Initial commit: add the individual sections.
authorMichael Orlitzky <michael@orlitzky.com>
Sat, 16 Mar 2019 14:02:53 +0000 (10:02 -0400)
committerMichael Orlitzky <michael@orlitzky.com>
Sat, 16 Mar 2019 14:02:53 +0000 (10:02 -0400)
certificates [new file with mode: 0644]
cookies [new file with mode: 0644]
referer [new file with mode: 0644]
speculation [new file with mode: 0644]
tracking [new file with mode: 0644]
ui [new file with mode: 0644]

diff --git a/certificates b/certificates
new file mode 100644 (file)
index 0000000..a741925
--- /dev/null
@@ -0,0 +1,17 @@
+/* Certificates and trust */
+
+/* Disable OCSP, which checks for certificate revocation by sending
+ * your browser history to a third-party. I think this leaves stapling
+ * enabled, which is what we should be using anyway. Not that I believe
+ * in the CA infrastructure to begin with!
+ *
+ * WARNING: of all the preferences set in this file, this one is likely
+ * the most controversial.
+ *
+ * References:
+ *
+ * 1. https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
+ * 2. https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
+ *
+ */
+user_pref("security.OCSP.enabled", 0);
diff --git a/cookies b/cookies
new file mode 100644 (file)
index 0000000..cdbe417
--- /dev/null
+++ b/cookies
@@ -0,0 +1,33 @@
+/* Cookie policy */
+
+
+/* Isolate cookies (and a bunch of other stuff) to their own domain.
+ *
+ * References:
+ *
+ * 1. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
+ * 2. https://www.ctrl.blog/entry/firefox-fpi
+ */
+user_pref("privacy.firstparty.isolate", true);
+
+
+/* Accept cookies only from the originating site.
+ *
+ * References:
+ *
+ * 1. http://kb.mozillazine.org/Network.cookie.cookieBehavior
+ *
+ */
+user_pref("network.cookie.cookieBehavior", 1);
+
+
+/* Delete all cookies after my session has expired.
+ *
+ * References:
+ *
+ * 1. http://kb.mozillazine.org/Network.cookie.lifetimePolicy
+ *
+ */
+user_pref("network.cookie.lifetimePolicy", 2);
+
+
diff --git a/referer b/referer
new file mode 100644 (file)
index 0000000..69bdc59
--- /dev/null
+++ b/referer
@@ -0,0 +1,32 @@
+/* Referer obfuscation */
+
+
+/* Only send the "referer" header when I _do_ something.
+ *
+ * References:
+ *
+ * 1. https://wiki.mozilla.org/Security/Referrer
+ *
+ */
+user_pref("network.http.sendRefererHeader", 1);
+
+
+/* Don't send the "referer" header for cross-domain requests.
+ *
+ * References:
+ *
+ * 1. https://wiki.mozilla.org/Security/Referrer
+ *
+ */
+user_pref("network.http.referer.XOriginPolicy", 1);
+
+
+/* Don't send the querystring across origins (that is, to subdomains,
+ * since XOriginPolicy is set to "1" above).
+ *
+ * References:
+ *
+ * 1. https://wiki.mozilla.org/Security/Referrer
+ *
+ */
+user_pref("network.http.referer.XOriginTrimmingPolicy", 1);
diff --git a/speculation b/speculation
new file mode 100644 (file)
index 0000000..25ee935
--- /dev/null
@@ -0,0 +1,29 @@
+/* Disabling speculative fetching */
+
+
+/* Disable speculative DNS queries.
+ *
+ * References:
+ *
+ * 1. http://kb.mozillazine.org/Network.dns.disablePrefetch
+ */
+user_pref("network.dns.disablePrefetch", true);
+
+
+/* Disable speculative HTTP requests.
+ *
+ * References:
+ *
+ * 1. http://kb.mozillazine.org/Network.prefetch-next
+ *
+ */
+user_pref("network.prefetch-next", false);
+
+
+/* Disable speculation while I'm typing a URL.
+ *
+ * References:
+ *
+ * 1. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
+ */
+user_pref("browser.urlbar.speculativeConnect.enabled", false);
diff --git a/tracking b/tracking
new file mode 100644 (file)
index 0000000..2518a7c
--- /dev/null
+++ b/tracking
@@ -0,0 +1,78 @@
+/* Tracking protection */
+
+
+/* Don't notify servers when I leave a webpage.
+ *
+ * References:
+ *
+ * 1. https://bugzilla.mozilla.org/show_bug.cgi?id=1387745
+ *
+ */
+user_pref("beacon.enabled", false);
+
+
+/* Don't let websites query the battery status of my PC.
+ * This should now be disabled... but let's turn it off
+ * again, just in case.
+ *
+ * References:
+ *
+ * 1. https://bugzilla.mozilla.org/show_bug.cgi?id=1387745
+ * 2. https://bugzilla.mozilla.org/show_bug.cgi?id=1313580
+ * 3. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
+ */
+user_pref("dom.battery.enabled", false);
+
+
+/* Don't allow websites to spy on my copy/paste actions.
+ *
+ * References:
+ *
+ * 1. https://bugzilla.mozilla.org/show_bug.cgi?id=1387745
+ * 2. https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
+ * 3. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
+ */
+user_pref("dom.event.clipboardevents.enabled", false);
+
+
+/* Disable WebRTC. I don't need a web browser to chat, thanks.
+ *
+ * References:
+ *
+ * 1. https://restoreprivacy.com/webrtc-leaks/
+ * 2. https://wiki.mozilla.org/Media/WebRTC/Privacy
+ */
+user_pref("media.peerconnection.enabled", false);
+
+
+/* Don't allow websites to snoop on my webcam or microphone.
+ *
+ * References:
+ *
+ * 1. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
+ * 2. https://wiki.mozilla.org/Media/getUserMedia
+ */
+user_pref("media.navigator.enabled", false);
+
+
+/* Disable geolocation. Websites shouldn't know where I am,
+ * and neither should Google (whose API is used to track me).
+ *
+ * References:
+ *
+ * 1. http://www.mozilla.com/en-US/firefox/geolocation/
+ * 2. https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks
+ *
+ */
+user_pref("geo.enabled", false);
+
+
+/* Disable WebGL. I actually don't need websites to be able to
+ * directly access my video hardware.
+ *
+ * References:
+ *
+ * 1. https://www.contextis.com/en/blog/webgl-a-new-dimension-for-browser-exploitation
+ *
+ */
+user_pref("webgl.disabled", true);
\ No newline at end of file
diff --git a/ui b/ui
new file mode 100644 (file)
index 0000000..d5dd753
--- /dev/null
+++ b/ui
@@ -0,0 +1,32 @@
+/* User-interface tweaks */
+
+
+/* Don't do anything when I start the browser unless I say so.
+ *
+ * References:
+ *
+ * 1. http://kb.mozillazine.org/Browser.startup.homepage
+ */
+user_pref("browser.startup.homepage", "about:blank");
+
+
+/* Don't hide important information in the URL bar
+ *
+ * References:
+ *
+ * 1. https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.urlbar.trimURLs
+ *
+ */
+user_pref("browser.urlbar.trimURLs", false);
+
+
+/* Don't allow unicode trickery in the URL bar.
+ *
+ * References:
+ *
+ * 1. http://kb.mozillazine.org/Network.IDN_show_punycode
+ * 2. https://ma.ttias.be/show-idn-punycode-firefox-avoid-phishing-urls/
+ *
+ */
+user_pref("network.IDN_show_punycode", true);
+