Differences from Tor Browser

ghost commented 6 years ago

I have gone through each and every line of the current version (commit: 456a2b7063bbb21197769217e7ddabe31fe808d6) and I have compared the variables with those in Tor browser (the default settings in Tor which show up after downloading a clean browser).

I have added a comment at the end of each line //TOR: <value in tor> (or 'missing' if it is missing in Tor). For variables which have the same values in Tor browser I have not added comments.

Can someone please review all this? If any values are considered more private/secure we could probably notify the Tor developers. Otherwise they may change in this user.js. (I assume there may be values which are simply a preference but still worth a second look).

/******************************************************************************
 * user.js                                                                    *
 * https://github.com/pyllyukko/user.js                                       *
 ******************************************************************************/

/******************************************************************************
 * SECTION: HTML5 / APIs / DOM                                                *
 ******************************************************************************/

// PREF: Disable Service Workers
// https://developer.mozilla.org/en-US/docs/Web/API/Worker
// https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API
// https://wiki.mozilla.org/Firefox/Push_Notifications#Service_Workers
// NOTICE: Disabling ServiceWorkers breaks functionality on some sites (Google Street View...)
// Unknown security implications
// CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed)
user_pref("dom.serviceWorkers.enabled",             false);

// PREF: Disable Web Workers
// https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers
// https://www.w3schools.com/html/html5_webworkers.asp
// NOTICE: Disabling Web Workers breaks "Download as ZIP" functionality on https://mega.nz/, WhatsApp Web and probably others
user_pref("dom.workers.enabled",                    false); // TOR: true

// PREF: Disable web notifications
// https://support.mozilla.org/t5/Firefox/I-can-t-find-Firefox-menu-I-m-trying-to-opt-out-of-Web-Push-and/m-p/1317495#M1006501
user_pref("dom.webnotifications.enabled",           false); // TOR: true

// PREF: Disable DOM timing API
// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
// https://www.w3.org/TR/navigation-timing/#privacy
user_pref("dom.enable_performance",             false);

// PREF: Make sure the User Timing API does not provide a new high resolution timestamp
// https://trac.torproject.org/projects/tor/ticket/16336
// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security
user_pref("dom.enable_user_timing",             false);

// PREF: Disable Web Audio API
// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
user_pref("dom.webaudio.enabled",               false);

// PREF: Disable Location-Aware Browsing (geolocation)
// https://www.mozilla.org/en-US/firefox/geolocation/
user_pref("geo.enabled",                    false);

// PREF: When geolocation is enabled, use Mozilla geolocation service instead of Google
// https://bugzilla.mozilla.org/show_bug.cgi?id=689252
user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // TOR: ""

// PREF: When geolocation is enabled, don't log geolocation requests to the console
user_pref("geo.wifi.logging.enabled", false); // TOR: missing

// PREF: Disable raw TCP socket support (mozTCPSocket)
// https://trac.torproject.org/projects/tor/ticket/18863
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
user_pref("dom.mozTCPSocket.enabled",               false);

// PREF: Disable DOM storage (disabled)
// http://kb.mozillazine.org/Dom.storage.enabled
// https://html.spec.whatwg.org/multipage/webstorage.html
// NOTICE-DISABLED: Disabling DOM storage is known to cause`TypeError: localStorage is null` errors
//user_pref("dom.storage.enabled",      false);

// PREF: Disable leaking network/browser connection information via Javascript
// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.)
// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API
// https://wicg.github.io/netinfo/#privacy-considerations
// https://bugzilla.mozilla.org/show_bug.cgi?id=960426
user_pref("dom.netinfo.enabled",                false);

// PREF: Disable network API (Firefox < 32)
// https://developer.mozilla.org/en-US/docs/Web/API/Connection/onchange
// https://www.torproject.org/projects/torbrowser/design/#fingerprinting-defenses
user_pref("dom.network.enabled",                false);

// PREF: Disable WebRTC entirely to prevent leaking internal IP addresses (Firefox < 42)
// NOTICE: Disabling WebRTC breaks peer-to-peer file sharing tools (reep.io ...)
user_pref("media.peerconnection.enabled",           false);

// PREF: Don't reveal your internal IP when WebRTC is enabled (Firefox >= 42)
// https://wiki.mozilla.org/Media/WebRTC/Privacy
// https://github.com/beefproject/beef/wiki/Module%3A-Get-Internal-IP-WebRTC
user_pref("media.peerconnection.ice.default_address_only",  true); // Firefox 42-51 // TOR: missing
user_pref("media.peerconnection.ice.no_host",           true); // Firefox >= 52 // TOR: missing

// PREF: Disable WebRTC getUserMedia, screen sharing, audio capture, video capture
// https://wiki.mozilla.org/Media/getUserMedia
// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/
// https://developer.mozilla.org/en-US/docs/Web/API/Navigator
user_pref("media.navigator.enabled",                false);
user_pref("media.navigator.video.enabled",          false); // TOR: missing
user_pref("media.getusermedia.screensharing.enabled",       false); // TOR: true
user_pref("media.getusermedia.audiocapture.enabled",        false);

// PREF: Disable battery API (Firefox < 52)
// https://developer.mozilla.org/en-US/docs/Web/API/BatteryManager
// https://bugzilla.mozilla.org/show_bug.cgi?id=1313580
user_pref("dom.battery.enabled",                false); // TOR: true

// PREF: Disable telephony API
// https://wiki.mozilla.org/WebAPI/Security/WebTelephony
user_pref("dom.telephony.enabled",              false); // TOR: missing

// PREF: Disable "beacon" asynchronous HTTP transfers (used for analytics)
// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
user_pref("beacon.enabled",                 false); // TOR: true

// PREF: Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript
// NOTICE: Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...)
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
user_pref("dom.event.clipboardevents.enabled",          false); // TOR: true

// PREF: Disable "copy to clipboard" functionality via Javascript (Firefox >= 41)
// NOTICE: Disabling clipboard operations will break legitimate JS-based "copy to clipboard" functionality
// https://hg.mozilla.org/mozilla-central/rev/2f9f8ea4b9c3
user_pref("dom.allow_cut_copy", false); // TOR: missing

// PREF: Disable speech recognition
// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
// https://wiki.mozilla.org/HTML5_Speech_API
user_pref("media.webspeech.recognition.enable",         false);

// PREF: Disable speech synthesis
// https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis
user_pref("media.webspeech.synth.enabled",          false); // TOR: missing

// PREF: Disable sensor API
// https://wiki.mozilla.org/Sensor_API
user_pref("device.sensors.enabled",             false);

// PREF: Disable pinging URIs specified in HTML <a> ping= attributes
// http://kb.mozillazine.org/Browser.send_pings
user_pref("browser.send_pings",                 false);

// PREF: When browser pings are enabled, only allow pinging the same host as the origin page
// http://kb.mozillazine.org/Browser.send_pings.require_same_host
user_pref("browser.send_pings.require_same_host",       true); // TOR: false

// PREF: Disable IndexedDB (disabled)
// https://developer.mozilla.org/en-US/docs/IndexedDB
// https://en.wikipedia.org/wiki/Indexed_Database_API
// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review
// http://forums.mozillazine.org/viewtopic.php?p=13842047
// https://github.com/pyllyukko/user.js/issues/8
// NOTICE-DISABLED: IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), so is left enabled
//user_pref("dom.indexedDB.enabled",        false);

// TODO: "Access Your Location" "Maintain Offline Storage" "Show Notifications"

// PREF: Disable gamepad API to prevent USB device enumeration
// https://www.w3.org/TR/gamepad/
// https://trac.torproject.org/projects/tor/ticket/13023
user_pref("dom.gamepad.enabled",                false);

// PREF: Disable virtual reality devices APIs
// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API
user_pref("dom.vr.enabled",                 false);

// PREF: Disable vibrator API
user_pref("dom.vibrator.enabled",           false); // TOR: true

// PREF: Disable resource timing API
// https://www.w3.org/TR/resource-timing/#privacy-security
user_pref("dom.enable_resource_timing",             false);

// PREF: Disable Archive API (Firefox < 54)
// https://wiki.mozilla.org/WebAPI/ArchiveAPI
// https://bugzilla.mozilla.org/show_bug.cgi?id=1342361
user_pref("dom.archivereader.enabled",              false);

// PREF: Disable webGL
// https://en.wikipedia.org/wiki/WebGL
// https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/
user_pref("webgl.disabled",                 true); // TOR: false
// PREF: When webGL is enabled, use the minimum capability mode
user_pref("webgl.min_capability_mode",              true);
// PREF: When webGL is enabled, disable webGL extensions
// https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API#WebGL_debugging_and_testing
user_pref("webgl.disable-extensions",               true);
// PREF: When webGL is enabled, force enabling it even when layer acceleration is not supported
// https://trac.torproject.org/projects/tor/ticket/18603
user_pref("webgl.disable-fail-if-major-performance-caveat", true);
// PREF: When webGL is enabled, do not expose information about the graphics driver
// https://bugzilla.mozilla.org/show_bug.cgi?id=1171228
// https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info
user_pref("webgl.enable-debug-renderer-info",           false);
// somewhat related...
//user_pref("pdfjs.enableWebGL",                    false); // TOR: false

// PREF: Spoof dual-core CPU
// https://trac.torproject.org/projects/tor/ticket/21675
// https://bugzilla.mozilla.org/show_bug.cgi?id=1360039
user_pref("dom.maxHardwareConcurrency",             2); // TOR: 1

/******************************************************************************
 * SECTION: Misc                                                              *
 ******************************************************************************/

// PREF: Disable face detection
user_pref("camera.control.face_detection.enabled",      false); // TOR: true

// PREF: Set the default search engine to DuckDuckGo (disabled)
// https://support.mozilla.org/en-US/questions/948134
//user_pref("browser.search.defaultenginename",     "DuckDuckGo"); // TOR: data:text/plain,browser.search.defaultenginename=DuckDuckGo
//user_pref("browser.search.order.1",               "DuckDuckGo"); // TOR: Google
//user_pref("keyword.URL",                          "https://duckduckgo.com/html/?q=!+"); // TOR: missing

// PREF: Disable GeoIP lookup on your address to set default search engine region
// https://trac.torproject.org/projects/tor/ticket/16254
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
user_pref("browser.search.countryCode",             "US");
user_pref("browser.search.region",              "US");
user_pref("browser.search.geoip.url",               "");

// PREF: Set Accept-Language HTTP header to en-US regardless of Firefox localization
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language
user_pref("intl.accept_languages",              "en-us, en"); // TOR: en-US, en

// PREF: Don't use OS values to determine locale, force using Firefox locale setting
// http://kb.mozillazine.org/Intl.locale.matchOS
user_pref("intl.locale.matchOS",                false);

// PREF: Don't use Mozilla-provided location-specific search engines
user_pref("browser.search.geoSpecificDefaults",         false);

// PREF: Do not automatically send selection to clipboard on some Linux platforms
// http://kb.mozillazine.org/Clipboard.autocopy
user_pref("clipboard.autocopy",                 false); // TOR: true

// PREF: Prevent leaking application locale/date format using JavaScript
// https://bugzilla.mozilla.org/show_bug.cgi?id=867501
// https://hg.mozilla.org/mozilla-central/rev/52d635f2b33d
user_pref("javascript.use_us_english_locale",           true);

// PREF: Do not submit invalid URIs entered in the address bar to the default search engine
// http://kb.mozillazine.org/Keyword.enabled
user_pref("keyword.enabled",                    false); // TOR: true

// PREF: Don't trim HTTP off of URLs in the address bar.
// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
user_pref("browser.urlbar.trimURLs",                false); // TOR: true

// PREF: Don't try to guess domain names when entering an invalid domain name in URL bar
// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
user_pref("browser.fixup.alternate.enabled",            false);

// PREF: When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs
// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851
user_pref("browser.fixup.hide_user_pass", true);

// PREF: Send DNS request through SOCKS when SOCKS proxying is in use
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
user_pref("network.proxy.socks_remote_dns",         true);

// PREF: Don't monitor OS online/offline connection state
// https://trac.torproject.org/projects/tor/ticket/18945
user_pref("network.manage-offline-status",          false);

// PREF: Enforce Mixed Active Content Blocking
// https://support.mozilla.org/t5/Protect-your-privacy/Mixed-content-blocking-in-Firefox/ta-p/10990
// https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_23#Non-SSL_contents_on_SSL_pages_are_blocked_by_default
// https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
user_pref("security.mixed_content.block_active_content",    true);

// PREF: Enforce Mixed Passive Content blocking (a.k.a. Mixed Display Content)
// NOTICE: Enabling Mixed Display Content blocking can prevent images/styles... from loading properly when connection to the website is only partially secured
user_pref("security.mixed_content.block_display_content",   true); // TOR: false

// PREF: Disable JAR from opening Unsafe File Types
// http://kb.mozillazine.org/Network.jar.open-unsafe-types
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.7
user_pref("network.jar.open-unsafe-types",          false);

// CIS 2.7.4 Disable Scripting of Plugins by JavaScript
// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889
user_pref("security.xpconnect.plugin.unrestricted",     false); // TOR: true

// PREF: Set File URI Origin Policy
// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8
user_pref("security.fileuri.strict_origin_policy",      true);

// PREF: Disable Displaying Javascript in History URLs
// http://kb.mozillazine.org/Browser.urlbar.filter.javascript
// CIS 2.3.6
user_pref("browser.urlbar.filter.javascript",           true);

// PREF: Disable asm.js
// http://asmjs.org/
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712
user_pref("javascript.options.asmjs",               false);

// PREF: Disable SVG in OpenType fonts
// https://wiki.mozilla.org/SVGOpenTypeFonts
// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
user_pref("gfx.font_rendering.opentype_svg.enabled",        false);

// PREF: Disable in-content SVG rendering (Firefox >= 53)
// NOTICE: Disabling SVG support breaks many UI elements on many sites
// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893
// https://github.com/iSECPartners/publications/raw/master/reports/Tor%20Browser%20Bundle/Tor%20Browser%20Bundle%20-%20iSEC%20Deliverable%201.3.pdf#16
user_pref("svg.disabled", true); // TOR: missing

// PREF: Disable video stats to reduce fingerprinting threat
// https://bugzilla.mozilla.org/show_bug.cgi?id=654550
// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785
// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065
user_pref("media.video_stats.enabled",              false);

// PREF: Don't reveal build ID
// Value taken from Tor Browser
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
user_pref("general.buildID.override",               "20100101");
user_pref("browser.startup.homepage_override.buildID",      "20100101"); // TOR: 20180202070101

// PREF: Prevent font fingerprinting
// https://browserleaks.com/fonts
// https://github.com/pyllyukko/user.js/issues/120
user_pref("browser.display.use_document_fonts",         0); // TOR: 1

// PREF: Enable only whitelisted URL protocol handlers
// http://kb.mozillazine.org/Network.protocol-handler.external-default
// http://kb.mozillazine.org/Network.protocol-handler.warn-external-default
// http://kb.mozillazine.org/Network.protocol-handler.expose.%28protocol%29
// https://news.ycombinator.com/item?id=13047883
// https://bugzilla.mozilla.org/show_bug.cgi?id=167475
// https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005
// NOTICE: Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... clients when clicking on links with these protocols
// TODO: Add externally-handled protocols from Windows 8.1 and Windows 10 (currently contains protocols only from Linux and Windows 7) that might pose a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991)
// TODO: Add externally-handled protocols from Mac OS X that might pose a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991)
// If you want to enable a protocol, set network.protocol-handler.expose.(protocol) to true and network.protocol-handler.external.(protocol) to:
//   * true, if the protocol should be handled by an external application
//   * false, if the protocol should be handled internally by Firefox
user_pref("network.protocol-handler.warn-external-default", true);
user_pref("network.protocol-handler.external.http",     false); // TOR: missing, there is external.ttp
user_pref("network.protocol-handler.external.https",        false); // TOR: missing, there is external.ttps
user_pref("network.protocol-handler.external.javascript",   false);
user_pref("network.protocol-handler.external.moz-extension",    false); // TOR: missing
user_pref("network.protocol-handler.external.ftp",      false); // TOR: missing, there is external.tp
user_pref("network.protocol-handler.external.file",     false); // TOR: missing, there is external.ile
user_pref("network.protocol-handler.external.about",        false); // TOR: missing
user_pref("network.protocol-handler.external.chrome",       false); // TOR: missing
user_pref("network.protocol-handler.external.blob",     false); // TOR: missing
user_pref("network.protocol-handler.external.data",     false);
user_pref("network.protocol-handler.expose-all",        false); // TOR: true
user_pref("network.protocol-handler.expose.http",       true); // TOR: missing
user_pref("network.protocol-handler.expose.https",      true); // TOR: missing
user_pref("network.protocol-handler.expose.javascript",     true); // TOR: missing
user_pref("network.protocol-handler.expose.moz-extension",  true); // TOR: missing
user_pref("network.protocol-handler.expose.ftp",        true); // TOR: missing
user_pref("network.protocol-handler.expose.file",       true); // TOR: missing
user_pref("network.protocol-handler.expose.about",      true); // TOR: missing
user_pref("network.protocol-handler.expose.chrome",     true); // TOR: missing
user_pref("network.protocol-handler.expose.blob",       true); // TOR: missing
user_pref("network.protocol-handler.expose.data",       true); // TOR: missing

/******************************************************************************
 * SECTION: Extensions / plugins                                                       *
 ******************************************************************************/

// PREF: Ensure you have a security delay when installing add-ons (milliseconds)
// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
user_pref("security.dialog_enable_delay",           1000);

// PREF: Require signatures
// https://wiki.mozilla.org/Addons/Extension_Signing
//user_pref("xpinstall.signatures.required",        true);

// PREF: Opt-out of add-on metadata updates
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled",         false);

// PREF: Opt-out of themes (Persona) updates
// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287
user_pref("lightweightThemes.update.enabled",           false); // TOR: true

// PREF: Disable Flash Player NPAPI plugin
// http://kb.mozillazine.org/Flash_plugin
user_pref("plugin.state.flash",                 0); // TOR: 1

// PREF: Disable Java NPAPI plugin
user_pref("plugin.state.java",                  0); // TOR: 1

// PREF: Disable sending Flash Player crash reports
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); // TOR: true

// PREF: When Flash crash reports are enabled, don't send the visited URL in the crash report
user_pref("dom.ipc.plugins.reportCrashURL",         false); // TOR: true

// PREF: When Flash is enabled, download and use Mozilla SWF URIs blocklist
// https://bugzilla.mozilla.org/show_bug.cgi?id=1237198
// https://github.com/mozilla-services/shavar-plugin-blocklist
user_pref("browser.safebrowsing.blockedURIs.enabled", true); // TOR: false

// PREF: Disable Shumway (Mozilla Flash renderer)
// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway
user_pref("shumway.disabled", true); // TOR: missing

// PREF: Disable Gnome Shell Integration NPAPI plugin
user_pref("plugin.state.libgnome-shell-browser-plugin",     0); // TOR: missing

// PREF: Disable the bundled OpenH264 video codec (disabled)
// http://forums.mozillazine.org/viewtopic.php?p=13845077&sid=28af2622e8bd8497b9113851676846b1#p13845077
//user_pref("media.gmp-provider.enabled",       false); // TOR: false

// PREF: Enable plugins click-to-play
// https://wiki.mozilla.org/Firefox/Click_To_Play
// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/
user_pref("plugins.click_to_play",              true);

// PREF: Updates addons automatically
// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
user_pref("extensions.update.enabled",              true);

// PREF: Enable add-on and certificate blocklists (OneCRL) from Mozilla
// https://wiki.mozilla.org/Blocklisting
// https://blocked.cdn.mozilla.net/
// http://kb.mozillazine.org/Extensions.blocklist.enabled
// http://kb.mozillazine.org/Extensions.blocklist.url
// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
// Updated at interval defined in extensions.blocklist.interval (default: 86400)
user_pref("extensions.blocklist.enabled",           true);
user_pref("services.blocklist.update_enabled",          true); // TOR: false

// PREF: Decrease system information leakage to Mozilla blocklist update servers
// https://trac.torproject.org/projects/tor/ticket/16931
user_pref("extensions.blocklist.url",               "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); // TOR: https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/

/******************************************************************************
 * SECTION: Firefox (anti-)features / components                              *                            *
 ******************************************************************************/

// PREF: Disable WebIDE
// https://trac.torproject.org/projects/tor/ticket/16222
// https://developer.mozilla.org/docs/Tools/WebIDE
user_pref("devtools.webide.enabled",                false);
user_pref("devtools.webide.autoinstallADBHelper",       false);
user_pref("devtools.webide.autoinstallFxdtAdapters",        false);

// PREF: Disable remote debugging
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
user_pref("devtools.debugger.remote-enabled",           false);
user_pref("devtools.chrome.enabled",                false);
user_pref("devtools.debugger.force-local",          true);

// PREF: Disable Mozilla telemetry/experiments
// https://wiki.mozilla.org/Platform/Features/Telemetry
// https://wiki.mozilla.org/Privacy/Reviews/Telemetry
// https://wiki.mozilla.org/Telemetry
// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry
// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715
// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry
// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html
// https://wiki.mozilla.org/Telemetry/Experiments
user_pref("toolkit.telemetry.enabled",              false);
user_pref("toolkit.telemetry.unified",              false);
user_pref("experiments.supported",              false); // TOR: true
user_pref("experiments.enabled",                false);
user_pref("experiments.manifest.uri",               ""); // TOR: https://telemetry-experiment.cdn.mozilla.net/manifest/v1/firefox/%VERSION%/%CHANNEL%

// PREF: Disallow Necko to do A/B testing
// https://trac.torproject.org/projects/tor/ticket/13170
user_pref("network.allow-experiments",              false); // TOR: true

// PREF: Disable sending Firefox crash reports to Mozilla servers
// https://wiki.mozilla.org/Breakpad
// http://kb.mozillazine.org/Breakpad
// https://dxr.mozilla.org/mozilla-central/source/toolkit/crashreporter
// https://bugzilla.mozilla.org/show_bug.cgi?id=411490
// A list of submitted crash reports can be found at about:crashes
user_pref("breakpad.reportURL",                 ""); // TOR: https://crash-stats.mozilla.com/report/index/

// PREF: Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't nag user about unsent crash reports
// https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js
user_pref("browser.tabs.crashReporting.sendReport",     false); // TOR: true
user_pref("browser.crashReports.unsubmittedCheck.enabled",  false);

// PREF: Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface)
// https://wiki.mozilla.org/FlyWeb
// https://wiki.mozilla.org/FlyWeb/Security_scenarios
// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit
// http://www.ghacks.net/2016/07/26/firefox-flyweb
user_pref("dom.flyweb.enabled",                 false);

// PREF: Disable the UITour backend
// https://trac.torproject.org/projects/tor/ticket/19047#comment:3
user_pref("browser.uitour.enabled",             false);

// PREF: Enable Firefox Tracking Protection
// https://wiki.mozilla.org/Security/Tracking_protection
// https://support.mozilla.org/en-US/kb/tracking-protection-firefox
// https://support.mozilla.org/en-US/kb/tracking-protection-pbm
// https://kontaxis.github.io/trackingprotectionfirefox/
// https://feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox/
user_pref("privacy.trackingprotection.enabled",         true); // TOR: false
user_pref("privacy.trackingprotection.pbmode.enabled",      true); // TOR: false

// PREF: Enable contextual identity Containers feature (Firefox >= 52)
// NOTICE: Containers are not available in Private Browsing mode
// https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
user_pref("privacy.userContext.enabled",            true); // TOR: false

// PREF: Enable hardening against various fingerprinting vectors (Tor Uplift project)
// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
// https://bugzilla.mozilla.org/show_bug.cgi?id=1333933
user_pref("privacy.resistFingerprinting",           true);

// PREF: Disable the built-in PDF viewer
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2743
// https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
user_pref("pdfjs.disabled",                 true); // TOR: false

// PREF: Disable collection/sending of the health report (healthreport.sqlite*)
// https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf
// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html
user_pref("datareporting.healthreport.uploadEnabled",       false);
user_pref("datareporting.healthreport.service.enabled",     false);
user_pref("datareporting.policy.dataSubmissionEnabled",     false);

// PREF: Disable Heartbeat  (Mozilla user rating telemetry)
// https://wiki.mozilla.org/Advocacy/heartbeat
// https://trac.torproject.org/projects/tor/ticket/19047
user_pref("browser.selfsupport.url",                "");

// PREF: Disable Firefox Hello (disabled) (Firefox < 49)
// https://wiki.mozilla.org/Loop
// https://support.mozilla.org/t5/Chat-and-share/Support-for-Hello-discontinued-in-Firefox-49/ta-p/37946
// NOTICE-DISABLED: Firefox Hello requires setting `media.peerconnection.enabled` and `media.getusermedia.screensharing.enabled` to true, `security.OCSP.require` to false to work. // TOR: false, true, false
//user_pref("loop.enabled",     false); // TOR: missing

// PREF: Disable Firefox Hello metrics collection
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
user_pref("loop.logDomains",                    false); // TOR: missing

// PREF: Enable Auto Update (disabled)
// NOTICE: Fully automatic updates are disabled and left to package management systems on Linux. Windows users may want to change this setting.
// CIS 2.1.1
//user_pref("app.update.auto",                  true); // TOR: true

// PREF: Enforce checking for Firefox updates
// http://kb.mozillazine.org/App.update.enabled
// NOTICE: Update check page might incorrectly report Firefox ESR as out-of-date
user_pref("app.update.enabled",                 true);

// PREF: Enable blocking reported web forgeries
// https://wiki.mozilla.org/Security/Safe_Browsing
// http://kb.mozillazine.org/Safe_browsing
// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849
// CIS 2.3.4
user_pref("browser.safebrowsing.enabled",           true); // Firefox < 50 // TOR: false
user_pref("browser.safebrowsing.phishing.enabled",      true); // firefox >= 50 // TOR: false

// PREF: Enable blocking reported attack sites
// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled
// CIS 2.3.5
user_pref("browser.safebrowsing.malware.enabled",       true); //TOR: false

// PREF: Disable querying Google Application Reputation database for downloaded binary files
// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
// https://wiki.mozilla.org/Security/Application_Reputation
user_pref("browser.safebrowsing.downloads.remote.enabled",  false);

// PREF: Disable Pocket
// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
// https://github.com/pyllyukko/user.js/issues/143
user_pref("browser.pocket.enabled",             false);
user_pref("extensions.pocket.enabled",              false); // TOR: true

// PREF: Disable SHIELD
// https://support.mozilla.org/en-US/kb/shield
// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801
user_pref("extensions.shield-recipe-client.enabled",        false); // TOR: missing
user_pref("app.shield.optoutstudies.enabled",           false); // TOR: missing

// PREF: Disable "Recommended by Pocket" in Firefox Quantum
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories",    false); // TOR: missing

/******************************************************************************
 * SECTION: Automatic connections                                             *
 ******************************************************************************/

// PREF: Disable prefetching of <link rel="next"> URLs
// http://kb.mozillazine.org/Network.prefetch-next
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
user_pref("network.prefetch-next",              false); // TOR: true

// PREF: Disable DNS prefetching
// http://kb.mozillazine.org/Network.dns.disablePrefetch
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
user_pref("network.dns.disablePrefetch",            true);
user_pref("network.dns.disablePrefetchFromHTTPS",       true); // TOR: missing

// PREF: Disable the predictive service (Necko)
// https://wiki.mozilla.org/Privacy/Reviews/Necko
user_pref("network.predictor.enabled",              false);

// PREF: Reject .onion hostnames before passing the to DNS
// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
// RFC 7686
user_pref("network.dns.blockDotOnion",              true);

// PREF: Disable search suggestions in the search bar
// http://kb.mozillazine.org/Browser.search.suggest.enabled
user_pref("browser.search.suggest.enabled",         false);

// PREF: Disable "Show search suggestions in location bar results"
user_pref("browser.urlbar.suggest.searches",            false);
// PREF: When using the location bar, don't suggest URLs from browsing history
user_pref("browser.urlbar.suggest.history",         false); // TOR: true

// PREF: Disable SSDP
// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
user_pref("browser.casting.enabled",                false);

// PREF: Disable automatic downloading of OpenH264 codec
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_media-capabilities
// https://andreasgal.com/2014/10/14/openh264-now-in-firefox/
user_pref("media.gmp-gmpopenh264.enabled",          false); // TOR: missing
user_pref("media.gmp-manager.url",              ""); // TOR: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml

// PREF: Disable speculative pre-connections
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
user_pref("network.http.speculative-parallel-limit",        0); // TOR: 6

// PREF: Disable downloading homepage snippets/messages from Mozilla
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content
// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service
user_pref("browser.aboutHomeSnippets.updateUrl",        ""); // TOR: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/

// PREF: Never check updates for search engines
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
user_pref("browser.search.update",              false);

// PREF: Disable automatic captive portal detection (Firefox >= 52.0)
// https://support.mozilla.org/en-US/questions/1157121
user_pref("network.captive-portal-service.enabled",     false);

/******************************************************************************
 * SECTION: HTTP                                                              *
 ******************************************************************************/

// PREF: Disallow NTLMv1
// https://bugzilla.mozilla.org/show_bug.cgi?id=828183
user_pref("network.negotiate-auth.allow-insecure-ntlm-v1",  false); // TOR: missing
// it is still allowed through HTTPS. uncomment the following to disable it completely.
//user_pref("network.negotiate-auth.allow-insecure-ntlm-v1-https",      false); // TOR: missing

// PREF: Enable CSP 1.1 script-nonce directive support
// https://bugzilla.mozilla.org/show_bug.cgi?id=855326
user_pref("security.csp.experimentalEnabled",           true); // TOR: false

// PREF: Enable Content Security Policy (CSP)
// https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
user_pref("security.csp.enable",                true);

// PREF: Enable Subresource Integrity
// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
// https://wiki.mozilla.org/Security/Subresource_Integrity
user_pref("security.sri.enable",                true);

// PREF: DNT HTTP header (disabled)
// https://www.mozilla.org/en-US/firefox/dnt/
// https://en.wikipedia.org/wiki/Do_not_track_header
// https://dnt-dashboard.mozilla.org
// https://github.com/pyllyukko/user.js/issues/11
// NOTICE: Do No Track must be enabled manually
//user_pref("privacy.donottrackheader.enabled",     true); // TOR: false

// PREF: Send a referer header with the target URI as the source
// https://bugzilla.mozilla.org/show_bug.cgi?id=822869
// https://github.com/pyllyukko/user.js/issues/227
// NOTICE: Spoofing referers breaks functionality on websites relying on authentic referer headers
// NOTICE: Spoofing referers breaks visualisation of 3rd-party sites on the Lightbeam addon
// NOTICE: Spoofing referers disables CSRF protection on some login pages not implementing origin-header/cookie+token based CSRF protection
// TODO: https://github.com/pyllyukko/user.js/issues/94, commented-out XOriginPolicy/XOriginTrimmingPolicy = 2 prefs
user_pref("network.http.referer.spoofSource",           true); // TOR: false

// PREF: Don't send referer headers when following links across different domains (disabled)
// https://github.com/pyllyukko/user.js/issues/227
// user_pref("network.http.referer.XOriginPolicy",      2); // TOR: 0

// PREF: Accept Only 1st Party Cookies
// http://kb.mozillazine.org/Network.cookie.cookieBehavior#1
// NOTICE: Blocking 3rd-party cookies breaks a number of payment gateways
// CIS 2.5.1
user_pref("network.cookie.cookieBehavior",          1);

// PREF: Make sure that third-party cookies (if enabled) never persist beyond the session.
// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
// http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly
// https://developer.mozilla.org/en-US/docs/Cookies_Preferences_in_Mozilla#network.cookie.thirdparty.sessionOnly
user_pref("network.cookie.thirdparty.sessionOnly",      true); // TOR: false

// PREF: Spoof User-agent (disabled)
//user_pref("general.useragent.override",               "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0"); // TOR: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
//user_pref("general.appname.override",             "Netscape");
//user_pref("general.appversion.override",          "5.0 (Windows)"); // TOR: 5.0 (Windows)
//user_pref("general.platform.override",                "Win32");
//user_pref("general.oscpu.override",               "Windows NT 6.1");

/*******************************************************************************
 * SECTION: Caching                                                            *
 ******************************************************************************/

// PREF: Permanently enable private browsing mode
// https://support.mozilla.org/en-US/kb/Private-Browsing
// https://wiki.mozilla.org/PrivateBrowsing
// NOTICE: You can not view or inspect cookies when in private browsing: https://bugzilla.mozilla.org/show_bug.cgi?id=823941
// NOTICE: When Javascript is enabled, Websites can detect use of Private Browsing mode
// NOTICE: Private browsing breaks Kerberos authentication
// NOTICE: Disables "Containers" functionality (see below)
// NOTICE: "Always use private browsing mode" (browser.privatebrowsing.autostart) disables the possibility to use password manager: https://support.mozilla.org/en-US/kb/usernames-and-passwords-are-not-saved#w_private-browsing
user_pref("browser.privatebrowsing.autostart",          true);

// PREF: Do not download URLs for the offline cache
// http://kb.mozillazine.org/Browser.cache.offline.enable
user_pref("browser.cache.offline.enable",           false);

// PREF: Clear history when Firefox closes
// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically
// NOTICE: Installing user.js will remove your browsing history, caches and local storage.
// NOTICE: Installing user.js **will remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27)
// NOTICE: Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945
user_pref("privacy.sanitize.sanitizeOnShutdown",        true); // TOR: false
user_pref("privacy.clearOnShutdown.cache",          true);
user_pref("privacy.clearOnShutdown.cookies",            true);
user_pref("privacy.clearOnShutdown.downloads",          true);
user_pref("privacy.clearOnShutdown.formdata",           true);
user_pref("privacy.clearOnShutdown.history",            true);
user_pref("privacy.clearOnShutdown.offlineApps",        true); // TOR: false
user_pref("privacy.clearOnShutdown.sessions",           true);
user_pref("privacy.clearOnShutdown.openWindows",        true); // TOR: false

// PREF: Set time range to "Everything" as default in "Clear Recent History"
user_pref("privacy.sanitize.timeSpan",              0); // TOR: 1

// PREF: Clear everything but "Site Preferences" in "Clear Recent History"
user_pref("privacy.cpd.offlineApps",                true); // TOR: false
user_pref("privacy.cpd.cache",                  true);
user_pref("privacy.cpd.cookies",                true);
user_pref("privacy.cpd.downloads",              true);
user_pref("privacy.cpd.formdata",               true);
user_pref("privacy.cpd.history",                true);
user_pref("privacy.cpd.sessions",               true);

// PREF: Don't remember browsing history
user_pref("places.history.enabled",             false); // TOR: true

// PREF: Disable disk cache
// http://kb.mozillazine.org/Browser.cache.disk.enable
user_pref("browser.cache.disk.enable",              false);

// PREF: Disable memory cache (disabled)
// http://kb.mozillazine.org/Browser.cache.memory.enable
//user_pref("browser.cache.memory.enable",      false); // TOR: true

// PREF: Disable Caching of SSL Pages
// CIS Version 1.2.0 October 21st, 2011 2.5.8
// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
user_pref("browser.cache.disk_cache_ssl",           false); // TOR: true

// PREF: Disable download history
// CIS Version 1.2.0 October 21st, 2011 2.5.5
user_pref("browser.download.manager.retention",         0); // TOR: 1

// PREF: Disable password manager
// CIS Version 1.2.0 October 21st, 2011 2.5.2
user_pref("signon.rememberSignons",             false);

// PREF: Disable form autofill, don't save information entered in web page forms and the Search Bar
user_pref("browser.formfill.enable",                false);

// PREF: Cookies expires at the end of the session (when the browser closes)
// http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2
user_pref("network.cookie.lifetimePolicy",          2);

// PREF: Require manual intervention to autofill known username/passwords sign-in forms
// http://kb.mozillazine.org/Signon.autofillForms
// https://www.torproject.org/projects/torbrowser/design/#identifier-linkability
user_pref("signon.autofillForms",               false);

// PREF: Disable formless login capture
// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
user_pref("signon.formlessCapture.enabled",         false); // TOR: true

// PREF: When username/password autofill is enabled, still disable it on non-HTTPS sites
// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317
user_pref("signon.autofillForms.http",              false);

// PREF: Show in-content login form warning UI for insecure login fields
// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317
user_pref("security.insecure_field_warning.contextual.enabled", true);

// PREF: Disable the password manager for pages with autocomplete=off (disabled)
// https://bugzilla.mozilla.org/show_bug.cgi?id=956906
// OWASP ASVS V9.1
// Does not prevent any kind of auto-completion (see browser.formfill.enable, signon.autofillForms)
//user_pref("signon.storeWhenAutocompleteOff",          false); // TOR: true

// PREF: Delete Search and Form History
// CIS Version 1.2.0 October 21st, 2011 2.5.6
user_pref("browser.formfill.expire_days",           0); // TOR: 180

// PREF: Clear SSL Form Session Data
// http://kb.mozillazine.org/Browser.sessionstore.privacy_level#2
// Store extra session data for unencrypted (non-HTTPS) sites only.
// CIS Version 1.2.0 October 21st, 2011 2.5.7
// NOTE: CIS says 1, we use 2
user_pref("browser.sessionstore.privacy_level",         2);

// PREF: Delete temporary files on exit
// https://bugzilla.mozilla.org/show_bug.cgi?id=238789
user_pref("browser.helperApps.deleteTempFileOnExit",        true);

// PREF: Do not create screenshots of visited pages (relates to the "new tab page" feature)
// https://support.mozilla.org/en-US/questions/973320
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled
user_pref("browser.pagethumbnails.capturing_disabled",      true); // TOR: missing

// PREF: Don't fetch and permanently store favicons for Windows .URL shortcuts created by drag and drop
// NOTICE: .URL shortcut files will be created with a generic icon
// Favicons are stored as .ico files in $profile_dir\shortcutCache
user_pref("browser.shell.shortcutFavicons",                 false); // TOR: true

// PREF: Disable bookmarks backups (default: 15)
// http://kb.mozillazine.org/Browser.bookmarks.max_backups
user_pref("browser.bookmarks.max_backups", 0); // TOR: 15

/*******************************************************************************
 * SECTION: UI related                                                         *
 *******************************************************************************/

// PREF: Enable insecure password warnings (login forms in non-HTTPS pages)
// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119
// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156
user_pref("security.insecure_password.ui.enabled",      true);

// PREF: Disable right-click menu manipulation via JavaScript (disabled)
//user_pref("dom.event.contextmenu.enabled",        false); // TOR: true

// PREF: Disable "Are you sure you want to leave this page?" popups on page close
// https://support.mozilla.org/en-US/questions/1043508
// Does not prevent JS leaks of the page close event.
// https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload
//user_pref("dom.disable_beforeunload",    true); // TOR: false

// PREF: Disable Downloading on Desktop
// CIS 2.3.2
user_pref("browser.download.folderList",            2); // TOR: 1

// PREF: Always ask the user where to download
// https://developer.mozilla.org/en/Download_Manager_preferences (obsolete)
user_pref("browser.download.useDownloadDir",            false);

// PREF: Disable the "new tab page" feature and show a blank tab instead
// https://wiki.mozilla.org/Privacy/Reviews/New_Tab
// https://support.mozilla.org/en-US/kb/new-tab-page-show-hide-and-customize-top-sites#w_how-do-i-turn-the-new-tab-page-off
user_pref("browser.newtabpage.enabled",             false); // TOR: true
user_pref("browser.newtab.url",                 "about:blank"); // TOR: missing

// PREF: Disable Activity Stream
// https://wiki.mozilla.org/Firefox/Activity_Stream
user_pref("browser.newtabpage.activity-stream.enabled",     false); // TOR: missing

// PREF: Disable new tab tile ads & preload
// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox
// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
// TODO: deprecated? not in DXR, some dead links
user_pref("browser.newtabpage.enhanced",            false);
user_pref("browser.newtab.preload",             false); // TOR: true
user_pref("browser.newtabpage.directory.ping",          ""); //TOR: data:text/plain,
user_pref("browser.newtabpage.directory.source",        "data:text/plain,{}");

// PREF: Enable Auto Notification of Outdated Plugins (Firefox < 50)
// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review
// CIS Version 1.2.0 October 21st, 2011 2.1.2
// https://hg.mozilla.org/mozilla-central/rev/304560
user_pref("plugins.update.notifyUser",              true); // TOR: missing

// PREF: Force Punycode for Internationalized Domain Names
// http://kb.mozillazine.org/Network.IDN_show_punycode
// https://www.xudongz.com/blog/2017/idn-phishing/
// https://wiki.mozilla.org/IDN_Display_Algorithm
// https://en.wikipedia.org/wiki/IDN_homograph_attack
// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6
user_pref("network.IDN_show_punycode",              true); // TOR: false

// PREF: Disable inline autocomplete in URL bar
// http://kb.mozillazine.org/Inline_autocomplete
user_pref("browser.urlbar.autoFill",                false); // TOR: true
user_pref("browser.urlbar.autoFill.typed",          false); // TOR: true

// PREF: Disable CSS :visited selectors
// https://blog.mozilla.org/security/2010/03/31/plugging-the-css-history-leak/
// https://dbaron.org/mozilla/visited-privacy
user_pref("layout.css.visited_links_enabled",           false); // TOR: true

// PREF: Disable URL bar autocomplete and history/bookmarks suggestions dropdown
// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5
user_pref("browser.urlbar.autocomplete.enabled",        false); // TOR: true

// PREF: Do not check if Firefox is the default browser
user_pref("browser.shell.checkDefaultBrowser",          false);

// PREF: When password manager is enabled, lock the password storage periodically
// CIS Version 1.2.0 October 21st, 2011 2.5.3 Disable Prompting for Credential Storage
user_pref("security.ask_for_password",              2); // TOR: 0

// PREF: Lock the password storage every 1 minutes (default: 30)
user_pref("security.password_lifetime",             1); // TOR: 30

// PREF: Display a notification bar when websites offer data for offline use
// http://kb.mozillazine.org/Browser.offline-apps.notify
user_pref("browser.offline-apps.notify",            true);

/******************************************************************************
 * SECTION: Cryptography                                                      *
 ******************************************************************************/

// PREF: Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla)
// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
user_pref("network.stricttransportsecurity.preloadlist",    true);

// PREF: Enable Online Certificate Status Protocol
// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
// https://www.imperialviolet.org/2014/04/19/revchecking.html
// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/
// https://wiki.mozilla.org/CA:RevocationPlan
// https://wiki.mozilla.org/CA:ImprovingRevocation
// https://wiki.mozilla.org/CA:OCSP-HardFail
// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html
// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html
// NOTICE: OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host
// NOTICE: OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder
// NOTICE: OCSP adds latency (performance)
// NOTICE: Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10)
// CIS Version 1.2.0 October 21st, 2011 2.2.4
user_pref("security.OCSP.enabled",              1);

// PREF: Enable OCSP Stapling support
// https://en.wikipedia.org/wiki/OCSP_stapling
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
// https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
user_pref("security.ssl.enable_ocsp_stapling",          true);

// PREF: Enable OCSP Must-Staple support (Firefox >= 45)
// https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/
// https://www.entrust.com/ocsp-must-staple/
// https://github.com/schomery/privacy-settings/issues/40
// NOTICE: Firefox falls back on plain OCSP when must-staple is not configured on the host certificate
user_pref("security.ssl.enable_ocsp_must_staple",       true);

// PREF: Require a valid OCSP response for OCSP enabled certificates
// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA
// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses
// NOTICE: `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable
// NOTICE: `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal)
user_pref("security.OCSP.require",              true); // TOR: false

// PREF: Disable TLS Session Tickets
// https://www.blackhat.com/us-13/briefings.html#NextGen
// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf
// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf
// https://bugzilla.mozilla.org/show_bug.cgi?id=917049
// https://bugzilla.mozilla.org/show_bug.cgi?id=967977
user_pref("security.ssl.disable_session_identifiers",       true);

// PREF: Only allow TLS 1.[0-3]
// http://kb.mozillazine.org/Security.tls.version.*
// 1 = TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)
// 2 = TLS 1.1 is the minimum required / maximum supported encryption protocol.
user_pref("security.tls.version.min",               1);
user_pref("security.tls.version.max",               4); // TOR: 3

// PREF: Disable insecure TLS version fallback
// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
user_pref("security.tls.version.fallback-limit",        3);

// PREF: Enfore Public Key Pinning
// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
// "2. Strict. Pinning is always enforced."
user_pref("security.cert_pinning.enforcement_level",        2);

// PREF: Disallow SHA-1
// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
// https://shattered.io/
user_pref("security.pki.sha1_enforcement_level",        1); // TOR: 2

// PREF: Warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
user_pref("security.ssl.treat_unsafe_negotiation_as_broken",    true); // TOR: false

// PREF: Disallow connection to servers not supporting safe renegotiation (disabled)
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.require_safe_negotiation
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
// TODO: `security.ssl.require_safe_negotiation` is more secure but makes browsing next to impossible (2012-2014-... - `ssl_error_unsafe_negotiation` errors), so is left disabled
//user_pref("security.ssl.require_safe_negotiation",        true); // TOR: false

// PREF: Disable automatic reporting of TLS connection errors
// https://support.mozilla.org/en-US/kb/certificate-pinning-reports
// we could also disable security.ssl.errorReporting.enabled, but I think it's
// good to leave the option to report potentially malicious sites if the user
// chooses to do so.
// you can test this at https://pinningtest.appspot.com/
user_pref("security.ssl.errorReporting.automatic",      false);

// PREF: Pre-populate the current URL but do not pre-fetch the certificate in the "Add Security Exception" dialog
// http://kb.mozillazine.org/Browser.ssl_override_behavior
// https://github.com/pyllyukko/user.js/issues/210
user_pref("browser.ssl_override_behavior",          1); // TOR: 2

/******************************************************************************
 * SECTION: Cipher suites                                                     *
 ******************************************************************************/

// PREF: Disable null ciphers
user_pref("security.ssl3.rsa_null_sha",             false); // TOR: missing
user_pref("security.ssl3.rsa_null_md5",             false); // TOR: missing
user_pref("security.ssl3.ecdhe_rsa_null_sha",           false); // TOR: missing
user_pref("security.ssl3.ecdhe_ecdsa_null_sha",         false); // TOR: missing
user_pref("security.ssl3.ecdh_rsa_null_sha",            false); // TOR: missing
user_pref("security.ssl3.ecdh_ecdsa_null_sha",          false); // TOR: missing

// PREF: Disable SEED cipher
// https://en.wikipedia.org/wiki/SEED
user_pref("security.ssl3.rsa_seed_sha",             false); // TOR: missing

// PREF: Disable 40/56/128-bit ciphers
// 40-bit ciphers
user_pref("security.ssl3.rsa_rc4_40_md5",           false); // TOR: missing
user_pref("security.ssl3.rsa_rc2_40_md5",           false); // TOR: missing
// 56-bit ciphers
user_pref("security.ssl3.rsa_1024_rc4_56_sha",          false); // TOR: missing
// 128-bit ciphers
user_pref("security.ssl3.rsa_camellia_128_sha",         false); // TOR: missing
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha",        false); // TOR: true
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha",      false); // TOR: true
user_pref("security.ssl3.ecdh_rsa_aes_128_sha",         false); // TOR: missing
user_pref("security.ssl3.ecdh_ecdsa_aes_128_sha",       false); // TOR: missing
user_pref("security.ssl3.dhe_rsa_camellia_128_sha",     false); // TOR: missing
user_pref("security.ssl3.dhe_rsa_aes_128_sha",          false); // TOR: true

// PREF: Disable RC4
// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
// https://rc4.io/
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
user_pref("security.ssl3.ecdh_ecdsa_rc4_128_sha",       false); // TOR: missing
user_pref("security.ssl3.ecdh_rsa_rc4_128_sha",         false); // TOR: missing
user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha",      false); // TOR: missing
user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha",        false); // TOR: missing
user_pref("security.ssl3.rsa_rc4_128_md5",          false); // TOR: missing
user_pref("security.ssl3.rsa_rc4_128_sha",          false); // TOR: missing
user_pref("security.tls.unrestricted_rc4_fallback",     false);

// PREF: Disable 3DES (effective key size is < 128)
// https://en.wikipedia.org/wiki/3des#Security
// http://en.citizendium.org/wiki/Meet-in-the-middle_attack
// http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
user_pref("security.ssl3.dhe_dss_des_ede3_sha",         false); // TOR: missing
user_pref("security.ssl3.dhe_rsa_des_ede3_sha",         false); // TOR: missing
user_pref("security.ssl3.ecdh_ecdsa_des_ede3_sha",      false); // TOR: missing
user_pref("security.ssl3.ecdh_rsa_des_ede3_sha",        false); // TOR: missing
user_pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha",     false); // TOR: missing
user_pref("security.ssl3.ecdhe_rsa_des_ede3_sha",       false); // TOR: missing
user_pref("security.ssl3.rsa_des_ede3_sha",         false); // TOR: true
user_pref("security.ssl3.rsa_fips_des_ede3_sha",        false); // TOR: missing

// PREF: Disable ciphers with ECDH (non-ephemeral)
user_pref("security.ssl3.ecdh_rsa_aes_256_sha",         false); // TOR: missing
user_pref("security.ssl3.ecdh_ecdsa_aes_256_sha",       false); // TOR: missing

// PREF: Disable 256 bits ciphers without PFS
user_pref("security.ssl3.rsa_camellia_256_sha",         false); // TOR: missing

// PREF: Enable ciphers with ECDHE and key size > 128bits
user_pref("security.ssl3.ecdhe_rsa_aes_256_sha",        true); // 0xc014
user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha",      true); // 0xc00a

// PREF: Enable GCM ciphers (TLSv1.2 only)
// https://en.wikipedia.org/wiki/Galois/Counter_Mode
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256",   true); // 0xc02b
user_pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256",     true); // 0xc02f

// PREF: Enable ChaCha20 and Poly1305 (Firefox >= 47)
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
// https://tools.ietf.org/html/rfc7905
// https://bugzilla.mozilla.org/show_bug.cgi?id=917571
// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860
// https://cr.yp.to/chacha.html
user_pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
user_pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256",   true);

// PREF: Disable ciphers susceptible to the logjam attack
// https://weakdh.org/
user_pref("security.ssl3.dhe_rsa_camellia_256_sha",     false);
user_pref("security.ssl3.dhe_rsa_aes_256_sha",          false); // TOR: true

// PREF: Disable ciphers with DSA (max 1024 bits)
user_pref("security.ssl3.dhe_dss_aes_128_sha",          false); // TOR: missing
user_pref("security.ssl3.dhe_dss_aes_256_sha",          false); // TOR: missing
user_pref("security.ssl3.dhe_dss_camellia_128_sha",     false); // TOR: missing
user_pref("security.ssl3.dhe_dss_camellia_256_sha",     false); // TOR: missing

// PREF: Fallbacks due compatibility reasons
user_pref("security.ssl3.rsa_aes_256_sha",          true); // 0x35
user_pref("security.ssl3.rsa_aes_128_sha",          true); // 0x2f

pyllyukko commented 6 years ago

Related issue: #316

Did you notice/try d0b78593632b51f4019544cf11fabf3f95d81ce0?

Need to review your list.

ghost commented 6 years ago

Did you notice/try d0b7859?

No.

Need to review your list.

Great. Looking forward to it.

I understand there are many similar projects (user.js settings) but it is really difficult to keep track of all of them. For the moment yours is the only one I have had a look at. It is good there is an open bug to discuss all that at Tor but as far as I see it is not really getting a lot of attention.

It seems to me important to distinguish between the "regular" browsers and TBB because with regular browsers we have an additional goal - not to share the IP address with 3rd parties. With TBB however there is an additional goal: not to create an easy fingerprint. When testing certain settings in TBB I noticed that the Panopticlick bits raise when supposedly privacy tightening settings are applied (e.g. disabling cookies).

Ideally we should come up with a unified user.js which ensures maximum security (including privacy). Unfortunately I am still unfamiliar with most of these variables, so I count on you to provide extra info after you review them.

Atavic commented 6 years ago

@anchev you compared the default settings in Tor. They have some weak spots, like javascript enabled!

ghost commented 6 years ago

I have compared the default settings of Tor but with "Security Level" slider set to Safest. I don't know if and how that affects any about:config settings but I think it deserves a more meticulous look because Tor gives a Panopticlick result of 6.57 bits while FF with this user.js gives about 9.71 bits. Tor also has safebrowsing features disabled.

Atavic commented 6 years ago

I have compared... with "Security Level" slider set to Safest.

Good choice. Some settings are changed in an hardened way.

ghost commented 6 years ago

I tested various things today (including setting some values to what they are in Tor) and then running https://panopticlick.eff.org/

Something strange I notice: user_pref("privacy.donottrackheader.enabled", true); increases bits of identifying info when testing in Tor. The same setting however decreases the bits when testing in FF 58.

Any idea why that may be?

Except this particular setting, testing in Tor the other ones shared in https://github.com/pyllyukko/user.js/issues/365#issuecomment-361105455 don't increase the entropy bits in Tor. So perhaps we can assume they actually add security and privacy?

Strangely I can't get FF 58 lower than 9.7 bits with the same user.js (and with user_pref("privacy.donottrackheader.enabled", true);.

Additionally I wonder if it is possible to reduce further the 6.57 bits of Tor...

What do you think about all these?

Atavic commented 6 years ago

Any idea why that may be?

A dead horse, DNT is greatly ignored and simply makes your browser stand out in the crowd.

Atavic commented 6 years ago

What do you think about all these?

I have highest bits of identifying information on these Browser Characteristics:

Hash of canvas fingerprint    
Screen Size and Color Depth  [*]
Browser Plugin Details          
System Fonts                      [*]
User Agent

Of these, some can be spoofed (UA String) or modified, while others are Hardware/OS related [*]

Moreover, with less FF users the uniqueness is increasing.

pyllyukko commented 6 years ago

So how did you do the comparison? Because I think there is no point in comparing settings in TBB, that are the same defaults as in Firefox, but only compare the settings they have explicitly set.

I understand there are many similar projects (user.js settings) but it is really difficult to keep track of all of them. For the moment yours is the only one I have had a look at. It is good there is an open bug to discuss all that at Tor but as far as I see it is not really getting a lot of attention.

True.

Ideally we should come up with a unified user.js which ensures maximum security (including privacy). Unfortunately I am still unfamiliar with most of these variables, so I count on you to provide extra info after you review them.

I'm afraid we'll never get there. I mean having some kind of consensus on the settings between different projects.

ghost commented 6 years ago

A dead horse, DNT is greatly ignored and simply makes your browser stand out in the crowd.

I know that. But the fact is that Panopticlick result is affected by that setting. So although it is ignored and cannot be trusted as a security measure, it may at least matter as a dimension about privacy.

I have highest bits of identifying information on these Browser Characteristics:

Are you testing with the same settings which I described?

So how did you do the comparison?

Compared before/after the custom user.js with the Tor profile. When changing some settings, I deleted prefs.js and then repeat.

Because I think there is no point in comparing settings in TBB, that are the same defaults as in Firefox, but only compare the settings they have explicitly set.

A friend used to say: "With computers we must be explicit" :) I tend to agree because we (or at least I) don't know which TBB and FF settings are at their default values, if those default values are exactly the same (or TBB modifies them somehow). Additionally I notice that even with "factory" settings TBB has different (still displayed as default) settings and others which show as modified (although I haven't touched anything). So the point of comparing is to check how settings affect privacy/security in the different browsers and suggest better defaults.

I'm afraid we'll never get there. I mean having some kind of consensus on the settings between different projects.

That's not even the purpose. I am rather hoping to sort out the best bundle of settings. For the moment it is going well.

Atavic commented 6 years ago

Are you testing with the same settings which I described?

Settings are close to the ones I previously linked here.

ghost commented 6 years ago

Then obviously you are not testing with what I test, so the result will be different. What is the final Panopticlick result you get with your settings in FF and TBB?

Atavic commented 6 years ago

Not good, due to the hardware and OS. Fonts can be spoofed at system level: https://github.com/da2x/fluxfonts

ghost commented 6 years ago

What has hardware and OS to do with that? AFAIK fonts can be detected only through JS or flash. In my settings JS is disabled and I don't have flash installed. If you are testing with JS or some plugins that wouldn't be a meaningful test in the first place. Right?

Atavic commented 6 years ago

Yes, these test pages have this flaw: sometimes you have to open up your defences for the tests to actually work.

hardware and OS

Screen size and system fonts (different from OS to OS, different if office suites installed or not): https://github.com/pyllyukko/user.js/issues/367#issuecomment-361288816

I had a look at @anchev Differences list (on top) and then I left only the entries with //TOR comment: https://gist.github.com/Atavic/f3b4bd9e207c2b0fac91937fef0df594

It's 174 differences and I am not amused at what I see regrading Tor preferences.

ghost commented 6 years ago

What are you talking about? I haven't opened up any defenses. The Panopticlick works without JS and I don't know how it may be possible to detect your desktop resolution if JS is disabled. I am getting confused by your words.

It's 174 differences and I am not amused at what I see regrading Tor preferences.

It seems Tor is not that tightened, right?

Atavic commented 6 years ago

Panopticlick works without JS

My fault, I haven't done that test for some months, sorry!

TBB isn't tightened at all. :+1: for your efforts!

ghost commented 6 years ago

Let's tighten it then! :)

pyllyukko commented 6 years ago

Did you notice/try d0b7859?

No.

It was a Makefile target I made for pretty much this purpose.

Because I think there is no point in comparing settings in TBB, that are the same defaults as in Firefox, but only compare the settings they have explicitly set.

A friend used to say: "With computers we must be explicit" :) I tend to agree because we (or at least I) don't know which TBB and FF settings are at their default values, if those default values are exactly the same (or TBB modifies them somehow). Additionally I notice that even with "factory" settings TBB has different (still displayed as default) settings and others which show as modified (although I haven't touched anything). So the point of comparing is to check how settings affect privacy/security in the different browsers and suggest better defaults.

The Tor tweaks come from 000-tor-browser.js (which you can download by running make 000-tor-browser.js).

I made a few additional targets:

a78f66a478c9a66e9d5b6b2d04e2feb3fccd4965 for listing settings that exist in 000-tor-browser.js, but not in our user.js
389f9ba8c291f625057e2ee22bfb492d3184d8c1 for listing settings that exist in both, but have different values

E.g.:

$ make tbb-diff-2 
for setting in $( comm -12 <(sed -n '/^\(user_\)\?pref/s/^.*pref("\([^"]\+\)",\s*\([^)]\+\).*$/\1/p' user.js | sort) <(sed -n '/^\(user_\)\?pref/s/^.*pref("\([^"]\+\)",\s*\([^)]\+\).*$/\1/p' 000-tor-browser.js | sort)); do diff <(grep "^\(user_\)\?pref(\"${setting}\"" user.js | sed -n '/^\(user_\)\?pref/s/^.*pref("\([^"]\+\)",\s*\([^)]\+\).*$/\1 = \2/p' | sort) <(grep "^\(user_\)\?pref(\"${setting}\"" 000-tor-browser.js | sed -n '/^\(user_\)\?pref/s/^.*pref("\([^"]\+\)",\s*\([^)]\+\).*$/\1 = \2/p' | sort); done
1c1
< browser.download.manager.retention = 0
---
> browser.download.manager.retention = 1
1c1
< browser.newtabpage.directory.ping = ""
---
> browser.newtabpage.directory.ping = "data:text/plain,"
1c1
< browser.newtabpage.directory.source = "data:text/plain,{}"
---
> browser.newtabpage.directory.source = "data:text/plain,"
1c1
< browser.safebrowsing.blockedURIs.enabled = true
---
> browser.safebrowsing.blockedURIs.enabled = false
1c1
< browser.safebrowsing.enabled = true
---
> browser.safebrowsing.enabled = false
1c1
< browser.safebrowsing.malware.enabled = true
---
> browser.safebrowsing.malware.enabled = false
1c1
< browser.safebrowsing.phishing.enabled = true
---
> browser.safebrowsing.phishing.enabled = false
1c1
< dom.maxHardwareConcurrency = 2
---
> dom.maxHardwareConcurrency = 1
1c1
< geo.wifi.uri = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"
---
> geo.wifi.uri = ""
1c1
< plugin.state.flash = 0
---
> plugin.state.flash = 1
1c1
< privacy.trackingprotection.pbmode.enabled = true
---
> privacy.trackingprotection.pbmode.enabled = false
1c1
< security.pki.sha1_enforcement_level = 1
---
> security.pki.sha1_enforcement_level = 2
1c1
< security.tls.version.max = 4
---
> security.tls.version.max = 3
1c1
< services.blocklist.update_enabled = true
---
> services.blocklist.update_enabled = false

This way we don't need to comb through all the settings that come from Firefox defaults.

ghost commented 6 years ago

I am not an expert in make so it is a little unclear to me what you have done. Can you explain?

pyllyukko commented 6 years ago

I am not an expert in make so it is a little unclear to me what you have done. Can you explain?

Well in this case, it's just a method of calling an infernal shell one-liner that performs the diffing. You can see it running the one-liner in the second line of the example.

The make 000-tor-browser.js will create the 000-tor-browser.js file by downloading it from the Tor project.

Did this answer your question?

ghost commented 6 years ago

Yes but what is 000-tor-browser.js? IOW: how is one supposed to use it?

And another question: how can I get in a text file everything which I see in about:config in Tor (and in Firefox)? Perhaps if that is possible (say as a CSV) we could compare and experiment further. What do you think?

Atavic commented 6 years ago

make 000-tor-browser.js is a bash command.

This bash script wgets this and then diffs with your own file via sed and regex.

BTW the gitweb.torproject.org link is a 404 Not Found for me, I see this other one but I don't know if it's the same.

ghost commented 6 years ago

Thanks. 404 here too. What about the other question?

Atavic commented 6 years ago

I have to make some space before installing anything, but then I'll get those default preferences. Meanwhile I looked at Orfox and, scattered around many files, there are preferences that allow some google URLs. Tor prefs can be definitely modified for good.

ghost commented 6 years ago

Do you think it would a good idea to create a matrix/table/CSV of settings? I imagine it may have the following columns:

Short description
Preference Name
Value in browser this user.js
Value in ghacks
... Value in other user.js project
Value in Tor
Affects Panopticlick score (yes/no)

Then hopefully we can come up with the best bundle of tested settings and when new browser versions are released we can simply review what's new and add/update the relevant cells. Perhaps some script may generate a user.js from the CSV.

The challenges I see with this:

Getting proper description (as other user.js projects may have different ones, still containing valuable info)
Getting the full list of settings preferences for different browsers (it seems Tor may have some which are not in FF, or in IceCat etc)

What do you think?

ghost commented 6 years ago

BTW this may be worth looking at: https://trac.torproject.org/projects/tor/ticket/21200

Atavic commented 6 years ago

I think you should start your own repo with:

Preference Name Value in your own repo Value in Tor

I'll gladly criticise/contribute, then.

Diffs between this user.js and the ghacks one has been done before, devs are happily going in parallel on their own paths.

ghost commented 6 years ago

This is new for me but I think I created a repo

Could you please check my profile and suggest how to proceed?

Atavic commented 6 years ago

:+1: There's "Manage topics" below the description, you can populate some keywords.

ghost commented 6 years ago

I will add proper description. But what I am more interested right now is the proper format for the matrix and how to get all preferences and values from the different sources in it.

I haven't used git, only svn, so it is really new to me.

TriMoon commented 6 years ago

@Atavic A dead horse, DNT is greatly ignored and simply makes your browser stand out in the crowd.

More and more sites are actually preventing injecting tracking scripts like GA when it is enabled 😉 Ofcourse using new technologies will always make the ones using them first stand-out from the crowd, but this is not persee a bad thing. Otherwise using settings from user.js could also be labeled as making you stand-out from the crowd 👅

pyllyukko commented 6 years ago

Yes but what is 000-tor-browser.js? IOW: how is one supposed to use it?

It's Tor projects "version of user.js". Their customizations that is.

This bash script wgets this and then diffs with your own file via sed and regex.

This

Do you think it would a good idea to create a matrix/table/CSV of settings? I imagine it may have the following columns:

https://github.com/pyllyukko/user.js/issues/256#issuecomment-299633764 -> https://jm42.github.io/compare-user.js/

ghost commented 6 years ago

@pyllyukko Thank you! Just to clarify: does the first link contain all possible variables or just the ones which Tor customizes? Also how can I get a full list for FF, IceCat (possibly other FF forks too)?

pyllyukko commented 6 years ago

@pyllyukko Thank you! Just to clarify: does the first link contain all possible variables or just the ones which Tor customizes? Also how can I get a full list for FF, IceCat (possibly other FF forks too)?

Only the ones they customize. For list for FF (if I understood correctly), you can run make sourceprefs.js, that @nodiscc implemented. It doesn't cover all Firefox settings, but still plenty of.

ghost commented 6 years ago

It doesn't cover all Firefox settings

Because it is not possible or for some other reason?

I am not looking just to diff things but also to learn what each about:config setting does. Unfortunately the documentation doesn't seem to cover all of them:

http://kb.mozillazine.org/About:config_entries

Where do you (and other similar projects) get info about the undocumented variables and the extra info about the documented ones?

Atavic commented 6 years ago

Because it is not possible or for some other reason?

Because some are prefs about fonts that depend on the OS. Other prefs appear after you install addons/webextensions. These prefs aren't unified for everyone.

Where do you get info?

Bugzilla.org Mercurial

ghost commented 6 years ago

Thanks.

Hm, that makes it more and more difficult. Having to dig through tons of info and spending many hours just to get some privacy. I appreciate the hard work you have done so far. I am questioning if I will be able to add anything meaningful in another repo.

Atavic commented 6 years ago

A new repo will raise consciousness, Just do it™

ghost commented 6 years ago

What do you mean by "raise consciousness"?

Atavic commented 6 years ago

Hm, that makes it more and more difficult.

We are into a community here.

Having to dig through tons of info and spending many hours just to get some privacy.

We are on the same boat, so to speak.

What do you mean by raise consciousness?

Users may find the repo discussing tor preferences aqnd become aware.

ghost commented 6 years ago

True but becoming an expert in patching deliberately created holes on the boat just because Mozilla "respects user privacy" is not very efficient. We can keep doing this forever, they can play their tricks on us in next versions etc. Life is short, we need something better.

Atavic commented 6 years ago

Yes, I don't update so often for those reasons you said above.

Where do you get info?

https://trac.torproject.org/projects/tor/query?status=!closed&component=Applications%2FTor+Browser

pyllyukko commented 6 years ago

Because it is not possible or for some other reason?

Because they are scattered all over the place.

I am not looking just to diff things but also to learn what each about:config setting does. Unfortunately the documentation doesn't seem to cover all of them:

Yes, plenty of settings are completely undocumented.

Where do you (and other similar projects) get info about the undocumented variables and the extra info about the documented ones?

As @Atavic said:

Bugzilla.org Mercurial

Sometimes it's quite a detective work. If all else fails, we try to interpret FF's source code and see what the settings actually do.

ghost commented 6 years ago

I wonder how come nobody has created a really secure and private FOSS browser, without using a previous code base which is so full of issues and without putting the user in a situation of a detective. If even Tor needs hardening, that is a real shame.

TriMoon commented 6 years ago

@anchev thats because the web technologies grow so fast with new posibilities that are actually wanted by users. The secure and private part is a work that can only be properly done after the internet eco-system uses the features, Because humans always try to find ways to circumvent original intentions for evil, it's just a race between "bad-guys" and "protectors" of the internet's eco-system.

ghost commented 6 years ago

The secure and private part is a work that can only be properly done after the internet eco-system uses the features

Security through patching systems which are designed in an insecure way is not efficient. If new functions are needed, that means new design is necessary. Otherwise if one tries to fly with a bike the result is obviously dangerous.

TriMoon commented 6 years ago

Let me ask you something then: Do you know what will happen tomorror in the whole world? If your answer is "Yes" then we are done talking, if it is "No" then you should accept the fact that no software can be made 100% secure and save because of what i told you...

ghost commented 6 years ago

print("Hello world") is 100% secure :)

TriMoon commented 6 years ago

not when it is followed by > /etc/passwd 😈

pyllyukko / user.js

Differences from Tor Browser #367