Firefox 15 base config

Discussion in 'privacy problems' started by TheWindBringeth, Aug 30, 2012.

Thread Status:
Not open for further replies.
  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I updated one of my computers to Firefox 15 and took the opportunity to make some notes on its base configuration (excluding extensions) in case I have to setup another one from scratch. I thought I'd post this for critique and/or reference. Security is obviously a goal but most of the changes are privacy related.

    InstallDir->application.ini
    ------------------------
    [Crash Reporter]
    Enabled=0
    ServerURL= // blank

    Options->Content
    -----------------
    Block pop-up windows = checked
    Enable JavaScript = checked, Allow scripts to: all unchecked

    Options->Applications
    ---------------------
    Various potentially unsafe content types set to Save File

    Options->Privacy
    ----------------
    Tell websites I do not want to be tracked = checked
    Use custom settings for history // want to save cookies for some non-critical sites
    Always use private browsing mode = unchecked
    Remember my browsing and download history = checked
    Remember search and form history = unchecked
    Accept cookies from sites = unchecked with minimal Exceptions added
    Clear history when Firefox closes, All settings checked except Cookies and Site Preferences
    When using the location bar, suggest: nothing

    Options->Security
    -----------------
    Warn me when sites try to install add-ons: checked and no exceptions
    Block reported attack sites: checked // needs rethink
    Block reported web forgeries: checked // needs rethink
    Remember passwords for sites: unchecked
    Use a master password: unchecked

    Options->Sync
    -------------
    Not configured

    Options->Advanced->General
    ----------------------------
    Submit crash reports = unchecked
    Submit performance data = unchecked

    Options->Advanced->Network
    ----------------------------
    Don't use a proxy
    Tell me when a websites asks to store data for offline use: checked, no exceptions

    Options->Advanced->Update
    ---------------------------
    Check for updates but let me choose whether to install them // needs rethink
    Automatically update search engines: unchecked

    About:Config user sets of interest (due to Options and/or manual changes)
    -------------------------------------------------------------------------
    accelerometer.enabled;false

    app.update.auto;false
    app.update.service.enabled;false // uninstalled

    browser.cache.offline.enable;false

    browser.download.manager.retention;0

    browser.fixup.alternate.enabled;false

    browser.formfill.enabled;false
    browser.formfill.saveHttpsForms;false

    browser.newtabpage.enabled;false
    browser.pagethumbnails.capturing_disabled;true

    browser.search.suggest.enabled;false
    browser.search.update;false // don't use

    browser.send_Pings.require_same_host;true // feature disabled though

    browser.sessionstore.resume_from_crash;false

    browser.urlbar.autocomplete.enabled;false

    browser.urlbar.trimURLs;false

    dom.battery.enabled;false

    dom.disable_window_move_resize;true
    dom.disable_window_open_feature.close;true
    dom.disable_window_open_feature.menubar;true
    dom.disable_window_open_feature.minimizable;true
    dom.disable_window_open_feature.personalbar;true
    dom.disable_window_open_feature.scrollbars;true
    dom.disable_window_open_feature.titlebar;true
    dom.disable_window_open_feature.toolbar;true

    dom.enable_performance;false

    dom.event.contextmenu.enabled;false

    dom.network.enabled;false // testing

    dom.storage.enabled;false

    general.useragent.override; // Tweaked with some false info, can cause inappropriate default downloads

    geo.enabled;false

    network.allow-experiments;false

    network.cookie.cookieBehavior;2
    network.cookie.lifetimePolicy;1
    network.cookie.thirdparty.sessionOnly;true

    network.dns.disableIPv6;true // don't need ATM

    network.dns.disablePrefetch;true
    network.dns.disablePrefetchFromHTTPS;true
    network.prefetch-next;false

    network.websocket.enabled;false

    plugin.expose_full_path;true

    plugin.scan.4xPluginFolder;false
    plugin.scan.Acrobat;999.999
    plugin.scan.Quicktime;999.999
    plugin.scan.SunJRE;999.999
    plugin.scan.WindowsMediaPlayer;999.999
    plugin.scan.plid.all;true // default, allows for flash which I use on this box

    plugins.click_to_play;true

    privacy.clearOnShutdown.cookies;false // want to keep some cookies
    privacy.clearOnShutdown.offlineApps;true
    privacy.clearOnShutdown.passwords;true
    privacy.cpd.cookies;false
    privacy.donottrackheader.enabled;true
    privacy.popups.showBrowserMessage;false

    privacy.sanitize.migrateFx3Prefs;true
    privacy.sanitize.sanitizeOnShutdown;true
    privacy.sanitize.timeSpan;0

    security.warn_viewing_mixed.show_once;false // revisiting
    security.warn_entering_weak.show_once;false // revisiting

    security.OCSP.require;true // certificate checking needs rethinking

    signon.rememberSignons;false
    signon.autofillForms;false

    toolkit.metrics.ping.enabled;false
    toolkit.telemetry.prompted;2
    toolkit.telemetry.rejected;true
    toolkit.telemetry.server; // blank
     
    Last edited: Aug 31, 2012
  2. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    276
    Location:
    SE Asia
    Thanks for this !! :thumb:
     
  3. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    FWIW...

    The Crash Reporter settings were overwritten during install of FF 15 so watch out for that. It may have been how I updated.

    Based in part due to finding additional information including at:

    Firefox - Change These For Better Privacy
    https://www.wilderssecurity.com/showthread.php?t=309748

    JonDoFox Defenses
    https://anonymous-proxy-servers.net/wiki/index.php/JonDoFox_sources

    I made more changes, which like the earlier ones are selected based on what I'm doing/testing so carefully consider them for yourself...
    Code:
    browser.history.allowReplaceState;false        //new, testing
    browser.history.allowPushState;false           //new, testing
    browser.history.allowPopState;false            //new, testing
    browser.sessionstore.max_resumed_crashes;0     //new
    browser.sessionstore.privacy_level_deferred;2  //new
    browser.sessionstore.privacy_level;2           //new
    browser.sessionstore.restore_on_demand;false   //new
    extensions.getAddons.cache.enabled;false       //new
    geo.wifi.uri;localhost                         //new
    keyword.enabled;false                          //new
    network.http.sendRefererHeader;0               //new, testing with RefControl 
    network.http.sendSecureXSiteReferrer;false     //new, testing with RefControl
    network.http.spdy.enabled;false                //new, until push risk assessed 
    network.http.spdy.enabled.v2;false             //new, until push risk assessed
    network.http.spdy.enabled.v3;false             //new, until push risk assessed
    
    So many settings. I probably won't update this anymore unless there is discussion about something.
     
  4. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    I appreciate your effort but is hard to understand for what is each setting, where do you get the information?

    There is any way to put all those settings in a file or something so you can backup/export them to add them easily to a new firefox installation?
     
  5. tlu

    tlu Guest

    All those settings are listed and explained on http://kb.mozillazine.org/About:config_entries . If they make sense is another question, though.

    Yes, save them in a user.js file and save that one in your profile folder. Details here and here.
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I use the http://kb.mozillazine.org/About:config_entries page mentioned by tlu (which doesn't list everything at this time), use general and Mozilla site specific searches to look for information including in some cases bug reports that make the picture clearer, and if necessary search the source code via http://mxr.mozilla.org/. Most of the settings are straight-forward but some require study and of course testing to make sure they don't break the sites you use. Its a process (that I am still chipping away at too).
     
  7. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Thanks for the work.

    PD
     
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    My latest in the easier form...
    Code:
    user_pref("accessibility.typeaheadfind", true);
    user_pref("accessibility.typeaheadfind.flashBar", 0);
    user_pref("app.update.auto", false);
    user_pref("app.update.enabled", true);
    user_pref("app.update.mode", 2);
    user_pref("app.update.service.enabled", false);
    user_pref("app.update.silent", false);
    user_pref("browser.cache.offline.enable", false);
    user_pref("browser.download.manager.addToRecentDocs", false);
    user_pref("browser.download.manager.retention", 0);
    user_pref("browser.fixup.alternate.enabled", false);
    user_pref("browser.formfill.enable", false);
    user_pref("browser.formfill.saveHttpsForms", false);
    user_pref("browser.history.allowPopState", false);
    user_pref("browser.history.allowPushState", false);
    user_pref("browser.history.allowReplaceState", false);
    user_pref("browser.newtabpage.enabled", false);
    user_pref("browser.pagethumbnails.capturing_disabled", true);
    user_pref("browser.search.suggest.enabled", false);
    user_pref("browser.search.update", false);
    user_pref("browser.send_pings", false);
    user_pref("browser.send_pings.require_same_host", true);
    user_pref("browser.sessionstore.max_resumed_crashes", 0);
    user_pref("browser.sessionstore.privacy_level", 2);
    user_pref("browser.sessionstore.privacy_level_deferred", 2);
    user_pref("browser.sessionstore.restore_on_demand", false);
    user_pref("browser.sessionstore.resume_from_crash", false);
    user_pref("browser.urlbar.autocomplete.enabled", false);
    user_pref("browser.urlbar.trimURLs", false );
    user_pref("browser.zoom.siteSpecific", false);
    user_pref("device.sensors.enabled", false);
    user_pref("dom.battery.enabled", false);
    user_pref("dom.disable_window_move_resize", true);
    user_pref("dom.disable_window_open_feature.close", true);
    user_pref("dom.disable_window_open_feature.menubar", true);
    user_pref("dom.disable_window_open_feature.minimizable", true);
    user_pref("dom.disable_window_open_feature.personalbar", true);
    user_pref("dom.disable_window_open_feature.scrollbars", true);
    user_pref("dom.disable_window_open_feature.titlebar", true);
    user_pref("dom.disable_window_open_feature.toolbar", true);
    user_pref("dom.enable_performance", false);
    user_pref("dom.event.contextmenu.enabled", false);
    user_pref("dom.indexedDB.enabled", false);
    user_pref("dom.network.enabled", false);
    user_pref("dom.storage.enabled", false);
    user_pref("extensions.getAddons.cache.enabled", false);
    user_pref("extensions.update.autoUpdateDefault", false);
    user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1");
    user_pref("geo.enabled", false);
    user_pref("geo.wifi.uri", "http://localhost:9437");
    user_pref("keyword.enabled", false);
    //user_pref("media.enforce_same_site_origin, true);
    user_pref("media.navigator.enabled", false);
    user_pref("network.allow-experiments", false);
    user_pref("network.cookie.cookieBehavior", 2);
    user_pref("network.cookie.lifetimePolicy", 1);
    user_pref("network.cookie.thirdparty.sessionOnly", true);
    user_pref("network.dns.disableIPv6", true);
    user_pref("network.dns.disablePrefetch", true);
    user_pref("network.dns.disablePrefetchFromHTTPS", true);
    user_pref("network.http.pipelining", true);
    user_pref("network.http.pipelining.ssl", false);
    user_pref("network.http.sendRefererHeader", 0);
    user_pref("network.http.sendSecureXSiteReferrer", false);
    user_pref("network.http.spdy.enabled", false);
    user_pref("network.http.spdy.enabled.v2", false);
    user_pref("network.http.spdy.enabled.v3", false);
    user_pref("network.prefetch-next", false);
    user_pref("network.websocket.enabled", false);
    user_pref("plugin.expose_full_path", false);
    user_pref("plugin.scan.4xPluginFolder", false);
    user_pref("plugin.scan.Acrobat", "999.9");
    user_pref("plugin.scan.Quicktime", "999.9");
    user_pref("plugin.scan.SunJRE", "999.9");
    user_pref("plugin.scan.WindowsMediaPlayer", "999.9");
    user_pref("plugin.scan.plid.all", true);
    user_pref("plugins.click_to_play", true);
    user_pref("privacy.clearOnShutdown.cache", true);
    user_pref("privacy.clearOnShutdown.cookies", false);
    user_pref("privacy.clearOnShutdown.downloads", true);
    user_pref("privacy.clearOnShutdown.formdata", true);
    user_pref("privacy.clearOnShutdown.history", true);
    user_pref("privacy.clearOnShutdown.offlineApps", true);
    user_pref("privacy.clearOnShutdown.passwords", true);
    user_pref("privacy.clearOnShutdown.sessions", true);
    user_pref("privacy.clearOnShutdown.siteSettings", false);
    user_pref("privacy.cpd.cache", true);
    user_pref("privacy.cpd.cookies", false);
    user_pref("privacy.cpd.downloads", true);
    user_pref("privacy.cpd.formdata", true);
    user_pref("privacy.cpd.history", true);
    user_pref("privacy.cpd.offlineApps", true);
    user_pref("privacy.cpd.passwords", true);
    user_pref("privacy.cpd.sessions", true);
    user_pref("privacy.cpd.siteSettings", false);
    user_pref("privacy.donottrackheader.enabled", true);
    user_pref("privacy.popups.showBrowserMessage", false);
    user_pref("privacy.sanitize.migrateFx3Prefs", true);
    user_pref("privacy.sanitize.sanitizeOnShutdown", true);
    user_pref("privacy.sanitize.timeSpan", 0);
    user_pref("security.OCSP.require", true);
    user_pref("security.default_personal_cert", "Ask Every Time");
    user_pref("security.enable_tls_session_tickets", false);
    user_pref("security.warn_entering_weak.show_once", false );
    user_pref("security.warn_viewing_mixed.show_once", false );
    user_pref("security.xpconnect.plugin.unrestricted", false );
    user_pref("services.sync.jpake.serverURL", "http://localhost:9437");
    user_pref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false);
    user_pref("services.sync.serverURL", "http://localhost:9437");
    user_pref("signon.autofillForms", false);
    user_pref("signon.rememberSignons", false);
    user_pref("toolkit.metrics.ping.enabled", false);
    user_pref("toolkit.telemetry.prompted", 2);
    user_pref("toolkit.telemetry.rejected", true);
    user_pref("toolkit.telemetry.server", "http://localhost:9437");
    user_pref("webgl.disabled", true);
    user_pref("xpinstall.whitelist.add", "");
    user_pref("xpinstall.whitelist.add.36", "");
    user_pref("xpinstall.whitelist.required", true);
    
     
    Last edited: Sep 14, 2012
Loading...
Thread Status:
Not open for further replies.