nix-config/home/browsers/firefox/arkenfox/0800.nix

{
  /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
       Change items 0850 and above to suit for privacy vs convenience and functionality. Consider
       your environment (no unwanted eyeballs), your device (restricted access), your device's
       unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check
       the items cleared on shutdown in section 2800.
       [1] https://xkcd.com/538/
  ***/
  /* 0801: disable location bar using search
   * Don't leak URL typos to a search engine, give an error message instead.
   * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
   * [NOTE] This does **not** affect explicit user action such as using search buttons in the
   * dropdown, or using keyword search shortcuts you configure in options (e.g. 'd' for DuckDuckGo)
   * [SETUP-CHROME] If you don't, or rarely, type URLs, or you use a default search
   * engine that respects privacy, then you probably don't need this ***/
  "keyword.enabled" = false;
  /* 0802: disable location bar domain guessing
   * domain guessing intercepts DNS "hostname not found errors" and resends a
   * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work
   * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com
   * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't
   * intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack),
   * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/
  "browser.fixup.alternate.enabled" = false;
  /* 0803: display all parts of the url in the location bar ***/
  "browser.urlbar.trimURLs" = false;
  /* 0805: disable coloring of visited links - CSS history leak
   * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
   * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
   * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5]
   * and advanced targeted timing attacks could still produce usable results
   * [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
   * [2] https://dbaron.org/mozilla/visited-privacy
   * [3] https://bugzilla.mozilla.org/1632765
   * [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use)
   * [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/
  #   // user_pref("layout.css.visited_links_enabled", false);
  /* 0807: disable live search suggestions
  /* [NOTE] Both must be true for the location bar to work
   * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine
   * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/
  "browser.search.suggest.enabled" = false;
  "browser.urlbar.suggest.searches" = false;
  /* 0810: disable location bar making speculative connections [FF56+]
   * [1] https://bugzilla.mozilla.org/1348275 ***/
  "browser.urlbar.speculativeConnect.enabled" = false;
  /* 0811: disable location bar leaking single words to a DNS provider **after searching** [FF78+]
   * 0=never resolve single words, 1=heuristic (default), 2=always resolve
   * [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions
   * [1] https://bugzilla.mozilla.org/1642623 ***/
  "browser.urlbar.dnsResolveSingleWordsAfterSearch" = 0;
  /* 0850a: disable location bar suggestion types
   * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/
  #   // user_pref("browser.urlbar.suggest.history", false);
  #   // user_pref("browser.urlbar.suggest.bookmark", false);
  #   // user_pref("browser.urlbar.suggest.openpage", false);
  #   // user_pref("browser.urlbar.suggest.topsites", false); // [FF78+]
  /* 0850b: disable tab-to-search [FF85+]
   * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
   * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
  #   // user_pref("browser.urlbar.suggest.engines", false);
  /* 0850c: disable location bar dropdown
   * This value controls the total number of entries to appear in the location bar dropdown ***/
  #   // user_pref("browser.urlbar.maxRichResults", 0);
  /* 0850d: disable location bar autofill
   * [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
  #   // user_pref("browser.urlbar.autoFill", false);
  /* 0860: disable search and form history
   * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
   * [NOTE] We also clear formdata on exit (see 2803)
   * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
   * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
   * [2] https://bugzilla.mozilla.org/381681 ***/
  "browser.formfill.enable" = false;
  /* 0862: disable browsing and download history
   * [NOTE] We also clear history and downloads on exiting Firefox (see 2803)
   * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/
  #   // user_pref("places.history.enabled", false);
  /* 0870: disable Windows jumplist [WINDOWS] ***/
  "browser.taskbar.lists.enabled" = false;
  "browser.taskbar.lists.frequent.enabled" = false;
  "browser.taskbar.lists.recent.enabled" = false;
  "browser.taskbar.lists.tasks.enabled" = false;
  /* 0871: disable Windows taskbar preview [WINDOWS] ***/
  #   // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false]
}
initial commit 2022-01-18 09:32:55 +01:00			`{`
			`/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS`
			`Change items 0850 and above to suit for privacy vs convenience and functionality. Consider`
			`your environment (no unwanted eyeballs), your device (restricted access), your device's`
			`unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check`
			`the items cleared on shutdown in section 2800.`
			`[1] https://xkcd.com/538/`
			`***/`
			`/* 0801: disable location bar using search`
			`* Don't leak URL typos to a search engine, give an error message instead.`
			`* Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"`
			`* [NOTE] This does not affect explicit user action such as using search buttons in the`
			`* dropdown, or using keyword search shortcuts you configure in options (e.g. 'd' for DuckDuckGo)`
			`* [SETUP-CHROME] If you don't, or rarely, type URLs, or you use a default search`
			`* engine that respects privacy, then you probably don't need this ***/`
			`"keyword.enabled" = false;`
			`/* 0802: disable location bar domain guessing`
			`* domain guessing intercepts DNS "hostname not found errors" and resends a`
			`* request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work`
			`* via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com`
			`* as the 411 for DNS errors?), privacy issues (why connect to sites you didn't`
			`* intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack),`
			`* and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/`
			`"browser.fixup.alternate.enabled" = false;`
			`/* 0803: display all parts of the url in the location bar ***/`
			`"browser.urlbar.trimURLs" = false;`
			`/* 0805: disable coloring of visited links - CSS history leak`
			`* [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive`
			`* redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing`
			`* attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5]`
			`* and advanced targeted timing attacks could still produce usable results`
			`* [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector`
			`* [2] https://dbaron.org/mozilla/visited-privacy`
			`* [3] https://bugzilla.mozilla.org/1632765`
			`* [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use)`
			`* [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/`
			`# // user_pref("layout.css.visited_links_enabled", false);`
			`/* 0807: disable live search suggestions`
			`/* [NOTE] Both must be true for the location bar to work`
			`* [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine`
			`* [SETTING] Search>Provide search suggestions \| Show search suggestions in address bar results ***/`
			`"browser.search.suggest.enabled" = false;`
			`"browser.urlbar.suggest.searches" = false;`
			`/* 0810: disable location bar making speculative connections [FF56+]`
			`* [1] https://bugzilla.mozilla.org/1348275 ***/`
			`"browser.urlbar.speculativeConnect.enabled" = false;`
			`/* 0811: disable location bar leaking single words to a DNS provider after searching [FF78+]`
			`* 0=never resolve single words, 1=heuristic (default), 2=always resolve`
			`* [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions`
			`* [1] https://bugzilla.mozilla.org/1642623 ***/`
			`"browser.urlbar.dnsResolveSingleWordsAfterSearch" = 0;`
			`/* 0850a: disable location bar suggestion types`
			`* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/`
			`# // user_pref("browser.urlbar.suggest.history", false);`
			`# // user_pref("browser.urlbar.suggest.bookmark", false);`
			`# // user_pref("browser.urlbar.suggest.openpage", false);`
			`# // user_pref("browser.urlbar.suggest.topsites", false); // [FF78+]`
			`/* 0850b: disable tab-to-search [FF85+]`
			`* Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search`
			`* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/`
			`# // user_pref("browser.urlbar.suggest.engines", false);`
			`/* 0850c: disable location bar dropdown`
			`* This value controls the total number of entries to appear in the location bar dropdown ***/`
			`# // user_pref("browser.urlbar.maxRichResults", 0);`
			`/* 0850d: disable location bar autofill`
			`* [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/`
			`# // user_pref("browser.urlbar.autoFill", false);`
			`/* 0860: disable search and form history`
			`* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]`
			`* [NOTE] We also clear formdata on exit (see 2803)`
			`* [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history`
			`* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html`
			`* [2] https://bugzilla.mozilla.org/381681 ***/`
			`"browser.formfill.enable" = false;`
			`/* 0862: disable browsing and download history`
			`* [NOTE] We also clear history and downloads on exiting Firefox (see 2803)`
			`* [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/`
			`# // user_pref("places.history.enabled", false);`
			`/* 0870: disable Windows jumplist [WINDOWS] ***/`
			`"browser.taskbar.lists.enabled" = false;`
			`"browser.taskbar.lists.frequent.enabled" = false;`
			`"browser.taskbar.lists.recent.enabled" = false;`
			`"browser.taskbar.lists.tasks.enabled" = false;`
			`/* 0871: disable Windows taskbar preview [WINDOWS] ***/`
			`# // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false]`
			`}`