diff --git a/patches/preferences/ironfox.js b/patches/preferences/ironfox.js index 12401231..9deb8f05 100644 --- a/patches/preferences/ironfox.js +++ b/patches/preferences/ironfox.js @@ -14,3 +14,5 @@ pref("browser.safebrowsing.blockedURIs.enabled", false); pref("browser.safebrowsing.downloads.enabled", false); // [DEFAULT] pref("browser.safebrowsing.malware.enabled", false); pref("browser.safebrowsing.phishing.enabled", false); + +pref("browser.ironfox.applied", true); diff --git a/patches/preferences/phoenix-extended.js b/patches/preferences/phoenix-extended.js index 0caebb9f..efacbdc4 100644 --- a/patches/preferences/phoenix-extended.js +++ b/patches/preferences/phoenix-extended.js @@ -9,6 +9,8 @@ pref("security.ssl.require_safe_negotiation", true); +pref("browser.phoenix.extended.001.applied", true); + // 002 FINGERPRINTING PROTECTION /// Enable RFP (resistFingerprinting) @@ -23,6 +25,8 @@ pref("privacy.resistFingerprinting", true); pref("webgl.disabled", true); +pref("browser.phoenix.extended.002.applied", true); + /// 003 WEBRTC // Never leak IP addresses - This *will* break WebRTC @@ -30,6 +34,8 @@ pref("webgl.disabled", true); pref("media.peerconnection.ice.default_address_only", true); pref("media.peerconnection.ice.no_host", true); +pref("browser.phoenix.extended.003.applied", true); + // 004 MISC. PRIVACY /// Disable ETP WebCompat & Heuristics @@ -44,6 +50,8 @@ pref("privacy.restrict3rdpartystorage.heuristic.window_open", false); // [DEFAUL pref("network.http.referer.XOriginPolicy", 2); +pref("browser.phoenix.extended.004.applied", true); + // 005 ATTACK SURFACE REDUCTION /// Disable WebAssembly @@ -51,6 +59,8 @@ pref("network.http.referer.XOriginPolicy", 2); pref("javascript.options.wasm", false); +pref("browser.phoenix.extended.005.applied", true); + // 006 MISC. /// Prevent sites from automatically refreshing @@ -60,3 +70,7 @@ pref("browser.meta_refresh_when_inactive.disabled", true); // [DEFAULT] /// Stricter Autoplay Blocking pref("media.autoplay.blocking_policy", 2); // [Default = 0] + +pref("browser.phoenix.extended.006.applied", true); + +pref("browser.phoenix.extended.applied", true); diff --git a/patches/preferences/phoenix.js b/patches/preferences/phoenix.js index b4abed6b..5e3ee653 100644 --- a/patches/preferences/phoenix.js +++ b/patches/preferences/phoenix.js @@ -13,6 +13,8 @@ pref("general.aboutConfig.enable", true); /// Disable annoying warnings when attempting to access the about:config pref("general.warnOnAboutConfig", false); +pref("browser.phoenix.000.applied", true); + // 001 DATA COLLECTION /// Shield Studies/Normandy/Nimbus @@ -24,17 +26,17 @@ pref("general.warnOnAboutConfig", false); // https://experimenter.info/ // resource://nimbus/ExperimentAPI.sys.mjs -pref("app.normandy.api_url", ""); -pref("app.normandy.enabled", false); -pref("app.normandy.first_run", false); -pref("app.normandy.last_seen_buildid", ""); -pref("app.normandy.logging.level", 70); // Limits logging to fatal only -pref("app.normandy.user_id", ""); -pref("app.shield.optoutstudies.enabled", false); +pref("app.normandy.api_url", ""); // [HIDDEN] +pref("app.normandy.enabled", false); // [HIDDEN] +pref("app.normandy.first_run", false); // [HIDDEN] +pref("app.normandy.last_seen_buildid", ""); // [HIDDEN] +pref("app.normandy.logging.level", 70); // [HIDDEN], Limits logging to fatal only +pref("app.normandy.user_id", ""); // [HIDDEN] +pref("app.shield.optoutstudies.enabled", false); // [HIDDEN] pref("messaging-system.log", "off"); // Disables logging -pref("messaging-system.rsexperimentloader.enabled", false); -pref("messaging-system.rsexperimentloader.collection_id", ""); -pref("nimbus.appId", ""); // https://searchfox.org/mozilla-central/source/toolkit/components/backgroundtasks/defaults/backgroundtasks_browser.js +pref("messaging-system.rsexperimentloader.enabled", false); // [HIDDEN] +pref("messaging-system.rsexperimentloader.collection_id", ""); // [HIDDEN] +pref("nimbus.appId", ""); // [HIDDEN], https://searchfox.org/mozilla-central/source/toolkit/components/backgroundtasks/defaults/backgroundtasks_browser.js pref("toolkit.telemetry.pioneer-new-studies-available", false); // [HIDDEN] /// WebVTT Testing Events @@ -147,6 +149,8 @@ pref("extensions.recommendations.privacyPolicyUrl", ""); // [DEFAULT] pref("toolkit.crashreporter.infoURL", ""); // [HIDDEN] pref("toolkit.datacollection.infoURL", ""); // [HIDDEN] +pref("browser.phoenix.001.applied", true); + // 002 MOZILLA CRAP™ /// Firefox Recommendations & "Discovery" @@ -184,6 +188,8 @@ pref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/%LOCAL pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT except for Beta & Nightly releases...] pref("extensions.webcompat-reporter.newIssueEndpoint", ""); +pref("browser.phoenix.002.applied", true); + // 003 Search & URL Bar /// Allow using a different search engine in Private Windows vs. Normal Windows @@ -199,6 +205,8 @@ pref("browser.search.separatePrivateDefault.urlbarResult.enabled", true); // [HI pref("network.IDN_show_punycode", true); +pref("browser.phoenix.003.applied", true); + // 004 Implicit Connections /// Disable Network Prefetching @@ -219,6 +227,8 @@ pref("network.prefetch-next", false); pref("browser.search.suggest.enabled", false); pref("browser.search.suggest.enabled.private", false); +pref("browser.phoenix.004.applied", true); + // 005 HTTP(S) - Mixed Content & General Network Hardening /// Enforce using HTTPS as much as possible @@ -307,6 +317,8 @@ pref("network.proxy.failover_direct", false); pref("network.proxy.socks_remote_dns", true); pref("network.proxy.socks5_remote_dns", true); // [DEFAULT] +pref("browser.phoenix.005.applied", true); + // 006 DNS /// Disable Mozilla's DoH Rollout @@ -317,7 +329,7 @@ pref("doh-rollout.skipHeuristicsCheck", true); // [HIDDEN] pref("doh-rollout.uri", ""); // [HIDDEN] pref("network.trr.default_provider_uri", ""); -/// Set Quad9 as default DoH resolver +/// Enable DoH & Set to Quad9 by default pref("network.trr.custom_uri", "https://dns.quad9.net/dns-query"); pref("network.trr.mode", 3); @@ -351,6 +363,8 @@ pref("network.dns.native_https_query", true); // [DEFAULT] pref("network.dns.preferIPv6", true); +pref("browser.phoenix.006.applied", true); + // 007 CERTIFICATES /// Enforce OCSP & Stapling @@ -381,6 +395,8 @@ pref("security.pki.certificate_transparency.mode", 2); // [Default = 0] pref("security.pki.certificate_transparency.disable_for_hosts", ""); // [DEFAULT] pref("security.pki.certificate_transparency.disable_for_spki_hashes", ""); // [DEFAULT] +pref("browser.phoenix.007.applied", true); + // 008 DOWNLOADS /// Always prompt before downloading files @@ -392,6 +408,8 @@ pref("browser.download.useDownloadDir", false); pref("dom.block_download_insecure", true); // [DEFAULT] +pref("browser.phoenix.008.applied", true); + // 009 SAFE BROWSING /// Enable Safe Browsing by default @@ -448,6 +466,8 @@ pref("browser.safebrowsing.reportPhishURL", "https://safebrowsing.google.com/saf pref("browser.safebrowsing.provider.google.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url="); pref("browser.safebrowsing.provider.google4.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url="); +pref("browser.phoenix.009.applied", true); + // 010 GEOLOCATION /// Prevent Wi-Fi Scanning @@ -466,6 +486,8 @@ pref("browser.region.update.enabled", false); pref("geo.provider.network.url", "https://beacondb.net/v1/geolocate"); +pref("browser.phoenix.010.applied", true); + // 011 AI // https://support.mozilla.org/kb/ai-chatbot @@ -473,6 +495,8 @@ pref("geo.provider.network.url", "https://beacondb.net/v1/geolocate"); pref("browser.ml.enable", false); // [DEFAULT, except for Nightly] - "Experimental Machine Learning Inference Engine" +pref("browser.phoenix.011.applied", true); + // 012 WEBRTC /// Enable mDNS Host Obfuscation to prevent leaking local IP addresses @@ -485,6 +509,8 @@ pref("media.peerconnection.ice.obfuscate_host_addresses", true); pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); +pref("browser.phoenix.012.applied", true); + // 013 DISK AVOIDANCE /// Disable Search & Form History - Can be leaked to sites @@ -527,6 +553,8 @@ pref("layout.css.visited_links_enabled", false); pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN] +pref("browser.phoenix.013.applied", true); + // 014 EXTENSIONS // Only allow installing extensions from profile & application directories (Prevents extensions being installed from the system/via other software) @@ -550,6 +578,8 @@ pref("xpinstall.signatures.weakSignaturesTemporarilyAllowed", false); // [HIDDEN pref("extensions.blocklist.enabled", true); // [DEFAULT] +pref("browser.phoenix.014.applied", true); + // 015 PDF.js /// Disable JavaScript @@ -577,6 +607,8 @@ pref("browser.download.open_pdf_attachments_inline", true); // [DEFAULT] pref("pdfjs.sidebarViewOnLoad", 2); // [HIDDEN] +pref("browser.phoenix.015.applied", true); + // 016 FINGERPRINTING PROTECTION /// Set RFP to spoof the English locale by default @@ -609,6 +641,8 @@ pref("webgl.disable-fail-if-major-performance-caveat", false); pref("browser.display.use_system_colors", false); // [DEFAULT] +pref("browser.phoenix.016.applied", true); + // 017 MISC. PRIVACY /// Ensure ETP is set to Strict @@ -691,6 +725,8 @@ pref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _ope pref("privacy.query_stripping.strip_on_share.enabled", true); +pref("browser.phoenix.017.applied", true); + // 018 PASSWORDS & AUTHENTICATION /// Disable Autofill @@ -746,6 +782,8 @@ pref("network.microsoft-sso-authority-list", ""); // DEFENSE IN DEPTH pref("network.negotiate-auth.trusted-uris", ""); // [DEFAULT] +pref("browser.phoenix.018.applied", true); + // 019 ATTACK SURFACE REDUCTION /// Disable JavaScript Just-in-time Compilation (JIT) @@ -773,7 +811,22 @@ pref("mathml.disabled", true); pref("gfx.font_rendering.graphite.enabled", false); pref("gfx.font_rendering.opentype_svg.enabled", false); -// 022 MISC. SECURITY +pref("browser.phoenix.019.applied", true); + +// 020 MISC. SECURITY + +// Prevent websites from automatically downloading as many files as they want to a user's device... +// Can be used for denial of service +// Allows overriding for specific downloads if needed +// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41764 +// Ex. also enabled by Tor Browser + +pref("browser.download.enable_spam_prevention", true); + +// Do not disable Spectre mitigations for isolated content... +// https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#8689 + +pref("javascript.options.spectre.disable_for_isolated_content", false); // If a website asks for a certificate, always prompt the user // Never automatically select one... @@ -805,6 +858,7 @@ pref("browser.contentanalysis.interception_point.print.enabled", false); pref("dom.ipc.processCount.webIsolated", 1); // [DEFAULT] pref("fission.autostart", true); +pref("fission.autostart.session", true); /// Enable GPU Sandboxing @@ -856,13 +910,17 @@ pref("network.protocol-handler.warn-external.tel", true); pref("network.protocol-handler.warn-external.vnd.youtube", true); pref("security.external_protocol_requires_permission", true); // [DEFAULT] -// 023 BLOCK COOKIE BANNERS +pref("browser.phoenix.020.applied", true); + +// 021 BLOCK COOKIE BANNERS pref("cookiebanners.service.mode", 1); pref("cookiebanners.service.mode.privateBrowsing", 1); // [DEFAULT on Nightly] pref("cookiebanners.service.enableGlobalRules", true); // [DEFAULT] -// 024 MEDIA +pref("browser.phoenix.021.applied", true); + +// 022 MEDIA /// Enforce validating signature for GMP when updating // https://searchfox.org/mozilla-central/source/modules/libpref/init/all.js @@ -889,14 +947,18 @@ pref("media.eme.require-app-approval", true); // [DEFAULT - DEFENSE IN DEPTH]: E pref("media.gmp-widevinecdm.visible", false); pref("media.mediadrm-widevinecdm.visible", false); // https://searchfox.org/mozilla-central/source/mobile/android/app/geckoview-prefs.js#320 -// 025 UPDATES +pref("browser.phoenix.022.applied", true); + +// 023 UPDATES /// Ensure we're always updating extensions by default pref("extensions.systemAddon.update.enabled", true); // [DEFAULT] pref("extensions.update.enabled", true); // [DEFAULT] -// 026 DEBUGGING +pref("browser.phoenix.023.applied", true); + +// 024 DEBUGGING /// Enforce local debugging only @@ -912,7 +974,9 @@ pref("devtools.debugger.prompt-connection", true); // [DEFAULT] pref("reader.errors.includeURLs", false); // [DEFAULT] -/// 027 MISC. +pref("browser.phoenix.024.applied", true); + +/// 025 MISC. /// Always allow installing "incompatible" add-ons @@ -951,7 +1015,9 @@ pref("dom.disable_window_move_resize", true); // [DEFAULT] pref("media.webspeech.synth.dont_notify_on_error", true); // [HIDDEN] -// 028 PERFORMANCE +pref("browser.phoenix.025.applied", true); + +// 026 PERFORMANCE // A lot of these taken from https://github.com/yokoffing/Betterfox/blob/main/Fastfox.js pref("browser.sessionstore.max_tabs_undo", 7); // [Default = 10] @@ -974,11 +1040,15 @@ pref("network.http.max-persistent-connections-per-proxy", 48); // [Default = 20] pref("network.http.max-persistent-connections-per-server", 10); // [Default = 6] pref("network.http.max-urgent-start-excessive-connections-per-host", 5); // [Default = 3] -// 029 SMOOTH SCROLLING +pref("browser.phoenix.026.applied", true); + +// 027 SMOOTH SCROLLING pref("general.smoothScroll", true); // [DEFAULT] -// Personal Touch 💜 +pref("browser.phoenix.027.applied", true); + +// 028 Personal Touch 💜 /// Things that are nice to have™ // Not directly privacy & security related @@ -996,7 +1066,9 @@ pref("full-screen-api.warning.timeout", 0); // [Default = 3000] pref("security.xfocsp.hideOpenInNewWindow", false); pref("view_source.wrap_long_lines", true); // [DEFAULT] -// Sync more prefs +pref("browser.phoenix.028.applied", true); + +// 029 Sync more prefs // Note that for this to work, the below prefs must be set on BOTH the device you are syncing from & to... // Useful especially if you override our defaults @@ -1101,3 +1173,7 @@ pref("services.sync.prefs.sync.network.http.max-persistent-connections-per-serve pref("services.sync.prefs.sync.network.http.max-urgent-start-excessive-connections-per-host", true); pref("services.sync.prefs.sync.network.http.referer.XOriginPolicy", true); pref("services.sync.prefs.sync.webgl.disabled", true); + +pref("browser.phoenix.029.applied", true); + +pref("browser.phoenix.applied", true); diff --git a/scripts/prebuild.sh b/scripts/prebuild.sh index a527b57f..1845ff3e 100755 --- a/scripts/prebuild.sh +++ b/scripts/prebuild.sh @@ -347,7 +347,6 @@ pref("media.gmp-manager.url.override", "data:text/plain,"); // Disable openh264 if it is already downloaded pref("media.gmp-gmpopenh264.enabled", false); - EOF cat "$patches/preferences/phoenix.js" >>mobile/android/app/geckoview-prefs.js