Despite disabling most of Mozilla’s telemetry and other phone-home functionality (such as captive portal), I found that a fresh LibreWolf profile makes quite a few connections on first startup (see list below), and some repeating every startup. One in particular is persistent: that is to push.services.mozilla.com and can be disabled by setting the dom.push.enabled configuration to false (I personally don’t need push notifications in the browser; you can also set a custom URL).

What is particularly annoying is that some of these domains, related to “remote settings”, are essentially hard-coded and cannot be disabled by changing configuration parameters. I now block these three in my /etc/hosts file.

firefox.settings.services.mozilla.com
firefox-settings-attachments.cdn.mozilla.net
content-signature-2.cdn.mozilla.net

Helpfully Mozilla lists domain to allow so you can find more domains to potentially block.

Here is the list of domains LibreWolf connected to at startup of a fresh profile. Some are understandable, some less so.

addons.mozilla.org
firefox.settings.services.mozilla.com
firefox-settings-attachments.cdn.mozilla.net
content-signature-2.cdn.mozilla.net
services.addons.mozilla.org
gitlab.com
push.services.mozilla.com
ublockorigin.github.io
malware-filter.gitlab.io
raw.githubusercontent.com
pgl.yoyo.org
curbengh.github.io
malware-filter.pages.dev
cdn.statically.io
versioncheck-bg.addons.mozilla.org
cdn.jsdelivr.net
ublockorigin.pages.dev
publicsuffix.org
codeberg.org
  • ken
    5·
    4 days ago

    YSAK: If you care about stuff like this, Konform Browser is likely more suitable for you!

    It makes these things easier to configure (e.g: There is UI for toggling RS server or setting a custom URL). It makes it easier to selectively enable only security-related stuff (cert revocation lists) while keeping requests for less important features disabled. It requires opt-in to enable the background fetching and has 0 self-initiated/background outgoing connections on first startup. When request to RemoteSettings is blocked by configuration, it reuses locally available data to a larger extent. It is more selective about what to sync and not. It loads ublock origin from local filesystem instead of downloading it from internet at runtime. Etc…

    What is particularly annoying is that some of these domains, related to “remote settings”, are essentially hard-coded and cannot be disabled by changing configuration parameters.

    This is not entirely true. Relevant prefs for about:config or librewolf.overrides.cfg that are recognized by either browser:

    • services.settings.server
    • librewolf.services.settings.allowedCollections
    • librewolf.services.settings.allowedCollectionsFromDump

    For example