Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2026-06-06 21:38:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

v151

Browse Source 
@tomrittervg added a link to your blog about telemetry
This commit is contained in:
Thorin-Oakenpants
2026-06-02 02:01:57 +00:00
committed by GitHub
parent 8fe9905c35
commit 1a9e0bb6dc
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
user.js
+6 -4
View File
@@ -1,7 +1,7 @@
/****** /******
* name: arkenfox user.js * name: arkenfox user.js
* date: 21 April 2026 * date: 30 June 2026
* version: 144 * version: 151
* urls: https://github.com/arkenfox/user.js [repo] * urls: https://github.com/arkenfox/user.js [repo]
* : https://arkenfox.github.io/gui/ [interactive] * : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -394,7 +394,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
* but the problem is that the browser can't know that. Setting this pref to true is the only way for the * but the problem is that the browser can't know that. Setting this pref to true is the only way for the
* browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
* [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
* [STATS] SSL Labs (Nov 2025) reports almost 99.85% of top sites have secure renegotiation [4] * [STATS] SSL Labs (June 2025) reports almost 99.85% of top sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation * [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://datatracker.ietf.org/doc/html/rfc5746 * [2] https://datatracker.ietf.org/doc/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
@@ -1064,7 +1064,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
/* 7003: disable non-modern cipher suites [1] /* 7003: disable non-modern cipher suites [1]
* [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks * [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks
* [1] https://browserleaks.com/ssl ***/ * [1] https://browserleaks.com/ssl ***/
// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT: false FF150]
// user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
@@ -1191,6 +1191,8 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan
Arkenfox does not consider Firefox telemetry to be a privacy or security concern - comments below. Arkenfox does not consider Firefox telemetry to be a privacy or security concern - comments below.
But since most arkenfox users prefer it disabled, we'll do that rather than cause overrides. But since most arkenfox users prefer it disabled, we'll do that rather than cause overrides.
READ: https://ritter.vg/blog-telemetry.html
Opt-out Opt-out
- Telemetry is essential: a browser engine is a _very_ large complex beast costing billions to maintain - Telemetry is essential: a browser engine is a _very_ large complex beast costing billions to maintain
- Opt-in telemetry _does not_ work and results in data that is unrepresentative and may be misleading - Opt-in telemetry _does not_ work and results in data that is unrepresentative and may be misleading