Changes to settings.js for v60

1 files changed, 126 insertions, 41 deletions

diff --git a/data/settings.js b/data/settings.js
index 4d402c7..d91324b 100644
--- a/data/settings.js
+++ b/data/settings.js
@@ -1,20 +1,18 @@
-// Poodle attack
-pref("security.tls.version.min", 1);
-
-// Disable default browser checking.
-pref("browser.shell.checkDefaultBrowser", false);
-
-// Don't disable extensions dropped in to a system
-// location, or those owned by the application
-pref("extensions.autoDisableScopes", 3);
-//pref("extensions.enabledScopes", 15);
-
-// Don't display the one-off addon selection dialog when
-// upgrading from a version of Firefox older than 8.0
-pref("extensions.shownSelectionUI", true);
+// Default name strings
+pref ("distribution.about", "GNU IceCat");
+pref ("distribution.id", "gnu");
+pref ("distribution.version", "1.0");
 
-// Don't call home for blacklisting
-pref("extensions.blocklist.enabled", false);
+// I'm feeling Ducky.
+pref("keyword.URL", "https://duckduckgo.com/?t=trisquel&q=!+");
+pref("browser.search.defaultenginename", "DuckDuckGo");
+pref("browser.search.order.1", "DuckDuckGo");
+pref("browser.search.defaultenginename", "DuckDuckGo");
+pref("browser.search.order.extra.duckduckgo", "DuckDuckGo");
+pref("browser.search.showOneOffButtons", false);
+pref("browser.search.suggest.enabled",false);
+// Disable preconnecting to search engine when clicking on the search bar
+pref("network.http.speculative-parallel-limit", 0);
 
 // Release notes and vendor URLs
 pref("app.releaseNotesURL", "https://savannah.gnu.org/news/?group=gnuzilla");
@@ -38,24 +36,33 @@ pref("nglayout.initialpaint.delay", 0);
 // Disable third party cookies
 pref("network.cookie.cookieBehavior", 1);
 
-// Extensions can be updated
-pref("extensions.update.enabled", true);
+// Extensions cannot be updated without permission
+pref("extensions.update.enabled", false);
 // Use LANG environment variable to choose locale
 pref("intl.locale.matchOS", true);
 // Disable default browser checking.
 pref("browser.shell.checkDefaultBrowser", false);
 // Prevent EULA dialog to popup on first run
 pref("browser.EULA.override", true);
+// Don't disable extensions dropped in to a system
+// location, or those owned by the application
+pref("extensions.autoDisableScopes", 3);
+//pref("extensions.enabledScopes", 15);
+// Don't display the one-off addon selection dialog when
+// upgrading from a version of Firefox older than 8.0
+pref("extensions.shownSelectionUI", true);
+// Don't call home for blacklisting
+pref("extensions.blocklist.enabled", false);
 
 // disable app updater url
-pref("app.update.url", "http://127.0.0.1/");"
-
-// Default name strings
-pref ("distribution.about", "GNU IceCat");
-pref ("distribution.id", "gnu");
-pref ("distribution.version", "1.0");
+pref("app.update.url", "http://127.0.0.1/");
 
 // Startup page
+// Set useragent to Firefox compatible
+pref("general.useragent.compatMode.icecat",true);
+// Spoof the useragent to a generic one
+//pref("general.useragent.override", "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/60.0");
+
 //pref ("browser.startup.page" , 3);
 //pref ("browser.startup.homepage" , "https://www.gnu.org/software/gnuzilla/");
 //pref ("startup.homepage_welcome_url", "https://www.gnu.org/software/gnuzilla/");
@@ -99,9 +106,10 @@ pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
 pref("browser.safebrowsing.enabled", false);
 pref("browser.safebrowsing.downloads.remote.enabled", false);
 pref("browser.safebrowsing.malware.enabled", false);
-//pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/");
+pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/");
 pref("social.enabled", false);
 pref("social.remote-install.enabled", false);
+pref("datareporting.policy.dataSubmissionEnabled", false);
 pref("datareporting.healthreport.uploadEnabled", false);
 pref("datareporting.healthreport.about.reportUrl", "127.0.0.1");
 pref("datareporting.healthreport.documentServerURI", "127.0.0.1");
@@ -111,7 +119,7 @@ pref("datareporting.policy.dataSubmissionEnabled", false);
 pref("datareporting.healthreport.service.enabled", false);
 pref("browser.slowStartup.notificationDisabled", true);
 pref("network.http.sendRefererHeader", 2);
-pref("network.http.referer.spoofSource", true);
+pref("network.http.referer.spoofSource", false);
 //http://grack.com/blog/2010/01/06/3rd-party-cookies-dom-storage-and-privacy/
 //pref("dom.storage.enabled", false);
 pref("dom.event.clipboardevents.enabled",false);
@@ -119,6 +127,8 @@ pref("network.prefetch-next", false);
 pref("network.dns.disablePrefetch", true);
 pref("network.http.sendSecureXSiteReferrer", false);
 pref("toolkit.telemetry.enabled", false);
+pref("toolkit.telemetry.server", "");
+pref("experiments.manifest.uri", ""); 
 pref("toolkit.telemetry.unified", false);
 // Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html
 pref("plugins.enumerable_names", "");
@@ -139,22 +149,52 @@ pref("browser.search.suggest.enabled", false);
 pref("browser.sessionstore.max_resumed_crashes", 0);
 // Disable shield/heartbeat
 pref("extensions.shield-recipe-client.enabled", false);
+// Don't download ads for the newtab page
+pref("browser.newtabpage.directory.source", "");
+pref("browser.newtabpage.directory.ping", "");
+pref("browser.newtabpage.introShown", true);
+// Disable home snippets
+pref("browser.aboutHomeSnippets.updateUrl", "");
+// Always ask before restoring the browsing session
+pref("browser.sessionstore.max_resumed_crashes", 0);
+// Disable tracking protection by default, as it makes automated connections to fetch lists
+pref("browser.safebrowsing.provider.mozilla.updateURL", "");
+pref("privacy.trackingprotection.enabled", false);
+pref("privacy.trackingprotection.pbmode.enabled", false);
+pref("privacy.trackingprotection.introURL", "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tracking-protection/start/");
+// Disable geolocation
+pref("geo.enabled", false);
+pref("browser.search.geoip.url", "");
+// Disable captive portal detection
+pref("captivedetect.canonicalURL", "");
+pref("network.captive-portal-service.enabled", false);
+// Disable shield/heartbeat
+pref("extensions.shield-recipe-client.enabled", false);
+// Canvas fingerprint protection
+pref("privacy.resistFingerprinting", true);
+// Webgl can be used for fingerprinting
+pref("webgl.disabled", true);
+// Don't reveal your internal IP when WebRTC is enabled
+pref("media.peerconnection.ice.no_host", true);
 
-// Crypto hardening
-// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
-//General settings
-pref("security.tls.unrestricted_rc4_fallback", false);
-pref("security.tls.insecure_fallback_hosts.use_static_list", false);
-pref("security.tls.version.min", 1);
-pref("security.ssl.require_safe_negotiation", false);
-pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-pref("security.ssl3.rsa_seed_sha", true);
-pref("security.OCSP.enabled", 1);
-pref("security.OCSP.require", false); // set to false otherwise it breaks captive portal usage
+// Services
+pref("gecko.handlerService.schemes.mailto.0.name", "");
+pref("gecko.handlerService.schemes.mailto.1.name", "");
+pref("handlerService.schemes.mailto.1.uriTemplate", "");
+pref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
+pref("browser.contentHandlers.types.0.title", "");
+pref("browser.contentHandlers.types.0.uri", "");
+pref("browser.contentHandlers.types.1.title", "");
+pref("browser.contentHandlers.types.1.uri", "");
+pref("gecko.handlerService.schemes.webcal.0.name", "");
+pref("gecko.handlerService.schemes.webcal.0.uriTemplate", "");
+pref("gecko.handlerService.schemes.irc.0.name", "");
+pref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
 
 // Disable channel updates
 pref("app.update.enabled", false);
 pref("app.update.auto", false);
+pref("toolkit.telemetry.enabled", false);
 
 // EME
 pref("media.eme.enabled", false);
@@ -180,12 +220,16 @@ pref("gecko.handlerService.schemes.webcal.0.uriTemplate", "");
 pref("gecko.handlerService.schemes.irc.0.name", "");
 pref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
 // https://kiwiirc.com/client/irc.247cdn.net/?nick=Your%20Nickname#underwater-hockey
+// Don't call home for blacklisting
+pref("extensions.blocklist.enabled", false);
+ 
+
 
 pref("font.default.x-western", "sans-serif");
 
 // Preferences for the Get Add-ons panel
-pref ("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat");
-pref ("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat");
+pref ("extensions.webservice.discoverURL", "https://gnuzilla.gnu.org/extensions");
+pref ("extensions.getAddons.search.url", "https://gnuzilla.gnu.org/extensions");
 
 // Mobile
 pref("privacy.announcements.enabled", false);
@@ -223,11 +267,16 @@ pref("browser.search.order.US.3",                "data:text/plain,browser.search
 // Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
 pref("media.gmp-manager.url", "http://127.0.0.1/");
 pref("media.gmp-manager.url.override", "data:text/plain,");
+pref("media.gmp-manager.url", "");
 pref("media.gmp-provider.enabled", false);
 // Don't install openh264 codec
 pref("media.gmp-gmpopenh264.enabled", false);
 pref("media.gmp-eme-adobe.enabled", false);
 
+//Disable middle click content load
+//Avoid loading urls by mistake 
+pref("middlemouse.contentLoadURL", false);
+
 //Disable heartbeat
 pref("browser.selfsupport.url", "");
 
@@ -248,9 +297,8 @@ pref("browser.newtabpage.introShown", true);
 // Disable home snippets
 pref("browser.aboutHomeSnippets.updateUrl", "data:text/html");
 
-// Disable hardware acceleration and WebGL
+// Disable hardware acceleration
 //pref("layers.acceleration.disabled", false);
-pref("webgl.disabled", false);
 pref("gfx.direct2d.disabled", true);
 
 // Disable SSDP
@@ -259,6 +307,24 @@ pref("browser.casting.enabled", false);
 //Disable directory service
 pref("social.directories", "");
 
+// Crypto hardening
+// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
+//General settings
+pref("security.tls.unrestricted_rc4_fallback", false);
+pref("security.tls.insecure_fallback_hosts.use_static_list", false);
+pref("security.tls.version.min", 1);
+pref("security.ssl.require_safe_negotiation", false);
+pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
+pref("security.ssl3.rsa_seed_sha", true);
+pref("security.OCSP.enabled", 1);
+pref("security.OCSP.require", false); // set to false otherwise it breaks captive portal usage
+
+// Avoid logjam attack
+pref("security.ssl3.dhe_rsa_aes_128_sha", false);
+pref("security.ssl3.dhe_rsa_aes_256_sha", false);
+pref("security.ssl3.dhe_dss_aes_128_sha", false);
+pref("security.ssl3.dhe_rsa_des_ede3_sha", false);
+
 // Disable Pocket integration
 pref("browser.pocket.enabled", false);
 pref("extensions.pocket.enabled", false);
@@ -268,3 +334,22 @@ pref("xpinstall.signatures.required", false);
 
 // Do not show unicode urls https://www.xudongz.com/blog/2017/idn-phishing/
 pref("network.IDN_show_punycode", true);
+
+// disable screenshots extension
+pref("extensions.screenshots.disabled", true);
+// disable onboarding
+pref("browser.onboarding.newtour", "performance,private,addons,customize,default");
+pref("browser.onboarding.updatetour", "performance,library,singlesearch,customize");
+pref("browser.onboarding.enabled", false);
+
+// New tab settings
+pref("browser.newtabpage.activity-stream.default.sites", "https://www.trisquel.info/,https://www.gnu.org/,https://www.fsf.org/,https://libreplanet.org/,https://www.wikipedia.org/,https://www.wikinews.org/");
+pref("browser.newtabpage.activity-stream.showTopSites",true);
+pref("browser.newtabpage.activity-stream.feeds.section.topstories",false);
+pref("browser.newtabpage.activity-stream.feeds.snippets",false);
+pref("browser.newtabpage.activity-stream.disableSnippets", true);
+user_pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
+
+// Enable xrender
+pref("gfx.xrender.enabled",true);
+