From 2bdaa6cdcc0c062bb29e0691ef89f3515fd62d84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Sch=C3=A4ferdiek?= Date: Sun, 10 Jan 2021 18:10:50 +0100 Subject: [PATCH] Adapt to January 6th changes and readd HTTPS Everywhere again --- firefox/README.md | 1 + firefox/user.js | 25 ++++++++++++++++--------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/firefox/README.md b/firefox/README.md index 7963adf..05e31a1 100755 --- a/firefox/README.md +++ b/firefox/README.md @@ -10,6 +10,7 @@ Based on [https://www.privacy-handbuch.de/handbuch_21.htm](https://www.privacy-h Besides Firefox integrated anti-tracking mechanisms, it's still advised to install additional plugins to further enhance this. +* `Https Everywhere`: redirects to SSL version of a website automatically if it's available, [currently preferred over Firefox's built-in mode because of feature richness](https://www.eff.org/https-everywhere/faq#https-only-mode) * `uBlock Origin`: blocks ads and unwanted trackers * `Neat url`: removes common parameters from pages (e.g. to identify you with something like `?os=windows&browser=chrome&version=86`) * `Skip Redirect`: skips not needed redirects of pages diff --git a/firefox/user.js b/firefox/user.js index a6e92d1..da41df8 100755 --- a/firefox/user.js +++ b/firefox/user.js @@ -1,6 +1,6 @@ // Mozilla User Preferences // -// 2021/01/03 +// 2021/01/06 // // Based on Privacy-Handbuch, merged/adjusted strong user.js // Download: https://www.privacy-handbuch.de/handbuch_21u.htm @@ -23,7 +23,7 @@ user_pref("browser.link.open_newwindow.restriction", 0); user_pref("browser.library.activity-stream.enabled", false); user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); -user_pref("browser.newtabpage.activity-stream.feeds.topsites", true); +user_pref("browser.newtabpage.activity-stream.feeds.topsites", false); user_pref("browser.newtabpage.activity-stream.feeds.system.topsites", false); user_pref("browser.newtabpage.activity-stream.showSponsored", false); user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); @@ -34,7 +34,6 @@ user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); user_pref("browser.pagethumbnails.capturing_disabled", true); user_pref("browser.ping-centre.telemetry", false); -user_pref("browser.privatebrowsing.autostart", false); user_pref("browser.region.update.enabled", false); user_pref("browser.region.network.url", ""); user_pref("browser.safebrowsing.downloads.remote.url", " "); @@ -78,19 +77,17 @@ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.suggest.topsites", false); user_pref("datareporting.healthreport.uploadEnabled", false); user_pref("datareporting.policy.dataSubmissionEnabled", false); -user_pref("device.sensors.enabled", false); //user_pref("dom.block_download_insecure", true); //user_pref("dom.enable_performance", false); //user_pref("dom.enable_performance_navigation_timing", false); //user_pref("dom.enable_resource_timing", false); //user_pref("dom.event.clipboardevents.enabled", false); -user_pref("dom.gamepad.enabled", false); user_pref("dom.push.connection.enabled", false); user_pref("dom.push.enabled", false); user_pref("dom.push.serverURL", ""); -user_pref("dom.security.https_only_mode", true); -//user_pref("dom.security.https_only_mode_ever_enabled", true); -user_pref("dom.webnotifications.enabled", false); +// use Https Everywhere and disable built-in +user_pref("dom.security.https_only_mode", false); +user_pref("dom.vibrator.max_vibrate_ms", 0); user_pref("extensions.blocklist.enabled", false); user_pref("extensions.formautofill.addresses.enabled", false); user_pref("extensions.formautofill.creditCards.enabled", false); @@ -128,6 +125,7 @@ user_pref("media.peerconnection.enabled", false); user_pref("media.video_stats.enabled", false); user_pref("media.webspeech.synth.enabled", false); user_pref("network.dns.disablePrefetch", true); +// allow IPv6 of websites user_pref("network.dns.disableIPv6", false); user_pref("network.ftp.enabled", false); user_pref("network.captive-portal-service.enabled", false); @@ -144,12 +142,16 @@ user_pref("network.security.esni.enabled", true); user_pref("offline-apps.allow_by_default", true); //user_pref("offline-apps.quota.warn", 0); user_pref("pdfjs.disabled", true); +user_pref("permissions.default.desktop-notification", 2); +user_pref("permissions.isolateBy.userContext", true); +// keep history user_pref("places.history.enabled", true); user_pref("plugin.default.state", 0); user_pref("plugins.update.url", ""); user_pref("privacy.clearOnShutdown.cache", true); user_pref("privacy.clearOnShutdown.cookies", true); user_pref("privacy.clearOnShutdown.downloads", true); +// keep history user_pref("privacy.clearOnShutdown.history", false); user_pref("privacy.clearOnShutdown.offlineApps", true); user_pref("privacy.clearOnShutdown.sessions", true); @@ -162,10 +164,10 @@ user_pref("privacy.donottrackheader.enabled", false); user_pref("privacy.firstparty.isolate", true); user_pref("privacy.firstparty.isolate.block_post_message", true); user_pref("privacy.history.custom", true); -user_pref("privacy.purge_trackers.enabled", true); user_pref("privacy.sanitize.sanitizeOnShutdown", true); user_pref("privacy.userContext.enabled", true); user_pref("privacy.userContext.ui.enabled", true); +// avoid potential date bugs user_pref("privacy.resistFingerprinting", false); user_pref("reader.parse-on-load.enabled", false); user_pref("security.cert_pinning.enforcement_level", 2); @@ -205,6 +207,11 @@ user_pref("webgl.enable-debug-renderer-info", false); user_pref("network.trr.resolvers", '[{ "name": "Cloudflare", "url": "https://mozilla.cloudflare-dns.com/dns-query" },{ "name": "NextDNS", "url": "https://trr.dns.nextdns.io/" },{ "name": "dnsforge.de", "url": "https://dnsforge.de/dns-query" },{ "name": "Digitale Gesellschaft (CH)", "url": "https://dns.digitale-gesellschaft.ch/dns-query" }, { "name": "Freifunk Muenchen", "url": "https://doh.ffmuc.net" }, { "name": "BlahDNS (DE)", "url": "https://doh-de.blahdns.com/dns-query" }, { "name": "BlahDNS (FI)", "url": "https://doh-fi.blahdns.com/dns-query" }, { "name": "Quad9", "url": "https://dns.quad9.net/dns-query" }, { "name": "dns.myservermanager.com", "url": "https://dns.myservermanager.com/dns-query" }]'); +// Temporarily enabled (for now) as there are no hardware devices on desktop PCs to leak any information +user_pref("dom.webnotifications.enabled", true); +user_pref("dom.gamepad.enabled", true); +user_pref("device.sensors.enabled", true); + // adjust the following to your liking // 0 = use system DNS, 2 = use DNS-over-HTTPS resolver, select one in UI under network, otherwise you might end up with cloudflare user_pref("network.trr.mode", 0);