some inactive prefs at default since 102+

- dom.vr.enabled - false FF97+ - network.http.altsvc.oe - false FF94+ - dom.netinfo.enabled - android joined desktop as false FF99+ - browser.tabs.warnOnClose - falsefalse FF94+
v105 (#1541 )
2025-09-01 01:18:30 +02:00 · 2022-10-04 17:34:45 +00:00 · 2022-10-04 17:15:19 +00:00 · 2022-10-03 13:47:30 +00:00 · 2022-10-03 07:18:30 +00:00 · 2022-10-01 20:33:58 +00:00
2 changed files with 58 additions and 39 deletions
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@ -3,7 +3,7 @@
  - removed from the arkenfox user.js
  - deprecated by Mozilla but listed in the arkenfox user.js in the past

-  Last updated: 31-August-2022
+  Last updated: 5-October-2022

  Instructions:
  - [optional] close Firefox and backup your profile
@ -237,6 +237,18 @@
    'toolkit.telemetry.unifiedIsOptIn',

    /* REMOVED */
+    /* 103+ */
+    'browser.newtab.preload',
+    'browser.newtabpage.activity-stream.feeds.discoverystreamfeed',
+    'browser.newtabpage.activity-stream.feeds.snippets',
+    'browser.tabs.warnOnClose',
+    'dom.netinfo.enabled',
+    'dom.vr.enabled',
+    'extensions.formautofill.addresses.supported',
+    'extensions.formautofill.available',
+    'extensions.formautofill.creditCards.available',
+    'extensions.formautofill.creditCards.supported',
+    'network.http.altsvc.oe',
    /* 92-102 */
    'browser.urlbar.trimURLs',
    'dom.caches.enabled',
--- a/user.js
+++ b/user.js
@ -1,7 +1,7 @@
 /******
 *    name: arkenfox user.js
-*    date: 18 August 2022
-* version: 103
+*    date: 5 October 2022
+* version: 105
 *     url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt

@ -87,25 +87,17 @@ user_pref("browser.shell.checkDefaultBrowser", false);
 * [SETTING] General>Startup>Restore previous session ***/
 user_pref("browser.startup.page", 0);
 /* 0103: set HOME+NEWWINDOW page
- * about:home=Activity Stream (default, see 0105), custom URL, about:blank
+ * about:home=Firefox Home (default, see 0105), custom URL, about:blank
 * [SETTING] Home>New Windows and Tabs>Homepage and new windows ***/
 user_pref("browser.startup.homepage", "about:blank");
 /* 0104: set NEWTAB page
- * true=Activity Stream (default, see 0105), false=blank page
+ * true=Firefox Home (default, see 0105), false=blank page
 * [SETTING] Home>New Windows and Tabs>New tabs ***/
 user_pref("browser.newtabpage.enabled", false);
-user_pref("browser.newtab.preload", false);
-/* 0105: disable some Activity Stream items
- * Activity Stream is the default homepage/newtab based on metadata and browsing behavior
- * [SETTING] Home>Firefox Home Content>...  to show/hide what you want ***/
-user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
-user_pref("browser.newtabpage.activity-stream.telemetry", false);
-user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false]
-user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
-user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
-user_pref("browser.newtabpage.activity-stream.showSponsored", false);
-user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+]
-user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+]
+/* 0105: disable sponsored content on Firefox Home (Activity Stream)
+ * [SETTING] Home>Firefox Home Content ***/
+user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+] Pocket > Sponsored Stories
+user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Sponsored shortcuts
 /* 0106: clear default topsites
 * [NOTE] This does not block you from adding your own ***/
 user_pref("browser.newtabpage.activity-stream.default.sites", "");
@ -183,6 +175,9 @@ user_pref("toolkit.coverage.endpoint.base", "");
 /* 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+]
 * Defense-in-depth: currently covered by 0331 ***/
 user_pref("browser.ping-centre.telemetry", false);
+/* 0335: disable Firefox Home (Activity Stream) telemetry ***/
+user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
+user_pref("browser.newtabpage.activity-stream.telemetry", false);

 /** STUDIES ***/
 /* 0340: disable Studies
@ -276,7 +271,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost
 /* 0701: disable IPv6
 * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming
 * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4
- * [STATS] Firefox telemetry (July 2021) shows ~10% of all connections are IPv6
+ * [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6
 * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an
 * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
 * then this won't make much difference. If you are masking your IP, then it can only help.
@ -366,16 +361,6 @@ user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
 * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
 * [2] https://bugzilla.mozilla.org/381681 ***/
 user_pref("browser.formfill.enable", false);
-/* 0811: disable Form Autofill
- * [NOTE] Stored data is NOT secure (uses a JSON file)
- * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
- * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses
- * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/
-user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
-user_pref("extensions.formautofill.available", "off"); // [FF56+]
-user_pref("extensions.formautofill.creditCards.available", false); // [FF57+]
-user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+]
-user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
 /* 0820: disable coloring of visited links
 * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
 * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
@ -410,7 +395,7 @@ user_pref("network.auth.subresource-http-auth-allow", 1);
 /* 0906: enforce no automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+]
 * [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for...
 * [1] https://support.mozilla.org/kb/windows-sso ***/
-user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false]
+   // user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false]

 /*** [SECTION 1000]: DISK AVOIDANCE ***/
 user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
@ -426,10 +411,6 @@ user_pref("media.memory_cache_max_size", 65536);
 * define on which sites to save extra session data such as form content, cookies and POST data
 * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/
 user_pref("browser.sessionstore.privacy_level", 2);
-/* 1004: set the minimum interval between session save operations
- * Increasing this can help on older machines and some websites, as well as reducing writes [1]
- * [1] https://bugzilla.mozilla.org/1304389 ***/
-user_pref("browser.sessionstore.interval", 30000); // [DEFAULT: 15000]
 /* 1005: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS]
 * [1] https://bugzilla.mozilla.org/603903 ***/
 user_pref("toolkit.winRegisterApplicationRestart", false);
@ -454,7 +435,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
 * but the problem is that the browser can't know that. Setting this pref to true is the only way for the
 * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
 * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
- * [STATS] SSL Labs (July 2021) reports over 99% of top sites have secure renegotiation [4]
+ * [STATS] SSL Labs (Sept 2022) reports over 99.3% of top sites have secure renegotiation [4]
 * [1] https://wiki.mozilla.org/Security:Renegotiation
 * [2] https://datatracker.ietf.org/doc/html/rfc5746
 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
@ -480,7 +461,8 @@ user_pref("security.tls.enable_0rtt_data", false);
 * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers...
 * [1] https://en.wikipedia.org/wiki/Ocsp ***/
 user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
-/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB]
+/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
+ * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR
 * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
 * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
 * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
@ -549,8 +531,6 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true);

 /*** [SECTION 1400]: FONTS ***/
 user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
-/* 1401: disable rendering of SVG OpenType fonts ***/
-user_pref("gfx.font_rendering.opentype_svg.enabled", false);
 /* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
 * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
 * In normal windows: uses the first applicable: RFP (4506) over TP over Standard
@ -750,7 +730,10 @@ user_pref("browser.contentblocking.category", "strict");
 * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
   // user_pref("privacy.antitracking.enableWebcompat", false);
 /* 2710: enable state partitioning of service workers [FF96+] ***/
-user_pref("privacy.partition.serviceWorkers", true);
+user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+]
+/* 2720: enable APS (Always Partitioning Storage) ***/
+user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+]
+user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+]

 /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
 user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
@ -1003,6 +986,15 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
 * 0=desktop, 1=downloads (default), 2=last used
 * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/
   // user_pref("browser.download.folderList", 2);
+/* 5017: disable Form Autofill
+ * If .supportedCountries includes your region (browser.search.region) and .supported
+ * is "detect" (default), then the UI will show. Stored data is not secure, uses JSON
+ * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
+ * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses
+ * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/
+   // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
+   // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+]
+   // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]

 /*** [SECTION 5500]: OPTIONAL HARDENING
   Not recommended. Overriding these can cause breakage and performance issues,
@ -1041,6 +1033,8 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
 * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
 * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
   // user_pref("javascript.options.wasm", false);
+/* 5507: disable rendering of SVG OpenType fonts ***/
+   // user_pref("gfx.font_rendering.opentype_svg.enabled", false);

 /*** [SECTION 6000]: DON'T TOUCH ***/
 user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@ -1083,6 +1077,14 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
   // user_pref("privacy.firstparty.isolate.use_site", "");
   // user_pref("privacy.window.name.update.enabled", "");
   // user_pref("security.insecure_connection_text.enabled", "");
+/* 6051: prefsCleaner: reset items removed from arkenfox FF102+ ***/
+   // user_pref("browser.newtab.preload", "");
+   // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", "");
+   // user_pref("browser.newtabpage.activity-stream.feeds.snippets", "");
+   // user_pref("extensions.formautofill.available", "");
+   // user_pref("extensions.formautofill.addresses.supported", "");
+   // user_pref("extensions.formautofill.creditCards.available", "");
+   // user_pref("extensions.formautofill.creditCards.supported", "");

 /*** [SECTION 7000]: DON'T BOTHER ***/
 user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@ -1257,6 +1259,9 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc
   // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type"
   // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX]
   // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line
+/* FIREFOX HOME CONTENT ***/
+   // user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // Recommended by Pocket
+   // user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
 /* HTML5 MEDIA AUTOPLAY ***/
   // [NOTE] You can set exceptions under site permissions
   // user_pref("media.autoplay.default", 5); // [FF63+]
@ -1286,6 +1291,8 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fa
      // [SETTING] General>Browsing>Recommend extensions as you browse
 user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+]
      // [SETTING] General>Browsing>Recommend features as you browse
+   // user_pref("browser.sessionstore.interval", 30000); // minimum interval between session save operations
+      // Increasing this may help on older machines and some websites, as well as reducing writes (1304389)
   // user_pref("network.manage-offline-status", false); // see bugzilla 620472
   // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)

@ -1351,7 +1358,7 @@ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
   // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
   // 0=keep until they expire (default), 2=keep until you close Firefox
   // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
-   // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665
+   // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761
 user_pref("network.cookie.lifetimePolicy", 2);
 // 6012: disable SHA-1 certificates
   // [-] https://bugzilla.mozilla.org/1766687
Author	SHA1	Message	Date
Thorin-Oakenpants	db04bc44f2	some inactive prefs at default since 102+ - dom.vr.enabled - false FF97+ - network.http.altsvc.oe - false FF94+ - dom.netinfo.enabled - android joined desktop as false FF99+ - browser.tabs.warnOnClose - falsefalse FF94+	2022-10-04 17:34:45 +00:00
Thorin-Oakenpants	4e3a64b5a1	v105 (#1541 )	2022-10-04 17:15:19 +00:00
Thorin-Oakenpants	958acf9c2e	activity-stream.feeds.discoverystreamfeed	2022-10-03 13:47:30 +00:00
Thorin-Oakenpants	95ecd3e328	browser.newtab.preload	2022-10-03 07:18:30 +00:00
Thorin-Oakenpants	4bc98005ec	activity-stream.feeds.snippets	2022-10-01 20:33:58 +00:00
fxbrit	3f09afdee0	Merge pull request #1527 from arkenfox/Thorin-Oakenpants-patch-1 v104	2022-09-11 12:46:23 +02:00
Thorin-Oakenpants	3c73bc1e56	2720: add APS	2022-09-11 02:39:08 +00:00
Thorin-Oakenpants	e38f02bc22	add extra bugzilla	2022-08-28 00:31:59 +00:00
Thorin-Oakenpants	74be763f60	add OCSP hard-fail error code	2022-08-24 05:53:46 +00:00
Thorin-Oakenpants	5780b6d197	move Form Autofill to 5000s	2022-08-23 17:51:35 +00:00
Thorin-Oakenpants	06bfef8fd1	extensions.formautofill add migrated prefs for completeness - see comment in `d040b95ed2`	2022-08-23 17:33:55 +00:00
Thorin-Oakenpants	d040b95ed2	also reset the prefs migrated to .supported also hides/shows the UI. There is no need for this, it is overkill (and users might never be able to work out how to get them back). The .enabled prefs are enough to toggle the checkboxes IF they show based on .supportedCountries (which relies on browser.search.region)	2022-08-23 17:29:47 +00:00
Thorin-Oakenpants	61f01f81fd	tidy	2022-08-23 16:53:27 +00:00
Thorin-Oakenpants	2b2e151f45	extensions.formautofill https://bugzilla.mozilla.org/1745248 - migrated to .supported in FF99	2022-08-23 16:52:38 +00:00
Thorin-Oakenpants	ff8d63f7e4	remove dead prefs https://bugzilla.mozilla.org/show_bug.cgi?id=1745248 - they migrated to `.supported` prefs (values detect or off)	2022-08-23 16:42:32 +00:00
Thorin-Oakenpants	848290898d	svg opentype fonts -> optional, see #1529	2022-08-22 16:02:07 +00:00
Thorin-Oakenpants	05abe82136	v105 partition SWers by default: https://bugzilla.mozilla.org/show_bug.cgi?id=1784900	2022-08-18 20:12:42 +00:00