Git-Mirrors/thunderbird-user.js
1
0
Fork 0
mirror of https://github.com/HorlogeSkynet/thunderbird-user.js.git synced 2025-08-19 03:37:50 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge a471c97b54 into 2b839ae6ca

Browse source
This commit is contained in:
Samuel FORESTIER 2025-08-17 20:01:55 +00:00 committed by GitHub
commit d756cdb910
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 187 additions and 239 deletions
Download patch file Download diff file Expand all files Collapse all files

6
prefsCleaner.bat
View file

@ -4,7 +4,7 @@ TITLE prefs.js cleaner
REM ## prefs.js cleaner for Windows
REM ## /!\ This script is a vendored/adapted version of Arkenfox own prefsCleaner.bat /!\
REM ## author: @claustromaniac
REM ## version: 2.7
REM ## version: 2.8
CD /D "%~dp0"
@ -16,7 +16,7 @@ ECHO:
ECHO ########################################
ECHO #### prefs.js cleaner for Windows ####
ECHO #### by claustromaniac ####
ECHO #### v2.7 ####
ECHO #### v2.8 ####
ECHO ########################################
ECHO:
CALL :message "This script should be run from your Thunderbird profile directory."
@ -38,7 +38,7 @@ CALL :strlenCheck
CALL :FFcheck
CALL :message "Backing up prefs.js..."
FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
FOR /F "delims=" %%# IN ('powershell -command get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js"
CALL :message "Cleaning prefs.js..."

6
updater.bat
View file

@ -4,10 +4,10 @@ TITLE thunderbird user.js updater
REM ## thunderbird user.js updater for Windows
REM ## /!\ This script is a vendored/adapted version of Arkenfox own updater.bat /!\
REM ## author: @claustromaniac
REM ## version: 4.19
REM ## version: 4.20
REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows
SET v=4.19
SET v=4.20
VERIFY ON
CD /D "%~dp0"
@ -177,7 +177,7 @@ IF EXIST user.js.new (
IF DEFINED _singlebackup (
MOVE /Y user.js user.js.bak >nul
) ELSE (
FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
FOR /F "delims=" %%# IN ('powershell -command get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
MOVE /Y user.js "user-backup-!ldt!.js" >nul
)
REN user.js.new user.js

414
user.js
View file

@ -1,7 +1,7 @@
/******
* name: thunderbird user.js
* date: 7 November 2024
* version: v128.0
* date: 16 August 2025
* version: v140.0-beta1
* url: https://github.com/HorlogeSkynet/thunderbird-user.js
* license: MIT (https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/LICENSE)
@ -32,7 +32,7 @@
- DON'T wait for thunderbird-user.js to update Thunderbird, nothing major changes these days
* Each release
- run prefsCleaner to reset prefs made inactive, including deprecated (9999)
* If you use a previous ESR
* ESR (Extended Support Release)
- It is recommended to not use the updater, or you will get a later version which may cause issues.
So you should manually append your overrides (and keep a copy), and manually update when you
change ESR releases (thunderbird-user.js is already past that release)
@ -64,6 +64,7 @@
6000: DON'T TOUCH
7000: DON'T BOTHER
8000: DON'T BOTHER: FINGERPRINTING
8500: TELEMETRY
9000: NON-PROJECT RELATED
9100: THUNDERBIRD (AUTO CONFIG / UI / HEADERS / ADDRESS BOOK)
9200: EMAIL COMPOSITION (ENCODING / FORMAT / VIEW)
@ -107,44 +108,9 @@ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF]
/* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/
user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
/* 0322: disable personalized Extension Recommendations in about:addons and AMO [FF65+]
* [NOTE] This pref has no effect when Health Reports (0331) are disabled
* [NOTE] This pref has no effect when Health Reports (8501) are disabled
* [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/
user_pref("browser.discovery.enabled", false);
/* 0323: disable shopping experience [FF116+]
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1840156#c0 ***/
user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false]
/** TELEMETRY ***/
/* 0330: disable new data submission [FF41+]
* If disabled, no policy is shown or upload takes place, ever
* [1] https://bugzilla.mozilla.org/1195552
* [2] https://searchfox.org/comm-esr115/source/mail/components/telemetry/README.md#165 ***/
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.policy.dataSubmissionPolicyBypassNotification", true);
/* 0331: disable Health Reports
* [SETTING] Privacy & Security > Thunderbird Data Collection and Use > Allow Thunderbird to send technical... ***/
user_pref("datareporting.healthreport.uploadEnabled", false);
/* 0332: disable telemetry
* The "unified" pref affects the behavior of the "enabled" pref
* - If "unified" is false then "enabled" controls the telemetry module
* - If "unified" is true then "enabled" only controls whether to record extended data
* [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2]
* [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html
* [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.enabled", false); // see [NOTE]
user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+]
user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+]
user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+]
/* 0333: disable Telemetry Coverage
* [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/
user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF]
user_pref("toolkit.coverage.endpoint.base", "");
/** STUDIES ***/
/* 0340: disable Studies
@ -288,7 +254,7 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
* [1] https://bugzilla.mozilla.org/1433507
* [2] https://en.wikipedia.org/wiki/GVfs
* [3] https://en.wikipedia.org/wiki/GIO_(software) ***/
user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" FF118+]
user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""]
/* 0705: disable proxy direct failover for system requests [FF91+]
* [WARNING] Default true is a security feature against malicious extensions [1]
* [SETUP-CHROME] If you use a proxy and you trust your extensions
@ -336,17 +302,20 @@ user_pref("browser.urlbar.suggest.searches", false);
user_pref("browser.urlbar.trending.featureGate", false);
/* 0806: disable urlbar suggestions ***/
user_pref("browser.urlbar.addons.featureGate", false); // [FF115+]
user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF]
user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
user_pref("browser.urlbar.amp.featureGate", false); // [FF141+] adMarketplace
user_pref("browser.urlbar.fakespot.featureGate", false); // [FF130+] [DEFAULT: false]
user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+]
user_pref("browser.urlbar.weather.featureGate", false); // [FF108+]
user_pref("browser.urlbar.wikipedia.featureGate", false); // [FF141+]
user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+]
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
user_pref("browser.urlbar.clipboard.featureGate", false);
/* 0808: disable recent searches [FF120+]
* [NOTE] Recent searches are cleared with history (2811)
* [NOTE] Recent searches are cleared with history (2811+)
* [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/
// user_pref("browser.urlbar.recentsearches.featureGate", false);
/* 0810: disable search and form history
* [NOTE] We also clear formdata on exit (2811)
* [NOTE] We also clear formdata on exit (2811+)
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
* [2] https://bugzilla.mozilla.org/381681 ***/
@ -356,7 +325,7 @@ user_pref("browser.urlbar.suggest.engines", false);
/* 0820: disable coloring of visited links
* Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
* redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
* attacks. Don't forget clearing history on exit (2811). However, social engineering [2#limits][4][5]
* attacks. Don't forget clearing history on exit (2811+). However, social engineering [2#limits][4][5]
* and advanced targeted timing attacks could still produce usable results
* [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
* [2] https://dbaron.org/mozilla/visited-privacy
@ -398,14 +367,17 @@ user_pref("network.auth.subresource-http-auth-allow", 1);
* [1] https://support.mozilla.org/en-US/kb/protect-your-thunderbird-passwords-master-password
* [2] https://www.schneier.com/wp-content/uploads/2020/06/Privacy_Threats_in_Intimate_Relationships-1.pdf ***/
// user_pref("mail.password_protect_local_cache", true); // [HIDDEN PREF]
/* 0907: enforce no automatic authentication on Microsoft sites [FF131+] [MAC]
* On macOS, SSO only works on corporate devices ***/
user_pref("network.http.microsoft-entra-sso.enabled", true);
/*** [SECTION 1000]: DISK AVOIDANCE ***/
user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
/* 1001: disable disk cache
* [NOTE] We also clear cache on exit (2811)
* [NOTE] We also clear cache on exit (2811+)
* [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/
user_pref("browser.cache.disk.enable", false);
/* 1002: disable media cache from writing to disk in Private Browsing
/* 1002: set media cache in Private Browsing to in-memory and increase its maximum size
* [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/
user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+]
user_pref("media.memory_cache_max_size", 65536);
@ -419,7 +391,7 @@ user_pref("toolkit.winRegisterApplicationRestart", false);
/* 1006: disable favicons in shortcuts [WINDOWS]
* URL shortcuts use a cached randomly named .ico file which is stored in your
* profile/shortcutCache directory. The .ico remains after the shortcut is deleted
* If set to false then the shortcuts use a generic Firefox icon ***/
* If set to false then the shortcuts use a generic Thunderbird icon ***/
user_pref("browser.shell.shortcutFavicons", false);
/* 1901: disable disk cache for messages not in offline store */
user_pref("mail.imap.use_disk_cache2", false);
@ -466,13 +438,14 @@ user_pref("security.tls.enable_0rtt_data", false);
* [1] https://en.wikipedia.org/wiki/Ocsp ***/
user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
* [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR
* [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR | SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
* When a CA cannot be reached to validate a cert, Thunderbird's just continues the connection (=soft-fail)
* Setting this pref to true tells Thunderbird's to instead terminate the connection (=hard-fail)
* It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
* could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
* [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
* [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/
* [2] https://www.imperialviolet.org/2014/04/19/revchecking.html
* [3] https://letsencrypt.org/2024/12/05/ending-ocsp/ ***/
user_pref("security.OCSP.require", true);
/** CERTS / HPKP (HTTP Public Key Pinning) ***/
@ -488,7 +461,7 @@ user_pref("security.cert_pinning.enforcement_level", 2);
* 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default)
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
* [2] https://blog.mozilla.org/security/tag/crlite/ ***/
user_pref("security.remote_settings.crlite_filters.enabled", true);
user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+]
user_pref("security.pki.crlite_mode", 2);
/* 1225: enable loading of client certificates stored in OS certificate storage
* Bug: this does **NOT** work for S/MIME [1]
@ -548,8 +521,8 @@ user_pref("privacy.userContext.enabled", true);
user_pref("privacy.userContext.ui.enabled", true);
/* 1703: set external links to open in site-specific containers [FF123+]
* [SETUP-WEB] Depending on your container extension(s) and their settings
* true=Firefox will not choose a container (so your extension can)
* false=Firefox will choose the container/no-container (default)
* true=Thunderbird will not choose a container (so your extension can)
* false=Thunderbird will choose the container/no-container (default)
* [1] https://bugzilla.mozilla.org/1874599 ***/
// user_pref("browser.link.force_default_user_context_id_for_external_opens", true);
@ -589,8 +562,6 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
/* 2616: remove special permissions for certain mozilla domains [FF35+]
* [1] resource://app/defaults/permissions ***/
user_pref("permissions.manager.defaultsUrl", "");
/* 2617: remove webchannel whitelist ***/
user_pref("webchannel.allowObject.urlWhitelist", "");
/* 2619: use Punycode in Internationalized Domain Names to eliminate possible spoofing
* [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded
* [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
@ -611,15 +582,19 @@ user_pref("network.IDN_show_punycode", true);
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/
user_pref("pdfjs.disabled", false); // [DEFAULT: false]
user_pref("pdfjs.enableScripting", false); // [FF86+]
/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */
/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] ***/
user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX]
/* 2630: disable content analysis by DLP (Data Loss Prevention) agents
* DLP agents are background processes on managed computers that allow enterprises to monitor locally running
* applications for data exfiltration events, which they can allow/block based on customer defined DLP policies.
* 0=Block all requests, 1=Warn on all requests (which lets the user decide), 2=Allow all requests
* [1] https://github.com/chromium/content_analysis_sdk */
* [1] https://github.com/chromium/content_analysis_sdk ***/
user_pref("browser.contentanalysis.enabled", false); // [FF121+] [DEFAULT: false]
user_pref("browser.contentanalysis.default_result", 0); // [FF127+] [DEFAULT: 0]
/* 2635: disable referrer and storage access for resources injected by content scripts [FF139+] ***/
user_pref("privacy.antitracking.isolateContentScriptResources", true);
/* 2640: disable CSP Level 2 Reporting [FF140+] ***/
user_pref("security.csp.reporting.enabled", false);
/** DOWNLOADS ***/
/* 2651: enable user interaction for security by always asking where to download
@ -655,72 +630,55 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
/* 2810: enable Thunderbird to clear items on shutdown
* [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and
* [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811+), or manually via site data (2820+) and
* via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815) ***/
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS | v2 migration is FF128+ ***/
/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME]
* [NOTE] If "history" is true, downloads will also be cleared ***/
user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true]
user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true]
// user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false]
// user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false]
/* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
* [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811)
/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/
/* 2811: set/enforce clearOnShutdown items (if 2810 is true) [SETUP-CHROME] [FF128+] ***/
user_pref("privacy.clearOnShutdown_v2.cache", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [DEFAULT: true]
// user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [DEFAULT: false]
/* 2812: set/enforce clearOnShutdown items [FF136+] ***/
user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.downloads", true); // [HIDDEN]
user_pref("privacy.clearOnShutdown_v2.formdata", true);
/* 2813: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
* [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811+)
* [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/
// user_pref("privacy.clearOnShutdown.openWindows", true);
/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/
/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME]
* [NOTE] Exceptions: A "cookie" permission also controls "offlineApps" (see note below). For cross-domain logins,
* add exceptions for both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
* [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
* [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies
* [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271)
* [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question)
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings
* [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/
user_pref("privacy.clearOnShutdown.cookies", true); // Cookies
user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data
user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Site Data, Active Logins [FF128+]
/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS ***/
/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] [FF128+]
* [NOTE] Exceptions: For cross-domain logins, add exceptions for both sites
* e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
* [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271) ***/
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);
/** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/
/* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+]
* Thunderbird remembers your last choices. This will reset them when you start Thunderbird
* [SETTING] Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data ***/
* Thunderbird remembers your last choices. This will reset them when you start Thunderbird ***/
user_pref("privacy.clearSiteData.cache", true);
user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
// user_pref("privacy.clearSiteData.siteSettings", false);
/* 2821: set manual "Clear Data" items [FF136+] ***/
user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", true);
user_pref("privacy.clearSiteData.formdata", true);
/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS | clearHistory migration is FF128+ ***/
/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME]
* Thunderbird remembers your last choices. This will reset them when you start Thunderbird
* [NOTE] Regardless of what you set "downloads" to, as soon as the dialog
* for "Clear Recent History" is opened, it is synced to the same as "history" ***/
user_pref("privacy.cpd.cache", true); // [DEFAULT: true]
user_pref("privacy.clearHistory.cache", true);
user_pref("privacy.cpd.formdata", true); // [DEFAULT: true]
user_pref("privacy.cpd.history", true); // [DEFAULT: true]
// user_pref("privacy.cpd.downloads", true); // not used, see note above
user_pref("privacy.clearHistory.historyFormDataAndDownloads", true);
user_pref("privacy.cpd.cookies", false);
user_pref("privacy.cpd.sessions", true); // [DEFAULT: true]
user_pref("privacy.cpd.offlineApps", true); // [DEFAULT: false]
/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS ***/
/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME] [FF128+]
* Thunderbird remembers your last choices. This will reset them when you start Thunderbird ***/
user_pref("privacy.clearHistory.cache", true); // [DEFAULT: true]
user_pref("privacy.clearHistory.cookiesAndStorage", false);
// user_pref("privacy.cpd.openWindows", false); // Session Restore
// user_pref("privacy.cpd.passwords", false);
// user_pref("privacy.cpd.siteSettings", false);
// user_pref("privacy.clearHistory.siteSettings", false);
user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); // [DEFAULT: true]
// user_pref("privacy.clearHistory.siteSettings", false); // [DEFAULT: false]
/* 2831: set manual "Clear History" items [FF136+] ***/
user_pref("privacy.clearHistory.browsingHistoryAndDownloads", true); // [DEFAULT: true]
user_pref("privacy.clearHistory.formdata", true);
/** SANITIZE MANUAL: TIMERANGE ***/
/* 2840: set "Time range to clear" for "Clear Data" (2820) and "Clear History" (2830)
/* 2840: set "Time range to clear" for "Clear Data" (2820+) and "Clear History" (2830+)
* Thunderbird remembers your last choice. This will reset the value when you start Thunderbird
* 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today
* [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown,
@ -732,16 +690,25 @@ user_pref("privacy.sanitize.timeSpan", 0);
In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled
by ETP (2701). FPP will also use Remote Services in future to relax FPP protections
on a per site basis for compatibility (4004).
https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc
1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux)
[NOTE] RFPTargets + granular overrides are somewhat experimental and may produce unexpected results
- e.g. FrameRate can only be controlled per process, not per origin
1826408 - restrict to system fonts (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) (FF119+)
1928705: android (FF134+)
https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+)
1887682 - use fdlibm's sin, cos and tan in jsmath (FF134+)
1978414 - various (FF143+)
1954194: available screen resolution: return a fixed offset height from screen per platform when not full screen
1978414: hardwareConcurrency: return 2 (existing RFPTarget)
1977836: maxTouchPoints: return multi-touch as 5
***/
user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
/* 4001: enable FPP in PB mode [FF114+]
* [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/
// user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+]
// user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true]
/* 4002: set global FPP overrides [FF114+]
* uses "RFPTargets" [1] which despite the name these are not used by RFP
* e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone
@ -762,20 +729,18 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
FF128+ Arkenfox by default uses FPP (automatically enabled with ETP Strict). For most people
this is all you need. To use RFP instead, add RFP (4501) to your overrides, and optionally
add letterboxing (4504), spoof_english (4506), and webgl (4520).
add letterboxing (4504), spoof_english (4506), and WebGL (4520).
RFP is an all-or-nothing buy in: you cannot pick and choose what parts you want
[TEST] https://arkenfox.github.io/TZP/tzp.html
[WARNING] DO NOT USE extensions to alter RFP protected metrics
418986 - limit window.screen & CSS media queries (FF41)
1281949 - spoof screen orientation (FF50)
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
1217238 - reduce precision of time exposed by javascript (FF55)
FF56
1333651 - spoof User Agent & Navigator API
version: android version spoofed as ESR (FF119 or lower)
OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android
JS: spoofed as Windows 10, OS X 10.15, Android 10, or Linux
HTTP Header: spoofed as Windows 10 or Android 10 until FF136 then matches JS spoof
1369319 - disable device sensor API
1369357 - disable site specific zoom
1337161 - hide gamepads from content
@ -794,10 +759,9 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59)
Spoofing mimics the content language of the document. Currently it only supports en-US.
Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected.
1337157 - disable WebGL debug renderer info (FF60)
1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62)
1479239 - return "no-preference" with prefers-reduced-motion (FF63)
1363508 - spoof/suppress Pointer Events (FF64)
1363508 & 1826051 - spoof/suppress Pointer Events (FF64, FF132)
1492766 - spoof pointerEvent.pointerid (FF65)
1485266 - disable exposure of system colors to CSS or canvas (FF67)
1494034 - return "light" with prefers-color-scheme (FF67)
@ -809,13 +773,25 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80)
1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82)
531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100-115)
1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
1422237 - return "srgb" with color-gamut (FF110)
1794628 - return "none" with inverted-colors (FF114)
1554751 - return devicePixelRatio as 2 (previously FF41+ was 1) (FF127)
1787790 - normalize system fonts (FF128)
1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128)
1834307 - always use smooth scrolling (FF132)
1918202 - spoof screen orientation based on spoofed screen size and platform (FF132)
previously FF50+ it always returned landscape-primary and an angle of 0
1390465 - load all subtitles in WebVTT (Video Text Tracks) (FF133)
1873382 - make spoofed devicePixelRatio and CSS media queries match (FF133)
previously FF41+ devicePixelRatio was hardcoded as 1 and FF127+ as 2
previously FF41+ CSS media queries were spoofed as zoom level at a devicePixelRatio of 1
1955425 - return 128 for WebGPU subgroupMaxSize (FF138)
1966860 - spoof WebGL debug renderer info (FF140)
previously FF60+ it was disabled
1781277 - return 10GiB for storage estimate until persistent-storage granted (FF142, ESR140.1)
1972600 - spoof network connection for HTMLMediaElement preload (FF142, ESR140.1)
1975851 - return true for navigator.onLine (FF142, ESR140.1)
1973265 - disable WebCodecs API (FF142?)
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
/* 4501: enable RFP
@ -837,14 +813,17 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
* Dynamically resizes the inner window by applying margins in stepped ranges [2]
* If you use the dimension pref, then it will only apply those resolutions.
* The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000")
* [SETUP-WEB] This is independent of RFP (4501). If you're not using RFP, or you are but
* dislike the margins, then flip this pref, keeping in mind that it is effectively fingerprintable
* [SETUP-WEB] This is independent of RFP (4501). If you're using RFP, but dislike the
* margins, then don't enable this pref, keeping in mind that it is effectively fingerprintable
* [WARNING] DO NOT USE: the dimension pref is only meant for testing
* [1] https://bugzilla.mozilla.org/1407366
* [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/
* [2] https://hg.mozilla.org/mozilla-central/rev/7211cb4f58ff#l5.13 ***/
// user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
/* 4505: disable RFP by domain (comma-separated) [FF91+] ***/
/* 4505: disable RFP by domain [FF91+]
* [NOTE]: The pref takes comma separated values: e.g. "*domain1.tld, *domain2.tld"
* Working domain examples: "arkenfox.github.io", "*github.io"
* Non-working domain examples: "https://arkenfox.github.io", "github.io", "*arkenfox.github.io" ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "addons.thunderbird.net");
/* 4506: disable RFP spoof english prompt [FF59+]
* 0=prompt, 1=disabled, 2=enabled
@ -852,15 +831,18 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
* [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale.
* [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/
user_pref("privacy.spoof_english", 1);
/* 4507: skip browser.startup.blankWindow if RFP is used [FF136+] ***/
// user_pref("privacy.resistFingerprinting.skipEarlyBlankFirstPaint", true); // [DEFAULT: true]
/* 4510: disable using system colors
* [SETTING] General > Language and Appearance > Fonts and Colors > Colors... > Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
/* 4511: disable using system accent colors ***/
user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false WINDOWS]
/* 4512: enforce links targeting new windows to open in a new tab instead
* 1=most recent window or tab, 2=new window, 3=new tab
* Stops malicious window sizes and some screen resolution leaks.
* You can still right-click a link and open in a new window
* [NOTE] Thunderbird only supports 3 (see [2])
* [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
* [2] https://searchfox.org/comm-esr102/source/mail/app/profile/all-thunderbird.js#721 ***/
user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
@ -928,7 +910,7 @@ user_pref("browser.urlbar.maxRichResults", 0);
* [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
user_pref("browser.urlbar.autoFill", false);
/* 5013: disable browsing and download history
* [NOTE] We also clear history and downloads on exit (2811)
* [NOTE] We also clear history and downloads on exit (2811+)
* [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/
user_pref("places.history.enabled", false);
/* 5014: disable Windows jumplist [WINDOWS] ***/
@ -936,9 +918,6 @@ user_pref("browser.taskbar.lists.enabled", false);
user_pref("browser.taskbar.lists.frequent.enabled", false);
user_pref("browser.taskbar.lists.recent.enabled", false);
user_pref("browser.taskbar.lists.tasks.enabled", false);
/* 5013: disable browsing and download history
* [NOTE] We also clear history and downloads on exit (2811) ***/
user_pref("places.history.enabled", false);
/* 5016: discourage downloading to desktop
* 0=desktop, 1=downloads (default), 2=custom ***/
// user_pref("browser.download.folderList", 2);
@ -1000,7 +979,7 @@ user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN
user_pref("javascript.options.wasm", false);
/* 5507: disable rendering of SVG OpenType fonts ***/
user_pref("gfx.font_rendering.opentype_svg.enabled", false);
/* 5508: disable all DRM content (EME: Encryption Media Extension)
/* 5508: disable all DRM (Digital Rights Management) content (EME: Encryption Media Extension)
* Optionally hide the UI setting which also disables the DRM prompt
* [TEST] https://bitmovin.com/demos/drm
* [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
@ -1054,18 +1033,22 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
* [WHY] To prevent wasting Mozilla's time with a custom setup ***/
user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
/* 6012: enforce Quarantined Domains [FF115+]
* [WHY] https://support.mozilla.org/kb/quarantined-domains */
* [WHY] https://support.mozilla.org/kb/quarantined-domains ***/
user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/
// user_pref("accessibility.force_disabled", "");
// user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
// user_pref("geo.provider.network.url", "");
// user_pref("geo.provider.network.logging.enabled", "");
// user_pref("geo.provider.use_gpsd", "");
// user_pref("network.protocol-handler.external.ms-windows-store", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
// user_pref("privacy.partition.serviceWorkers", "");
/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF128+ ***/
// user_pref("privacy.clearOnShutdown.cache", "");
// user_pref("privacy.clearOnShutdown.cookies", "");
// user_pref("privacy.clearOnShutdown.downloads", "");
// user_pref("privacy.clearOnShutdown.formdata", "");
// user_pref("privacy.clearOnShutdown.history", "");
// user_pref("privacy.clearOnShutdown.offlineApps", "");
// user_pref("privacy.clearOnShutdown.sessions", "");
// user_pref("privacy.cpd.cache", "");
// user_pref("privacy.cpd.cookies", "");
// user_pref("privacy.cpd.formdata", "");
// user_pref("privacy.cpd.history", "");
// user_pref("privacy.cpd.offlineApps", "");
// user_pref("privacy.cpd.sessions", "");
/*** [SECTION 7000]: DON'T BOTHER
Thunderbird-User.JS maintainer here :
@ -1098,10 +1081,6 @@ user_pref("full-screen-api.enabled", false);
* [WHY] Passive fingerprinting and perf costs. These are session-only
* and isolated with network partitioning (FF85+) and/or containers ***/
// user_pref("security.ssl.disable_session_identifiers", true);
/* 7006: onions
* [WHY] Thunderbird doesn't support hidden services. Use Tor Browser ***/
// user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
// user_pref("network.http.referer.hideOnionSource", true); // 1305144
/* 7007: referers
* [WHY] Only cross-origin referers (1602, 5510) matter ***/
user_pref("network.http.sendRefererHeader", 0);
@ -1138,17 +1117,19 @@ user_pref("dom.event.clipboardevents.enabled", false);
* [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled
* [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/
// user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5]
// user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
// user_pref("network.cookie.cookieBehavior.optInPartitioning", true); // [ETP FF132+]
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
// user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+]
// user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+]
// user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
// user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true]
// user_pref("privacy.query_stripping.enabled", true); // [FF101+]
// user_pref("privacy.trackingprotection.enabled", true);
// user_pref("privacy.trackingprotection.socialtracking.enabled", true);
// user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
// user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
/* 7017: disable service workers
* [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/
* [WHY] Already isolated with TCP (2701) behind a pref ***/
// user_pref("dom.serviceWorkers.enabled", false);
/* 7018: disable Web Notifications [FF22+]
* [WHY] Web Notifications are behind a prompt (7002)
@ -1160,7 +1141,7 @@ user_pref("dom.event.clipboardevents.enabled", false);
* [1] https://support.mozilla.org/kb/push-notifications-firefox ***/
// user_pref("dom.push.enabled", false);
/* 7020: disable WebRTC (Web Real-Time Communication)
* [WHY] Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until
* [WHY] Thunderbird desktop uses mDNS hostname obfuscation and the private IP is never exposed until
* required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access
* [TEST] https://browserleaks.com/webrtc
* [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ
@ -1195,12 +1176,60 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan
// user_pref("general.platform.override", "");
// user_pref("general.useragent.override", "");
// user_pref("media.navigator.enabled", "");
// user_pref("media.ondevicechange.enabled", "");
// user_pref("media.video_stats.enabled", "");
// user_pref("media.webspeech.synth.enabled", "");
// user_pref("ui.use_standins_for_native_colors", "");
// user_pref("webgl.enable-debug-renderer-info", "");
/*** [SECTION 8500]: TELEMETRY
Upstream arkenfox does not consider Thunderbird telemetry to be a privacy or security concern - comments below.
But since most arkenfox users prefer it disabled, we'll do that rather than cause overrides.
Opt-out
- Telemetry is essential: an e-mail client is a (_very_) large complex beast costing millions to maintain
- Opt-in telemetry _does not_ work and results in data that is unrepresentative and may be misleading
Choice
- Every new profile on first use provides data collection/use policy and the ability to opt-out
- It can be disabled at any time (Settings > Privacy & Security > Data Collection and Use)
Data
- no PII (Personally Identifiable Information)
- can be viewed in about:telemetry
- uses Prio [1][2][3], Glean [4], Oblivious HTTP [5][6]
[1] https://crypto.stanford.edu/prio/
[2] https://hacks.mozilla.org/2018/10/testing-privacy-preserving-telemetry-with-prio/
[3] https://blog.mozilla.org/security/2019/06/06/next-steps-in-privacy-preserving-telemetry-with-prio/
[4] https://firefox-source-docs.mozilla.org/toolkit/components/glean/index.html
[5] https://firefox-source-docs.mozilla.org/toolkit/components/glean/user/ohttp.html
[6] https://blog.mozilla.org/en/tag/oblivious-http/
***/
user_pref("_user.js.parrot", "8500 syntax error: the parrot's off the twig!");
/* 8500: disable new data submission [FF41+]
* If disabled, no policy is shown or upload takes place, ever
* [1] https://bugzilla.mozilla.org/1195552 ***/
user_pref("datareporting.policy.dataSubmissionEnabled", false);
/* 8501: disable Health Reports
* [SETTING] Privacy & Security > Thunderbird Data Collection and Use > Send technical... data ***/
user_pref("datareporting.healthreport.uploadEnabled", false);
/* 0802: disable telemetry
* The "unified" pref affects the behavior of the "enabled" pref
* - If "unified" is false then "enabled" controls the telemetry module
* - If "unified" is true then "enabled" only controls whether to record extended data
* [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2]
* [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html
* [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.enabled", false); // see [NOTE]
user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+]
user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+]
user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+]
/* 8503: disable Telemetry Coverage
* [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/
user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF]
user_pref("toolkit.coverage.endpoint.base", "");
/*** [SECTION 9000]: NON-PROJECT RELATED ***/
user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!");
/* 9001: disable welcome notices ***/
@ -1479,31 +1508,11 @@ user_pref("mail.chat.notification_info", 2);
user_pref("calendar.timezone.local", "UTC"); // [DEFAULT: ""]
/* 9313: Disable calendar service performing event "extraction" from email content ***/
// user_pref("calendar.extract.service.enabled", false); // [DEFAULT: false]
/* 9314: Show missed reminders (disabled by default since ESR140.0)
* [SETTING] Calendar > Reminders > Show missed reminders for writable calendars ***/
// user_pref("calendar.alarms.showmissed", true);
/** RSS ***/
/** These features don't actually do anything as they aren't implemented
* [1] https://searchfox.org/comm-esr102/source/mail/base/content/mailWindowOverlay.js#1082
* [2] https://bugzilla.mozilla.org/show_bug.cgi?id=458606#c9
/* 9320: What classes can process incoming data.
* (0=All classes (default), 1=Don't display HTML, 2=Don't display HTML and inline images,
* 3=Don't display HTML, inline images and some other uncommon types, 100=Use a hard coded list)
* [1] https://www.privacy-handbuch.de/handbuch_31j.htm
user_pref("rss.display.disallow_mime_handlers", 3);
/* 9321: How to display HTML parts of a message body
* (0=Display the HTML normally (default), 1=Convert it to text and then back again
* 2=Display the HTML source, 3=Sanitize the HTML, 4=Display all body parts)
* (in trunk builds later than 2011-07-23)
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=602718
* [2] https://hg.mozilla.org/comm-central/rev/c1ef44a22eb2
* [3] https://www.bucksch.org/1/projects/mozilla/108153/
user_pref("rss.display.html_as", 1);
/* 9322: Prefer to view as plaintext or HTML
* true=Display a message as plain text when there is both a HTML and a plain
* text version of a message body
* false=Display a message as HTML when there is both a HTML and a plain text
* version of a message body. (default)
user_pref("rss.display.prefer_plaintext", true);
**/
/* 9323: Feed message display (summary or web page), on open.
* Action on double click or enter in threadpane for a feed message.
* 0=open content-base url in new window, 1=open summary in new window,
@ -1538,69 +1547,8 @@ user_pref("mail.openpgp.allow_external_gnupg", true); // [HIDDEN PREF]
/*** [SECTION 9999]: DEPRECATED / RENAMED ***/
user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
/* ESR115.x still uses all the following prefs
/* ESR128.x still uses all the following prefs
// [NOTE] replace the * with a slash in the line above to re-enable active ones
// FF116
// 4506: set RFP's font visibility level (1402) [FF94+]
// [-] https://bugzilla.mozilla.org/1838415
// user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
// FF117
// 1221: disable Windows Microsoft Family Safety cert [FF50+] [WINDOWS]
// 0=disable detecting Family Safety mode and importing the root
// 1=only attempt to detect Family Safety mode (don't import the root)
// 2=detect Family Safety mode and import the root
// [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
// [-] https://bugzilla.mozilla.org/1844908
user_pref("security.family_safety.mode", 0);
// 7018: disable service worker Web Notifications [FF44+]
// [WHY] Web Notifications are behind a prompt (7002)
// [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/
// [-] https://bugzilla.mozilla.org/1842457
// user_pref("dom.webnotifications.serviceworker.enabled", false);
// FF118
// 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
// Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
// In normal windows: uses the first applicable: RFP over TP over Standard
// In Private Browsing windows: uses the most restrictive between normal and private
// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
// [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
// [-] https://bugzilla.mozilla.org/1847599
// user_pref("layout.css.font-visibility.private", 1);
// user_pref("layout.css.font-visibility.standard", 1);
// user_pref("layout.css.font-visibility.trackingprotection", 1);
// 2623: disable permissions delegation [FF73+]
// Currently applies to cross-origin geolocation, camera, mic and screen-sharing
// permissions, and fullscreen requests. Disabling delegation means any prompts
// for these will show/use their correct 3rd party origin
// [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion
// [-] https://bugzilla.mozilla.org/1697151
// user_pref("permissions.delegation.enabled", false);
// FF119
// 0211: use en-US locale regardless of the system or region locale
// [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
// [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630
// [-] https://bugzilla.mozilla.org/1846224
// user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
// FF123
// 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+]
// Defense-in-depth: currently covered by 0331
// [-] https://bugzilla.mozilla.org/1868988
user_pref("browser.ping-centre.telemetry", false);
// FF126
// 9003: disable What's New toolbar icon [FF69+]
// [-] https://bugzilla.mozilla.org/1724300
user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
// FF127
// 2630: disable content analysis by DLP (Data Loss Prevention) agents - replaced by default_result
// [-] https://bugzilla.mozilla.org/1880314
user_pref("browser.contentanalysis.default_allow", false);
// 4511: enforce non-native widget theme
// Security: removes/reduces system API calls, e.g. win32k API [1]
// Fingerprinting: provides a uniform look and feel across platforms [2]
// [1] https://bugzilla.mozilla.org/1381938
// [2] https://bugzilla.mozilla.org/1411425
// [-] https://bugzilla.mozilla.org/1848899
user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
// ***/
/* END: internal custom pref to test for syntax errors ***/