HiveBrain v1.2.0
Get Started
← Back to all entries
patternjavascriptMinor

Userscript to tighten security in Mozilla Firefox

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
tightensecurityuserscriptmozillafirefox

Problem

I have recently started writing a userscript for Mozilla Firefox to tighten security and make it more private, but before I want to start publishing it, I would like to have some experts take a look at it to see if I made any mistakes, I am by no means a experienced coder, and this is my first little project. Things I am looking for are tips to make my code easier to read and if I have any missing crypto suites (again if this is the wrong way to ask this then please feel free to correct me and say what I should say).

I will also post a link to the GitHub paste since its easier to read there.



`// firefox privacy setup, last time edited: 5 10 2016 //

// geo switches //
// Preference name Value //
user_pref("geo.enabled", false);
user_pref("geo.wifi.logging.enabled", false);
user_pref("geo.wifi.uri", "http://127.0.0.1");

// media switches //
// Preference name Value //
user_pref("media.peerconnection.ice.default_address_only" true);
user_pref("media.peerconnection.enabled", false);
user_pref("media.navigator.enabled", false);
user_pref("media.webspeech.recognition.enable", false);
user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.getusermedia.screensharing.allowed_domains", "");
user_pref("media.eme.enabled", false);
user_pref("media.eme.apiVisible", false);
user_pref("media.gmp-eme-adobe.enabled", false);
user_pref("media.video_stats.enabled", false);
user_pref("media.gmp-gmpopenh264.enabled", false);
user_pref("media.gmp-manager.url", "");
user_pref("media.gmp-provider.enabled", false);
user_pref("media.peerconnection.turn.disable", true);
user

Solution

A few things:

  • // comments don't need another // at the end, but you can leave it there if you want.



  • You don't need to repeat // Preference name and value // before every block of prefs; just one at the start should do.



  • Version control. Using git will help you keep track of the changes you've made.



  • You have a duplicate dom.webnotifications.enabled.



  • You might want to put a comment next to each pref to say what each one does.



-
You could restructure your code as:

const prefs = {
  'browser.something': true,
  'browser.somehing_else': false,
  // etc.
}

for (let pref in prefs) {
  user_pref(pref, prefs[pref])
}


if you plan on later making it more complex, but the code's clear enough as it is.

And some comments about the prefs you're modifying:

  • Disabling Firefox auto-update. Bad idea. New versions won't make it any less secure, and always contain security fixes. You can use an extended support release if you don't like updating; ESRs get security fixes every few weeks but only get new features / performance improvements etc. every year.



  • Disabling JavaScript. Do it if you want, but it's better to use an addon like NoScript which gives you more control.



  • Disabling notifications. It won't really improve security: sites have to ask for permission before being allowed to send you notifications.



  • And lastly, just be careful. These prefs can nuke your browser if you press the wrong button :)

Code Snippets

const prefs = {
  'browser.something': true,
  'browser.somehing_else': false,
  // etc.
}

for (let pref in prefs) {
  user_pref(pref, prefs[pref])
}

Context

StackExchange Code Review Q#129918, answer score: 5

Revisions (0)

No revisions yet.