Advertisement
odoncz

firefox bullshit disable

Aug 25th, 2016
204
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.80 KB | None | 0 0
  1. Firefox bullshit removal
  2.  
  3. ACTUAL FOR FF Gecko
  4.  
  5. https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
  6. Due to the incessant swarm of complete and utter nonsense that has been forcing its way into Firefox over time, I've decided to start collecting my personal list of “must-have” about:config tweaks required to turn Firefox into a functional brower.
  7.  
  8. NOTE: Unfortunately this is somewhat out of date. The comments link to some resources that may be more up-to-date. Patches welcome.
  9. WebSockets
  10.  
  11. These can be used for nefarious purposes and to bypass access restrictions.
  12.  
  13. browser.urlbar.trimURLs=false
  14.  
  15. network.websocket.enabled=false
  16.  
  17. JavaScript spy vectors
  18.  
  19. These can be used for fingerprinting or data collection about the host system.
  20.  
  21. dom.event.clipboardevents.enabled=false
  22. dom.battery.enabled=false
  23. browser.send_pings=false
  24. webgl.disabled=true
  25.  
  26. Pocket integration
  27.  
  28. This is a proprietary tie-in service that is a risk to your privacy.
  29.  
  30. Drag the “pocket” icon off your toolbar. This step is important.
  31. browser.pocket.enabled=false
  32.  
  33. WebRTC
  34.  
  35. This is an inter-browser communication standard that is a very significant risk to your privacy and can be used to break out of VPN tunnels, proxies and unmask local users.
  36.  
  37. media.peerconnection.enabled=false
  38. loop.enabled=false
  39.  
  40. DRM
  41.  
  42. This is a significant breach of your personal freedom and security.
  43.  
  44. media.eme.enabled=false
  45. media.gmp-eme-adobe.enabled=false
  46.  
  47. GeoLocation / Beacon
  48.  
  49. These can be used for tracking and fingerprinting services and are harmful to your privacy
  50.  
  51. browser.beacen.enabled=false
  52. geo.enabled=false
  53. geo.wifi.logging.enabled=false
  54. geo.wifi.uri=""
  55.  
  56. Safe browsing
  57.  
  58. This requires Firefox to communicate with a third party, Google by default, and also sends them metadata about your downloads.
  59.  
  60. browser.safebrowsing.enabled=false
  61. browser.safebrowsing.downloads.enabled=false
  62. browser.safebrowsing.malware.enabled=false
  63.  
  64. Social media integration
  65.  
  66. This anti-feature lets social media platforms integrate directly into your browser
  67.  
  68. social.directories=""
  69. social.whitelist=""
  70. social.manifest.facebook=""
  71. social.remote-install.enabled=false
  72. social.toast-notifications.enabled=false
  73.  
  74. Device tracking/statistics
  75.  
  76. These can be used to fingerprint your system and track you.
  77.  
  78. device.sensors.enabled=false
  79. camera.control.face_detection.enabled=false
  80. camera.control.autofocus_moving_callback.enabled=false
  81.  
  82. Tracking protection
  83.  
  84. This makes Firefox block known tracking domains by default.
  85.  
  86. privacy.trackingprotection.enabled=true
  87.  
  88. DNT Header
  89.  
  90. This makes Firefox include a DNT (“do not track”) header in its request. Theoretically, this would opt-out of tracking services for some services, but unfortunately it makes your fingerprint much more trackable, as this header is not too common. Enable if it you want, but it's probably best to leave it off to prevent tracking.
  91.  
  92. privacy.donottrackheader.enabled=true
  93.  
  94. Stat tracking / telemetry
  95.  
  96. These are used by Mozilla to spy on you, and are as such a significant risk to privacy.
  97.  
  98. datareporting.healthreport.service.enabled=false
  99. datareporting.healthreport.uploadEnabled=false
  100. toolkit.telemetry.enabled=false
  101.  
  102. Link pre-fetching
  103.  
  104. These will make Firefox connect with arbitrary links on a page by the simple act of hovering over them, without your explicit permission.
  105.  
  106. network.http.speculative-parallel-limit=0
  107.  
  108. Cryptography hardening
  109.  
  110. This disables algorithms that are known to be weak or broken, and prevents most common attack vectors. Be warned that this may break some older websites that are not compatible with modern protocols.
  111. General settings
  112.  
  113. security.tls.unrestricted_rc4_fallback=false
  114. security.tls.insecure_fallback_hosts.use_static_list=false
  115. security.tls.version.min=1
  116. security.ssl.require_safe_negotiation=true
  117. security.ssl.treat_unsafe_negotiation_as_broken=true
  118. security.ssl3.rsa_seed_sha=true
  119. security.OCSP.enabled=1
  120. security.OCSP.require=true
  121.  
  122. Disable unnecessary protocols
  123.  
  124. This disables older protocols that are known to be weak or entirely broken (3DES, RC4 and MD5).
  125.  
  126. security.ssl3.rsa_rc4_128_sha=false
  127. security.ssl3.rsa_rc4_128_md5=false
  128. security.ssl3.rsa_des_ede3_sha=false
  129. security.ssl3.ecdhe_ecdsa_rc4_128_sha=false
  130. security.ssl3.ecdhe_rsa_rc4_128_sha=false
  131.  
  132. Perfect forward secrecy
  133.  
  134. If you (additionally) want to force the usage of PFS, the only enabled ciphers should be of the ecdhe/dhe variants. Might break lots of stuff.
  135.  
  136. security.ssl3.rsa_aes_256_sha=false
  137.  
  138. Force TLS 1.2
  139.  
  140. This disables TLS 1.0 and TLS 1.1 completely, which increases security as these older protocols may be used as attack vectors. (Note that TLS technically contains a mechanism for preventing protocol degradation attacks, but it requires participation from both the client and the server - which is not a guarantee in practice)
  141.  
  142. security.tls.version.min=3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement