Firefox policies.json for homelearning

I’m building a policies.json for Firefox, since the default experience is not geared for education. Additionally, I’ll use it to restrict/allow domain access; I’m not sure that is a great approach… but I’m willing to experiment on my kid to find out! :smiley:

{
  "policies": {
    "AutofillAddressEnabled": false,
    "AutofillCreditCardEnabled": false,
    "DisableFirefoxAccounts": true,
    "DisableFirefoxStudies": true,
    "DisableMasterPasswordCreation": true,
    "DisablePasswordReveal": true,
    "DisablePocket": true,
    "DisablePrivateBrowsing": true,
    "DisableSecurityBypass": {
      "InvalidCertificate": true,
      "SafeBrowsing": true
    },
    "DisableTelemetry": true,
    "DisableThirdPartyModuleBlocking": true,
    "DontCheckDefaultBrowser": true,
    "DisplayBookmarksToolbar": "never",
    "DisplayMenuBar": "default-off",
    "EncryptedMediaExtensions": {
      "Enabled": false,
      "Locked": true
    },
    "EnableTrackingProtection": {
      "Value": true,
      "Locked": true,
      "Cryptomining": true,
      "Fingerprinting": true,
      "EmailTracking": true
    },
    "Extensions": {
      "Install": [
        "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"
      ]
    },
    "FirefoxHome": {
      "Search": false,
      "TopSites": false,
      "SponsoredTopSites": false,
      "Highlights": false,
      "Pocket": false,
      "SponsoredPocket": false,
      "Snippets": false,
      "Locked": true
    },
    "FirefoxSuggest": {
      "WebSuggestions": false,
      "SponsoredSuggestions": false,
      "ImproveSuggest": false,
      "Locked": true
    },
    "Homepage": {
      "URL": "https://forums.family.interi.org",
      "Locked": true
    },
    "HttpsOnlyMode": "force_enabled",
    "NewTabPage": false,
    "NoDefaultBookmarks": true,
    "OfferToSaveLogins": false,
    "PasswordManagerEnabled": false,
    "PopupBlocking": {
      "Default": false,
      "Locked": true
    },
    "PrimaryPassword": false,
    "SearchBar": "unified",
    "SearchEngines": {
      "Default": "DuckDuckGo",
      "PreventInstalls": true,
      "Remove": [
        "Google",
        "Bing",
        "Amazon.com",
        "eBay"
      ]
    },
    "SearchSuggestEnabled": false,
    "UserMessaging": {
      "ExtensionRecommendations": false,
      "FeatureRecommendations": false,
      "UrlbarInterventions": false,
      "SkipOnboarding": true,
      "MoreFromMozilla": false,
      "FirefoxLabs": false,
      "Locked": true
    },
    "WebsiteFilter": {
      "Block": [
        "*://*/*"
      ],
      "Exceptions": [
        "*://*.interi.org/*",
        "*://*.susanmagnolia.com/*",
        "*://*.wikipedia.org/*",
        "*://*.archive.org/*"
      ]
    }
  }
}

The policy built can be divided into two parts: my personal preferences, and then the WebsiteFilter:

As such, let’s review each and I’ll share my opinion and reasoning.

Password management

We have a family 1password account, so in addition to removing those features from the browser, the AutoFill features often get in the way of the 1password extension, so we turn those off as well.

    "AutofillAddressEnabled": false,
    "AutofillCreditCardEnabled": false,
    "DisableMasterPasswordCreation": true,
    "DisablePasswordReveal": true,
    "Extensions": {
      "Install": [
        "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"
      ]
    },
    "OfferToSaveLogins": false,
    "PasswordManagerEnabled": false,

Just a web browser

I need Firefox to be a simple web browser. I am not interested in designing the future of web experiences; I mostly visit sites I’ve built myself to ensure a nice web experience.

Therefore, I turn off all the things that Firefox provides/asks for, aside from web browsing.

    "DisableFirefoxAccounts": true,
    "DisableFirefoxStudies": true,
    "DisablePocket": true,
    "FirefoxHome": {
      "Search": false,
      "TopSites": false,
      "SponsoredTopSites": false,
      "Highlights": false,
      "Pocket": false,
      "SponsoredPocket": false,
      "Snippets": false,
      "Locked": true
    },
    "FirefoxSuggest": {
      "WebSuggestions": false,
      "SponsoredSuggestions": false,
      "ImproveSuggest": false,
      "Locked": true
    },
    "NewTabPage": false,
    "SearchSuggestEnabled": false,
    "UserMessaging": {
      "ExtensionRecommendations": false,
      "FeatureRecommendations": false,
      "UrlbarInterventions": false,
      "SkipOnboarding": true,
      "MoreFromMozilla": false,
      "FirefoxLabs": false,
      "Locked": true
    },

Do not track

The web is very flexible, and leaks info left and right unless you take steps to lock that down.

    "DisableTelemetry": true,
    "EnableTrackingProtection": {
      "Value": true,
      "Locked": true,
      "Cryptomining": true,
      "Fingerprinting": true,
      "EmailTracking": true
    },
    "HttpsOnlyMode": "force_enabled",

Distraction free

When I’m browsing websites, I do not want the browser to take up much space, and aside from developer tools, I do not otherwise habitually interact with the browser. Therefore I configure it to be minimal in presence and distractions.

    "DontCheckDefaultBrowser": true,
    "DisplayBookmarksToolbar": "never",
    "DisplayMenuBar": "default-off",
    "NoDefaultBookmarks": true,
    "EncryptedMediaExtensions": {
      "Enabled": false,
      "Locked": true
    },
    "PopupBlocking": {
      "Default": false,
      "Locked": true
    },
    "SearchBar": "unified",
    "SearchEngines": {
      "Default": "DuckDuckGo",
      "PreventInstalls": true,
      "Remove": [
        "Google",
        "Bing",
        "Amazon.com",
        "eBay"
  ]
}

Web browsing for youth

These settings are not ones I would normally set, so I’ll discuss each.

    "DisablePrivateBrowsing": true,

Private browsing is a sneaky way of visiting things without monitoring. I think monitoring is probably important, at some level. This is underwhelming, given the WebsiteFilter. :person_shrugging:

    "DisableSecurityBypass": {
      "InvalidCertificate": true,
      "SafeBrowsing": true
    },

This policy removes the ability to accept the risk and visit sites marked as problematic. I would use this normally, yet as a web developer I need to sometimes get thru to debug an issue. For youth browsing those resources should be blocked.

    "Homepage": {
      "URL": "https://forums.family.interi.org",
      "Locked": true
    },

Our family forums are the central hub for online communication for our family; it makes a very nice homepage.

    "WebsiteFilter": {
      "Block": [
        "*://*/*"
      ],
      "Exceptions": [
        "*://*.interi.org/*",
        "*://*.susanmagnolia.com/*",
        "*://*.wikipedia.org/*",
        "*://*.archive.org/*"
      ]
    }

This policy blocks all websites, and then excepts a handful that are pre-approved.

In our family forums have a topic for tracking new domains/websites to be added.

PopupBlocking

Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.

Allow is a list of origins where popup-windows are allowed.

Default determines whether or not pop-up windows are allowed by default.

Locked prevents the user from changing pop-up preferences.

The description of Default is strange to me. “Popup blocking? Default: false.” :thinking: