search

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
10.25k stars 519 forks source link

ToDo: diffs FF111-FF112 #1661

Closed earthlng closed 1 year ago

earthlng commented 1 year ago

FF112 is scheduled for release Apr. 11th

FF112 release notes FF112 for developers FF112 security advisories

61 diffs ( 31 new, 15 gone, 15 different )

new in v112.0:

FYI: FPP: Mozilla are going to very slowly roll out a thing called FPP (FingerPrint Protection) into PB windows. This is a WiP. It will be ready when they announce it.

Phase 1 includes fonts at vis level 2 (i.e only allow os system fonts), subtle canvas randomizing (excluding IsPoinInPath and isPointInStroke), and I think window positions = 0. Last but not least, removing math entropy in audio for all FF users - note this does not remove all entropy, and RFP has additional protections which should then make all RFP users the same per platform (because Hrtz etc affect results but RFP sets those).

There will be a combination of 4 prefs: 2 x RFP, 2 x FPP, for all and pb modes. And not all combinations will be engineered. And RFP should always take precedence over FPP. One thing I do know is that down the road we can use RFP in normal mode, and FPP in PB mode - which might be a great way to reduce breakage for some users frequent sites. I do know we cannot have the reverse (RFP in pb mode and FPP in normal mode) edit: RFP always overrides FPP, so any split would be FPP in normal mode, and RFP in PB mode.

In the future, FPP can be a choice for those who don't like or can't use RFP but do want some randomizing. FPP is going to very compat, to the point where webcompat will be able to override individual protections on troublesome sites. So if FB breaks webcompat silently disables the problematic protection for FB when they add that site compat rule - so clearly this is a very different threat model, but may suit some people. Over time more protections will be added to FPP. I see this as replacing the need for Canvas Blocker

In order to enable/disable parts of FPP in testing, the two toms (ritter, schuster) and tim, and I'm sure there some more on the team, as a WiP, have engineered each protection as a target. So each target can globally be flipped on and off. This same targeting is somewhat related to the per site compat thing - but the pref itself is global. This same mechanism will also be able to be used for RFP (but super not recommended). In TB for example it would be locked off. Oh, and FPP will be tied to ETP.

So this answers all the people's questions about .. can I use RFP but turn off timezone and prefers-light. While I don't really recommend it, I need to think thru the ramifications a bit more. RFP is certainly more robust than an extension, and we're only confident of fooling naive scripts (don't get me wrong, advanced scripts have different levels of advanced, so full RFP most certainly does have an effect), so my gut feeling is that this is fine too.

That's all I'm going to say. All this is available in public bugzillas, and I know as much as that. I just spent a week in costa rica with the tor project (and tom ritter was there too, and we had a session on FPP as to what it is and how it relates to, or could enhance, RFP). Other than that (public info), it's all inhouse and tightly kept a secret (fair enough)

So that's about all I know (there is more: like exceptions and cascading iframes, i.e cross domain, but let's not go down the rabbit hole just yet), and it's fairly complicated and a WiP, so please don't ask questions. Let's just wait and see what happens when it lands and is announced by Firefox (because by then it should be robust and working as planned)

-thorin

changed in v112.0:

FYI

ignore

click me for details

==NEW ```js pref("browser.history_swipe_animation.disabled", false); pref("browser.newtabpage.activity-stream.discoverystream.spoc-topsites-positions", "1"); pref("browser.promo.cookiebanners.enabled", false); pref("browser.translations.useHTML", false); pref("browser.urlbar.resultMenu.keyboardAccessible", true); pref("dom.checkedUnsafePtr.dumpStacks.enabled", false); pref("dom.element.popover.enabled", false); pref("dom.memory.foreground_content_processes_have_larger_page_cache", true); pref("dom.window_position_size_properties_replaceable.enabled", true); pref("gfx.webgpu.ignore-blocklist", false); pref("gfx.webrender.dcomp-video-check-slow-present", true); pref("gfx.webrender.max-shared-surface-size", 2048); pref("gfx.webrender.scissored-cache-clears.enabled", true); pref("gfx.webrender.scissored-cache-clears.force-enabled", false); pref("javascript.options.wasm_extended_const", true); pref("layout.css.exp.enabled", false); pref("layout.css.forced-color-adjust.enabled", false); pref("layout.css.motion-path-offset-position.enabled", false); pref("network.auth.supress_auth_prompt_for_XFO_failures", true); pref("network.trr.ohttp.config_uri", ""); pref("network.trr.ohttp.relay_uri", ""); pref("network.trr.ohttp.uri", ""); pref("network.trr.use_ohttp", false); pref("print.save_as_pdf.use_page_rule_size_as_paper_size.enabled", false); pref("privacy.query_stripping.listService.logLevel", "Error"); pref("privacy.trackingprotection.emailtracking.pbmode.enabled", true); pref("security.sandbox.utility-wmf-cdm.lpac.enabled", false); pref("security.tls.ech.grease_http3", false); ``` ==REMOVED, RENAMED or HIDDEN ```js pref("browser.display.normal_lineheight_calc_control", 2); pref("browser.display.show_loading_image_placeholder", false); pref("browser.urlbar.weather.zeroPrefix", true); pref("dom.fileHandle.enabled", false); pref("editor.css.default_length_unit", "px"); pref("editor.hr_element.allow_to_delete_from_following_line", true); pref("editor.initialize_element_before_connect", true); pref("editor.positioning.offset", 0); pref("editor.resizing.preserve_ratio", true); pref("editor.use_div_for_default_newlines", true); pref("gfx.webgpu.force-enabled", false); pref("layout.css.moz-box-flexbox-emulation.enabled", false); pref("security.sandbox.content.tempDirSuffix", ""); pref("security.sandbox.plugin.tempDirSuffix", ""); pref("widget.pause-compositor-when-minimized", true); ``` ==CHANGED ```js pref("browser.newtabpage.activity-stream.discoverystream.saveToPocketCard.enabled", true); // prev: false pref("browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled", true); // prev: false pref("dom.media.autoplay-policy-detection.enabled", true); // prev: false pref("dom.mozTextStyle.enabled", false); // prev: true pref("dom.quotaManager.backgroundTask.enabled", true); // prev: false pref("dom.sitepermsaddon-provider.separatedBlocklistedDomains", "shopee.co.th,shopee.tw,shopee.co.id,shopee.com.my,shopee.vn,shopee.ph,shopee.sg,shopee.com.br,shopee.com,shopee.cn,shopee.io,shopee.pl,shopee.com.mx,shopee.com.co,shopee.cl,shopee.kr,shopee.es,shopee.in,alipay.com,miravia.es"); // prev: "shopee.co.th,alipay.com,miravia.es" pref("dom.workers.pFetch.enabled", true); // prev: false pref("gfx.max-alloc-size", 2147483647); // prev: 500000000 pref("gfx.webrender.dcomp-video-sw-overlay-win", true); // prev: false pref("html5.inert.enabled", true); // prev: false pref("layout.css.linear-easing-function.enabled", true); // prev: false pref("layout.css.overflow-overlay.enabled", true); // prev: false pref("layout.forms.reveal-password-context-menu.enabled", true); // prev: false pref("security.webauth.u2f", false); // prev: true ```

earthlng commented 1 year ago
some bugzilla tickets

* browser.contentblocking.features.strict Bug [1818292](https://bugzilla.mozilla.org/show_bug.cgi?id=1818292) - Add email tracking protection to ETP strict. Bug [1808212](https://bugzilla.mozilla.org/show_bug.cgi?id=1808212) - Part 3: Adding the content blocking pref setting for the level2 list pref in private windows. Bug [1783496](https://bugzilla.mozilla.org/show_bug.cgi?id=1783496) - Add cookieBehavior5,cookieBehaviorPBM5 back to strict ETP pref so dFPI item is shown in the strict category. Bug [1778457](https://bugzilla.mozilla.org/show_bug.cgi?id=1778457) - Enable query parameter stripping in Private Browsing Mode if ETP strict is enabled. Bug [1776760](https://bugzilla.mozilla.org/show_bug.cgi?id=1776760) - Enable dFPI by default for Beta and Release via cookieBehavior pref. * browser.display.normal_lineheight_calc_control Bug [1814626](https://bugzilla.mozilla.org/show_bug.cgi?id=1814626) - Expose line-height resolution to style, and use it from ToResolvedValue. * browser.display.show_loading_image_placeholder Bug [1817360](https://bugzilla.mozilla.org/show_bug.cgi?id=1817360) - Remove browser.display.show_loading_image_placeholder. Bug [1817360](https://bugzilla.mozilla.org/show_bug.cgi?id=1817360) - Clean-up image icon loading code. * browser.history_swipe_animation.disabled Bug [1820270](https://bugzilla.mozilla.org/show_bug.cgi?id=1820270) - Bring back swipe-to-navigation flag. Bug [1773057](https://bugzilla.mozilla.org/show_bug.cgi?id=1773057) - Remove browser.history_swipe_animation.disabled pref. * browser.newtabpage.activity-stream.discoverystream.saveToPocketCard.enabled Bug [1819712](https://bugzilla.mozilla.org/show_bug.cgi?id=1819712) - Turn on Save To Pocket button Bug [1788063](https://bugzilla.mozilla.org/show_bug.cgi?id=1788063) - Pocket newtab pref to hide Pocket story descriptions based on region. Bug [1787522](https://bugzilla.mozilla.org/show_bug.cgi?id=1787522) - Pocket newtab limit save to Pocket card hover button to specific regions. * browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled Bug [1820019](https://bugzilla.mozilla.org/show_bug.cgi?id=1820019) - Turn on Save To Pocket button landing page * browser.newtabpage.activity-stream.discoverystream.spoc-topsites-positions Bug [1805589](https://bugzilla.mozilla.org/show_bug.cgi?id=1805589) - Pocket newtab add Discovery Stream topsites to topsites list earlier. * browser.promo.cookiebanners.enabled Bug [1808441](https://bugzilla.mozilla.org/show_bug.cgi?id=1808441) - Add Cookie Banner Promo on PB new tab. * browser.translations.useHTML Bug [1813782](https://bugzilla.mozilla.org/show_bug.cgi?id=1813782) - Allow about:translations to work on HTML via a pref; * browser.urlbar.resultMenu.keyboardAccessible Bug [1813517](https://bugzilla.mozilla.org/show_bug.cgi?id=1813517) - Add hidden pref for allowing Tab to skip over the menu button. * browser.urlbar.weather.zeroPrefix Bug [1817038](https://bugzilla.mozilla.org/show_bug.cgi?id=1817038) - Move weather suggestion keywords to Nimbus. Bug [1814795](https://bugzilla.mozilla.org/show_bug.cgi?id=1814795) - Support keyword-based weather suggestions in addition to zero-prefix. * dom.checkedUnsafePtr.dumpStacks.enabled Bug [1789399](https://bugzilla.mozilla.org/show_bug.cgi?id=1789399) - Print out the creation stack and the last assignment stack of CheckedUnsafePtr when it is unsafe. * dom.element.popover.enabled Bug [1820544](https://bugzilla.mozilla.org/show_bug.cgi?id=1820544) - Add popover attribute and part of basic popover functionality. * dom.fileHandle.enabled Bug [1500343](https://bugzilla.mozilla.org/show_bug.cgi?id=1500343) - Part 4: Remove IDL for IDBFileHandle/FileRequest/MutableFile Bug [1764771](https://bugzilla.mozilla.org/show_bug.cgi?id=1764771) - Disable IDBMutableHandle support by default * dom.media.autoplay-policy-detection.enabled Bug [1812189](https://bugzilla.mozilla.org/show_bug.cgi?id=1812189) - enable autoplay policy detection API. * dom.memory.foreground_content_processes_have_larger_page_cache Bug [1815069](https://bugzilla.mozilla.org/show_bug.cgi?id=1815069), add dom.memory.foreground_content_processes_have_larger_page_cache pref to control page cache behavior in content processes, * dom.mozTextStyle.enabled Bug [1818409](https://bugzilla.mozilla.org/show_bug.cgi?id=1818409) - Disable mozTextStyle by default. * dom.quotaManager.backgroundTask.enabled Bug [1820823](https://bugzilla.mozilla.org/show_bug.cgi?id=1820823) - Flip dom.quotaManager.backgroundTask.enabled on all channels that support background tasks. Bug [1788986](https://bugzilla.mozilla.org/show_bug.cgi?id=1788986) - Part 2: Use a background task for QM shutdown cleanup * dom.sitepermsaddon-provider.separatedBlocklistedDomains Bug [1824812](https://bugzilla.mozilla.org/show_bug.cgi?id=1824812) — Add more shopee domains to the site permissions blocklist. Bug [1812195](https://bugzilla.mozilla.org/show_bug.cgi?id=1812195) — Add alipay.com and miravia.es to the site permission blocklist. Bug [1795927](https://bugzilla.mozilla.org/show_bug.cgi?id=1795927) - Add SitePermsAddon blocklist. * dom.window_position_size_properties_replaceable.enabled Bug [1816472](https://bugzilla.mozilla.org/show_bug.cgi?id=1816472) - Make individual size / position properties really readonly. * dom.workers.pFetch.enabled Bug [1812039](https://bugzilla.mozilla.org/show_bug.cgi?id=1812039) - enable PFetch in default. Bug [1351231](https://bugzilla.mozilla.org/show_bug.cgi?id=1351231) - Preference for PFetch. * editor.css.default_length_unit Bug [1815827](https://bugzilla.mozilla.org/show_bug.cgi?id=1815827) - part 1: Get rid of `editor.css.default_length_unit` pref Bug [1745882](https://bugzilla.mozilla.org/show_bug.cgi?id=1745882) - Move all editor prefs in `all.js` to `StaticPrefList.yaml` * editor.hr_element.allow_to_delete_from_following_line Bug [1815827](https://bugzilla.mozilla.org/show_bug.cgi?id=1815827) - part 2: Get rid of `editor.hr_element.allow_to_delete_from_following_line` pref * editor.initialize_element_before_connect Bug [1815827](https://bugzilla.mozilla.org/show_bug.cgi?id=1815827) - part 3: Get rid of `editor.initialize_element_before_connect` pref * editor.positioning.offset Bug [1815827](https://bugzilla.mozilla.org/show_bug.cgi?id=1815827) - part 4: Get rid of `editor.positioning.offset` pref Bug [1745882](https://bugzilla.mozilla.org/show_bug.cgi?id=1745882) - Move all editor prefs in `all.js` to `StaticPrefList.yaml` * editor.resizing.preserve_ratio Bug [1815827](https://bugzilla.mozilla.org/show_bug.cgi?id=1815827) - part 5: Get rid of `editor.resizing.preserve_ratio` pref Bug [1745882](https://bugzilla.mozilla.org/show_bug.cgi?id=1745882) - Move all editor prefs in `all.js` to `StaticPrefList.yaml` * editor.use_div_for_default_newlines Bug [1815827](https://bugzilla.mozilla.org/show_bug.cgi?id=1815827) - part 6: Get rid of `editor.use_div_for_default_newlines` pref Bug [1745882](https://bugzilla.mozilla.org/show_bug.cgi?id=1745882) - Move all editor prefs in `all.js` to `StaticPrefList.yaml` * gfx.max-alloc-size Bug [1759728](https://bugzilla.mozilla.org/show_bug.cgi?id=1759728) - Increase max-alloc-size to the maximum value of int32_t. * gfx.webgpu.force-enabled Bug [1814745](https://bugzilla.mozilla.org/show_bug.cgi?id=1814745) - Don't require a browser restart to update dom.webgpu.enabled. * gfx.webgpu.ignore-blocklist Bug [1814745](https://bugzilla.mozilla.org/show_bug.cgi?id=1814745) - Don't require a browser restart to update dom.webgpu.enabled. * gfx.webrender.dcomp-video-check-slow-present Bug [1818685](https://bugzilla.mozilla.org/show_bug.cgi?id=1818685) - Disable video overlay if mVideoSwapChain->Present() is very slow on Windows * gfx.webrender.dcomp-video-sw-overlay-win Bug [1816026](https://bugzilla.mozilla.org/show_bug.cgi?id=1816026) - Enable video overlay of software decoded video until release on Windows * gfx.webrender.max-shared-surface-size Bug [1817033](https://bugzilla.mozilla.org/show_bug.cgi?id=1817033) - Make MAX_SHARED_SURFACE_SIZE configurable with a preference * gfx.webrender.scissored-cache-clears.enabled Bug [1818047](https://bugzilla.mozilla.org/show_bug.cgi?id=1818047) - Add prefs to control WebRender scissored cache clears. * gfx.webrender.scissored-cache-clears.force-enabled Bug [1818047](https://bugzilla.mozilla.org/show_bug.cgi?id=1818047) - Add prefs to control WebRender scissored cache clears. * html5.inert.enabled Bug [1764263](https://bugzilla.mozilla.org/show_bug.cgi?id=1764263) - Let the inert attribute ride the trains. * javascript.options.wasm_extended_const Bug [1814421](https://bugzilla.mozilla.org/show_bug.cgi?id=1814421): Prepare wasm extended-const for ship. * layout.css.exp.enabled Bug [1814469](https://bugzilla.mozilla.org/show_bug.cgi?id=1814469) - Implement CSS exponential functions. * layout.css.forced-color-adjust.enabled Bug [1591210](https://bugzilla.mozilla.org/show_bug.cgi?id=1591210) - Add forced-color-adjust property * layout.css.linear-easing-function.enabled Bug [1819447](https://bugzilla.mozilla.org/show_bug.cgi?id=1819447) - Enable `linear()` easing function on all channels. * layout.css.motion-path-offset-position.enabled Bug [1818666](https://bugzilla.mozilla.org/show_bug.cgi?id=1818666) - Support offset-position in the style system. * layout.css.moz-box-flexbox-emulation.enabled Bug [1818811](https://bugzilla.mozilla.org/show_bug.cgi?id=1818811) - Make -moz-box-layout: flex default, and clean-up CSS. Bug [1816455](https://bugzilla.mozilla.org/show_bug.cgi?id=1816455) - Turn flex emulation on everywhere. Bug [1815255](https://bugzilla.mozilla.org/show_bug.cgi?id=1815255) - Enable flexbox emulation on nightly. * layout.css.overflow-overlay.enabled Bug [1817189](https://bugzilla.mozilla.org/show_bug.cgi?id=1817189) - Ship overflow: overlay. * layout.forms.reveal-password-context-menu.enabled Bug [1816988](https://bugzilla.mozilla.org/show_bug.cgi?id=1816988) - Enable reveal password context-menu. * network.auth.supress_auth_prompt_for_XFO_failures Bug [1629307](https://bugzilla.mozilla.org/show_bug.cgi?id=1629307) - prevent auth prompts (status 401) if XFO checks fails. * network.trr.ohttp.config_uri Bug [1815741](https://bugzilla.mozilla.org/show_bug.cgi?id=1815741) - implement DNS-over-Oblivious-HTTP * network.trr.ohttp.relay_uri Bug [1815741](https://bugzilla.mozilla.org/show_bug.cgi?id=1815741) - implement DNS-over-Oblivious-HTTP * network.trr.ohttp.uri Bug [1823358](https://bugzilla.mozilla.org/show_bug.cgi?id=1823358) - Add new network.trr.ohttp.uri pref * network.trr.use_ohttp Bug [1815741](https://bugzilla.mozilla.org/show_bug.cgi?id=1815741) - implement DNS-over-Oblivious-HTTP * print.save_as_pdf.use_page_rule_size_as_paper_size.enabled Bug [1793220](https://bugzilla.mozilla.org/show_bug.cgi?id=1793220) - Use at-page size rule as paper size when printing to PDF * privacy.query_stripping.listService.logLevel Bug [1812594](https://bugzilla.mozilla.org/show_bug.cgi?id=1812594) - Refactor URLQueryStrippingListService init and shutdown logic. * privacy.resistFingerprinting.randomization.daily_reset.enabled Bug [1816064](https://bugzilla.mozilla.org/show_bug.cgi?id=1816064) - Part 1: Implement the session key for generating the random noise key for fingerprinting randomization. * privacy.resistFingerprinting.randomization.daily_reset.private.enabled Bug [1816064](https://bugzilla.mozilla.org/show_bug.cgi?id=1816064) - Part 1: Implement the session key for generating the random noise key for fingerprinting randomization. * privacy.resistFingerprinting.randomization.enabled Bug [1816064](https://bugzilla.mozilla.org/show_bug.cgi?id=1816064) - Part 1: Implement the session key for generating the random noise key for fingerprinting randomization. * privacy.trackingprotection.emailtracking.pbmode.enabled Bug [1818583](https://bugzilla.mozilla.org/show_bug.cgi?id=1818583) - Add a pref to control Email Tracking Protection in private windows. * security.sandbox.plugin.tempDirSuffix Bug [1772089](https://bugzilla.mozilla.org/show_bug.cgi?id=1772089) p5: Remove content temp dir from Windows and masOS. * security.sandbox.utility-wmf-cdm.lpac.enabled Bug [1793972](https://bugzilla.mozilla.org/show_bug.cgi?id=1793972): Enable an LPAC on the windows MF Media Engine utility process controlled by a pref. * security.tls.ech.grease_http3 Bug [1816952](https://bugzilla.mozilla.org/show_bug.cgi?id=1816952): Add HTTP3 ECH GREASE Pref. * security.webauth.u2f Bug [1814487](https://bugzilla.mozilla.org/show_bug.cgi?id=1814487) - Pause rollout of CTAP2 support in 112. Bug [1814487](https://bugzilla.mozilla.org/show_bug.cgi?id=1814487) - Enable CTAP2 support. Bug [1809333](https://bugzilla.mozilla.org/show_bug.cgi?id=1809333) - Disable the U2F DOM API by default. Bug [1816500](https://bugzilla.mozilla.org/show_bug.cgi?id=1816500) - enable CTAP2 support in early beta. Bug [1752089](https://bugzilla.mozilla.org/show_bug.cgi?id=1752089) - Set security.webauthn.ctap2 true in nightly. * widget.pause-compositor-when-minimized Bug [1768495](https://bugzilla.mozilla.org/show_bug.cgi?id=1768495) Part 3: Remove redundant pause-on-minimize in nsCocoaWindow, remove pref.

rusty-snake commented 1 year ago 
pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,emailTP,emailTPPrivate,lvl2,lvl2PBM,rp,rpTop,ocsp,qps,qpsPBM"); // prev: "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,lvl2PBM,rp,rpTop,ocsp,qps,qpsPBM"

Diff: added emailTP,emailTPPrivate

Thorin-Oakenpants commented 1 year ago

OK, not seeing anything here to get excited about .. closing. If no one pipes up in the next 24 hrs or so, I'll do a cosmetic 112 release

Thorin-Oakenpants commented 1 year ago

I have edited OP to explain FPP