+// Make sure certificates are up-to-date:
+pref("security.OCSP.require", true); pref("security.checkloaduri",true);
+
+// Don't display mixed content (i.e. not secure content on a secure page)
+pref("security.mixed_content.block_display_content", true);
+
+// Disable RTSP
+pref("media.rtsp.enabled", false);
+pref("media.rtsp.video.enabled", false);
+
+// Disable UDP Push service wakeup
+pref("services.push.udp.wakeupEnabled", false);
+pref("dom.push.udp.wakeupEnabled", false);



