user_pref("media.mediacapabilities.from-database", false);

819

Hey, Pants! I'm quietly following you along the way. Every day...

I don't know how these are implemented, but I don't want Firefox to call home / send visited URLs anywhere / download files from servers, etc.

1. There is no way this is done locally.

2. I like to generate my passwords by myself (KeePass). Do I need this one as well:
user_pref("signon.generation.available", false);

3. I use uBlock Origin & uMatrix with custom filters. Tracking Protection means redundancy, lack of control over the filters and harder troubleshooting when something is broken. I will add this one as well:
user_pref("privacy.trackingprotection.fingerprinting.enabled", false);

4. If it's local and doesn't fetch info from some server, I might leave it alone. Otherwise I will add this one as well:
user_pref("browser.messaging-system.fxatoolbarbadge.enabled", false);

5. I don't want to send any info (including my IP) to any server on certificate error (or any error for that matter). I will add these two:

user_pref("security.certerrors.mitm.priming.enabled", false);
user_pref("security.certerrors.mitm.priming.endpoint", "");

6. fxmonitor sounds like a spyware:
user_pref("extensions.fxmonitor.enabled", false);

7. Is this local or the info is being send to a remote server?
user_pref("browser.fixup.typo.scheme", false);

8. Is this being used to fingerprint users? Rising / lowering entropy?
user_pref("layout.css.text-decoration-skip-ink.enabled", false);

In summary:

user_pref("browser.contentblocking.report.lockwise.enabled", false);
user_pref("browser.contentblocking.report.monitor.enabled", false);
user_pref("browser.fixup.typo.scheme", false);
user_pref("browser.messaging-system.fxatoolbarbadge.enabled", false);
user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
user_pref("extensions.fxmonitor.enabled", false);
user_pref("layout.css.text-decoration-skip-ink.enabled", false);
user_pref("media.mediacapabilities.from-database", false);
user_pref("privacy.trackingprotection.cryptomining.enabled", false);
user_pref("privacy.trackingprotection.fingerprinting.enabled", false);
user_pref("security.certerrors.mitm.priming.enabled", false);
user_pref("security.certerrors.mitm.priming.endpoint", "");
user_pref("signon.generation.available", false);
user_pref("signon.generation.enabled", false);
user_pref("signon.management.page.breach-alerts.enabled", false);
user_pref("signon.management.page.breachAlertUrl", "");
user_pref("signon.management.page.enabled", false);

Is anyone else going to use some of these prefs?

/* 6602: disable firefox's buildin tracking-protection
 * uBlock origin can do this better ***/
user_pref("privacy.trackingprotection.enabled", false);
user_pref("privacy.trackingprotection.pbmode.enabled", false);
user_pref("privacy.trackingprotection.cryptomining.enabled", false);
user_pref("privacy.trackingprotection.socialtracking.enabled", false);
user_pref("privacy.trackingprotection.fingerprinting.enabled", false);
/* 6603: disable updates of the trackingprotection lists ***/
user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");
user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "");

FF 70 keeps uploading and downloading stuff to 99.86.243.90 upon start and during use. Unlike FF 60.9.0. Any ideas?

99.86.243.68, 99.86.243.71, 99.86.243.73, 99.86.243.90, etc.

I will test the versions between 60 and 70 to narrow down the possibilities.

P.S.:
FF 60.9.0 OK
FF 65.0.2 OK
FF 67.0.4 OK
FF 68.0.2 BAD
FF 68.2.0 BAD
FF 69.0.3 BAD
FF 70.0 BAD

So starting v68 something potentially very bad was introduced...

1. already killed by not using FFX PW-safe?
2. removed in FFX70 (the pref)
3. Looks hardcoded things like htp:// and so on.

user_pref("browser.contentblocking.report.lockwise.enabled", false);
user_pref("browser.contentblocking.report.monitor.enabled", false);

Only disable the suggestions on about:protections.

99.86.243.90 is AWS, look at about:networking for the domain.

Request URL:https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2019-12-01-23-34-03.chain
Request method:GET
Remote address:99.86.243.90:443
Status code:200

https://trac.torproject.org/projects/tor/ticket/31575

I am also seeing content-signature-2.cdn.mozilla.net - I was under the impression it was something to do with 'certificates' whether checking or updating [?]

They never seem to make it easy to figure out what they're up to.

That would be content signature protocol of autograph service.

Prior to FF69, a call to content-signature-2.cdn.mozilla.net would accompany a daily fetch of remote-settings. It would seem to be working incorrectly right now.

Funny how it’s gone unnoticed.

There's nothing we can really do about RemoteSettings because that's also how some of the useful features like blocklists, revoked certs etc get their data.

1. fxmonitor sounds like a spyware

maybe not the best name for a security feature but it's definitely not spyware, last I checked. There may be some telemetry in there but since fxmonitor is now a builtin component, any such telemetry would/should probably be covered by disabling the main telemetry thing.
The necessary data for fxmonitor gets downloaded via RemoteSettings regardless of whether you enable or disable the feature. Based on that, now local data, it can inform users about (recent) server breaches when they visit such sites so that they can change their password if they have an account on that site.
All they need to store locally for that is an up-to-date list of breached domains.
The records in the fxmonitor RS database look like this:

You can also sign up to get notified if your email address shows up in any data dumps from such server breaches but that's entirely optional.

Unless someone can show some proof that there's more than the intended functionality outlined above hiding somewhere in fxmonitor and because I don't feel like doing an in-depth code-review every time someone brings up a "suspiciously named" pref, I don't see a reason to disable a security feature that doesn't seem to have any downsides

Thanks everyone for the help! As far as I understand:

NOT IMPORTANT:

user_pref("browser.contentblocking.report.lockwise.enabled", false);
user_pref("browser.contentblocking.report.monitor.enabled", false);
user_pref("browser.fixup.typo.scheme", false);
user_pref("signon.management.page.enabled", false);

TO CONSIDER:

user_pref("extensions.fxmonitor.enabled", false);
user_pref("media.mediacapabilities.from-database", false);
user_pref("privacy.trackingprotection.cryptomining.enabled", false);
user_pref("privacy.trackingprotection.fingerprinting.enabled", false);
user_pref("privacy.trackingprotection.socialtracking.enabled", false);
user_pref("security.certerrors.mitm.priming.enabled", false);
user_pref("security.certerrors.mitm.priming.endpoint", "");
user_pref("signon.management.page.breach-alerts.enabled", false);
user_pref("signon.management.page.breachAlertUrl", "");

SIMPLY ANNOYING:

user_pref("browser.messaging-system.fxatoolbarbadge.enabled", false);
user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
user_pref("extensions.abuseReport.enabled", false);
user_pref("signon.generation.enabled", false);

TO INVESTIGATE:

• firefox talking to remote servers for unknown (to me) reason since v68.
• a small empty bar appears when you type (maxRichResults - 0)
  https://www.wilderssecurity.com/threads/new-firefox-browser-version-released.361562/page-99#post-2867105

I hadn't seen that empty bar before ! (I very rarely type into the address bar)

I fixed it with a CSS rule:

#urlbar-results {display: none !important;}

TO INVESTIGATE: a small empty bar appears when you type (maxRichResults - 0)

get rid of it with userChrome.css

/* remove urlbar drop down */
#urlbar-results {display: none !important;}
.urlbarView {border: none !important;}