headsup: I intend to relax some prefs

[Thorin-Oakenpants]

this will get rid of 4 3 (Ipv6 wasn't listed) of the common items in the wiki

speak if you want to

---

DRM - move to optional hardening

I have lived without DRM in my everyday main FF since we first disabled it. I do not stream any content (Netflix, Disney, Hulu etc). But I do read a lot, and some of that is news, and some of that news comes with video, and sometimes that shit won't work (not always because its DRM - I use a pretty hard uBO), and all I end up doing is flicking over to my nightly (which is default + uBO + sanitizing on close) and fucking loading it anyway.

I get that DRM is a propriety and closed source, but honestly, for our threat model, disabling it is just a PITA and massive overkill. If this is your issue, then use Tor Browser. And I'm sure I'm the exception not the norm re streaming, so I know I've said users could just use a secondary browser, but that's not always easy for some people if they want a second gecko, dealing with profiles and installs and running concurrently.

So heads up, this WILL be moved to optional hardening. Those who do not want DRM can easily add an override

/* 2022: disable all DRM content (EME: Encryption Media Extension)
 * Optionally hide the setting which also disables the DRM prompt
 * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
 * [SETTING] General>DRM Content>Play DRM-controlled content
 * [TEST] https://bitmovin.com/demos/drm
 * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
user_pref("media.eme.enabled", false);
   // user_pref("browser.eme.ui.enabled", false);

referer.XOriginPolicy - make inactive move to optional hardening

I plan to relax this. I don't see any real benefit for value 1, it will unbreak fuck all IMO. So I am going to make the pref inactive. Those who want to harden can do so in their overrides. At the end of the day, most navigational "tracking" is harmless (i.e the same for everyone) and effectively blocking cross site referers just breaks "everything"

I am also going to remove any reference to Smart Referer, as I consider it abandoned. Plus it's not a good idea re CSRF see #1433 and for this reason I will not be recommending ANY referer extensions

Also, mask your IP, you dirty filthy animals

/* 1601: control when to send a cross-origin referer
 * 0=always (default), 1=only if base domains match, 2=only if hosts match
 * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
 * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/
user_pref("network.http.referer.XOriginPolicy", 2);

keyword - make inactive move to optional opsec

Considering the default FF does not show the searchbar, the urlbar IS the searchbar. So disabling keyword is more of an obstacle than a help. I also think the chances you do a typo or leak a secret are slim to none (I think I've caught myself with about 2 in 10 years), and you would still leak that typo/secret if you used the searchbar and hit enter. And the advice "Override this if you trust and use a privacy respecting search engine" is a little weird - if users are that privacy conscious (e.g. I still use google in nightly because it gets me my results) then they would have already changed engines. In other words, users are going to use the search engine they want to, and we can't change that, so to dictate out advice for keyword based on their search engine is a bit on odd, kinda. Anyway, I don't see this as anything more than user hostile for our threat model - even TB doesn't bother, because usability matters.

once again, those who wish to override it, can do so

/* 0801: disable location bar using search
 * Don't leak URL typos to a search engine, give an error message instead
 * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
 * [NOTE] This does not affect explicit user action such as using search buttons in the
 * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo)
 * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/
user_pref("keyword.enabled", false);

IPv6: make inactive - move to optional hardening

This is only an issue IMO for those using a VPN. And VPN users should be using a system wide reputable VPN like e.g. Mullvad (full disclosure, Mullvad sponsors Tor Project, and I work with them both - in fact I will be at Mullvad headquarters for a week in late October). I'm not a VPN expert, so Mullvad is the only name I could think of that I know is reputable. I assume Mullvad covers IPv6 properly (IANAE on networking shit, that's the 🐟 ). I also wonder, and IANAE, is that if the VPN fell over, you would be leaking your real IP anyway, so big deal with the mac addy? rhetorical q, don't answer

I think this line sums it up "If you are not masking your IP, then this won't make much difference."

again, users can override

/* 0701: disable IPv6
SNIP
 * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
user_pref("network.dns.disableIPv6", true);

[Thorin-Oakenpants]

Done, will land in next AF release. Remember folks, AF is a template ... thanks for all the feedback, until next time ...

[Thorin-Oakenpants]

on leaking search typos, even if I used a search shortcut (e.g. d for duckduckgo) or a dropdown search button, I would still leak the typo - how we send is not the issue, it's the typo. Makes me even more sure I did the right thing. mistyped urls are a little different

dinsey.com ... where woke goes to die?

[fxbrit]

good stuff, what's the next quest now?

[Thorin-Oakenpants]

Your next quest ... First you have to find your closest chinatown. Then look for an old wise woman and tell her you want what's in the back. She will then send you on a quest to retrieve the staff of a thousand fires. This quest will be long and arduous but if you can find a good paladin warlock it can make things manageable. Once you defeat the undead soldier of the sands of time and receive the staff you must bring it back to the old wise woman. DO NOT fall victim to its power. It's best to just put it in your bag of holding and forget about it. Once all is complete then you are ready for step one.

[fxbrit]

I did it to myself didn't I

[opusforlife2]

I just discovered that the Mozilla Archive offers EME-free builds, likely for users that want FOSS builds that lack DRM support: https://archive.mozilla.org/pub/firefox/releases/120.0.1/win64-EME-free/en-US/

This is an alternative to setting an override, for those who want it. Is this worth adding to the wiki, or maybe just the OP in this sticky?

[Thorin-Oakenpants]

Is this worth adding to the wiki

no - just flip a pref FFS :) When disabled you don't even retain the DRM plugin.

also, makes me wonder if you have to update manually all the time, unless the built in updater knows to get the EME free build - and is it as optimized as mozilla's stable builds? IDK, not worth even thinking about, TBH :)

[opusforlife2]

unless the built in updater knows to get the EME free build

It does, otherwise I wouldn't have brought it up. It's weird that this build exists at all, though, because the only difference from regular release builds seems to be a new pref:

app.partner.mozilla-EMEfree : mozilla-EMEfree

That's it. Though why the same thing can be controlled by two different prefs is beyond me. Maybe it's about FOSS purism.