Mull uses arkenfox as a base for the modifications done for the flags. This list should not include anything arkenfox; unless it has been commented out, uncommented, added, etc.
This list is made by analyzing the source files and only including anything marked as changed with MULL or BRACE.
Last updated: 2024/10/02 22:49 (-3 UTC) (9797ce5315b1d9dc37bb499236d8b4a49692dc62)
pref("layout.css.visited_links_enabled", false); //BRACE-UNCOMMENTED: nice to have disabled
// pref("browser.cache.disk.enable", false); //BRACE-COMMENTED: caches are important, bandwidth available can be limited (data plans or slow network)
// pref("dom.security.https_only_mode_send_http_background_request", false); //BRACE-COMMENTED: usability, not all sites have HTTPS
// pref("extensions.enabledScopes", 5); // [HIDDEN PREF] //BRACE-COMMENTED: brace-installer-base adds system packages for add-ons (uBlock Origin)
pref("privacy.sanitize.sanitizeOnShutdown", false); //BRACE-DISABLED: usability, this ain't Tor Browser
pref("privacy.resistFingerprinting", true); // [FF41+] //BRACE-UNCOMMENTED
pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] //BRACE-UNCOMMENTED
pref("webgl.disabled", true); //BRACE-UNCOMMENTED
pref("browser.download.forbid_open_with", true); //BRACE-UNCOMMENTED: brace-installer-base installs firejail, without this would cause confusion
pref("mathml.disabled", true); // 1173199 //BRACE-UNCOMMENTED: attack surface reduction
pref("gfx.font_rendering.graphite.enabled", false); //BRACE-UNCOMMENTED: attack surface reduction
pref("javascript.options.asmjs", false); //BRACE-UNCOMMENTED: attack surface reduction
pref("javascript.options.ion", false); //BRACE-UNCOMMENTED: attack surface reduction
pref("javascript.options.baselinejit", false); //BRACE-UNCOMMENTED: attack surface reduction
pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]//BRACE-UNCOMMENTED: attack surface reduction
pref("javascript.options.wasm", false); //BRACE-UNCOMMENTED: attack surface reduction
pref("gfx.font_rendering.opentype_svg.enabled", false); //BRACE-UNCOMMENTED: attack surface reduction
pref("media.eme.enabled", false); //BRACE-UNCOMMENTED: proprietary
pref("network.http.referer.XOriginPolicy", 2); //BRACE-UNCOMMENTED: nice to have
pref("network.cookie.cookieBehavior", 1); // [DEFAULT: 5] //BRACE-UNCOMMENTED: strict cannot be set on first launch, use custom + enterprise policy instead //MULL-MODIFIED: set to 1 for FPI
pref("privacy.trackingprotection.emailtracking.enabled", true); //BRACE-ADDED
pref("privacy.globalprivacycontrol.enabled", true); //BRACE-ENABLED: GPC does have legal affordances in select regions
/* 2651: enable user interaction for security by always asking where to download
* [SETUP-CHROME] On Android this blocks longtapping and saving images
* [SETTING] General>Downloads>Always ask you where to save files ***/
// pref("browser.download.useDownloadDir", false); //MULL-COMMENTED: breakage, see note above
pref("privacy.resistFingerprinting.block_mozAddonManager", false); //MULL-MODIFIED: set to false to unbreak AMO
pref("privacy.firstparty.isolate", true); // [DEFAULT: false] //MULL-ENABLED: dFPI needs to be tested
pref("network.cookie.cookieBehavior", 1); // [DEFAULT: 5] //BRACE-UNCOMMENTED: strict cannot be set on first launch, use custom + enterprise policy instead //MULL-MODIFIED: set to 1 for FPI
pref("media.peerconnection.enabled", false); //MULL-UNCOMMENTED: Fenix doesn't protect local IP addreses like desktop does//Look
pref("browser.ctrlTab.recentlyUsedOrder", false);
pref("browser.privatebrowsing.vpnpromourl", "");
pref("browser.vpn_promo.enabled", false);
pref("browser.tabs.drawInTitlebar", true);
pref("devtools.netmonitor.persistlog", true);
pref("devtools.webconsole.persistlog", true);
pref("general.smoothScroll", false);
pref("widget.allow-client-side-decoration", true);
pref("mailnews.start_page.enabled", false);
pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{}"); //BRACE-KEEP_FOR_NOW
pref("browser.library.activity-stream.enabled", false); //BRACE-UNCOMMENTED
//Privacy
pref("privacy.globalprivacycontrol.enabled", true);
pref("browser.snippets.enabled", false);
pref("browser.snippets.firstrunHomepage.enabled", false);
pref("browser.snippets.syncPromo.enabled", false);
pref("browser.snippets.updateUrl", "");
pref("general.useragent.updates.enabled", false);
pref("network.negotiate-auth.trusted-uris", "");
pref("network.dns.native_https_query", true);
pref("network.trr.uri", "https://dns.quad9.net/dns-query");
pref("network.trr.custom_uri", "https://dns.quad9.net/dns-query");
pref("plugin.expose_full_path", false);
pref("extensions.enigmail.autoWkdLookup", 0);
pref("messenger.status.reportIdle", false);
pref("media.gmp-widevinecdm.visible", false); //BRACE-KEEP_FOR_NOW: proprietary
pref("network.manage-offline-status", false);
pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
pref("browser.urlbar.quicksuggest.dataCollection.enabled", false);
pref("mailnews.headers.sendUserAgent", false);
pref("mail.sanitize_date_header", true);
pref("dom.private-attribution.submission.enabled", false);
//Security
pref("browser.gnome-search-provider.enabled", false);
//pref("fission.autostart", true); //MULL-COMMENTED
//pref("security.webauth.u2f", true); //MULL-COMMENTED
pref("security.tls.enable_kyber", true);
pref("network.http.http3.enable_kyber", true);
pref("mail.phishing.detection.enabled", true);
pref("mailnews.message_display.disable_remote_image", true);
//Disable Pocket
pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
pref("extensions.pocket.enabled", false);
//Disable Sync
pref("identity.fxaccounts.enabled", false);