1
0
mirror of https://github.com/arkenfox/user.js.git synced 2025-07-22 21:31:47 +02:00
Commit Graph

1888 Commits

Author SHA1 Message Date
1f0dc1853d merge scratchpads into one 2021-12-11 09:13:09 +00:00
13e5fe17b1 remove rfpalts () 2021-12-11 06:56:43 +00:00
ec7cb6a491 2702: partition service workers 2021-12-09 17:17:52 +00:00
d9f49bdf1f make 7017 clearer 2021-12-09 16:17:53 +00:00
d5bc6715cd remove web workers section
farewell parrot
2021-12-09 16:14:36 +00:00
8860c90abf make service workers inactive
currently 3rd party service workers are blocked in FF95 when dFPI is enabled (which this version has should anyone update to 96-alpha)
   - but I get an error even on first party - https://arkenfox.github.io/TZP/tzp.html#storage
   - I get : service worker | test : enabled | failed: SecurityError
in FF96+ service workers they are covered by dFPI
  - see https://bugzilla.mozilla.org/show_bug.cgi?id=1731999
2021-12-09 14:31:41 +00:00
4d5abd6cc3 tweak 8000 title
lets not encourage non-RFP users to see this as a sign to use them
2021-12-09 14:18:25 +00:00
de28689e76 flip from FPI to dFPI
I will tidy and expand 2700 entries later
2021-12-09 14:13:39 +00:00
5d508e4242 move LSNG to don't touch 2021-12-09 14:05:47 +00:00
1fc43574d6 move "cookie" permission info into 2801 2021-12-09 14:00:21 +00:00
83602baa38 misc site storage/data prefs
been inactive since jesus was a baby
2021-12-09 13:47:57 +00:00
0634a568ef remove redundant site data prefs
we've never used these
- service workers are disabled (or soon to be covered by dFPI when enabled) and sanitizing is already done (or will be done via enhanced cookie cleaning)
- storage API, storage access API: we sanitize on close, and sites are isolated by eTLD+1
2021-12-09 13:45:46 +00:00
97322d6e8b various inactive FPI prefs 2021-12-09 12:31:38 +00:00
f7bba92c71 cleanout FPI section
farewell parrot
2021-12-09 12:28:45 +00:00
fe75baa79f move DNT to DON'T BOTHER 2021-12-09 11:44:51 +00:00
72cc4d176e 0706: network.proxy.allow_bypass, closes 2021-12-09 11:41:18 +00:00
7e1b92567c 95 final 95.0 2021-12-08 12:13:47 +00:00
fec5168203 95 deprecated 2021-12-08 04:28:47 +00:00
b60a888da3 update WebRTC, closes 2021-12-06 14:45:47 +00:00
ec595c3b95 fixup duplicate line 2021-12-05 19:59:33 +00:00
9d61992c8c don't clear offlineApps on shutdown,
- in v94 we switched to cookies lifetime as session, so users could use site exceptions to retain selected cookies (to stay logged in one assumes)
- that mean not deleting all cookies on shutdown
- but some login methods/types require more than cookies and also need the "site data" part of "cookies + site data" - that's the offlineApps part
- note: all site data (and cookies) is still cleared on close except site exceptions
2021-12-05 19:49:32 +00:00
fd860e6c69 flip RFP newwin max values, closes 2021-12-04 10:23:59 +00:00
d1d20b897a wiki cleanup () 2021-12-04 09:36:09 +00:00
cf0102f71e fixup: from being flogged to death by overseers
thanks @dngray, also save some precious bytes .. polar bears know about scarce resources
2021-12-02 09:34:34 +00:00
4dc5372257 0603: network.predictor.enable-prefetch
make active for Nighty users - see https://bugzilla.mozilla.org/show_bug.cgi?id=1506194
2021-11-30 13:29:19 +00:00
c2ddfd60bf tidy 79-91 removed items 2021-11-28 13:22:46 +00:00
47de4f520b tidy 5505 2021-11-28 09:01:39 +00:00
27977a16ad 2652: browser.download.alwaysOpenPanel
FYI: https://bugzilla.mozilla.org/1738372

There is a small privacy issue with shoulder surfers, but in reality, this just needs to happen IMO
- we already prompt where to save, but even if we didn't, we also know we clicked or initiated a download
   - unless it's a drive by or user-gesture trickery - which is why we prompt
- the download icon is shown (if hidden) and the throbber/accent color go to work
- users can always click the icon to show entries (and open folder etc)
- this maintains the current behavior in FF94
2021-11-25 06:49:38 +00:00
4b393b9b12 start 95-alpha 2021-11-24 01:09:10 +00:00
6027aaa45d fixup warnOnQuitShortcut 94.1 2021-11-23 12:02:50 +00:00
cbfb8abf15 94 final 94.0 2021-11-23 07:11:43 +00:00
58d0161b67 add warnOnQuitShortcut, closes 2021-11-23 07:05:01 +00:00
6b351a9458 fixup trade-offs
anti-fingerprinting doesn't fit here: it's not a major component or priority of this user.js, and only a few prefs outside RFP (as a robust built-in browser solution that defeats naive scripts) have anything to do with it
2021-11-22 18:15:53 +00:00
c9e4cac618 tweak webRTC
webRTC will be overhauled... but not today... in the meantime
- remove dead link before @dngray has a hernia
- correctly refer to the type of IP leak
2021-11-22 18:08:07 +00:00
34bd3c5a04 consolidate/simplify sanitizing, fixes
move all sanitizing on exit prefs into 2800

switch to cookie lifetime as session
- now users can utilize exceptions (as allow)
- session cookies still block service workers (which we disable anyway)
- we still block 3rd party cookies (until we move to dFPI)
- we still have defense in depth for 3rd party cookies with 2803
- we still bulk sanitize offlineApps on exit: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
   - i.e you get to keep the cookies only IF you add an exception

add `privacy.clearsitedata.cache.enabled`
2021-11-22 05:40:49 +00:00
2f88ca2e40 misc
- move DoH so it has room to grow
- tidy privacy.clearOnShutdown, privacy.cpd
2021-11-18 01:28:21 +00:00
e2e7f9c647 font vis changes () 2021-11-16 11:56:20 +00:00
f8932dced1 remove ambiguous line
The point was that google have said (stated in policy, but fuck knows where that is located these days) that it is anonymized and not used for tracking. It's an API used by **_4 billion devices_** - the API has privacy policies for use. If a whistleblower or someone else found out that google was using this to enhance their user profiling, then all hell would break loose. And they don't even need this to fuel their ad revenue. It is provided, gratis, to the web to help ensure security - they wouldn't dare taint it and get it caught up in a privacy scandal involving **+4 billion devices_**. And in all this time (since 2007), there has been no such whistleblower or proof it is used to track or announcements by google of changes to the contrary.

Anyway, a quick search brings up
- Here is their policy - https://www.google.com/intl/en_us/privacy/browsing.html - it's empty and points to
- https://www.google.com/intl/en/chrome/privacy/
   - and if you scroll down to "Safe Browsing practices" it doesn't say anything about privacy policies for the API itself (or the owner of the API) - it just spells out what happens in chrome
- I'm not going to bother to look any further and find a history of policy changes

Anyway, this is Firefox and hashes are part hashes bundled with other real hashes - and we turned off real time binary checks. So this line can fuck the fuck off. It was meant to reassure those who want the security of real-time binary checks, that privacy "shouldn't" be an issue, but I'm not going to expand on it
2021-11-07 06:48:45 +00:00
17beb468f1 tweak 1510 default info 2021-11-04 22:44:23 +00:00
bd59131d3e default changes, missed one 2021-11-04 22:38:16 +00:00
0f8217ad60 cleanup sanitizing-on-close prefs 2021-11-04 16:18:35 +00:00
1515897449 default changes 2021-11-02 16:07:42 +00:00
ba92918d38 don't disable system addon updates, closes 2021-10-26 10:16:42 +00:00
094356e073 0706: add reference 2021-10-25 20:56:18 +00:00
7d68a32971 start 94-alpha
- and remove obsolete ESR78 notations
- note: we leave the deprecated ESR78.x section and item 6050 until v95 so users upgrading to ESR91 can easily reset those prefs with prefsCleaner
2021-10-25 17:41:16 +00:00
85438d00e4 v93 deprecated 93.0 2021-10-12 08:23:46 +00:00
a764149520 v92 92.0 2021-10-11 13:56:38 +00:00
535346df87 Delete arkenfox-clear-RFP-alternatives.js 2021-10-10 23:55:39 +00:00
412c8f9f94 0807 urlbar contextual suggestions, 2021-10-09 07:14:20 +00:00
380a88ee57 oophs 2021-10-05 11:14:16 +00:00