summaryrefslogtreecommitdiff
path: root/nonprism-testing
diff options
context:
space:
mode:
authorGaming4JC <g4jc@openmailbox.org>2016-11-24 16:43:04 -0500
committerGaming4JC <g4jc@openmailbox.org>2016-11-24 16:43:04 -0500
commit73f3bf0ef1a764453cfab59df6e9d651f97a28d1 (patch)
treefd284c614ffa961a6f35bd3907f6e580a4f1ab54 /nonprism-testing
parent87e0719bac79986c44d5c13e5c77dc92a9e1f966 (diff)
hardened scripts ready for release!
Diffstat (limited to 'nonprism-testing')
-rw-r--r--nonprism-testing/icedove-hardened-preferences/PKGBUILD32
-rw-r--r--nonprism-testing/icedove-hardened-preferences/icedove-branding.js231
-rw-r--r--nonprism-testing/icedove-hardened-preferences/icedove-hardened.install6
-rwxr-xr-xnonprism-testing/icedove-hardened-preferences/icedove-hardened.sh24
-rw-r--r--nonprism-testing/icedove-hardened-preferences/thunderbird-branding.js0
-rw-r--r--nonprism-testing/iceweasel-hardened-preferences/PKGBUILD32
-rw-r--r--nonprism-testing/iceweasel-hardened-preferences/firefox-branding.js0
-rw-r--r--nonprism-testing/iceweasel-hardened-preferences/iceweasel-branding.js1101
-rw-r--r--nonprism-testing/iceweasel-hardened-preferences/iceweasel-hardened.install6
-rwxr-xr-xnonprism-testing/iceweasel-hardened-preferences/iceweasel-hardened.sh24
10 files changed, 0 insertions, 1456 deletions
diff --git a/nonprism-testing/icedove-hardened-preferences/PKGBUILD b/nonprism-testing/icedove-hardened-preferences/PKGBUILD
deleted file mode 100644
index 7d17830ae..000000000
--- a/nonprism-testing/icedove-hardened-preferences/PKGBUILD
+++ /dev/null
@@ -1,32 +0,0 @@
-# Maintainer: Luke R. <g4jc@openmailbox.org> GPG: rsa4096/3EAE8697
-# Contributor: André Silva <emulatorman@parabola.nu>
-
-pkgname=icedove-hardened-preferences
-pkgver=0.1
-pkgrel=2
-pkgdesc="Sets hardened preferences in Icedove that protect from a variety of privacy, security, and fingerprinting attacks."
-arch=(any)
-license=(MPL)
-replaces=('icedove-hardened')
-conflicts=('icedove-hardened')
-depends=('icedove-enigmail' 'firejail')
-url="https://wiki.parabola.nu/${pkgname%%-*}"
-install='icedove-hardened.install'
-source=('icedove-branding.js'
-'icedove-hardened.sh'
-'thunderbird-branding.js'
-'icedove-hardened.install')
-sha512sums=('ad339dc16a7acab325f1a162cda017842c980fcb8ad1b725905947d0afc46959b59160147fd8fa86e2822dc51be4a4e6bf11d404ae19190b89a86459a290fd5e'
-'c18ee4f453bf7b64a2a183a75db8e680a661c13acddc6fa1eed2f2346caaa288d3ee45409350bdba2ad161713c133f4ebc8b43a6cc2726460035a0762199093e'
-'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e'
-'db5a6449cd6eed04e742218e075b6680c7018df292885af36ba4fcb1129e7c84edae0b441a2a473e84584fb8080dd4f563774c5912cd9d340d44a3b9700894fb')
-whirlpoolsums=('673d8a38650a9f91de8531612d457ba056ce15bf88f147a3dacd6182bd0d4e2697f59f7e13d688b26c944c9799071dabb06a4b1ed9e4ccba264a3ee6c2ef4f6f'
-'a53ca8724636bfd74fbe07d9413d2f41423d25a2ef3acffcf5a00a7f107cbc0462ffd60a71d88f5ff26fae34b37e2f552856be0923d3d6598ecac50794af7d61'
-'19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3'
-'78a3d592a03bb3589c6c1099053a3ca826b817c5b9715abb4f02cc2942a202e6e4ea12fb8276c76814f771d4d6e7625ee826f1286d1d41029c5a3d80926edd7c')
-
-package() {
- install -Dm644 icedove-branding.js "$pkgdir"/usr/lib/icedove/defaults/preferences/icedove-branding.js
- install -Dm766 thunderbird-branding.js "$pkgdir"/usr/lib/icedove/defaults/preferences/thunderbird-branding.js
- install -Dm755 icedove-hardened.sh "$pkgdir"/usr/bin/icedove-hardened
-}
diff --git a/nonprism-testing/icedove-hardened-preferences/icedove-branding.js b/nonprism-testing/icedove-hardened-preferences/icedove-branding.js
deleted file mode 100644
index 3d652a4e1..000000000
--- a/nonprism-testing/icedove-hardened-preferences/icedove-branding.js
+++ /dev/null
@@ -1,231 +0,0 @@
-pref("app.update.auto", false);
-pref("app.update.enabled", false);
-pref("app.update.url", "about:blank");
-pref("beacon.enabled", false);
-pref("breakpad.reportURL", "about:blank");
-pref("browser.cache.disk.enable", false);
-pref("browser.cache.offline.enable", false);
-pref("browser.fixup.alternate.enabled", false);
-pref("browser.formfill.enable", false);
-pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
-pref("browser.display.use_document_fonts", 0); // Prevent font fingerprinting
-pref("browser.download.manager.addToRecentDocs", false);
-pref("browser.download.manager.retention", 1);
-pref("browser.download.manager.scanWhenDone", false); // prevents AV remote reporting of downloads
-pref("browser.download.useDownloadDir", false);
-pref("browser.safebrowsing.appRepURL", "about:blank");
-pref("browser.safebrowsing.enabled", false);
-pref("browser.safebrowsing.malware.enabled", false);
-pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank");
-pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank");
-pref("browser.search.suggest.enabled", false);
-pref("browser.search.geoip.url", "about:blank");
-pref("browser.send_pings", false);
-pref("browser.formfill.enable", false);
-pref("browser.urlbar.autocomplete.enabled", false);
-pref("mail.shell.checkDefaultClient", false);
-pref("calendar.useragent.extra", ""); // Wipe useragent string.
-pref("camera.control.face_detection.enabled", false);
-pref("captivedetect.canonicalURL", "about:blank");
-pref("datareporting.healthreport.service.enabled", false); // Yes, all three of these must be set
-pref("datareporting.healthreport.uploadEnabled", false);
-pref("datareporting.policy.dataSubmissionEnabled", false);
-pref("datareporting.healthreport.about.reportUrl", "data:text/plain,");
-pref("device.sensors.enabled", false);
-pref("devtools.debugger.remote-enabled", false); // https://developer.mozilla.org/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Enable_remote_debugging
-pref("devtools.devices.url", "about:blank");
-pref("devtools.gcli.imgurUploadURL", "about:blank");
-pref("devtools.gcli.jquerySrc", "about:blank");
-pref("devtools.gcli.lodashSrc", "about:blank");
-pref("devtools.gcli.underscoreSrc", "about:blank");
-pref("devtools.remote.wifi.scan", false); // http://forum.top-hat-sec.com/index.php?topic=4951.5;wap2
-pref("devtools.remote.wifi.visible", false);
-pref("dom.battery.enabled", false); // fingerprinting due to differing OS implementations
-pref("dom.enable_performance", false);
-pref("dom.enable_user_timing", false);
-pref("dom.event.highrestimestamp.enabled", false);
-pref("dom.event.clipboardevents.enabled",false);
-pref("dom.gamepad.enabled", false); // bugs.torproject.org/13023
-pref("dom.indexedDB.enabled", false);
-pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
-pref("dom.mozApps.signed_apps_installable_from", "about:blank");
-pref("dom.netinfo.enabled", false); // Network Information API provides general information about the system's connection type (WiFi, cellular, etc.)
-pref("dom.network.enabled",false); // fingerprinting due to differing OS implementations
-pref("dom.push.enabled", false);
-pref("dom.storage.enabled", false);
-pref("dom.telephony.enabled", false); // https://wiki.mozilla.org/WebAPI/Security/WebTelephony
-pref("dom.vibrator.enabled", false);
-pref("dom.vr.enabled", false);
-pref("dom.workers.sharedWorkers.enabled", false); // See https://bugs.torproject.org/15562
-pref("dom.idle-observers-api.enabled", false); // disable idle observation
-// Don't disable our bundled extensions in the application directory
-pref("extensions.autoDisableScopes", 11);
-pref("extensions.shownSelectionUI", true);
-pref("extensions.blocklist.detailsURL", "about:blank");
-pref("extensions.blocklist.enabled", false); // https://trac.torproject.org/projects/tor/ticket/6734
-pref("extensions.blocklist.itemURL", "about:blank");
-pref("extensions.blocklist.url", "about:blank");
-pref("extensions.bootstrappedAddons", "{}");
-pref("extensions.databaseSchema", 3);
-pref("extensions.enabledScopes", 1);
-pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
-pref("extensions.getAddons.get.url", "about:blank");
-pref("extensions.getAddons.getWithPerformance.url", "about:blank");
-pref("extensions.getAddons.link.url", "https://directory.fsf.org/wiki/Icedove");
-pref("extensions.getAddons.recommended.url", "about:blank");
-pref("extensions.getAddons.search.browseURL", "https://directory.fsf.org/wiki/Icedove");
-pref("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/Icedove");
-pref("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/Icedove");
-pref("extensions.pendingOperations", false);
-pref("extensions.update.autoUpdateDefault", false);
-pref("extensions.update.background.url", "about:blank");
-pref("extensions.update.enabled", false); // Users can run their own updates on addons, fingerprints installed addons.
-pref("extensions.enigmail.addHeaders", false);
-pref("extensions.engimail.useDefaultComment", true);
-pref("extensions.enigmail.agentAdditionalParam", "--no-emit-version --no-comments --display-charset utf-8 --keyserver-options http-proxy=socks5h://127.0.0.1:9050");
-pref("extensions.enigmail.mimeHashAlgorithm", 5);
-pref("general.useragent.override", "");
-pref("geo.enabled", false);
-pref("gfx.downloadable_fonts.fallback_delay", -1);
-pref("javascript.enabled", false); // We don't need to run JS in an e-mail client. Use a browser..
-pref("javascript.options.asmjs", false); // Multiple security advisories, low level js
-pref("keyword.enabled", false);
-pref("layers.acceleration.disabled", true);
-pref("layout.css.visited_links_enabled", false);
-pref("lightweightThemes.update.enabled", false); // We can update our themes manually, may fingerprint the user.
-pref("mail.instrumentation.askUser", false);
-pref("mail.instrumentation.postUrl", "about:blank");
-pref("mail.instrumentation.userOptedIn", false);
-pref("mailnews.start_page.enabled", false); // http://anonymous-proxy-servers.net/en/help/thunderbird.html
-pref("mailnews.start_page.override_url", "http://wiki.debian.org/Icedove/WhatsNew45");
-pref("mailnews.send_default_charset", "UTF-8");
-pref("mailnews.send_plaintext_flowed", false);
-pref("mailnews.display.prefer_plaintext", true);
-pref("mailnews.display.disallow_mime_handlers", 3); // http://www.bucksch.org/1/projects/mozilla/108153/
-pref("mailnews.display.html_as", 1); // Convert HTML to text and then back again.
-//pref("mailnews.reply_header_type", 1);
-pref("mailnews.reply_header_authorwrote", "%s"); // https://lists.torproject.org/pipermail/tor-talk/2012-May/024395.html
-//pref("mailnews.reply_header_authorwrotesingle", "#1");
-pref("mailnews.headers.showSender", true);
-pref("mailnews.message_display.allow_plugins", false); // Disable plugin support.
-pref("mailnews.migration.header_addons_url", "");
-pref("mailnews.messageid_browser.url", "");
-pref("mailnews.display.original_date", false); // Don't convert to our local date. This may matter in a reply, etc.
-pref("mail.cloud_files.enabled", false); // Disable "Cloud" advertisements
-pref("mail.cloud_files.inserted_urls.footer.link", "");
-pref("mail.smtpserver.default.hello_argument", "[127.0.0.1]"); // Prevent hostname leaks.
-//pref("mail.provider.enabled", false); // Disable Thunderbird's 'Get new account' wizard.
-pref("mail.inline_attachments", false); // Disable inline attachments.
-pref("mail.addr_book.mapit_url.format", "");
-pref("mail.addr_book.mapit_url.1.format", ""); // Pushes addressbook info to GoogleMaps without HTTPS unless changed or disabled http://www-archive.mozilla.org/mailnews/arch/addrbook/hiddenprefs.html
-pref("mail.addr_book.mapit_url.2.format", "");
-pref("mail.server.default.use_idle", false); // Do not IDLE (disable push mail).
-pref("media.autoplay.enabled", false);
-pref("media.cache_size", 0);
-pref("media.getusermedia.screensharing.allowed_domains", ""); // We really don't want to be promoting Cisco and Cloudflare in a whitelist here.
-pref("media.getusermedia.screensharing.enabled", false);
-pref("media.gmp-manager.url", "about:blank"); // Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
-pref("media.gmp-manager.url.override", "data:text/plain,");
-pref("media.navigator.enabled", false);
-pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
-pref("media.peerconnection.ice.default_address_only", true);
-pref("media.video_stats.enabled", false);
-pref("media.webspeech.recognition.enable", false);
-pref("media.track.enabled", false);
-pref("network.allow-experiments", false);
-pref("network.captive-portal-service.enabled", false);
-pref("network.cookie.cookieBehavior", 1);
-pref("network.cookie.lifetimePolicy", 2); // http://kb.mozillazine.org/Network.cookie.lifetimePolicy
-pref("network.dns.disablePrefetch", true);
-pref("network.http.altsvc.enabled", false);
-pref("network.http.altsvc.oe", false); // https://trac.torproject.org/projects/tor/ticket/16673
-pref("network.http.connection-retry-timeout", 0);
-pref("network.http.max-persistent-connections-per-proxy", 256);
-pref("network.http.pipelining", true);
-pref("network.http.pipelining.aggressive", true);
-pref("network.http.pipelining.max-optimistic-requests", 3);
-pref("network.http.pipelining.maxrequests", 10);
-pref("network.http.pipelining.maxrequests", 12);
-pref("network.http.pipelining.read-timeout", 60000);
-pref("network.http.pipelining.reschedule-timeout", 15000);
-pref("network.http.pipelining.ssl", true);
-pref("network.http.proxy.pipelining", true);
-pref("network.http.referer.spoofSource", true);
-pref("network.http.sendRefererHeader", 2);
-pref("network.http.sendSecureXSiteReferrer", false);
-pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable)
-pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case
-pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case
-pref("network.http.speculative-parallel-limit", 0);
-pref("network.jar.block-remote-files", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1173171
-pref("network.jar.open-unsafe-types", false);
-pref("network.manage-offline-status", false); // https://trac.torproject.org/projects/tor/ticket/18945
-pref("network.prefetch-next", false);
-pref("network.protocol-handler.warn-external.http", true);
-pref("network.protocol-handler.warn-external.https", true);
-pref("network.protocol-handler.warn-external.ftp", true);
-pref("network.protocol-handler.warn-external.file", true);
-pref("network.protocol-handler.warn-external-default", true);
-pref("network.protocol-handler.external-default", false);
-pref("network.protocol-handler.external.mailto", false);
-pref("network.protocol-handler.external.news", false);
-pref("network.protocol-handler.external.nntp", false);
-pref("network.protocol-handler.external.snews", false);
-pref("network.protocol-handler.warn-external.mailto", true);
-pref("network.protocol-handler.warn-external.news", true);
-pref("network.protocol-handler.warn-external.nntp", true);
-pref("network.protocol-handler.warn-external.snews", true);
-pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
-pref("network.proxy.socks", "127.0.0.1");
-pref("network.proxy.socks_port", 9050);
-pref("network.proxy.socks_remote_dns", true);
-pref("network.proxy.type", 0);
-pref("network.security.ports.banned", "9050,9051,9150,9151");
-pref("network.websocket.max-connections", 0);
-pref("network.websocket.enabled", false);
-pref("pfs.datasource.url", "about:blank");
-pref("plugins.click_to_play", true);
-pref("plugins.crash.supportUrl", "about:blank");
-pref("privacy.trackingprotection.enabled", true);
-pref("purple.logging.log_chats", false); // Disable messenger logging and auto-start
-pref("purple.logging.log_ims", false);
-pref("purple.logging.log_system", false);
-pref("purple.conversations.im.send_typing", false);
-pref("messenger.startup.action", 0);
-pref("messenger.conversations.autoAcceptChatInvitations", 0); // Ignore invitations; do not automatically accept them.
-pref("rss.display.prefer_plaintext", true);
-pref("rss.display.disallow_mime_handlers", 3);
-pref("rss.display.html_as", 1);
-pref("security.OCSP.enabled", 0);
-pref("security.OCSP.require", false);
-//pref("security.ask_for_password", 0);
-pref("security.cert_pinning.enforcement_level", 2); // https://trac.torproject.org/projects/tor/ticket/16206
-pref("security.enable_tls_session_tickets", false);
-pref("security.mixed_content.block_active_content", true); // Note: Can be disabled for user experience. https://bugzilla.mozilla.org/show_bug.cgi?id=878890
-pref("security.nocertdb", false);
-pref("security.ssl.disable_session_identifiers", true);
-pref("security.ssl.enable_false_start", true);
-pref("security.ssl.require_safe_negotiation", true);
-pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-pref("security.ssl3.rsa_seed_sha", true);
-pref("security.tls.insecure_fallback_hosts.use_static_list", false);
-pref("security.tls.unrestricted_rc4_fallback", false);
-pref("security.tls.version.max", 3);
-pref("security.tls.version.min", 1);
-pref("security.warn_entering_weak", true);
-pref("security.warn_submit_insecure", true);
-pref("signon.autofillForms", false); // disable cross-site form exposure from password manager - http://kb.mozillazine.org/Signon.autofillForms
-pref("social.directories", "");
-pref("social.enabled", false);
-pref("social.remote-install.enabled", false); // Disable Social API for content
-pref("social.shareDirectory", "");
-pref("social.toast-notifications.enabled", false);
-pref("social.whitelist", "");
-pref("toolkit.telemetry.enabled", false);
-pref("toolkit.telemetry.server", "about:blank");
-pref("ui.key.menuAccessKeyFocuses", false);
-pref("webgl.disable-extensions", true);
-pref("webgl.disabled", true);
-pref("webgl.min_capability_mode", true);
-pref("xpinstall.signatures.required", true); // Requires AMO signing key for addons
-pref("xpinstall.whitelist.add", "");
diff --git a/nonprism-testing/icedove-hardened-preferences/icedove-hardened.install b/nonprism-testing/icedove-hardened-preferences/icedove-hardened.install
deleted file mode 100644
index 83ae0332c..000000000
--- a/nonprism-testing/icedove-hardened-preferences/icedove-hardened.install
+++ /dev/null
@@ -1,6 +0,0 @@
-post_install() {
- echo "..."
- echo "Note: It is now required to use icedove-hardened or icedove binaries separately. They cannot run at the same time, but can be ran interchangebly."
- echo "..."
- echo "Nota: ahora se require usar los binarios icedove-hardened o icedove de forma separada. No pueden ser usados al mismo tiempo, pero sí de manera alterna."
-} \ No newline at end of file
diff --git a/nonprism-testing/icedove-hardened-preferences/icedove-hardened.sh b/nonprism-testing/icedove-hardened-preferences/icedove-hardened.sh
deleted file mode 100755
index 919c1c75e..000000000
--- a/nonprism-testing/icedove-hardened-preferences/icedove-hardened.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-##############################################
-# IceDove-Hardened Jail and Cleaner Script #
-##############################################
-echo "Closing any other instances of IceDove to avoid crashes..."
-pkill -x icedove
-wait
-echo "Copying Hardened Prefs..."
-cp /usr/lib/icedove/defaults/preferences/icedove-branding.js /usr/lib/icedove/defaults/preferences/thunderbird-branding.js
-wait
-echo "Waking the IceDove..."
-
-# Trap cleaner function for IceDove exit cleaning
-function finish {
-echo "Removing hardened preferences..."
-echo "" > /usr/lib/icedove/defaults/preferences/thunderbird-branding.js
- }
-
-## Firejail IceDove startup
-/usr/bin/firejail --profile=/etc/firejail/icedove.profile --private-bin=bash,gpg2,icedove --private-tmp --private-etc=nsswitch.conf,resolv.conf --private-dev --nogroups /usr/bin/icedove
-
-## Exiting IceDove triggers the trap
-trap finish EXIT \ No newline at end of file
diff --git a/nonprism-testing/icedove-hardened-preferences/thunderbird-branding.js b/nonprism-testing/icedove-hardened-preferences/thunderbird-branding.js
deleted file mode 100644
index e69de29bb..000000000
--- a/nonprism-testing/icedove-hardened-preferences/thunderbird-branding.js
+++ /dev/null
diff --git a/nonprism-testing/iceweasel-hardened-preferences/PKGBUILD b/nonprism-testing/iceweasel-hardened-preferences/PKGBUILD
deleted file mode 100644
index 9b10b5475..000000000
--- a/nonprism-testing/iceweasel-hardened-preferences/PKGBUILD
+++ /dev/null
@@ -1,32 +0,0 @@
-# Maintainer: Luke R. <g4jc@openmailbox.org> GPG: rsa4096/3EAE8697
-# Contributor: André Silva <emulatorman@parabola.nu>
-
-pkgname=iceweasel-hardened-preferences
-pkgver=0.1
-pkgrel=4
-pkgdesc="Non-Persistent hardened preferences script which runs Iceweasel to protect from a variety of privacy, security, and fingerprinting attacks."
-arch=(any)
-license=(MPL)
-replaces=('iceweasel-hardened')
-conflicts=('iceweasel-hardened')
-depends=('firejail' 'iceweasel-noscript')
-url="https://wiki.parabola.nu/${pkgname%%-*}"
-install=iceweasel-hardened.install
-source=('firefox-branding.js'
-'iceweasel-hardened.sh'
-'iceweasel-branding.js'
-'iceweasel-hardened.install')
-sha512sums=('cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e'
-'e2f83a331da79e2847724d5ff1272aeb5c4bfcb5484b767fe2a5b6deabe0ed5a3bb2649a2a731c6c623cf31f23236e299c369a9689e8820935fa02e921be4d92'
-'733553fc5fc05ea8b7183b33b046afe30c2004f7a73dd289c8107dba5e2a997827267a9b5f26979e85e7b4eae4e12ce89c205fd81ba5bfd50df08f4dd716208f'
-'26e48145cfeaf8f243c6f4f30ccc806aea3fb825370e43b34dab33e1404a88849c888bf25a0b2038b3535b2d45569af24652894bb7a845b9bbc90fa23787cd2e')
-whirlpoolsums=('19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3'
-'eb2c7f215673f60480e49c8ffe8b2fbe1defcdca45d6fb474f0eaa462070e4976f763bfe853ed9322c112beb34f68b0e120028403846962fa3ed6bdf7e605a8e'
-'88be3317fc78e4bbaf79f080c7270d78a90f152f96fa067f2215915285ba8573ee46071856c2578bd3e02a678e783313131f3c2dcf6a02f2f862edd9de0a7820'
-'1b1e6202ce3fbf05e0513af03e94f2ad5a70b774404dd72260363fdc1f810047cbfb9889ad6f800f5bbe87b050c2556ea30567baf7b07e67f1afc05fc665fb5e')
-
-package() {
- install -Dm644 iceweasel-branding.js "$pkgdir"/usr/lib/iceweasel/browser/defaults/preferences/iceweasel-branding.js
- install -Dm766 firefox-branding.js "$pkgdir"/usr/lib/iceweasel/browser/defaults/preferences/firefox-branding.js
- install -Dm755 iceweasel-hardened.sh "$pkgdir"/usr/bin/iceweasel-hardened
-}
diff --git a/nonprism-testing/iceweasel-hardened-preferences/firefox-branding.js b/nonprism-testing/iceweasel-hardened-preferences/firefox-branding.js
deleted file mode 100644
index e69de29bb..000000000
--- a/nonprism-testing/iceweasel-hardened-preferences/firefox-branding.js
+++ /dev/null
diff --git a/nonprism-testing/iceweasel-hardened-preferences/iceweasel-branding.js b/nonprism-testing/iceweasel-hardened-preferences/iceweasel-branding.js
deleted file mode 100644
index e90c70fd0..000000000
--- a/nonprism-testing/iceweasel-hardened-preferences/iceweasel-branding.js
+++ /dev/null
@@ -1,1101 +0,0 @@
-/******************************************************************************
- * user.js *
- * https://github.com/pyllyukko/user.js *
- ******************************************************************************/
-
- /*****************************************************************************
- * Avoid hardware based fingerprintings *
- * Canvas/Font's/Plugins *
- ******************************************************************************/
-// https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration
-// https://www.macromedia.com/support/documentation/en/flashplayer/help/help01.html
-// https://github.com/dillbyrne/random-agent-spoofer/issues/74
-pref("gfx.direct2d.disabled", true);
-pref("layers.acceleration.disabled", true);
-pref("gfx.downloadable_fonts.fallback_delay", -1);
-pref("intl.charset.default", "windows-1252");
-pref("intl.locale.matchOS", false);
-pref("javascript.use_us_english_locale", true);
-pref("noscript.forbidFonts", true);
-
-/******************************************************************************
- * HTML5 / APIs / DOM *
- * *
- ******************************************************************************/
-
-// disable Location-Aware Browsing
-// http://www.mozilla.org/en-US/firefox/geolocation/
-pref("geo.enabled", false);
-
-// Disable dom.mozTCPSocket.enabled (raw TCP socket support)
-// https://trac.torproject.org/projects/tor/ticket/18863
-// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
-// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
-pref("dom.mozTCPSocket.enabled", false);
-
-// Disable DOM Shared Workers
-// See https://bugs.torproject.org/15562
-pref("dom.workers.sharedWorkers.enabled", false);
-
-// Disable WebSockets
-// https://www.infoq.com/news/2012/03/websockets-security
-// http://mdn.beonex.com/en/WebSockets.html
-pref("network.websocket.max-connections", 0);
-
-// Disable DOM Push API
-// https://developer.mozilla.org/en-US/docs/Web/API/Push_API
-// https://wiki.mozilla.org/Security/Reviews/Push_API
-// https://wiki.mozilla.org/Privacy/Reviews/Push_API
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1038811
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1153499
-pref("dom.push.enabled", false);
-pref("dom.push.serverURL", "");
-pref("dom.push.userAgentID", "");
-// https://hg.mozilla.org/releases/mozilla-beta/file/e549349b8d66/modules/libpref/init/all.js#l4237
-pref("dom.push.connection.enabled", false);
-pref("dom.push.adaptive.enabled", false);
-pref("dom.push.udp.wakeupEnabled", false);
-// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/modules/libpref/init/all.js#l4445
-// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/push/PushRecord.jsm#l59
-pref("dom.push.maxQuotaPerSubscription", 0);
-// https://wiki.mozilla.org/Security/Reviews/SimplePush
-pref("services.push.enabled", false);
-pref("services.push.serverURL", "");
-
-// Disable Kinto Cloud
-// Note: Pref may change name in future release
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1266235#c2
-pref("services.kinto.base", "");
-
-// Disable MDNS (Supposedly only for Android but is in Desktop version also)
-// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/presentation/provider/MulticastDNSDeviceProvider.cpp#l18
-pref("dom.presentation.discovery.enabled", false);
-pref("dom.presentation.discoverable", false);
-
-// http://kb.mozillazine.org/Dom.storage.enabled
-// http://dev.w3.org/html5/webstorage/#dom-localstorage
-// you can also see this with Panopticlick's "DOM localStorage"
-pref("dom.storage.enabled", false);
-
-// Whether JS can get information about the network/browser connection
-// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.)
-// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API
-// https://wicg.github.io/netinfo/#privacy-considerations
-// https://bugzilla.mozilla.org/show_bug.cgi?id=960426
-pref("dom.netinfo.enabled", false);
-// fingerprinting due to differing OS implementations
-pref("dom.network.enabled", false);
-
-// Disable Web Audio API
-// https://bugzil.la/1288359
-pref("dom.webaudio.enabled", false);
-
-// Audio_data is deprecated in future releases, but still present
-// in FF24. This is a dangerous combination (spotted by iSec)
-pref("media.audio_data.enabled", false);
-
-// Don't autoplay WebM and other embedded media files
-// https://support.mozilla.org/en-US/questions/1073167
-pref("media.autoplay.enabled", false);
-pref("noscript.forbidMedia", true);
-
-// Don't reveal your internal IP
-// Check the settings with: http://net.ipcalf.com/
-// https://wiki.mozilla.org/Media/WebRTC/Privacy
-pref("media.peerconnection.ice.default_address_only", true); // Firefox < 51
-pref("media.peerconnection.ice.no_host", true); // Firefox >= 51
-// Disable WebRTC entirely
-pref("media.peerconnection.enabled", false);
-
-// getUserMedia
-// https://wiki.mozilla.org/Media/getUserMedia
-pref("media.getusermedia.screensharing.allowed_domains", "");
-pref("media.getusermedia.screensharing.enabled", false);
-// https://developer.mozilla.org/en-US/docs/Web/API/Navigator
-pref("media.navigator.enabled", false);
-// https://developer.mozilla.org/en-US/docs/Web/API/BatteryManager
-pref("dom.battery.enabled", false);
-// https://wiki.mozilla.org/WebAPI/Security/WebTelephony
-pref("dom.telephony.enabled", false);
-// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
-pref("beacon.enabled", false);
-// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
-pref("dom.event.clipboardevents.enabled", false);
-// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
-pref("dom.enable_performance", false);
-// https://wiki.mozilla.org/B2G/QA/WebAPI_Test_Plan/Vibration#API
-pref("dom.vibrator.enabled", false);
-
-// Speech recognition
-// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
-// https://wiki.mozilla.org/HTML5_Speech_API
-pref("media.webspeech.recognition.enable", false);
-pref("media.webspeech.synth.enabled", false);
-
-// Disable getUserMedia screen sharing
-// https://mozilla.github.io/webrtc-landing/gum_test.html
-pref("media.getusermedia.screensharing.enabled", false);
-
-// Disable sensor API
-// https://wiki.mozilla.org/Sensor_API
-pref("device.sensors.enabled", false);
-
-// Disable MMS
-pref("dom.mms.retrieval_mode", "never");
-
-// http://kb.mozillazine.org/Browser.send_pings
-pref("browser.send_pings", false);
-// this shouldn't have any effect, since we block pings altogether, but we'll set it anyway.
-// http://kb.mozillazine.org/Browser.send_pings.require_same_host
-pref("browser.send_pings.require_same_host", true);
-
-// https://developer.mozilla.org/en-US/docs/IndexedDB
-// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review
-// TODO: find out why html5test still reports this as available
-// Note: Disabled, Can be enable if it breaks plugins/sites which require it. Privacy Risk.
-// see: http://forums.mozillazine.org/viewtopic.php?p=13842047#p13842047
-pref("dom.indexedDB.enabled", false);
-
-// TODO: "Access Your Location" "Maintain Offline Storage" "Show Notifications"
-
-// Disable gamepad input
-// http://www.w3.org/TR/gamepad/
-pref("dom.gamepad.enabled", false);
-
-// Disable virtual reality devices
-// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
-pref("dom.vr.enabled", false);
-pref("dom.vr.cardboard.enabled", false);
-pref("dom.vr.oculus.enabled", false);
-pref("dom.vr.oculus050.enabled", false);
-pref("dom.vr.poseprediction.enabled", false);
-pref("dom.vr.add-test-devices", 0);
-
-// disable notifications
-pref("dom.webnotifications.enabled", false);
-
-// HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328
-pref("browser.history.allowPopState", false);
-pref("browser.history.allowPushState", false);
-pref("browser.history.allowReplaceState", false);
-// Idle Observation
-pref("dom.idle-observers-api.enabled", false);
-
-// Prevent Timing Attacks
-// https://network23.org/inputisevil/2015/09/06/how-html5-apis-can-fingerprint-users/
-pref("dom.performance.enable_user_timing_logging", false);
-pref("dom.enable_resource_timing", false); // Bug 13024
-pref("dom.enable_user_timing", false); // Bug 16336
-pref("dom.event.highrestimestamp.enabled", true); // Bug 17046: Don't leak system uptime in Events
-
-// disable webGL
-// http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/
-pref("webgl.disabled", true);
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1171228
-// https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info
-pref("webgl.enable-debug-renderer-info", false);
-pref("webgl.disable-extensions", false);
-pref("webgl.min_capability_mode", true);
-// somewhat related...
-pref("pdfjs.enableWebGL", false);
-
-/******************************************************************************
- * Misc *
- * *
- ******************************************************************************/
-
- // Disable website autorefresh, user can still proceed with warning
-pref("accessibility.blockautorefresh", true);
-pref("browser.meta_refresh_when_inactive.disabled", true);
-pref("noscript.forbidMetaRefresh", true);
-
-
-// Disable face detection by default
-pref("camera.control.face_detection.enabled", false);
-pref("camera.control.autofocus_moving_callback.enabled", false);
-
-// Default search engine
-//pref("browser.search.defaultenginename", "DuckDuckGo");
-
-// http://kb.mozillazine.org/Clipboard.autocopy
-pref("clipboard.autocopy", false);
-
-// Display an error message indicating the entered information is not a valid
-// URL instead of asking from google.
-// http://kb.mozillazine.org/Keyword.enabled#Caveats
-pref("keyword.enabled", false);
-
-// Don't trim HTTP off of URLs in the address bar.
-// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
-pref("browser.urlbar.trimURLs", false);
-
-// Don't try to guess where i'm trying to go!!! e.g.: "http://foo" -> "http://(prefix)foo(suffix)"
-// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
-pref("browser.fixup.alternate.enabled", false);
-
-// Set TOR as default proxy
-pref("network.proxy.socks", "127.0.0.1");
-pref("network.proxy.socks_port", 9050);
-// Proxy off by default, user can toggle it on.
-pref("network.proxy.type", 0);
-// Protect TOR ports
-pref("network.security.ports.banned", "9050,9051,9150,9151");
-
-// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
-pref("network.proxy.socks_remote_dns", true);
-
-// For fingerprinting and local service vulns (#10419)
-pref("network.proxy.no_proxies_on", "");
-
-// We not want to monitoring the connection state of users
-// https://trac.torproject.org/projects/tor/ticket/18945
-pref("network.manage-offline-status", false);
-
-// Mixed content stuff
-// https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_23#Non-SSL_contents_on_SSL_pages_are_blocked_by_default
-// https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
-pref("security.mixed_content.block_active_content", true);
-// Mixed Passive Content (a.k.a. Mixed Display Content).
-pref("security.mixed_content.block_display_content", true);
-
-// https://secure.wikimedia.org/wikibooks/en/wiki/Grsecurity/Application-specific_Settings#Firefox_.28or_Iceweasel_in_Debian.29
-pref("javascript.options.methodjit.chrome", false);
-pref("javascript.options.methodjit.content", false);
-
-// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.7 Disable JAR from opening Unsafe File Types
-// http://kb.mozillazine.org/Network.jar.open-unsafe-types
-pref("network.jar.open-unsafe-types", false);
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1173171
-pref("network.jar.block-remote-files", true);
-
-// CIS 2.7.4 Disable Scripting of Plugins by JavaScript
-pref("security.xpconnect.plugin.unrestricted", false);
-
-// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 Set File URI Origin Policy
-// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
-pref("security.fileuri.strict_origin_policy", true);
-
-// CIS 2.3.6 Disable Displaying Javascript in History URLs
-// http://kb.mozillazine.org/Browser.urlbar.filter.javascript
-pref("browser.urlbar.filter.javascript", true);
-
-// http://asmjs.org/
-// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
-// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/
-// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712
-pref("javascript.options.asmjs", false);
-// https://hacks.mozilla.org/2016/03/a-webassembly-milestone/
-pref("javascript.options.wasm", false);
-// https://trac.torproject.org/projects/tor/ticket/9387#comment:43
-pref("javascript.options.typeinference", false);
-pref("javascript.options.baselinejit.content", false);
-pref("javascript.options.ion.content", false);
-// https://www.torproject.org/projects/torbrowser/design
-pref("mathml.disabled", true);
-
-// https://wiki.mozilla.org/SVGOpenTypeFonts
-// the iSEC Partners Report recommends to disable this
-pref("gfx.font_rendering.opentype_svg.enabled", false);
-
-// Disable SVG
-// Note: May only work in TBB due to upstream not implementing?
-// https://trac.torproject.org/projects/tor/ticket/18770
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1173199#c9
-pref("svg.in-content.enabled", false);
-
-// https://bugzil.la/654550
-// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785
-// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065
-pref("media.video_stats.enabled", false);
-
-// Don't reveal build ID
-// Value taken from Tor Browser
-// https://bugzil.la/583181
-pref("general.buildID.override", "20100101");
-
-// Prevent font fingerprinting
-// http://www.browserleaks.com/fonts
-// https://github.com/pyllyukko/user.js/issues/120
-pref("browser.display.use_document_fonts", 0);
-
-// Prefer sans-serif
-pref("font.default.x-western", "sans-serif");
-
-
-/******************************************************************************
- * extensions / plugins *
- * *
- ******************************************************************************/
-
-// Require signatures
-pref("xpinstall.signatures.required", true);
-
-// Opt-out of add-on metadata updates
-// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
-pref("extensions.getAddons.cache.enabled", false);
-
-// Flash plugin state - never activate
-pref("plugin.state.flash", 0);
-pref("plugins.notifyMissingFlash", false);
-
-// Java plugin state - never activate
-pref("plugin.state.java", 0);
-
-// disable Gnome Shell Integration
-pref("plugin.state.libgnome-shell-browser-plugin", 0);
-
-// disable the bundled OpenH264 video codec
-// http://forums.mozillazine.org/viewtopic.php?p=13845077&sid=28af2622e8bd8497b9113851676846b1#p13845077
-pref("media.gmp-provider.enabled", false);
-
-// https://wiki.mozilla.org/Firefox/Click_To_Play
-// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/
-pref("plugins.click_to_play", true);
-
-// Updates addons automatically
-// Disabled due to Fingerprinting, you can update addons manually.
-// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
-pref("extensions.update.enabled", false);
-pref("extensions.update.autoUpdateDefault", false);
-// User can still update manually, but we disable background updates.
-pref("extensions.update.background.url", "");
-// The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox
-pref("extensions.systemAddon.update.url", "");
-// We can update our themes manually, may fingerprint the user.
-pref("lightweightThemes.update.enabled", false);
-
-// Only install extensions to user profile
-// https://developer.mozilla.org/en-US/Add-ons/Installing_extensions
-// https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
-pref("extensions.enabledScopes", 1);
-
-// http://kb.mozillazine.org/Extensions.blocklist.enabled
-pref("extensions.blocklist.enabled", false);
-pref("extensions.blocklist.detailsURL", "about:blank");
-pref("extensions.blocklist.itemURL", "about:blank");
-pref("extensions.blocklist.url", "about:blank");
-pref("extensions.getAddons.get.url", "about:blank");
-pref("extensions.getAddons.getWithPerformance.url", "about:blank");
-pref("extensions.getAddons.recommended.url", "about:blank");
-pref("services.settings.server", "");
-// If blocklist downloads, we want it to be signed.
-pref("services.blocklist.signing.enforced", true);
-
-// Disable Freedom Violating DRM Feature
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1144903#c8
-pref("media.eme.apiVisible", false);
-pref("media.eme.enabled", false);
-pref("browser.eme.ui.enabled", false);
-pref("media.gmp-eme-adobe.enabled", false);
-
-// Fingerprints the user, not HTTPS. Remove it.
-pref("pfs.datasource.url", "about:blank");
-pref("pfs.filehint.url", "about:blank");
-
-/******************************************************************************
- * firefox features / components *
- * *
- ******************************************************************************/
-
-// WebIDE
-// https://trac.torproject.org/projects/tor/ticket/16222
-pref("devtools.webide.enabled", false);
-pref("devtools.webide.autoinstallADBHelper", false);
-pref("devtools.webide.autoinstallFxdtAdapters", false);
-
-// disable remote debugging
-// https://developer.mozilla.org/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Enable_remote_debugging
-// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
-pref("devtools.debugger.remote-enabled", false);
-// "to use developer tools in the context of the browser itself, and not only web content"
-pref("devtools.chrome.enabled", false);
-// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Firefox_37_onwards
-pref("devtools.debugger.force-local", true);
-pref("devtools.devices.url", "about:blank");
-pref("devtools.gcli.imgurUploadURL", "about:blank");
-pref("devtools.gcli.jquerySrc", "about:blank");
-pref("devtools.gcli.lodashSrc", "about:blank");
-pref("devtools.gcli.underscoreSrc", "about:blank");
-// http://forum.top-hat-sec.com/index.php?topic=4951.5;wap2
-pref("devtools.remote.wifi.scan", false);
-pref("devtools.remote.wifi.visible", false);
-pref("devtools.webide.adaptersAddonURL", "about:blank");
-pref("devtools.webide.adbAddonURL", "about:blank");
-pref("devtools.webide.addonsURL", "about:blank");
-//https://trac.torproject.org/projects/tor/ticket/16222
-pref("devtools.webide.enabled", false);
-pref("devtools.webide.simulatorAddonsURL", "about:blank");
-pref("devtools.webide.templatesURL", "about:blank");
-
-// https://wiki.mozilla.org/Platform/Features/Telemetry
-// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry
-// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry
-pref("toolkit.telemetry.enabled", false);
-// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html
-pref("toolkit.telemetry.unified", false);
-pref("toolkit.telemetry.server", "about:blank");
-pref("toolkit.telemetry.archive.enabled", false);
-// https://wiki.mozilla.org/Telemetry/Experiments
-pref("experiments.supported", false);
-pref("experiments.enabled", false);
-pref("experiments.manifest.uri", false);
-// https://trac.torproject.org/projects/tor/ticket/13170
-pref("network.allow-experiments", false);
-
-// Disable the UITour backend so there is no chance that a remote page
-// can use it to confuse Tor Browser users.
-pref("browser.uitour.enabled", false);
-
-// https://wiki.mozilla.org/Security/Tracking_protection
-// https://support.mozilla.org/en-US/kb/tracking-protection-firefox
-pref("privacy.trackingprotection.enabled", true);
-// https://support.mozilla.org/en-US/kb/tracking-protection-pbm
-pref("privacy.trackingprotection.pbmode.enabled", true);
-
-// Third Party Isolation Enabled Always
-// https://github.com/arthuredelstein/tor-browser/commit/b8da7721a9df4af1b595eb046e94280fe8e32d31
-pref("privacy.thirdparty.isolate", 2);
-
-// Resist fingerprinting via window.screen and CSS media queries and other techniques
-// https://bugzil.la/418986
-// https://bugzil.la/1281949
-// https://bugzil.la/1281963
-pref("privacy.resistFingerprinting", true);
-
-// Disable the built-in PDF viewer (CVE-2015-2743)
-// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2743
-pref("pdfjs.disabled", true);
-
-// Disable sending of the health report
-// https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf
-pref("datareporting.healthreport.uploadEnabled", false);
-// disable collection of the data (the healthreport.sqlite* files)
-pref("datareporting.healthreport.service.enabled", false);
-// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html
-pref("datareporting.policy.dataSubmissionEnabled", false);
-pref("datareporting.healthreport.about.reportUrl", "about:blank");
-pref("datareporting.healthreport.documentServerURI", "about:blank");
-pref("datareporting.policy.firstRunTime", 0);
-
-// Disable new tab tile ads & preload
-// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox
-// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331
-pref("browser.newtabpage.enhanced", false);
-pref("browser.newtab.preload", false);
-pref("browser.newtabpage.introShown", true);
-// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
-// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
-pref("browser.newtabpage.directory.ping", "");
-// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
-pref("browser.newtabpage.directory.source", "data:text/plain,{}");
-
-// disable heartbeat
-// https://wiki.mozilla.org/Advocacy/heartbeat
-pref("browser.selfsupport.url", "");
-
-// Disable firefox hello
-// https://wiki.mozilla.org/Loop
-//pref("loop.enabled", false);
-// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
-pref("loop.logDomains", false);
-
-// Disable Crash Reporter (Massive browser fingerprinting)
-pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
-pref("browser.tabs.crashReporting.sendReport", false);
-pref("breakpad.reportURL", "about:blank");
-
-// Disable Slow Startup Notifications
-pref("browser.slowStartup.maxSamples", 0);
-pref("browser.slowStartup.notificationDisabled", true);
-pref("browser.slowStartup.samples", 0);
-
-// CIS 2.1.1 Disable Auto Update / Balrog
-pref("app.update.auto", false);
-pref("app.update.checkInstallTime", false);
-pref("app.update.enabled", false);
-pref("app.update.staging.enabled", false);
-pref("app.update.url", "about:blank");
-pref("media.gmp-manager.certs.1.commonName", "");
-pref("media.gmp-manager.certs.2.commonName", "");
-
-// CIS 2.3.4 Block Reported Web Forgeries
-// http://kb.mozillazine.org/Browser.safebrowsing.enabled
-// http://kb.mozillazine.org/Safe_browsing
-// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
-// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849
-pref("browser.safebrowsing.enabled", false);
-
-// CIS 2.3.5 Block Reported Attack Sites
-// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled
-pref("browser.safebrowsing.malware.enabled", false);
-
-// Disable safe browsing remote lookups for downloaded files.
-// This leaks information to google.
-// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
-// https://wiki.mozilla.org/Security/Application_Reputation
-pref("browser.safebrowsing.downloads.remote.enabled", false);
-pref("browser.safebrowsing.appRepURL", "about:blank");
-pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank");
-pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank");
-pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
-pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
-pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
-pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
-pref("browser.safebrowsing.downloads.remote.enabled", false);
-pref("browser.safebrowsing.downloads.remote.url", "");
-pref("browser.safebrowsing.provider.google.gethashURL", "");
-pref("browser.safebrowsing.provider.google.updateURL", "");
-pref("browser.safebrowsing.provider.google.lists", "");
-
-// Disable pocket
-// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
-pref("browser.pocket.enabled", false);
-// https://github.com/pyllyukko/user.js/issues/143
-pref("extensions.pocket.enabled", false);
-pref("extensions.pocket.api", "about:blank");
-pref("extensions.pocket.enabled", false);
-pref("browser.pocket.api", "about:blank");
-pref("browser.pocket.enabledLocales", "about:blank");
-pref("browser.pocket.oAuthConsumerKey", "about:blank");
-pref("browser.pocket.site", "about:blank");
-pref("browser.pocket.useLocaleList", false);
-pref("browser.toolbarbuttons.introduced.pocket-button", true);
-
-// Disable Hello (Soon to be removed upstream finally!)
-pref("loop.copy.throttler", "about:blank");
-pref("loop.enabled",false);
-pref("loop.facebook.appId", "about:blank");
-pref("loop.facebook.enabled", false);
-pref("loop.facebook.fallbackUrl", "about:blank");
-pref("loop.facebook.shareUrl", "about:blank");
-pref("loop.feedback.baseUrl", "about:blank");
-pref("loop.feedback.formURL", "about:blank");
-pref("loop.feedback.manualFormURL", "about:blank");
-pref("loop.gettingStarted.url", "about:blank");
-pref("loop.learnMoreUrl", "about:blank");
-pref("loop.legal.ToS_url", "about:blank");
-pref("loop.legal.privacy_url", "about:blank");
-pref("loop.linkClicker.url", "about:blank");
-pref("loop.oauth.google.redirect_uri", "about:blank");
-pref("loop.oauth.google.scope", "about:blank");
-pref("loop.remote.autostart", false);
-pref("loop.server", "about:blank");
-pref("loop.soft_start_hostname", "about:blank");
-pref("loop.support_url", "about:blank");
-pref("loop.throttled2", false);
-
-// Disable Social
-pref("social.directories", "");
-pref("social.enabled", false);
-// remote-install allows any website to activate a provider, with extended UI
-pref("social.remote-install.enabled", false);
-pref("social.shareDirectory", "");
-pref("social.toast-notifications.enabled", false);
-pref("social.whitelist", "");
-
-// Disable Snippets
-pref("browser.snippets.enabled", false);
-pref("browser.snippets.geoUrl", "about:blank");
-pref("browser.snippets.statsUrl", "about:blank");
-pref("browser.snippets.syncPromo.enabled", false);
-pref("browser.snippets.updateUrl", "about:blank");
-
-// Disable WAN IP leaks
-pref("captivedetect.canonicalURL", "about:blank");
-pref("noscript.ABE.wanIpAsLocal", false);
-
-// Disable Default Protocol Handlers, always warn user instead
-pref("network.protocol-handler.external-default", false);
-pref("network.protocol-handler.external.mailto", false);
-pref("network.protocol-handler.external.news", false);
-pref("network.protocol-handler.external.nntp", false);
-pref("network.protocol-handler.external.snews", false);
-pref("network.protocol-handler.warn-external.mailto", true);
-pref("network.protocol-handler.warn-external.news", true);
-pref("network.protocol-handler.warn-external.nntp", true);
-pref("network.protocol-handler.warn-external.snews", true);
-
-// Disable Sync
-pref("services.sync.engine.addons", false);
-// Never sync prefs, addons, or tabs with other browsers
-pref("services.sync.engine.prefs", false);
-pref("services.sync.engine.tabs", false);
-pref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", false);
-pref("services.sync.prefs.sync.extensions.update.enabled", false);
-pref("services.sync.serverURL", "about:blank");
-pref("services.sync.jpake.serverURL", "about:blank");
-// Disable Failed Sync Logs since we killed sync.
-pref("services.sync.log.appender.file.logOnError", false);
-
-/******************************************************************************
- * automatic connections *
- * *
- ******************************************************************************/
-
-// Disable link prefetching
-// http://kb.mozillazine.org/Network.prefetch-next
-// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
-pref("network.prefetch-next", false);
-
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
-pref("browser.search.geoip.url", "");
-pref("browser.search.geoSpecificDefaults.url", "about:blank");
-pref("browser.search.geoSpecificDefaults", false);
-pref("browser.search.geoip.url", "about:blank");
-
-// http://kb.mozillazine.org/Network.dns.disablePrefetch
-// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
-pref("network.dns.disablePrefetch", true);
-pref("network.dns.disablePrefetchFromHTTPS", true);
-
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
-pref("network.dns.blockDotOnion", true);
-
-// https://wiki.mozilla.org/Privacy/Reviews/Necko
-pref("network.predictor.enabled", false);
-// https://wiki.mozilla.org/Privacy/Reviews/Necko#Principle:_Real_Choice
-pref("network.seer.enabled", false);
-
-// http://kb.mozillazine.org/Browser.search.suggest.enabled
-pref("browser.search.suggest.enabled", false);
-// Disable "Show search suggestions in location bar results"
-pref("browser.urlbar.suggest.searches", false);
-
-// Disable SSDP
-// https://bugzil.la/1111967
-pref("browser.casting.enabled", false);
-
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_media-capabilities
-// http://andreasgal.com/2014/10/14/openh264-now-in-firefox/
-pref("media.gmp-gmpopenh264.enabled", false);
-// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
-pref("media.gmp-manager.url", "");
-pref("media.gmp-manager.url.override", "data:text/plain");
-pref("media.gmp.trial-create.enabled", false);
-
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
-// https://bugzil.la/814169
-pref("network.http.speculative-parallel-limit", 0);
-
-// https://github.com/arthuredelstein/tor-browser/blob/tbb-esr31.1.1/browser/app/profile/000-tor-browser.js
-pref("network.http.pipelining", true);
-pref("network.http.pipelining.aggressive", true);
-pref("network.http.pipelining.maxrequests", 12);
-pref("network.http.pipelining.ssl", true);
-pref("network.http.proxy.pipelining", true);
-pref("security.ssl.enable_false_start", true);
-pref("network.http.keep-alive.timeout", 20);
-pref("network.http.connection-retry-timeout", 0);
-pref("network.http.max-persistent-connections-per-proxy", 256);
-pref("network.http.pipelining.reschedule-timeout", 15000);
-pref("network.http.pipelining.read-timeout", 60000);
-pref("network.http.pipelining.max-optimistic-requests", 3);
-pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable)
-pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case
-pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case
-
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content
-pref("browser.aboutHomeSnippets.updateUrl", "");
-
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
-pref("browser.search.update", false);
-
-//Disable Link to FireFox Marketplace, currently loaded with non-free "apps"
-pref("browser.apps.URL", "");
-pref("browser.webapps.checkForUpdates", 0);
-pref("browser.webapps.updateCheckUrl", "about:blank");
-pref("dom.mozApps.signed_apps_installable_from", "");
-
-// Disable Favicon lookups
-// http://kb.mozillazine.org/Browser.chrome.favicons
-// pref("browser.chrome.favicons", false);
-// pref("browser.chrome.site_icons", false);
-
-/******************************************************************************
- * HTTP *
- * *
- ******************************************************************************/
-
-// Disallow NTLMv1
-// https://bugzilla.mozilla.org/show_bug.cgi?id=828183
-pref("network.negotiate-auth.allow-insecure-ntlm-v1", false);
-// it is still allowed through HTTPS. uncomment the following to disable it completely.
-//pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false);
-
-// https://bugzilla.mozilla.org/show_bug.cgi?id=855326
-pref("security.csp.experimentalEnabled", true);
-
-// CSP https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
-pref("security.csp.enable", true);
-
-// Subresource integrity
-// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
-// https://wiki.mozilla.org/Security/Subresource_Integrity
-pref("security.sri.enable", true);
-
-// DNT HTTP header
-// http://dnt.mozilla.org/
-// https://en.wikipedia.org/wiki/Do_not_track_header
-// https://dnt-dashboard.mozilla.org
-// https://github.com/pyllyukko/user.js/issues/11
-// http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/
-//pref("privacy.donottrackheader.enabled", true);
-
-// Disable HTTP Alternative Services header
-// https://trac.torproject.org/projects/tor/ticket/16673
-pref("network.http.altsvc.enabled", false);
-pref("network.http.altsvc.oe", false);
-
-// http://kb.mozillazine.org/Network.http.sendRefererHeader#0
-// https://bugzilla.mozilla.org/show_bug.cgi?id=822869
-// Send a referer header with the target URI as the source
-//pref("network.http.sendRefererHeader", 1);
-pref("network.http.referer.spoofSource", true);
-
-// CIS 2.5.1 Accept Only 1st Party Cookies
-// http://kb.mozillazine.org/Network.cookie.cookieBehavior#1
-// This breaks a number of payment gateways so you may need to comment it out.
-pref("network.cookie.cookieBehavior", 1);
-// Make sure that third-party cookies (if enabled) never persist beyond the session.
-// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
-// http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly
-// https://developer.mozilla.org/en-US/docs/Cookies_Preferences_in_Mozilla#network.cookie.thirdparty.sessionOnly
-pref("network.cookie.thirdparty.sessionOnly", true);
-
-// user-agent
-//pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0");
-
-/******************************************************************************
- * Caching *
- * *
- ******************************************************************************/
-
- // Prevents the Permissions manager from writing to disk (regardless of whether we are in PBM)
- // https://bugzilla.mozilla.org/show_bug.cgi?id=967812#c9
- pref("permissions.memory_only", true);
-
- // Ensures the intermediate certificate store is memory only.
- // Note: Conflicts with old HTTP Basic Authentication
- // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882#c0
- pref("security.nocertdb", true);
-
-// http://kb.mozillazine.org/Browser.sessionstore.postdata
-// NOTE: relates to CIS 2.5.7
-pref("browser.sessionstore.postdata", 0);
-// http://kb.mozillazine.org/Browser.sessionstore.enabled
-pref("browser.sessionstore.enabled", false);
-
-// http://kb.mozillazine.org/Browser.cache.offline.enable
-pref("browser.cache.offline.enable", false);
-
-// Always use private browsing
-// https://support.mozilla.org/en-US/kb/Private-Browsing
-// https://wiki.mozilla.org/PrivateBrowsing
-// pref("browser.privatebrowsing.autostart", true);
-pref("extensions.ghostery.privateBrowsing", true);
-
-// Clear history when Firefox closes
-// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically
-pref("privacy.sanitize.sanitizeOnShutdown", true);
-pref("privacy.clearOnShutdown.cache", true);
-pref("privacy.clearOnShutdown.cookies", true);
-pref("privacy.clearOnShutdown.downloads", true);
-pref("privacy.clearOnShutdown.formdata", true);
-pref("privacy.clearOnShutdown.history", true);
-pref("privacy.clearOnShutdown.offlineApps", true);
-pref("privacy.clearOnShutdown.passwords", true);
-pref("privacy.clearOnShutdown.sessions", true);
-//pref("privacy.clearOnShutdown.siteSettings", false);
-
-// Firefox will store small amounts (less than 50 MB) of data without asking for permission, unless this is set to false
-// https://support.mozilla.org/en-US/questions/1014708
-pref("offline-apps.allow_by_default", false);
-
-// don't remember browsing history
-pref("places.history.enabled", false);
-
-// The cookie expires at the end of the session (when the browser closes).
-// http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2
-pref("network.cookie.lifetimePolicy", 2);
-
-// http://kb.mozillazine.org/Browser.cache.disk.enable
-pref("browser.cache.disk.enable", false);
-
-// http://kb.mozillazine.org/Browser.cache.memory.enable
-//pref("browser.cache.memory.enable", false);
-
-// CIS Version 1.2.0 October 21st, 2011 2.5.8 Disable Caching of SSL Pages
-// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
-pref("browser.cache.disk_cache_ssl", false);
-
-// CIS Version 1.2.0 October 21st, 2011 2.5.2 Disallow Credential Storage
-pref("signon.rememberSignons", false);
-
-// CIS Version 1.2.0 October 21st, 2011 2.5.5 Delete Download History
-// Zero (0) is an indication that no download history is retained for the current profile.
-pref("browser.download.manager.retention", 0);
-
-// CIS Version 1.2.0 October 21st, 2011 2.5.6 Delete Search and Form History
-pref("browser.formfill.enable", false);
-pref("browser.formfill.expire_days", 0);
-
-// CIS Version 1.2.0 October 21st, 2011 2.5.7 Clear SSL Form Session Data
-// http://kb.mozillazine.org/Browser.sessionstore.privacy_level#2
-// Store extra session data for unencrypted (non-HTTPS) sites only.
-// NOTE: CIS says 1, we use 2
-pref("browser.sessionstore.privacy_level", 2);
-
-// https://bugzil.la/238789#c19
-pref("browser.helperApps.deleteTempFileOnExit", true);
-
-// Disable the media cache, prvents HTML5 videos from being written to the OS temporary directory
-// https://www.torproject.org/projects/torbrowser/design/
-pref("media.cache_size", 0);
-
-// https://support.mozilla.org/en-US/questions/973320
-// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled
-pref("browser.pagethumbnails.capturing_disabled", true);
-
-/******************************************************************************
- * UI related *
- * *
- ******************************************************************************/
-
-// Webpages will not be able to affect the right-click menu
-//pref("dom.event.contextmenu.enabled", false);
-
-// Don't promote sync
-pref("browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmarks\":0}");
-
-// CIS 2.3.2 Disable Downloading on Desktop
-pref("browser.download.folderList", 2);
-
-// always ask the user where to download
-// https://developer.mozilla.org/en/Download_Manager_preferences
-pref("browser.download.useDownloadDir", false);
-
-// https://wiki.mozilla.org/Privacy/Reviews/New_Tab
-pref("browser.newtabpage.enabled", false);
-// https://support.mozilla.org/en-US/kb/new-tab-page-show-hide-and-customize-top-sites#w_how-do-i-turn-the-new-tab-page-off
-pref("browser.newtab.url", "about:blank");
-
-// CIS Version 1.2.0 October 21st, 2011 2.1.2 Enable Auto Notification of Outdated Plugins
-// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review
-// Note: Disabled, we get plugin updates from repository.
-//pref("plugins.update.notifyUser", true);
-
-// CIS Version 1.2.0 October 21st, 2011 2.1.3 Enable Information Bar for Outdated Plugins
-pref("plugins.hide_infobar_for_outdated_plugin", false);
-
-// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 Enable IDN Show Punycode
-// http://kb.mozillazine.org/Network.IDN_show_punycode
-pref("network.IDN_show_punycode", true);
-
-// http://kb.mozillazine.org/About:config_entries#Browser
-// http://kb.mozillazine.org/Inline_autocomplete
-pref("browser.urlbar.autoFill", false);
-pref("browser.urlbar.autoFill.typed", false);
-
-// http://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636/
-// http://kb.mozillazine.org/Browser.urlbar.maxRichResults
-// "Setting the preference to 0 effectively disables the Location Bar dropdown entirely."
-pref("browser.urlbar.maxRichResults", 0);
-
-// https://blog.mozilla.org/security/2010/03/31/plugging-the-css-history-leak/
-// http://dbaron.org/mozilla/visited-privacy
-pref("layout.css.visited_links_enabled", false);
-
-// http://kb.mozillazine.org/Places.frecency.unvisited%28place_type%29Bonus
-
-// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5
-pref("browser.urlbar.autocomplete.enabled", false);
-
-// http://kb.mozillazine.org/Signon.autofillForms
-// https://www.torproject.org/projects/torbrowser/design/#identifier-linkability
-pref("signon.autofillForms", false);
-
-// do not check if firefox is the default browser
-pref("browser.shell.checkDefaultBrowser", false);
-
-// CIS Version 1.2.0 October 21st, 2011 2.5.3 Disable Prompting for Credential Storage
-pref("security.ask_for_password", 0);
-
-// Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
-pref("browser.link.open_newwindow.restriction", 0);
-
-// Enable Insecure login field contextual warning
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1217162
-pref("security.insecure_field_warning.contextual.enabled", true);
-
-/******************************************************************************
- * TLS / HTTPS / OCSP related stuff *
- * *
- ******************************************************************************/
-
-// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
-// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
-pref("network.stricttransportsecurity.preloadlist", false);
-
-// CIS Version 1.2.0 October 21st, 2011 2.2.4 Enable Online Certificate Status Protocol
-// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol#Privacy_concerns
-pref("security.OCSP.enabled", 0);
-pref("security.OCSP.require", false);
-
-// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
-pref("security.ssl.enable_ocsp_stapling", true);
-
-// require certificate revocation check through OCSP protocol.
-// NOTICE: this leaks information about the sites you visit to the CA.
-pref("security.OCSP.require", true);
-
-// https://www.blackhat.com/us-13/briefings.html#NextGen
-// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf
-// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf
-// https://bugzil.la/917049
-// https://bugzil.la/967977
-pref("security.ssl.disable_session_identifiers", true);
-// https://www.torproject.org/projects/torbrowser/design/index.html.en
-pref("security.ssl.enable_false_start", true);
-pref("security.enable_tls_session_tickets", false);
-
-// TLS 1.[012]
-// http://kb.mozillazine.org/Security.tls.version.max
-// 1 = TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)
-// 2 = TLS 1.1 is the minimum required / maximum supported encryption protocol.
-pref("security.tls.version.min", 1);
-pref("security.tls.version.max", 3);
-
-// pinning
-// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#How_to_use_pinning
-// "2. Strict. Pinning is always enforced."
-pref("security.cert_pinning.enforcement_level", 2);
-
-// disallow SHA-1
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
-//pref("security.pki.sha1_enforcement_level", 1);
-
-// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
-// see also CVE-2009-3555
-pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-
-// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.require_safe_negotiation
-// this makes browsing next to impossible=) (13.2.2012)
-// update: the world is not ready for this! (6.5.2014)
-// see also CVE-2009-3555
-// The world must comply with this! (11.20.2016)
-pref("security.ssl.require_safe_negotiation", true);
-
-// https://support.mozilla.org/en-US/kb/certificate-pinning-reports
-//
-// we could also disable security.ssl.errorReporting.enabled, but I think it's
-// good to leave the option to report potentially malicious sites if the user
-// chooses to do so.
-//
-// you can test this at https://pinningtest.appspot.com/
-pref("security.ssl.errorReporting.automatic", false);
-
-// http://kb.mozillazine.org/Browser.ssl_override_behavior
-// Pre-populate the current URL but do not pre-fetch the certificate.
-pref("browser.ssl_override_behavior", 1);
-
-/******************************************************************************
- * CIPHERS *
- * *
- * you can debug the SSL handshake with tshark: *
- * tshark -t ad -n -i wlan0 -T text -V -R ssl.handshake *
- ******************************************************************************/
-
-// disable null ciphers
-pref("security.ssl3.rsa_null_sha", false);
-pref("security.ssl3.rsa_null_md5", false);
-pref("security.ssl3.ecdhe_rsa_null_sha", false);
-pref("security.ssl3.ecdhe_ecdsa_null_sha", false);
-pref("security.ssl3.ecdh_rsa_null_sha", false);
-pref("security.ssl3.ecdh_ecdsa_null_sha", false);
-
-// SEED
-// https://en.wikipedia.org/wiki/SEED
-pref("security.ssl3.rsa_seed_sha", false);
-
-// 40 bits...
-pref("security.ssl3.rsa_rc4_40_md5", false);
-pref("security.ssl3.rsa_rc2_40_md5", false);
-
-// 56 bits
-pref("security.ssl3.rsa_1024_rc4_56_sha", false);
-
-// 128 bits
-pref("security.ssl3.rsa_camellia_128_sha", false);
-pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
-pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
-pref("security.ssl3.ecdh_rsa_aes_128_sha", false);
-pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false);
-pref("security.ssl3.dhe_rsa_camellia_128_sha", false);
-pref("security.ssl3.dhe_rsa_aes_128_sha", false);
-
-// RC4 (CVE-2013-2566)
-pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false);
-pref("security.ssl3.ecdh_rsa_rc4_128_sha", false);
-pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
-pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
-pref("security.ssl3.rsa_rc4_128_md5", false);
-pref("security.ssl3.rsa_rc4_128_sha", false);
-// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
-// https://bugzil.la/1138882
-// https://rc4.io/
-pref("security.tls.unrestricted_rc4_fallback", false);
-
-// 3DES -> false because effective key size < 128
-// https://en.wikipedia.org/wiki/3des#Security
-// http://en.citizendium.org/wiki/Meet-in-the-middle_attack
-// http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
-pref("security.ssl3.dhe_dss_des_ede3_sha", false);
-pref("security.ssl3.dhe_rsa_des_ede3_sha", false);
-pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false);
-pref("security.ssl3.ecdh_rsa_des_ede3_sha", false);
-pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false);
-pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false);
-pref("security.ssl3.rsa_des_ede3_sha", false);
-pref("security.ssl3.rsa_fips_des_ede3_sha", false);
-
-// Ciphers with ECDH (without /e$/)
-pref("security.ssl3.ecdh_rsa_aes_256_sha", false);
-pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false);
-
-// 256 bits without PFS
-pref("security.ssl3.rsa_camellia_256_sha", false);
-
-// Ciphers with ECDHE and > 128bits
-pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
-pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
-
-// GCM, yes please!
-pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
-pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
-
-// ChaCha20 and Poly1305. Supported since Firefox 47.
-// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
-// https://tools.ietf.org/html/rfc7905
-// https://bugzil.la/917571
-// https://bugzil.la/1247860
-// https://cr.yp.to/chacha.html
-pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
-pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
-
-// Susceptible to the logjam attack - https://weakdh.org/
-pref("security.ssl3.dhe_rsa_camellia_256_sha", false);
-pref("security.ssl3.dhe_rsa_aes_256_sha", false);
-
-// Ciphers with DSA (max 1024 bits)
-pref("security.ssl3.dhe_dss_aes_128_sha", false);
-pref("security.ssl3.dhe_dss_aes_256_sha", false);
-pref("security.ssl3.dhe_dss_camellia_128_sha", false);
-pref("security.ssl3.dhe_dss_camellia_256_sha", false);
-
-// Fallbacks due compatibility reasons
-pref("security.ssl3.rsa_aes_256_sha", true);
-pref("security.ssl3.rsa_aes_128_sha", true);
-
-// Disable static TLS insecure fallback whitelist
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1128227
-pref("security.tls.insecure_fallback_hosts.use_static_list", false);
diff --git a/nonprism-testing/iceweasel-hardened-preferences/iceweasel-hardened.install b/nonprism-testing/iceweasel-hardened-preferences/iceweasel-hardened.install
deleted file mode 100644
index 6e59a0c98..000000000
--- a/nonprism-testing/iceweasel-hardened-preferences/iceweasel-hardened.install
+++ /dev/null
@@ -1,6 +0,0 @@
-post_install() {
- echo "..."
- echo "Note: It is now required to use iceweasel-hardened or iceweasel binaries separately. They cannot run at the same time, but can be ran interchangebly."
- echo "..."
- echo "Nota: ahora se require usar los binarios iceweasel-hardened o iceweasel de forma separada. No pueden ser usados al mismo tiempo, pero sí de manera alterna."
-} \ No newline at end of file
diff --git a/nonprism-testing/iceweasel-hardened-preferences/iceweasel-hardened.sh b/nonprism-testing/iceweasel-hardened-preferences/iceweasel-hardened.sh
deleted file mode 100755
index f17f7fa2d..000000000
--- a/nonprism-testing/iceweasel-hardened-preferences/iceweasel-hardened.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-##############################################
-# IceWeasel-Hardened Jail and Cleaner Script #
-##############################################
-echo "Closing any other instances of IceWeasel to avoid crashes..."
-pkill -x iceweasel
-wait
-echo "Copying Hardened Prefs..."
-cp /usr/lib/iceweasel/browser/defaults/preferences/iceweasel-branding.js /usr/lib/iceweasel/browser/defaults/preferences/firefox-branding.js
-wait
-echo "Waking the IceWeasel..."
-
-# Trap cleaner function for IceWeasel exit cleaning
-function finish {
-echo "Removing hardened preferences..."
-echo "" > /usr/lib/iceweasel/browser/defaults/preferences/firefox-branding.js
- }
-
-## Firejail IceWeasel startup
-/usr/bin/firejail --profile=/etc/firejail/firefox.profile --noroot --nogroups --caps.drop=all --private-etc=/etc/resolv.conf --private-bin=bash,iceweasel --private-tmp --private-dev /usr/bin/iceweasel --private-window
-
-## Exiting IceWeasel triggers the trap
-trap finish EXIT \ No newline at end of file
generated by cgit v1.2.2 (git 2.25.0) at 2024-05-01 18:13:29 +0000