ephase/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

chore(firefox): improve privacy settings

Browse source
This commit is contained in:
Yorick Barbanneau 2025-01-10 16:37:03 +01:00
parent c6715deda1
commit 325914c977
2 changed files with 28 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/home-manager/web/firefox/conf/privacy.nix
View file

@ -14,7 +14,7 @@
# Block Cookies # Block Cookies
# Block 3rd-Party cookies or even all cookies. # Block 3rd-Party cookies or even all cookies.
"network.cookie.cookieBehavior" = 1; "network.cookie.cookieBehavior" = 5;
# Block Referer # Block Referer
# Firefox tells a website, from which site you're coming (the so called RefControl # Firefox tells a website, from which site you're coming (the so called RefControl
@ -81,7 +81,7 @@
# href="https://isc.sans.edu/forums/diary/Time+to+disable+WebGL/10867). WebGL is # href="https://isc.sans.edu/forums/diary/Time+to+disable+WebGL/10867). WebGL is
# part of some fingerprinting scripts used in the wild. Some interactive websites # part of some fingerprinting scripts used in the wild. Some interactive websites
# will not work, which are mostly games. # will not work, which are mostly games.
"webgl.disabled" = true; "webgl.disabled" = false;
# Override graphics card vendor and model strings in the WebGL API # Override graphics card vendor and model strings in the WebGL API
# Websites can read the graphics card vendor and model using a WebGL API. This # Websites can read the graphics card vendor and model using a WebGL API. This

47
modules/home-manager/web/firefox/conf/tracking.nix
View file

@ -5,76 +5,81 @@
# tracked. Most websites ignore this, so you need other privacy options as well. # tracked. Most websites ignore this, so you need other privacy options as well.
"privacy.donottrackheader.enabled" = true; "privacy.donottrackheader.enabled" = true;
"privacy.donottrackheader.value" = 1; "privacy.donottrackheader.value" = 1;
# Enable resistFingerprinting # Enable resistFingerprinting
# The <code>privacy.resistFingerprinting</code> setting coming from the # But override CSSPrefersColorScheme to actovate theme detection
# tor-browser hides some system properties. See discussion in our bug tracker. # https://github.com/allo-/ffprofile/issues/56#issuecomment-2076293964
# (https://bugzilla.mozilla.org/show_bug.cgi?id=1308340">Bug #1308340</a> for more "privacy.fingerprintingProtection" = true;
# information. This option may interfere with other privacy related settings, see "privacy.fingerprintingProtection.pbmode" = true;
# the <a # "privacy.fingerprintingProtection.letterboxing" = true;
# href="https://github.com/allo-/firefox-profilemaker/issues/56#issuecomment-333397712) "privacy.fingerprintingProtection.overrides" = "+AllTargets,-CSSPrefersColorScheme";
"privacy.resistFingerprinting" = false; "privacy.resistFingerprinting" = true;
"privacy.resistFingerprinting.pbmode" = true;
"privacy.resistFingerprinting.overrides" = "+AllTargets, -CSSPrefersColorScheme";
# "privacy.resistFingerprinting.letterboxing" = true;
"privacy.resistFingerprinting.block_mozAddonManager" = true;
"privacy.resistFingerprinting.randomDataOnCanvasExtract" = true;
# Enable Mozilla Trackingprotection # Enable Mozilla Trackingprotection
# Firefox has a builtin tracking protection # Firefox has a builtin tracking protection
# (https://wiki.mozilla.org/Security/Tracking_protection), which blocks a list of # (https://wiki.mozilla.org/Security/Tracking_protection), which blocks a list of
# known tracking sites. # known tracking sites.
"privacy.trackingprotection.pbmode.enabled" = true;
"privacy.trackingprotection.enabled" = true; "privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.pbmode.enabled" = true;
"privacy.trackingprotection.fingerprinting.enabled" = true; "privacy.trackingprotection.fingerprinting.enabled" = true;
"privacy.trackingprotection.cryptomining.enabled" = true; "privacy.trackingprotection.cryptomining.enabled" = true;
# Enable firstparty isolation. # Enable firstparty isolation.
# FPI works by separating cookies on a per-domain basis. In this way tracking # FPI works by separating cookies on a per-domain basis. In this way tracking
# networks won't be able to locate the same cookie on different sites. Note that # networks won't be able to locate the same cookie on different sites. Note that
# this might break third-party logins. # this might break third-party logins.
"privacy.firstparty.isolate" = false; "privacy.firstparty.isolate" = false;
# Disable Browser Pings # Disable Browser Pings
# Firefox sends "ping" requests (http://kb.mozillazine.org/Browser.send_pings), # Firefox sends "ping" requests (http://kb.mozillazine.org/Browser.send_pings),
# when a website requests to be informed when a user clicks on a link. # when a website requests to be informed when a user clicks on a link.
"browser.send_pings" = false; "browser.send_pings" = false;
# Disable TLS session identifiers # Disable TLS session identifiers
# TLS allows for session identifiers, which speed up the session resumption when a # TLS allows for session identifiers, which speed up the session resumption when a
# connection was lost. These identifiers can be used for tracking # connection was lost. These identifiers can be used for tracking
# (https://youbroketheinternet.org/trackedanyway). # (https://youbroketheinternet.org/trackedanyway).
"security.ssl.disable_session_identifiers" = true; "security.ssl.disable_session_identifiers" = true;
# Disable Beacons # Disable Beacons
# The Beacon (https://w3c.github.io/beacon/) feature allows websites to send # The Beacon (https://w3c.github.io/beacon/) feature allows websites to send
# tracking data after you left the website. # tracking data after you left the website.
"beacon.enabled" = false; "beacon.enabled" = false;
# Disable the Battery API # Disable the Battery API
# Firefox allows websites to read the charge level of the battery. This may be # Firefox allows websites to read the charge level of the battery. This may be
# used for fingerprinting. # used for fingerprinting.
"dom.battery.enabled" = false; "dom.battery.enabled" = false;
# Disable media device queries # Disable media device queries
# Prevent websites from accessing information about webcam and microphone # Prevent websites from accessing information about webcam and microphone
# (https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices) # (https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices)
# (possible fingerprinting). # (possible fingerprinting).
"media.navigator.enabled" = false; "media.navigator.enabled" = false;
# Disable form autofill # Disable form autofill
# Automatically filled form fields are used for fingerprinting # Automatically filled form fields are used for fingerprinting
# (https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/). # (https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/).
# This setting disables automatic form filling until you click on the field. # This setting disables automatic form filling until you click on the field.
"signon.autofillForms" = false; "signon.autofillForms" = false;
# Disable webaudio API # Disable webaudio API
# Disable webaudio API to prevent browser fingerprinting. See Mozilla Bug #1288359 # Disable webaudio API to prevent browser fingerprinting. See Mozilla Bug #1288359
# (https://bugzilla.mozilla.org/show_bug.cgi?id=1288359). This can break web apps, # (https://bugzilla.mozilla.org/show_bug.cgi?id=1288359). This can break web apps,
# like Discord, which rely on the API. # like Discord, which rely on the API.
"dom.webaudio.enabled" = false; "dom.webaudio.enabled" = false;
# Disable video statistics # Disable video statistics
# Prevent websites from measuring video performance (possible fingerprinting). See # Prevent websites from measuring video performance (possible fingerprinting). See
# Mozilla Bug 654550 (https://bugzilla.mozilla.org/show_bug.cgi?id=654550). # Mozilla Bug 654550 (https://bugzilla.mozilla.org/show_bug.cgi?id=654550).
"media.video_stats.enabled" = false; "media.video_stats.enabled" = false;
# Enable query parameter stripping # Enable query parameter stripping
# Firefox 102 introduced query parameter stripping like utm_source. Enabled by # Firefox 102 introduced query parameter stripping like utm_source. Enabled by
# default with Strict Enhanced Tracking Protection. # default with Strict Enhanced Tracking Protection.