search

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
9.43k stars 508 forks source link

Configuration File for a Full System Policy #1795

Closed monsieuremre closed 5 months ago

monsieuremre commented 5 months ago

Arkenfox is a project that consists of scripts for help but the main produjt is the user.js file. This config file is meant for setting the project's custom firefox configs for a given firefox profile. The user.js file, as it is meant to by the maintainer originally, to configure a one firefox profile ina firefox installation on a system.

There is a way to enable these secure defaults you maintain for the whole system on Linux and Mac OS, and I think also on Windows too, but the method might be a little different there than what I'm about to explain.

On a Linux system for example, having a system.js file under the path /etc/firefox/pref/ will result in the behavior that all new created user profiles and also the old ones have the arkenfox settings as the default.

You, the maintainer, were probably already aware of this possibility. The only difference such a system configuration file will have regarding content is having pref("...") instead of user_pref("...").

This might be very niche and not common place for users themselves to do maybe. Kicksecure, that is meant to be the base of the anonymous operating system Whonix, which is planning to offer a plain secure desktop that is not tor based, is now considering to ship firefox as the default browser, and have arkenfox's settings be set as the default. The project's maintainer is interested in packaging this project as a .deb package for Kicksecure to use, but they do not one to take it upon themselves to fork your project and do manual modifications on the files every time there is an update.

Whonix and Kicksecure already package default system settings for Thunderbird. One for firefox would not look much different.

So, if you could provide system.js file with every release this would really help projects such as this one to package the secure defaults for the whole systems. On your end, this would only require having just one extra file, with almost the same exact content as the user.js, but just all user_pref("...") replaced with pref("...").

Would this be in the scope of your project? So would you consider providing such a file in addition?

Thorin-Oakenpants commented 5 months ago

Yeah, I'm aware of setting these at a higher level: e.g for all profiles (a bit lost with all the OS differences, and totally ignoring android here), but I feel this is not something I should do, not do I want to

On your end, this would only require having just one extra file, with almost the same exact content as the imported user.js - see how easy that is

btw - not every pref can handle all *_pref syntax, and this is definitely a maintenance burden I can do without