From b9cbdb3ee6c7546dd4c20eaa322351e9f417bdb3 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Wed, 1 Apr 2020 20:54:06 -0400
Subject: [PATCH] tracking: disable DNS-over-HTTPS and the "Normandy" service.

---
 tracking | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/tracking b/tracking
index c585cac..648c04e 100644
--- a/tracking
+++ b/tracking
@@ -77,3 +77,29 @@ user_pref("geo.enabled", false);
  */
 user_pref("webgl.disabled", true);
 
+
+/* Disable DNS-over-HTTPS (DoH), which is a helpful service that sends
+ * all of your DNS requests to Cloudflare. DoH is presently disabled
+ * by default in Gentoo, but let's disable it again so that we're not
+ * subject to the whims of the Gentoo security/privacy zeitgeist.
+ *
+ * References:
+ *
+ * 1. https://wiki.mozilla.org/Trusted_Recursive_Resolver#network.trr.mode
+ *
+ */
+user_pref("network.trr.mode", 5);
+
+
+/* Disable the "Normandy" service, which allows Mozilla to force-push
+ * invasive (the irony of word-association is not lost here) preference
+ * updates to your browser. Normandy is presently disabled by default in
+ * Gentoo, but it's the sort of thing worth killing twice, just to be sure.
+ *
+ * References:
+ *
+ * 1. https://wiki.mozilla.org/Firefox/Normandy/PreferenceRollout
+ * 2. https://wiki.mozilla.org/Firefox/Shield/Heartbeat
+ *
+ */
+user_pref("app.normandy.enabled", false);
-- 
2.43.2