patternjavascriptMinor
Userscript to tighten security in Mozilla Firefox
Viewed 0 times
tightensecurityuserscriptmozillafirefox
Problem
I have recently started writing a userscript for Mozilla Firefox to tighten security and make it more private, but before I want to start publishing it, I would like to have some experts take a look at it to see if I made any mistakes, I am by no means a experienced coder, and this is my first little project. Things I am looking for are tips to make my code easier to read and if I have any missing crypto suites (again if this is the wrong way to ask this then please feel free to correct me and say what I should say).
I will also post a link to the GitHub paste since its easier to read there.
`// firefox privacy setup, last time edited: 5 10 2016 //
// geo switches //
// Preference name Value //
user_pref("geo.enabled", false);
user_pref("geo.wifi.logging.enabled", false);
user_pref("geo.wifi.uri", "http://127.0.0.1");
// media switches //
// Preference name Value //
user_pref("media.peerconnection.ice.default_address_only" true);
user_pref("media.peerconnection.enabled", false);
user_pref("media.navigator.enabled", false);
user_pref("media.webspeech.recognition.enable", false);
user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.getusermedia.screensharing.allowed_domains", "");
user_pref("media.eme.enabled", false);
user_pref("media.eme.apiVisible", false);
user_pref("media.gmp-eme-adobe.enabled", false);
user_pref("media.video_stats.enabled", false);
user_pref("media.gmp-gmpopenh264.enabled", false);
user_pref("media.gmp-manager.url", "");
user_pref("media.gmp-provider.enabled", false);
user_pref("media.peerconnection.turn.disable", true);
user
I will also post a link to the GitHub paste since its easier to read there.
`// firefox privacy setup, last time edited: 5 10 2016 //
// geo switches //
// Preference name Value //
user_pref("geo.enabled", false);
user_pref("geo.wifi.logging.enabled", false);
user_pref("geo.wifi.uri", "http://127.0.0.1");
// media switches //
// Preference name Value //
user_pref("media.peerconnection.ice.default_address_only" true);
user_pref("media.peerconnection.enabled", false);
user_pref("media.navigator.enabled", false);
user_pref("media.webspeech.recognition.enable", false);
user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.getusermedia.screensharing.allowed_domains", "");
user_pref("media.eme.enabled", false);
user_pref("media.eme.apiVisible", false);
user_pref("media.gmp-eme-adobe.enabled", false);
user_pref("media.video_stats.enabled", false);
user_pref("media.gmp-gmpopenh264.enabled", false);
user_pref("media.gmp-manager.url", "");
user_pref("media.gmp-provider.enabled", false);
user_pref("media.peerconnection.turn.disable", true);
user
Solution
A few things:
-
You could restructure your code as:
if you plan on later making it more complex, but the code's clear enough as it is.
And some comments about the prefs you're modifying:
// commentsdon't need another//at the end, but you can leave it there if you want.
- You don't need to repeat
// Preference nameandvalue //before every block of prefs; just one at the start should do.
- Version control. Using git will help you keep track of the changes you've made.
- You have a duplicate
dom.webnotifications.enabled.
- You might want to put a comment next to each pref to say what each one does.
-
You could restructure your code as:
const prefs = {
'browser.something': true,
'browser.somehing_else': false,
// etc.
}
for (let pref in prefs) {
user_pref(pref, prefs[pref])
}if you plan on later making it more complex, but the code's clear enough as it is.
And some comments about the prefs you're modifying:
- Disabling Firefox auto-update. Bad idea. New versions won't make it any less secure, and always contain security fixes. You can use an extended support release if you don't like updating; ESRs get security fixes every few weeks but only get new features / performance improvements etc. every year.
- Disabling JavaScript. Do it if you want, but it's better to use an addon like NoScript which gives you more control.
- Disabling notifications. It won't really improve security: sites have to ask for permission before being allowed to send you notifications.
- And lastly, just be careful. These prefs can nuke your browser if you press the wrong button :)
Code Snippets
const prefs = {
'browser.something': true,
'browser.somehing_else': false,
// etc.
}
for (let pref in prefs) {
user_pref(pref, prefs[pref])
}Context
StackExchange Code Review Q#129918, answer score: 5
Revisions (0)
No revisions yet.