From 325914c9773182e2612bd188201b64c52a8a4e50 Mon Sep 17 00:00:00 2001
From: Yorick Barbanneau <ephase@xieme-art.org>
Date: Fri, 10 Jan 2025 16:37:03 +0100
Subject: [PATCH 1/2] chore(firefox): improve privacy settings

---
 .../home-manager/web/firefox/conf/privacy.nix |  4 +-
 .../web/firefox/conf/tracking.nix             | 47 ++++++++++---------
 2 files changed, 28 insertions(+), 23 deletions(-)

diff --git a/modules/home-manager/web/firefox/conf/privacy.nix b/modules/home-manager/web/firefox/conf/privacy.nix
index bd8a499..3b4d987 100644
--- a/modules/home-manager/web/firefox/conf/privacy.nix
+++ b/modules/home-manager/web/firefox/conf/privacy.nix
@@ -14,7 +14,7 @@
 
 # Block Cookies
 # Block 3rd-Party cookies or even all cookies.
-  "network.cookie.cookieBehavior" = 1;
+  "network.cookie.cookieBehavior" = 5;
 
 # Block Referer
 # Firefox tells a website, from which site you're coming (the so called RefControl
@@ -81,7 +81,7 @@
 # href="https://isc.sans.edu/forums/diary/Time+to+disable+WebGL/10867). WebGL is
 # part of some fingerprinting scripts used in the wild. Some interactive websites
 # will not work, which are mostly games.
-  "webgl.disabled" = true;
+  "webgl.disabled" = false;
 
 # Override graphics card vendor and model strings in the WebGL API
 # Websites can read the graphics card vendor and model using a WebGL API. This
diff --git a/modules/home-manager/web/firefox/conf/tracking.nix b/modules/home-manager/web/firefox/conf/tracking.nix
index 82817e3..14c26e8 100644
--- a/modules/home-manager/web/firefox/conf/tracking.nix
+++ b/modules/home-manager/web/firefox/conf/tracking.nix
@@ -5,76 +5,81 @@
   # tracked. Most websites ignore this, so you need other privacy options as well.
   "privacy.donottrackheader.enabled" = true;
   "privacy.donottrackheader.value" = 1;
-  
+
   # Enable resistFingerprinting
-  # The <code>privacy.resistFingerprinting</code> setting coming from the
-  # tor-browser hides some system properties. See discussion in our bug tracker.
-  # (https://bugzilla.mozilla.org/show_bug.cgi?id=1308340">Bug #1308340</a> for more
-  # information. This option may interfere with other privacy related settings, see
-  # the <a
-  # href="https://github.com/allo-/firefox-profilemaker/issues/56#issuecomment-333397712)
-  "privacy.resistFingerprinting" = false;
-  
+  # But override CSSPrefersColorScheme to actovate theme detection
+  # https://github.com/allo-/ffprofile/issues/56#issuecomment-2076293964
+  "privacy.fingerprintingProtection" = true;
+  "privacy.fingerprintingProtection.pbmode" = true;
+  # "privacy.fingerprintingProtection.letterboxing" = true;
+  "privacy.fingerprintingProtection.overrides" = "+AllTargets,-CSSPrefersColorScheme";
+  "privacy.resistFingerprinting" = true;
+  "privacy.resistFingerprinting.pbmode" = true;
+  "privacy.resistFingerprinting.overrides" = "+AllTargets, -CSSPrefersColorScheme";
+  # "privacy.resistFingerprinting.letterboxing" = true;
+  "privacy.resistFingerprinting.block_mozAddonManager" = true;
+  "privacy.resistFingerprinting.randomDataOnCanvasExtract" = true;
+
   # Enable Mozilla Trackingprotection
   # Firefox has a builtin tracking protection
   # (https://wiki.mozilla.org/Security/Tracking_protection), which blocks a list of
   # known tracking sites.
-  "privacy.trackingprotection.pbmode.enabled" = true;
   "privacy.trackingprotection.enabled" = true;
+  "privacy.trackingprotection.pbmode.enabled" = true;
   "privacy.trackingprotection.fingerprinting.enabled" = true;
   "privacy.trackingprotection.cryptomining.enabled" = true;
-  
+
   # Enable firstparty isolation.
   # FPI works by separating cookies on a per-domain basis. In this way tracking
   # networks won't be able to locate the same cookie on different sites. Note that
   # this might break third-party logins.
   "privacy.firstparty.isolate" = false;
-  
+
   # Disable Browser Pings
   # Firefox sends "ping" requests (http://kb.mozillazine.org/Browser.send_pings),
   # when a website requests to be informed when a user clicks on a link.
   "browser.send_pings" = false;
-  
+
   # Disable TLS session identifiers
   # TLS allows for session identifiers, which speed up the session resumption when a
   # connection was lost. These identifiers can be used for tracking
   # (https://youbroketheinternet.org/trackedanyway).
   "security.ssl.disable_session_identifiers" = true;
-  
+
   # Disable Beacons
   # The Beacon (https://w3c.github.io/beacon/) feature allows websites to send
   # tracking data after you left the website.
   "beacon.enabled" = false;
-  
+
   # Disable the Battery API
   # Firefox allows websites to read the charge level of the battery. This may be
   # used for fingerprinting.
   "dom.battery.enabled" = false;
-  
+
   # Disable media device queries
   # Prevent websites from accessing information about webcam and microphone
   # (https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices)
   # (possible fingerprinting).
-  
+
   "media.navigator.enabled" = false;
-  
+
   # Disable form autofill
   # Automatically filled form fields are used for fingerprinting
   # (https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/).
   # This setting disables automatic form filling until you click on the field.
   "signon.autofillForms" = false;
-  
+
   # Disable webaudio API
   # Disable webaudio API to prevent browser fingerprinting. See Mozilla Bug #1288359
   # (https://bugzilla.mozilla.org/show_bug.cgi?id=1288359). This can break web apps,
   # like Discord, which rely on the API.
   "dom.webaudio.enabled" = false;
-  
+
   # Disable video statistics
   # Prevent websites from measuring video performance (possible fingerprinting). See
   # Mozilla Bug 654550 (https://bugzilla.mozilla.org/show_bug.cgi?id=654550).
   "media.video_stats.enabled" = false;
-  
+
   # Enable query parameter stripping
   # Firefox 102 introduced query parameter stripping like utm_source. Enabled by
   # default with Strict Enhanced Tracking Protection.

From 486f92fb5f12fad5981091ca182a2405ca624499 Mon Sep 17 00:00:00 2001
From: Yorick Barbanneau <ephase@xieme-art.org>
Date: Fri, 10 Jan 2025 16:52:20 +0100
Subject: [PATCH 2/2] chore(firefox): add rc file to configure Tridactyl

---
 modules/home-manager/web/firefox/default.nix | 24 ++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/modules/home-manager/web/firefox/default.nix b/modules/home-manager/web/firefox/default.nix
index 4f35b13..da64118 100644
--- a/modules/home-manager/web/firefox/default.nix
+++ b/modules/home-manager/web/firefox/default.nix
@@ -64,6 +64,30 @@ in
         };
       };
     };
+
+    xdg.configFile."tridactyl/tridactylrc".text = ''
+      sanitize tridactyllocal tridactylsync
+      " Define custom theme
+      set customthemes.custom #completions table, #tridactyl-input {font-size: .9rem!important;};
+      set theme custom
+      " Smooth scrolling
+      set smoothscroll true
+      " Ctrl-F should use the browser's native 'find' functionality.
+      unbind <C-f>
+      " But also support Tridactyl search too.
+      bind / fillcmdline find
+      bind ? fillcmdline find -?
+      bind n findnext 1
+      bind N findnext -1
+      " K and J should move between tabs.
+      bind J tabprev
+      bind K tabnext
+      " Binds for force reader mode
+      bind gfr reader
+      bind gfR reader --tab
+      set editorcmd foot -T "Edit text from Firefox" nvim %f
+    '';
+
     programs.firefox = let
         allExtensions = cfg.baseExtensions ++ cfg.optionalExtensions;
     in {