search

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
9.92k stars 510 forks source link

ToDo: diffs FF110-FF111 #1646

Closed earthlng closed 1 year ago

earthlng commented 1 year ago

FF111 is scheduled for release Mar. 14th

FF111 release notes FF111 for developers FF111 security advisories

73 diffs ( 44 new, 16 gone, 13 different )

new in v111.0:

ignore

click me for details

==NEW ```js pref("browser.chrome.toolbar_tips.hide_on_keydown", 0); pref("browser.display.use_document_fonts.icon_font_allowlist", "Material Icons, Material Icons Extended, Material Icons Outlined, Material Icons Round, Material Icons Sharp, Material Icons Two Tone, Google Material Icons, Material Symbols Outlined, Material Symbols Round, Material Symbols Rounded, Material Symbols Sharp"); pref("browser.migrate.content-modal.import-all.enabled", false); pref("browser.search.serpEventTelemetry.enabled", false); pref("browser.swipe.navigation-icon-end-position", 60); pref("browser.swipe.navigation-icon-max-radius", 20); pref("browser.swipe.navigation-icon-min-radius", 12); pref("browser.swipe.navigation-icon-start-position", -40); pref("browser.translations.enable", false); pref("browser.translations.logLevel", "Error"); pref("browser.urlbar.weather.zeroPrefix", true); pref("cookiebanners.service.detectOnly", false); pref("cookiebanners.ui.desktop.cfrVariant", 0); pref("dom.clamp.timeout.nesting.level", 5); pref("dom.customHighlightAPI.enabled", false); pref("dom.quotaManager.backgroundTask.enabled", false); pref("dom.security.credentialmanagement.identity.test_ignore_well_known", false); pref("dom.use_counters.dump.document", false); pref("dom.use_counters.dump.page", false); pref("dom.use_counters.dump.worker", false); pref("dom.webgpu.indirect-dispatch.enabled", false); pref("dom.workers.modules.enabled", false); pref("dom.workers.pFetch.enabled", false); pref("gfx.webrender.dcomp-apply-1704954", true); pref("identity.fxaccounts.toolbar.defaultVisible", false); pref("image.avif.sequence.animate_avif_major_branded_images", false); pref("image.avif.sequence.enabled", false); pref("layout.css.more_color_4.enabled", false); pref("layout.css.page-orientation.enabled", false); pref("layout.css.scroll-anchoring.max-consecutive-adjustments-timeout-ms", 500); pref("media.eme.playready.enabled", false); pref("network.cookie.blockUnicode", false); pref("network.dns.max_any_priority_threads", 3); pref("network.dns.max_high_priority_threads", 5); pref("network.fetch.redirect.stripAuthHeader", true); pref("network.http.redirect.stripAuthHeader", true); pref("network.trr.display_fallback_warning", false); pref("network.trr.fallback_warning_heuristic_list", "canary"); pref("places.loglevel", "Error"); pref("privacy.authPromptSpoofingProtection", true); pref("signon.signupDetection.confidenceThreshold", "0.75"); pref("signon.signupDetection.enabled", false); pref("threads.use_low_power.enabled", false); ``` ==REMOVED, RENAMED or HIDDEN ```js pref("browser.aboutwelcome.templateMR", true); pref("browser.download.animateNotifications", true); pref("browser.history_swipe_animation.disabled", false); pref("browser.swipe.navigation-icon-move-distance", 100); pref("devtools.storage.extensionStorage.enabled", true); pref("dom.media.autoplay.autoplay-policy-api", false); pref("dom.security.secFetch.enabled", true); pref("extensions.unifiedExtensions.enabled", true); pref("fission.experiment.enrollmentStatus", 0); pref("fission.experiment.startupEnrollmentStatus", 0); pref("gfx.use-ahardwarebuffer-content", false); pref("print.pages_per_sheet.enabled", true); pref("privacy.restrict3rdpartystorage.preferences.learnMoreURLSuffix", "total-cookie-protection"); pref("svg.display-lists.hit-testing.enabled", true); pref("svg.display-lists.painting.enabled", true); pref("webgl.enable-ahardwarebuffer", false); ``` ==CHANGED ```js pref("alerts.useSystemBackend", true); // prev: false pref("browser.contentblocking.report.monitor.enabled", false); // prev: true pref("browser.sessionstore.idleDelay", 180); // prev: 180000 pref("browser.theme.colorway-migration", true); // prev: false pref("dom.forms.autocapitalize", true); // prev: false pref("dom.fs.enabled", true); // prev: false pref("dom.fs.writable_file_stream.enabled", true); // prev: false pref("fission.omitBlocklistedPrefsInSubprocesses", true); // prev: false pref("layout.css.scroll-anchoring.min-average-adjustment-threshold", 2); // prev: 3 pref("media.webrtc.capture.allow-directx", true); // prev: false pref("signon.firefoxRelay.feature", "available"); // prev: "not available" pref("signon.firefoxRelay.learn_more_url", "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration"); // prev: "https://relay.firefox.com/" pref("toolkit.aboutProcesses.showProfilerIcons", true); // prev: false ```

earthlng commented 1 year ago
some bugzilla tickets

* alerts.useSystemBackend Bug [1497425](https://bugzilla.mozilla.org/show_bug.cgi?id=1497425) - Enable native notifications by default on Windows. Bug [1644104](https://bugzilla.mozilla.org/show_bug.cgi?id=1644104) - Enable native notifications by default for Nightly on Windows. * alerts.useSystemBackend.windows.notificationserver.enabled Bug [1497425](https://bugzilla.mozilla.org/show_bug.cgi?id=1497425) - Enable native notifications by default on Windows. Bug [1644104](https://bugzilla.mozilla.org/show_bug.cgi?id=1644104) - Enable native notifications by default for Nightly on Windows. * browser.aboutwelcome.templateMR Bug [1812935](https://bugzilla.mozilla.org/show_bug.cgi?id=1812935) - [Cleanup] Remove browser.aboutwelcome.templateMR pref and pre-MR onboarding Bug [1786905](https://bugzilla.mozilla.org/show_bug.cgi?id=1786905) - Turn on MR new user onboarding by default in Fx106 Bug [1774063](https://bugzilla.mozilla.org/show_bug.cgi?id=1774063) - Added a 'browser.aboutwelcome.templateMR' pref to support MR 2022 onboarding * browser.chrome.toolbar_tips.hide_on_keydown Bug [1569439](https://bugzilla.mozilla.org/show_bug.cgi?id=1569439) - Cleanup tooltip pref handling. * browser.contentblocking.report.monitor.enabled Bug [1815751](https://bugzilla.mozilla.org/show_bug.cgi?id=1815751) - Disable the Monitor card in about:protections. * browser.display.use_document_fonts.icon_font_allowlist Bug [1813865](https://bugzilla.mozilla.org/show_bug.cgi?id=1813865): Add 'Material Icons Extended' to the allowlist of known ligature icon fonts. Bug [1363454](https://bugzilla.mozilla.org/show_bug.cgi?id=1363454) - Create a pref to list icon font families that should be used even when use_document_fonts=0, overriding the browser's font prefs. * browser.download.animateNotifications Bug [1804411](https://bugzilla.mozilla.org/show_bug.cgi?id=1804411) - Downloads panel animations should honour prefers-reduced-motion settings. * browser.history_swipe_animation.disabled Bug [1773057](https://bugzilla.mozilla.org/show_bug.cgi?id=1773057) - Remove browser.history_swipe_animation.disabled pref. * browser.migrate.content-modal.import-all.enabled Bug [1803446](https://bugzilla.mozilla.org/show_bug.cgi?id=1803446) Implement 'variant 2' version of the main selector page for the migration wizard. * browser.search.serpEventTelemetry.enabled Bug [1813162](https://bugzilla.mozilla.org/show_bug.cgi?id=1813162) - Implement the SERP impression event. * browser.sessionstore.idleDelay Bug [1808729](https://bugzilla.mozilla.org/show_bug.cgi?id=1808729) - Limit session store writes to once per hour when the user is idle, * browser.swipe.navigation-icon-end-position Bug [1799563](https://bugzilla.mozilla.org/show_bug.cgi?id=1799563) - Refresh swipe-to-navigation UX. * browser.swipe.navigation-icon-max-radius Bug [1799563](https://bugzilla.mozilla.org/show_bug.cgi?id=1799563) - Refresh swipe-to-navigation UX. * browser.swipe.navigation-icon-min-radius Bug [1799563](https://bugzilla.mozilla.org/show_bug.cgi?id=1799563) - Refresh swipe-to-navigation UX. * browser.swipe.navigation-icon-move-distance Bug [1799563](https://bugzilla.mozilla.org/show_bug.cgi?id=1799563) - Remove browser.swipe.navigation-icon-move-distance pref. * browser.swipe.navigation-icon-start-position Bug [1799563](https://bugzilla.mozilla.org/show_bug.cgi?id=1799563) - Refresh swipe-to-navigation UX. * browser.theme.colorway-migration Bug [1808589](https://bugzilla.mozilla.org/show_bug.cgi?id=1808589) - Enable colorway builtin themes migration on all channels. Bug [1806701](https://bugzilla.mozilla.org/show_bug.cgi?id=1806701) - Lock colorways migration behind a pref, disable by default on all channels. * browser.translations.enable Bug [1805476](https://bugzilla.mozilla.org/show_bug.cgi?id=1805476) - Stub out an about:translations page with no real functionality; * browser.translations.logLevel Bug [1805476](https://bugzilla.mozilla.org/show_bug.cgi?id=1805476) - Stub out an about:translations page with no real functionality; * browser.urlbar.weather.zeroPrefix Bug [1814795](https://bugzilla.mozilla.org/show_bug.cgi?id=1814795) - Support keyword-based weather suggestions in addition to zero-prefix. * cookiebanners.service.detectOnly Bug [1809700](https://bugzilla.mozilla.org/show_bug.cgi?id=1809700) - Refactor detect-only mode into separate pref. * cookiebanners.ui.desktop.cfrVariant Bug [1800678](https://bugzilla.mozilla.org/show_bug.cgi?id=1800678) - enable nimbus experimentation for CBH doorhanger. * devtools.storage.extensionStorage.enabled Bug [1811230](https://bugzilla.mozilla.org/show_bug.cgi?id=1811230) - [devtools] Consider extension storage inspection always enabled. * dom.clamp.timeout.nesting.level Bug [1815590](https://bugzilla.mozilla.org/show_bug.cgi?id=1815590) - Add a pref for the number of nested timeouts before we start clamping, * dom.customHighlightAPI.enabled Bug [1803355](https://bugzilla.mozilla.org/show_bug.cgi?id=1803355): Basic implementation of Custom Highlight API. * dom.forms.autocapitalize Bug [1692007](https://bugzilla.mozilla.org/show_bug.cgi?id=1692007) - Ship autocapitalize attribute. * dom.fs.enabled Bug [1811001](https://bugzilla.mozilla.org/show_bug.cgi?id=1811001) - Enable OPFS by default on Release. Bug [1811001](https://bugzilla.mozilla.org/show_bug.cgi?id=1811001) - Enable FileSystemWritableFileStream by default on Release. Bug [1785123](https://bugzilla.mozilla.org/show_bug.cgi?id=1785123): Enable Origin Private File System (OPFS) by default on Nightly * dom.fs.writable_file_stream.enabled Bug [1811001](https://bugzilla.mozilla.org/show_bug.cgi?id=1811001) - Enable FileSystemWritableFileStream by default on Release. Bug [1802279](https://bugzilla.mozilla.org/show_bug.cgi?id=1802279) - Extend preference to disable WritableFileStream in all contexts. * dom.media.autoplay.autoplay-policy-api Bug [1814985](https://bugzilla.mozilla.org/show_bug.cgi?id=1814985) - part1 : remove experimental API 'document.autoplayPolicy'. * dom.quotaManager.backgroundTask.enabled Bug [1788986](https://bugzilla.mozilla.org/show_bug.cgi?id=1788986) - Part 2: Use a background task for QM shutdown cleanup * dom.security.credentialmanagement.identity.test_ignore_well_known Bug [1804727](https://bugzilla.mozilla.org/show_bug.cgi?id=1804727), part 1 - Add a debugging preference to FedCM - * dom.security.secFetch.enabled Bug [1813489](https://bugzilla.mozilla.org/show_bug.cgi?id=1813489): Remove pref dom.security.secFetch.enabled, * dom.use_counters.dump.document Bug [1813593](https://bugzilla.mozilla.org/show_bug.cgi?id=1813593) - Dump use counters with dom.use_counters.dump.{document,worker,page}. * dom.use_counters.dump.page Bug [1813593](https://bugzilla.mozilla.org/show_bug.cgi?id=1813593) - Dump use counters with dom.use_counters.dump.{document,worker,page}. * dom.use_counters.dump.worker Bug [1813593](https://bugzilla.mozilla.org/show_bug.cgi?id=1813593) - Dump use counters with dom.use_counters.dump.{document,worker,page}. * dom.webgpu.indirect-dispatch.enabled Bug [1806699](https://bugzilla.mozilla.org/show_bug.cgi?id=1806699): Make WebGPU indirect dispatch/draw pref-enabled. * dom.workers.modules.enabled Bug [1812628](https://bugzilla.mozilla.org/show_bug.cgi?id=1812628) - put worker modules behind a flag; * dom.workers.pFetch.enabled Bug [1351231](https://bugzilla.mozilla.org/show_bug.cgi?id=1351231) - Preference for PFetch. * extensions.unifiedExtensions.enabled Bug [1799009](https://bugzilla.mozilla.org/show_bug.cgi?id=1799009) - Remove unified extensions pref and non-unified extensions variants from test suite. Bug [1801129](https://bugzilla.mozilla.org/show_bug.cgi?id=1801129) - Enable unified extensions UI in all channels. Bug [1793626](https://bugzilla.mozilla.org/show_bug.cgi?id=1793626) - Enable unified extensions pref by default on Nightly. Bug [1777481](https://bugzilla.mozilla.org/show_bug.cgi?id=1777481) - Introduce a new extension button on the toolbar. Bug [1811230](https://bugzilla.mozilla.org/show_bug.cgi?id=1811230) - [devtools] Re-remove extensions.unifiedExtensions.enabled which was reintroduced by mistake. Bug [1811230](https://bugzilla.mozilla.org/show_bug.cgi?id=1811230) - [devtools] Consider extension storage inspection always enabled. * fission.experiment.enrollmentStatus Bug [1671548](https://bugzilla.mozilla.org/show_bug.cgi?id=1671548) - Remove fission experiment support code and prefs, * fission.experiment.startupEnrollmentStatus Bug [1671548](https://bugzilla.mozilla.org/show_bug.cgi?id=1671548) - Remove fission experiment support code and prefs, * fission.omitBlocklistedPrefsInSubprocesses Bug [1811294](https://bugzilla.mozilla.org/show_bug.cgi?id=1811294): Roll out Pref Sanitization * gfx.use-ahardwarebuffer-content Bug [1810097](https://bugzilla.mozilla.org/show_bug.cgi?id=1810097) - Support AHardwareBuffer of out-of-process WebGL on Android * gfx.webrender.dcomp-apply-1704954 Bug [1816001](https://bugzilla.mozilla.org/show_bug.cgi?id=1816001) - allow users to disable mitigation for bug [1638709](https://bugzilla.mozilla.org/show_bug.cgi?id=1638709) * identity.fxaccounts.toolbar.defaultVisible Bug [1816560](https://bugzilla.mozilla.org/show_bug.cgi?id=1816560) - Introduce a pref to control the visibility of the not_configured FxA toolbar button for experimentation. * image.avif.sequence.animate_avif_major_branded_images Bug [1788119](https://bugzilla.mozilla.org/show_bug.cgi?id=1788119) - Part 3 - Add initial support for animated AVIF sequences. * image.avif.sequence.enabled Bug [1788119](https://bugzilla.mozilla.org/show_bug.cgi?id=1788119) - Part 3 - Add initial support for animated AVIF sequences. * layout.css.more_color_4.enabled Bug [1352757](https://bugzilla.mozilla.org/show_bug.cgi?id=1352757) - Add lab(), lch(), oklab(), oklch() to specified colors. * layout.css.page-orientation.enabled Bug [1798323](https://bugzilla.mozilla.org/show_bug.cgi?id=1798323) - Style changes to support the 'page-orientation' property. * layout.css.scroll-anchoring.max-consecutive-adjustments-timeout-ms Bug [1808077](https://bugzilla.mozilla.org/show_bug.cgi?id=1808077) - Tweak scroll anchoring heuristics. * media.eme.playready.enabled Bug [1815553](https://bugzilla.mozilla.org/show_bug.cgi?id=1815553) - follow the naming convention of existing code (mf -> wmf). Bug [1810817](https://bugzilla.mozilla.org/show_bug.cgi?id=1810817) - p4: initial PlayReady DRM support. * media.webrtc.capture.allow-directx Bug [1818616](https://bugzilla.mozilla.org/show_bug.cgi?id=1818616) - Enable directx screen capturer everywhere. Bug [1808667](https://bugzilla.mozilla.org/show_bug.cgi?id=1808667) - Configure windows desktop capture settings. * network.cookie.blockUnicode Bug [1797231](https://bugzilla.mozilla.org/show_bug.cgi?id=1797231) - Add pref to block unicode chars in cookies * network.dns.max_any_priority_threads Bug [1812009](https://bugzilla.mozilla.org/show_bug.cgi?id=1812009) - Add prefs that allow increasing the DNS thread count * network.dns.max_high_priority_threads Bug [1812009](https://bugzilla.mozilla.org/show_bug.cgi?id=1812009) - Add prefs that allow increasing the DNS thread count * network.fetch.redirect.stripAuthHeader Bug [1802086](https://bugzilla.mozilla.org/show_bug.cgi?id=1802086) - remove auth header from redirected cross-origin requests. * network.http.redirect.stripAuthHeader Bug [1802086](https://bugzilla.mozilla.org/show_bug.cgi?id=1802086) - remove auth header from redirected cross-origin requests. * network.trr.display_fallback_warning Bug [1806412](https://bugzilla.mozilla.org/show_bug.cgi?id=1806412) - Record DoH heuristic failure and fallback logic * network.trr.fallback_warning_heuristic_list Bug [1806412](https://bugzilla.mozilla.org/show_bug.cgi?id=1806412) - Record DoH heuristic failure and fallback logic * places.loglevel Bug [1809195](https://bugzilla.mozilla.org/show_bug.cgi?id=1809195) - Move frecency decay to a new javascript component. * print.pages_per_sheet.enabled Bug [1811970](https://bugzilla.mozilla.org/show_bug.cgi?id=1811970): Remove no-longer-needed about:config pref for printing multiple pages-per-sheet. * privacy.authPromptSpoofingProtection Bug [791594](https://bugzilla.mozilla.org/show_bug.cgi?id=791594) - Hide authPromptSpoofing protection behind a pref. * privacy.restrict3rdpartystorage.preferences.learnMoreURLSuffix Bug [1801929](https://bugzilla.mozilla.org/show_bug.cgi?id=1801929) - Replace 'Total Cookie Protection' learn more link with support-link. Bug [1774739](https://bugzilla.mozilla.org/show_bug.cgi?id=1774739) - Update ETP preferences section for TCP in standard mode. * signon.firefoxRelay.feature Bug [1751763](https://bugzilla.mozilla.org/show_bug.cgi?id=1751763) - Firefox Relay integration Bug [1818044](https://bugzilla.mozilla.org/show_bug.cgi?id=1818044) - Enable Firefox Relay integration on Beta and Stable. Bug [1815274](https://bugzilla.mozilla.org/show_bug.cgi?id=1815274) - Enable Firefox Relay integration on Nightly * signon.firefoxRelay.learn_more_url Bug [1819213](https://bugzilla.mozilla.org/show_bug.cgi?id=1819213) - Firefox Relay Integration: Change the learn more link to a sumo link Bug [1751763](https://bugzilla.mozilla.org/show_bug.cgi?id=1751763) - Firefox Relay integration * signon.signupDetection.confidenceThreshold Bug [1819213](https://bugzilla.mozilla.org/show_bug.cgi?id=1819213) - Firefox Relay Integration: Change the learn more link to a sumo link * signon.signupDetection.enabled Bug [1819213](https://bugzilla.mozilla.org/show_bug.cgi?id=1819213) - Firefox Relay Integration: Change the learn more link to a sumo link * svg.display-lists.hit-testing.enabled Bug [829802](https://bugzilla.mozilla.org/show_bug.cgi?id=829802) - Remove svg.display-lists prefs * svg.display-lists.painting.enabled Bug [829802](https://bugzilla.mozilla.org/show_bug.cgi?id=829802) - Remove svg.display-lists prefs * threads.use_low_power.enabled Bug [1748378](https://bugzilla.mozilla.org/show_bug.cgi?id=1748378) - Create a way to deprioritize threadpools. * toolkit.aboutProcesses.showProfilerIcons Bug [1814152](https://bugzilla.mozilla.org/show_bug.cgi?id=1814152) - Always enable the profile button in about:processes * webgl.enable-ahardwarebuffer Bug [1810097](https://bugzilla.mozilla.org/show_bug.cgi?id=1810097) - Support AHardwareBuffer of out-of-process WebGL on Android

fxbrit commented 1 year ago

ugh I think we need to do...absolutely nothing?

1797231 looked like an interesting read but I can't access it. also cool read from 1811001 --> https://developer.mozilla.org/en-US/docs/Web/API/File_System_Access_API#origin_private_file_system

Thorin-Oakenpants commented 1 year ago

1797231 -> https://hg.mozilla.org/releases/mozilla-release/rev/a2246da1895f9be97e3ca2165274668cc184c70a

fxbrit commented 1 year ago

thx, curious to see if eventually they flip it in Nightly.

Thorin-Oakenpants commented 1 year ago

pref("alerts.useSystemBackend.windows.notificationserver.enabled", true);

windows only: could be interesting from an app state separation from OS - IIUIC, since notifications are secure context only, then the when using the app mechanism, the OS can't read it?

maybe we could add this to section 5000 optional opsec? @fxbrit

Thorin-Oakenpants commented 1 year ago

https://bugzilla.mozilla.org/show_bug.cgi?id=791594 is an interesting read

Thorin-Oakenpants commented 1 year ago

FYI: browser.display.use_document_fonts.icon_font_allowlist - IF you block document fonts, which is just dumb IMO, then this allows those fonts listed to still load (namely because they contain icon glyphs) - once again, this is NOT a privacy issue - all users on all browsers would request those fonts with the same referrer if any (and we harden referers FWIW) - the issue is IP and again, if you want to protect that then use a VPN. Once again, LocalCDN or injecting local resources is not a proper/full solution and really achieves very little - there are approximately six major internet backbones/companies that if blocked/not used will break way too much - think akaimai, cloudflare, aws, alphabet, etc - you're not achieving much fucking around with using a few local resources

tl;dr: stop listening to fuckwits on reddit and if you want to protect your IP (and relax referers while you're at it), then use a VPN (and not an extension)

/* 8001: prefsCleaner: reset items useless for anti-fingerprinting ***/
   // user_pref("browser.display.use_document_fonts", "");

^^ don't use this pref, just. don't

end of today's lesson

GlassGruber commented 1 year ago

https://bugzilla.mozilla.org/show_bug.cgi?id=791594 is an interesting read

nice, this is similar but far simpler and fishier than recent browser in the browser attack

fxbrit commented 1 year ago

maybe we could add this to section 5000 optional opsec?

I honestly wouldn't bother, it seems very extreme and kinda debatable: one could argue that it's more secure since it can help avoiding some fishing (eg. notifications are native so you're not tempted to click fake notifications on websites).

https://bugzilla.mozilla.org/show_bug.cgi?id=791594 is an interesting read

I tried the test website, that's a nice fix cause the window going grey really gives a sense of "change" happening.

Thorin-Oakenpants commented 1 year ago

one could argue that it's more secure since it can help avoiding some fishing

fishing? 🐟 🎣 🐠 .. phishing

nah

notifications (and almost all other chrome UI messaging) is anchored to the urlbar which you can't modify. In my pic I have the bookmarks toolbar showing, but even if it wasn't (and the overlap is tiny) the icon in the urlbar is a dead giveaway

still, meatspace is a real thing

Thorin-Oakenpants commented 1 year ago

I honestly wouldn't bother, it seems very extreme

the entire section is "extreme" [1] - fits perfectly ... FYI: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41696

[1] as in this is firefox not tor browser, and we're not aiming to protect you from your own OS if it is compromised

fxbrit commented 1 year ago

fishing?

lulz 🐟

anyway you're right, I didn't consider that in browser notifications are placed in the urlbar.