diff --git a/android/README.md b/android/README.md deleted file mode 100755 index f86ddf0..0000000 --- a/android/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# Android - -> If you want the most secure sticking to a tight security model, you should probably go with [GrapheneOS](https://grapheneos.org) as operating system on one of the supported devices. It already sets a lot of proper defaults and properly sandboxes Google Play Services. - -## App Store - -Not using the Google PlayStore as source for your apps is a huge step forward. Try to replace your apps with privacy-friendly apps from the [fdroid app store](https://f-droid.org/). - -## Captive portal - -Periodically and on connect/disconnect of any Internet connection, Android queries a server endpoint from Google to test if Internet connectivity is (still) available. Sometimes you might have already seen a small 'x' indicating you have no Internet access. This is the result of this query. Those queries are logged consistently by Google: the time when you accessed it, with which device you accessed it and the IP you had when you accessed it. Just for the connectivity check you're giving away so much information. - -The `adb` cli tools provide a way to set a different captive portal not owned by Google which don't log data. You should change it. See `captiveportal.sh` for an example. - -Using an OS like [CalyxOS](https://calyxos.org) or [GrapheneOS](https://grapheneos.org) allow to have a dedicated toggle to switch this off! - -## DNS - -By default Android will use Google DNS servers not secured with SSL. Starting from Android 8, Android provides means to overcome this by setting a _private DNS_ server in `Settings -> Network & internet -> Private DNS`. For example, set it to `dns.myservermanager.com` or `fdns1.dismail.de`. - -## Scanning - -You're giving away information when you keep your WiFi on. Your device will automatically scan for nearby access points. Therefore you'll be uniquely identifiable across locations. - -To overcome follow these instructions: - -1. Disable WiFi and Bluetooth scanning because it's easily possible to create an accurate profile of your movement from it. In the settings, search for `Wi-Fi and Bluetooth scanning`. - -2. When you leave a known WiFi access point switch off your WiFi adapter. There are apps for this: [WiFi Automatic](https://f-droid.org/en/packages/de.j4velin.wifiAutoOff/). \ No newline at end of file diff --git a/android/captiveportal.sh b/android/captiveportal.sh deleted file mode 100755 index e6d096e..0000000 --- a/android/captiveportal.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env sh -# -# For more information see https://www.kuketz-blog.de/empfehlungsecke/#captive-portal - -adb shell 'settings put global captive_portal_http_url "http://captiveportal.kuketz.de"' -adb shell 'settings put global captive_portal_https_url "https://captiveportal.kuketz.de"' -adb shell 'settings put global captive_portal_fallback_url "http://captiveportal.kuketz.de"' -adb shell 'settings put global captive_portal_other_fallback_urls "http://captiveportal.kuketz.de"' diff --git a/chromium/README.md b/chromium/README.md index 169caf9..2930011 100755 --- a/chromium/README.md +++ b/chromium/README.md @@ -2,8 +2,8 @@ In need of a Chrome browser? It's best to use the [ungoogled-chromium](https://github.com/Eloston/ungoogled-chromium). Binaries are available [here](https://ungoogled-software.github.io/ungoogled-chromium-binaries/), also for Windows. -For ArchLinux there are `pacman` repositories available [here](https://github.com/ungoogled-software/ungoogled-chromium-archlinux), -pick one and set it up to be able to install the ungoogle-chromium as binary. + +For mobile, you could go with [Cromite](https://github.com/uazo/cromite) or a customly cleansed Mozilla Firefox mobile application called [Fennec](https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/). ## How to use extensions @@ -13,7 +13,7 @@ project to install the web store extension. Ensure to set `chrome://flags/#extension-mime-request-handling` to `Always prompt for install` if you like to have the possibility to just click on the "Add extension" button in the Chrome Web Store like you're used to do. -Useful is probably at least at least the _uBlock_ extension. +Useful is probably at least at least the _uBlock_ extension. Also see the configuration [ublock.txt](../firefox//extension_settings/ublock.txt). ## Defaults diff --git a/firefox/README.md b/firefox/README.md index f406f48..816db13 100755 --- a/firefox/README.md +++ b/firefox/README.md @@ -12,9 +12,6 @@ Mainly based on [arkenfox](https://github.com/arkenfox/user.js) with some [custo - [Recommended extensions](#recommended-extensions) - [Must have](#must-have) - [uBlock settings](#ublock-settings) - - [Canvas Blocker](#canvas-blocker) - - [LibRedirect](#libredirect) - - [LocalCDN](#localcdn) - [Advanced, but highly recommended extensions / software to use](#advanced-but-highly-recommended-extensions--software-to-use) - [Recommended search engines](#recommended-search-engines) - [Additional hints](#additional-hints) @@ -49,14 +46,11 @@ In addition, some of those extensions will also greatly improve your user experi **Highly recommended to have all of them allowed in Incognito Mode as well (Maybe except for LocalCDN if desired)!** +See [arkenfox extensions recommendations](https://github.com/arkenfox/user.js/wiki/4.1-Extensions). + ### Must have * `uBlock Origin`: blocks ads and unwanted trackers, also removes certain url parameters (https://addons.mozilla.org/de/firefox/addon/ublock-origin/) -* `CanvasBlocker`: disallows canvas fingerprinting which would be able to identify your unique browser, heavily used in some JavaScript (web) APIs (https://addons.mozilla.org/de/firefox/addon/canvasblocker/) -* `Skip Redirect`: skips not needed redirects of pages (https://addons.mozilla.org/de/firefox/addon/skip-redirect/) -* `ClearURLs`: removes tracking parameters from URLs, e.g., from Google analytics (https://addons.mozilla.org/de/firefox/addon/clearurls/) -* `LibRedirect`: automatically redirects to privacy-friendly frontends of certain applications, e.g., nitter for all Twitter links or piped for all Youtube links (believe me, you'll love the snappiness!) (https://addons.mozilla.org/de/firefox/addon/libredirect/) -* `LocalCDN`: some files like fonts are loaded from Google by some pages when they decide to do so, you can avoid it with this extension as it will have them properly embedded already, so you save the troubles of contacting Google servers (or other Content Deliver Networks) (https://addons.mozilla.org/en-US/firefox/addon/localcdn-fork-of-decentraleyes/) **Hint**: Extensions impacting redirects or cookies _might_ lead to malfunctioning of some websites. If you encounter this, it's **recommended to disable them _per page_** and **NOT** globally! First could shot can be setting an exception for a page inside uBlock.! @@ -67,18 +61,6 @@ You can **hide extension icons** in the overflow menu if you like. Just right cl * Import the `ublock-config-1.txt` in the "My Filter" menu for proper settings from the [extension_settings/](./extension_settings/) folder within the extension. * Import `https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt` in "Filter lists" (Custom) -#### Canvas Blocker - -Import the provided Canvas settings `CanvasBlocker-settings.json` file from the [extension_settings/](./extension_settings/) folder within the extension. - -#### LibRedirect - -Import the provided libredirect settings `libredirect-settings.json` file from the [extension_settings/](./extension_settings/) folder within the extension. - -#### LocalCDN - -Import the provided localcdn settings `localcdn_backup.txt` file from the [extension_settings/](./extension_settings/) folder within the extension. - ### Advanced, but highly recommended extensions / software to use Use a password manager and don't store or synchronize your passwords within internal browser functionality, e.g., `KeePassXC` or `Bitwarden` with a custom provider diff --git a/firefox/extension_settings/CanvasBlocker-settings.json b/firefox/extension_settings/CanvasBlocker-settings.json deleted file mode 100755 index 06366ba..0000000 --- a/firefox/extension_settings/CanvasBlocker-settings.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "logLevel": 1, - "urlSettings": [], - "hiddenSettings": {}, - "expandStatus": {}, - "displayHiddenSettings": false, - "whiteList": "", - "sessionWhiteList": "", - "blackList": "", - "blockMode": "fake", - "protectedCanvasPart": "input", - "minFakeSize": 10, - "maxFakeSize": 0, - "rng": "persistent", - "protectedAPIFeatures": {}, - "useCanvasCache": true, - "ignoreFrequentColors": 3, - "minColors": 3, - "fakeAlphaChannel": false, - "webGLVendor": "", - "webGLRenderer": "", - "webGLUnmaskedVendor": "", - "webGLUnmaskedRenderer": "", - "persistentRndStorage": "", - "persistentIncognitoRndStorage": "", - "storePersistentRnd": false, - "persistentRndClearIntervalValue": 0, - "persistentRndClearIntervalUnit": "days", - "lastPersistentRndClearing": 1679940153673, - "sharePersistentRndBetweenDomains": false, - "askOnlyOnce": "individual", - "askDenyMode": "block", - "showCanvasWhileAsking": true, - "showNotifications": true, - "highlightPageAction": "none", - "highlightBrowserAction": "color", - "displayBadge": false, - "storeNotificationData": false, - "storeImageForInspection": false, - "ignoreList": "", - "ignoredAPIs": {}, - "showCallingFile": false, - "showCompleteCallingStack": false, - "enableStackList": false, - "stackList": "", - "protectAudio": true, - "audioFakeRate": "100", - "audioNoiseLevel": "minimal", - "useAudioCache": true, - "audioUseFixedIndices": true, - "audioFixedIndices": "8", - "historyLengthThreshold": 2, - "protectWindow": true, - "allowWindowNameInFrames": true, - "protectDOMRect": true, - "domRectIntegerFactor": 4, - "protectSVG": true, - "protectTextMetrics": true, - "blockDataURLs": true, - "protectNavigator": false, - "navigatorDetails": { - "osPreset": "Windows", - "windowManager": "Windows", - "platform": "Win32", - "platformDetails": "Windows NT 10.0; Win64; x64", - "oscpu": "{platformDetails}", - "browserPreset": "Firefox", - "appVersion": "5.0 ({windowManager})", - "buildID": "20181001000000", - "productSub": "20100101", - "userAgent": "Mozilla/5.0 ({platformDetails}; rv:{firefoxVersion}) Gecko/20100101 Firefox/{firefoxVersion}", - "firefoxVersion": "{real Firefox version}" - }, - "protectScreen": false, - "screenSize": "", - "fakeMinimalScreenSize": true, - "displayAdvancedSettings": true, - "displayDescriptions": true, - "theme": "auto", - "dontShowOptionsOnUpdate": false, - "disruptSessionOnUpdate": false, - "updatePending": false, - "isStillDefault": false, - "storageVersion": 1 -} \ No newline at end of file diff --git a/firefox/extension_settings/keepassxc-browser_settings.json b/firefox/extension_settings/keepassxc-browser_settings.json deleted file mode 100755 index e06ae46..0000000 --- a/firefox/extension_settings/keepassxc-browser_settings.json +++ /dev/null @@ -1 +0,0 @@ -{"autoCompleteUsernames":true,"showGroupNameInAutocomplete":true,"autoFillAndSend":true,"autoFillSingleEntry":false,"autoReconnect":true,"autoRetrieveCredentials":true,"autoSubmit":false,"checkUpdateKeePassXC":0,"colorTheme":"system","clearCredentialsTimeout":10,"credentialSorting":"sortByUsername","defaultGroup":"","defaultGroupAlwaysAsk":false,"downloadFaviconAfterSave":false,"redirectAllowance":1,"saveDomainOnly":true,"showLoginFormIcon":true,"showLoginNotifications":false,"showNotifications":true,"showOTPIcon":true,"usePasswordGeneratorIcons":false,"useObserver":true,"usePredefinedSites":true,"sitePreferences":[],"saveDomainOnlyNewCreds":true} \ No newline at end of file diff --git a/firefox/extension_settings/libredirect-settings.json b/firefox/extension_settings/libredirect-settings.json deleted file mode 100755 index 49530a9..0000000 --- a/firefox/extension_settings/libredirect-settings.json +++ /dev/null @@ -1,257 +0,0 @@ -{ - "youtube": { - "enabled": true, - "redirectType": "main_frame", - "frontend": "piped", - "unsupportedUrls": "bypass" - }, - "invidious": [ - "https://inv.vern.cc" - ], - "piped": [ - "https://piped.video" - ], - "pipedMaterial": [ - "https://piped-material.xn--17b.net" - ], - "poketube": [ - "https://poketube.fun" - ], - "cloudtube": [ - "https://tube.cadence.moe" - ], - "youtubeMusic": { - "enabled": false, - "frontend": "beatbump", - "unsupportedUrls": "bypass" - }, - "beatbump": [ - "https://beatbump.ml" - ], - "hyperpipe": [ - "https://hyperpipe.surge.sh" - ], - "twitter": { - "enabled": true, - "redirectType": "main_frame", - "unsupportedUrls": "bypass" - }, - "nitter": [ - "https://nitter.net" - ], - "tiktok": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "proxiTok": [ - "https://proxitok.pabloferreiro.es" - ], - "reddit": { - "enabled": false, - "frontend": "libreddit", - "unsupportedUrls": "bypass" - }, - "libreddit": [ - "https://libreddit.spike.codes" - ], - "teddit": [ - "https://teddit.net" - ], - "imgur": { - "enabled": false, - "redirectType": "main_frame", - "unsupportedUrls": "bypass" - }, - "rimgo": [ - "https://rimgo.vern.cc" - ], - "medium": { - "frontend": "scribe", - "enabled": false, - "unsupportedUrls": "bypass" - }, - "scribe": [ - "https://scribe.rip" - ], - "libMedium": [ - "https://md.vern.cc" - ], - "quora": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "quetre": [ - "https://quetre.iket.me" - ], - "imdb": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "libremdb": [ - "https://libremdb.iket.me" - ], - "fandom": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "breezeWiki": [ - "https://breezewiki.com" - ], - "lbry": { - "enabled": false, - "frontend": "librarian", - "redirectType": "main_frame", - "unsupportedUrls": "bypass" - }, - "librarian": [ - "https://lbry.vern.cc" - ], - "search": { - "enabled": false, - "frontend": "searxng", - "unsupportedUrls": "bypass" - }, - "searxng": [ - "https://search.bus-hit.me" - ], - "searx": [], - "whoogle": [], - "librex": [], - "translate": { - "enabled": false, - "frontend": "simplyTranslate", - "unsupportedUrls": "bypass" - }, - "simplyTranslate": [ - "https://simplytranslate.org" - ], - "lingva": [ - "https://lingva.ml" - ], - "libreTranslate": [], - "maps": { - "enabled": false, - "frontend": "osm", - "unsupportedUrls": "bypass" - }, - "facil": [ - " https://facilmap.org " - ], - "osm": [ - "https://www.openstreetmap.org" - ], - "sendFiles": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "send": [ - "https://send.vis.ee" - ], - "textStorage": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "privateBin": [], - "reuters": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "neuters": [ - "https://neuters.de" - ], - "genius": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "dumb": [ - "https://dm.vern.cc" - ], - "urbanDictionary": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "ruralDictionary": [ - "https://rd.vern.cc" - ], - "stackOverflow": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "anonymousOverflow": [ - "https://code.whatever.social" - ], - "goodreads": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "biblioReads": [ - "https://biblioreads.ml" - ], - "wikipedia": { - "enabled": true, - "unsupportedUrls": "bypass" - }, - "wikiless": [ - "https://wikiless.org" - ], - "snopes": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "suds": [ - "https://sd.vern.cc" - ], - "waybackMachine": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "waybackClassic": [ - "https://wayback-classic.net" - ], - "github": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "gothub": [ - "https://gh.odyssey346.dev" - ], - "bilibili": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "mikuInvidious": [ - "https://mikuinv.resrv.org" - ], - "bandcamp": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "tent": [ - "https://tent.sny.sh" - ], - "wolframAlpha": { - "enabled": false, - "unsupportedUrls": "bypass" - }, - "wolfreeAlpha": [ - "https://gqq.gitlab.io", - "https://uqq.gitlab.io" - ], - "exceptions": { - "url": [], - "regex": [] - }, - "theme": "detect", - "popupServices": [ - "youtube", - "twitter", - "tiktok", - "imgur", - "reddit", - "quora", - "translate", - "maps" - ], - "fetchInstances": "codeberg", - "version": "2.5.4" -} \ No newline at end of file diff --git a/firefox/extension_settings/localcdn_backup.txt b/firefox/extension_settings/localcdn_backup.txt deleted file mode 100755 index 36c61c0..0000000 --- a/firefox/extension_settings/localcdn_backup.txt +++ /dev/null @@ -1,26 +0,0 @@ -{ - "allowedDomainsGoogleFonts": {}, - "allowlistedDomains": {}, - "badgeDefaultBackgroundColor": "#666666", - "badgeDefaultTextColor": "#FFFFFF", - "badgeHTMLFilterBackgroundColor": "#FF0000", - "badgeHTMLfilterTextColor": "#FFFFFF", - "badgeMissingResourceBackgroundColor": "#0000FF", - "badgeMissingResourceTextColor": "#FFFFFF", - "blockGoogleFonts": true, - "blockMissing": false, - "changeBadgeColorMissingResources": false, - "defaultRangeStatistic": "week", - "disablePrefetch": true, - "domainsManipulateDOM": {}, - "enforceStaging": false, - "hideDonationButton": false, - "lastMappingUpdate": "2020-01-01", - "negateHtmlFilterList": true, - "selectedIcon": "Default", - "showIconBadge": true, - "storageType": "local", - "stripMetadata": true, - "updateNotification": 0, - "xhrTestDomain": "localcdn.org" -} \ No newline at end of file diff --git a/firefox/extension_settings/ublock.txt b/firefox/extension_settings/ublock.txt index 39239f6..4c97368 100755 --- a/firefox/extension_settings/ublock.txt +++ b/firefox/extension_settings/ublock.txt @@ -1,10 +1,13 @@ { - "timeStamp": 1679923042940, - "version": "1.47.4", + "timeStamp": 1710184265614, + "version": "1.56.0", "userSettings": { "contextMenuEnabled": false, + "externalLists": "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt", "firewallPaneMinimized": false, - "importedLists": [], + "importedLists": [ + "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt" + ], "popupPanelSections": 15, "showIconBadge": false }, @@ -13,7 +16,7 @@ "ublock-filters", "ublock-badware", "ublock-privacy", - "ublock-abuse", + "ublock-quick-fixes", "ublock-unbreak", "adguard-generic", "adguard-mobile", @@ -23,17 +26,25 @@ "block-lan", "easyprivacy", "urlhaus-1", - "fanboy-thirdparty_social", - "fanboy-social", "curben-phishing", - "adguard-annoyance", "adguard-social", + "adguard-cookies", + "ublock-cookies-adguard", + "easylist-chat", + "easylist-newsletters", + "easylist-notifications", + "easylist-annoyances", + "fanboy-social", + "fanboy-cookiemonster", + "ublock-cookies-easylist", + "fanboy-thirdparty_social", "ublock-annoyances", "DEU-0", "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt" ], "hiddenSettings": {}, "whitelist": [ + "127.0.0.1", "about-scheme", "chrome-extension-scheme", "chrome-scheme", diff --git a/firefox/user-overrides.js b/firefox/user-overrides.js index 5d9f20c..a82fc59 100755 --- a/firefox/user-overrides.js +++ b/firefox/user-overrides.js @@ -37,7 +37,7 @@ user_pref("general.warnOnAboutConfig", false); /* DNS over HTTPS adjust the following to your liking - 0 = automatically decide, 1 = use system DNS, 2 = use DNS-over-HTTPS resolver, select one in UI under network, otherwise you might end up with cloudflare + 0 = use system DNS, 2 = use DNS-over-HTTPS resolver, select one in UI under network, otherwise you might end up with cloudflare */ user_pref("network.trr.mode", 1); user_pref("network.trr.uri", ""); diff --git a/thunderbird/user.js b/thunderbird/user.js index a7846d7..004ad18 100755 --- a/thunderbird/user.js +++ b/thunderbird/user.js @@ -1,14 +1,8 @@ // Mozilla User Preferences -// -// 2021/11/01 -// -// Based on Privacy-Handbuch, merged/adjusted user.js -// Download: https://privacy-handbuch.de/handbuch_31d.htm -// -// Install when Thunderbird is closed! -// Feel free to comment in or modify if you don't like the default setting. +// Privacy-Handbuch, Thunderbird user.js (vom 02.08.2023) +// Download: https://www.privacy-handbuch.de/handbuch_31p.htm -user_pref("_user.js.prhdb", "tb_09042022"); +user_pref("_user.js.prhdb", "tb_02082023"); user_pref("beacon.enabled", false); user_pref("browser.chrome.site_icons", false); @@ -24,14 +18,12 @@ user_pref("browser.search.suggest.enabled", false); user_pref("datareporting.policy.dataSubmissionEnabled", false); user_pref("datareporting.healthreport.uploadEnabled", false); user_pref("dom.security.https_only_mode", true); +user_pref("dom.security.https_only_mode_send_http_background_request", false); user_pref("extensions.getAddons.cache.enabled", false); -user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); user_pref("extensions.ui.lastCategory", "addons://list/extension"); -user_pref("javascript.enabled", false); -user_pref("general.useragent.override", ""); -user_pref("gfx.downloadable_fonts.enabled", false); -user_pref("gfx.font_rendering.opentype_svg.enabled", false); -user_pref("layout.css.visited_links_enabled", false); +user_pref("javascript.options.baselinejit", false); +user_pref("javascript.options.ion", false); +user_pref("javascript.options.native_regexp", false); user_pref("mailnews.auto_config.fetchFromExchange.enabled", false); user_pref("mailnews.auto_config.fetchFromISP.sendEmailAddress", false); user_pref("mailnews.auto_config.fetchFromISP.sslOnly", true); @@ -41,10 +33,8 @@ user_pref("mailnews.display.html_as", 1); user_pref("mailnews.display.prefer_plaintext", true); user_pref("mailnews.headers.showSender", true); user_pref("mailnews.headers.showUserAgent", true); +user_pref("mailnews.headers.sendUserAgent", false); user_pref("mailnews.start_page.enabled", false); -user_pref("mail.chat.enabled", false); -user_pref("mail.cloud_files.enabled", false); -user_pref("mail.default_html_action", 1); user_pref("mail.identity.default.compose_html", false); user_pref("mail.inline_attachments", false); user_pref("mail.compose.big_attachments.notify", false); @@ -52,18 +42,12 @@ user_pref("mail.html_compose", false); user_pref("mail.openpgp.allow_external_gnupg", true); user_pref("mail.showCondensedAddresses", false); user_pref("mail.smtpserver.default.hello_argument", "[127.0.0.1]"); -user_pref("mail.tabs.autoHide", true); -user_pref("media.hardware-video-decoding.enabled", false); -user_pref("media.navigator.enabled", false); user_pref("media.peerconnection.enabled", false); -user_pref("media.video_stats.enabled", false); user_pref("network.connectivity-service.enabled", false); user_pref("network.cookie.cookieBehavior", 2); user_pref("network.dns.disablePrefetch", true); user_pref("network.IDN_show_punycode", true); user_pref("network.http.sendRefererHeader", 0); -user_pref("network.http.speculative-parallel-limit", 0); -user_pref("network.http.referer.XOriginPolicy", 2); user_pref("network.prefetch-next", false); user_pref("pdfjs.disabled", true); user_pref("pdfjs.enableScripting", false); @@ -75,46 +59,16 @@ user_pref("security.family_safety.mode", 0); user_pref("security.cert_pinning.enforcement_level", 2); user_pref("security.mixed_content.upgrade_display_content", true); user_pref("security.mixed_content.block_active_content", true); +user_pref("security.mixed_content.block_object_subrequest", true); user_pref("security.OCSP.enabled", 0); user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); -user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); user_pref("security.ssl3.rsa_aes_128_sha", false); user_pref("security.ssl3.rsa_aes_256_sha", false); -user_pref("security.ssl3.rsa_des_ede3_sha", false); user_pref("security.tls.enable_0rtt_data", false); user_pref("services.settings.server", "https://s.%.c.invalid/v1"); -user_pref("toolkit.telemetry.archive.enabled", false); -user_pref("toolkit.telemetry.bhrPing.enabled", false); -user_pref("toolkit.telemetry.updatePing.enabled", false); -user_pref("toolkit.telemetry.unified", false); - -// custom -user_pref("browser.safebrowsing.appRepURL", " "); -user_pref("browser.safebrowsing.downloads.remote.url", ""); -user_pref("browser.safebrowsing.downloads.enabled", false); -user_pref("browser.safebrowsing.phishing.enabled", false); -user_pref("browser.safebrowsing.malware.enabled", false); -user_pref("browser.safebrowsing.downloads.remote.enabled", false); -user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); -user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); -user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); -user_pref("browser.safebrowsing.blockedURIs.enabled", false); -user_pref("browser.safebrowsing.provider.google.gethashURL", ""); -user_pref("browser.safebrowsing.provider.google.updateURL", ""); -user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); -user_pref("browser.safebrowsing.provider.google4.updateURL", ""); -user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); -user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); -user_pref("calendar.useragent.extra", ""); - -// Set to TLS v1.3 min (= 4, = 3 otherwise) -//user_pref("security.tls.version.min", 3); -// BEGIN - enable all below instead of the above min 4 if your mail provider doesn't support TLS v1.3 only