mirror of
https://github.com/arkenfox/user.js.git
synced 2025-09-01 17:38:30 +02:00
Compare commits
16 Commits
52.0
...
v53.0-alph
| Author | SHA1 | Date | |
|---|---|---|---|
| 30bb523b11 | |||
| b26175494b | |||
| 7496b873b7 | |||
| 8ca3176ab1 | |||
| 5cf2de570a | |||
| 37b8ad66b8 | |||
| 4d1689b7a5 | |||
| d87bcfde58 | |||
| c194e21d5c | |||
| 49e2025bc5 | |||
| 2d0e27cb43 | |||
| 9bbe074960 | |||
| ec5fdfcdaa | |||
| e1a5f80063 | |||
| bc70023b54 | |||
| 551427fccc |
122
user.js
122
user.js
@ -1,13 +1,12 @@
|
||||
/******
|
||||
* name: ghacks user.js
|
||||
* date: 11 March 2017
|
||||
* version 52: Daypants Believer
|
||||
* "Cheer up, Sleepy JEANS. Oh, what can it mean."
|
||||
* date: 27 April 2017
|
||||
* version 53: Achy Breaky Pants
|
||||
* "But don't tell my pants, my achy breaky pants, I just don't think they'd understand"
|
||||
* authors: v52+ github | v51- www.ghacks.net
|
||||
* url: https://github.com/ghacksuserjs/ghacks-user.js
|
||||
|
||||
* releases: These are end-of-stable-life-cycle legacy archives. They are not "releases"
|
||||
in the sense that they are done to coincide with when Firefox versions land.
|
||||
* releases: These are end-of-stable-life-cycle legacy archives.
|
||||
*Always* use the master branch user.js for a current up-to-date version.
|
||||
url: https://github.com/ghacksuserjs/ghacks-user.js/releases
|
||||
|
||||
@ -18,6 +17,7 @@
|
||||
3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum
|
||||
* The settings below will turn off Tracking Protection, Safe Browsing and Auto Updates
|
||||
You need to read, understand, and decide about these. Don't leave yourself less secure
|
||||
* Some user data is erased (section 2800), namely history (browsing, form, download)
|
||||
* Site breakage WILL happen
|
||||
- There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting
|
||||
and these need to be balanced against Functionality & Convenience & Breakage
|
||||
@ -172,7 +172,8 @@ user_pref("network.allow-experiments", false);
|
||||
user_pref("breakpad.reportURL", "");
|
||||
/* 0351: disable sending of crash reports (FF44+) ***/
|
||||
user_pref("browser.tabs.crashReporting.sendReport", false);
|
||||
user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
|
||||
user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+)
|
||||
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+)
|
||||
/* 0360: disable new tab tile ads & preload & marketing junk ***/
|
||||
user_pref("browser.newtab.preload", false);
|
||||
user_pref("browser.newtabpage.directory.ping", "data:text/plain,");
|
||||
@ -200,14 +201,16 @@ user_pref("social.remote-install.enabled", false);
|
||||
user_pref("social.directories", "");
|
||||
user_pref("social.share.activationPanelEnabled", false);
|
||||
user_pref("social.enabled", false); // (hidden pref)
|
||||
/* 0375: disable "Reader View" [SETUP] ***/
|
||||
user_pref("reader.parse-on-load.enabled", false);
|
||||
/* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers
|
||||
* [1] https://wiki.mozilla.org/FlyWeb
|
||||
* [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/
|
||||
user_pref("dom.flyweb.enabled", false);
|
||||
/* 0380: disable sync [SETUP] ***/
|
||||
user_pref("services.sync.enabled", false); // (hidden pref)
|
||||
/* 0381: disable WebExtension sync
|
||||
* [1] https://wiki.mozilla.org/WebExtensions/chrome.storage.sync ***/
|
||||
user_pref("webextensions.storage.sync.enabled", false);
|
||||
user_pref("webextensions.storage.sync.serverURL", "");
|
||||
|
||||
/*** 0400: QUIET FOX [PART 2] [WARNING] [SETUP]
|
||||
This section has security & tracking protection implications vs privacy concerns vs effectiveness.
|
||||
@ -533,6 +536,40 @@ user_pref("browser.shell.shortcutFavicons", false);
|
||||
/* 1032: disable favicons in web notifications ***/
|
||||
// user_pref("alerts.showFavicons", false);
|
||||
|
||||
/*** 1100: MULTI-PROCESS (e10s)
|
||||
We recommend you let Firefox handle this. Until e10s is enforced, if
|
||||
- all your add-ons have the 'multiprocessCompatible' flag as true, then FF = e10s
|
||||
- any add-ons have 'multiprocessCompatible' flag as false, then FF != e10s
|
||||
- any add-ons are missing the 'multiprocessCompatible' flag *might* be disabled (FF53+)
|
||||
[1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/
|
||||
***/
|
||||
/* 1101: start the browser in e10s mode (FF48+)
|
||||
* about:support>Application Basics>Multiprocess Windows ***/
|
||||
// user_pref("browser.tabs.remote.autostart", true);
|
||||
// user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref)
|
||||
// user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
|
||||
// user_pref("extensions.e10sBlocksEnabling", false);
|
||||
/* 1102: control number of e10s processes
|
||||
* [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
|
||||
* [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
|
||||
// user_pref("dom.ipc.processCount", 4);
|
||||
/* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+)
|
||||
* [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process */
|
||||
// user_pref("extensions.webextensions.remote", true);
|
||||
/* 1104: enforce separate content process for file://URLs (FF53+)
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
|
||||
* [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
|
||||
// user_pref("browser.tabs.remote.separateFileUriProcess", true);
|
||||
/* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/
|
||||
user_pref("dom.ipc.shims.enabledWarnings", true);
|
||||
/* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play
|
||||
* with them. The values are integers, but the code below deliberately contains a data mismatch
|
||||
* [1] https://wiki.mozilla.org/Sandbox
|
||||
* [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 */
|
||||
// user_pref("security.sandbox.content.level", "donotuse")
|
||||
// user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse");
|
||||
// user_pref("dom.ipc.plugins.sandbox-level.flash, "donotuse");
|
||||
|
||||
/*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS )
|
||||
Note that your cipher and other settings can be used server side as a fingerprint attack
|
||||
vector, see [1] (It's quite technical but the first part is easy to understand
|
||||
@ -651,8 +688,6 @@ user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
|
||||
* [NOTE] commented out because it still breaks too many sites ***/
|
||||
// user_pref("security.ssl3.rsa_aes_128_sha", false);
|
||||
// user_pref("security.ssl3.rsa_aes_256_sha", false);
|
||||
/* 1265: block rc4 fallback (will be deprecated in 53) ***/
|
||||
user_pref("security.tls.unrestricted_rc4_fallback", false);
|
||||
/** UI (User Interface) ***/
|
||||
/* 1270: display warning (red padlock) for "broken security"
|
||||
* [1] https://wiki.mozilla.org/Security:Renegotiation ***/
|
||||
@ -781,11 +816,6 @@ user_pref("security.xpconnect.plugin.unrestricted", false);
|
||||
* includes: RealPlayer, Next-Generation Java Plug-In, Adobe Flash, Antivirus etc
|
||||
* [WARNING] [SETUP] This means Firefox will not load ANY plugins. Try it. You are not missing anything. ***/
|
||||
user_pref("plugin.scan.plid.all", false);
|
||||
/* 1806: Acrobat, Quicktime, WMP are handled separately from 1805 above.
|
||||
* The string refers to min version number allowed ***/
|
||||
user_pref("plugin.scan.Acrobat", "99999");
|
||||
user_pref("plugin.scan.Quicktime", "99999");
|
||||
user_pref("plugin.scan.WindowsMediaPlayer", "99999");
|
||||
/* 1820: disable all GMP (Gecko Media Plugins) [SETUP]
|
||||
* [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
|
||||
user_pref("media.gmp-provider.enabled", false);
|
||||
@ -845,7 +875,6 @@ user_pref("media.webspeech.synth.enabled", false);
|
||||
/* 2022: disable screensharing ***/
|
||||
user_pref("media.getusermedia.screensharing.enabled", false);
|
||||
user_pref("media.getusermedia.screensharing.allowed_domains", "");
|
||||
user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false);
|
||||
user_pref("media.getusermedia.browser.enabled", false);
|
||||
user_pref("media.getusermedia.audiocapture.enabled", false);
|
||||
/* 2023: disable camera stuff ***/
|
||||
@ -995,6 +1024,14 @@ user_pref("javascript.options.wasm", false);
|
||||
/* 2425: disable ArchiveAPI i.e reading content of archives, such as zip files, directly
|
||||
* in the browser, through DOM file objects. Default is false. ***/
|
||||
user_pref("dom.archivereader.enabled", false);
|
||||
/* 2426: disable Intersection Observer API (FF53+)
|
||||
* Almost a year to complete, three versions late to stable (as default false),
|
||||
* number #1 cause of crashes in nightly numerous times, and is (primarily) an
|
||||
* ad network API for "ad viewability checks" down to a pixel level
|
||||
* [1] https://developer.mozilla.org/en-US/docs/Web/API/Intersection_Observer_API
|
||||
* [2] https://wicg.github.io/IntersectionObserver/
|
||||
* [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/
|
||||
user_pref("dom.IntersectionObserver.enabled", false);
|
||||
/* 2450a: force Firefox to tell you if a website asks to store data for offline use
|
||||
* [1] https://support.mozilla.org/en-US/questions/1098540
|
||||
* [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/
|
||||
@ -1041,7 +1078,6 @@ user_pref("media.video_stats.enabled", false);
|
||||
* [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code
|
||||
* [2] https://www.privacy-handbuch.de/handbuch_21v.htm ***/
|
||||
user_pref("dom.keyboardevent.code.enabled", false);
|
||||
user_pref("dom.beforeAfterKeyboardEvent.enabled", false);
|
||||
user_pref("dom.keyboardevent.dispatch_during_composition", false);
|
||||
/* 2508: disable hardware acceleration to reduce graphics fingerprinting
|
||||
* [SETTING] Options>Advanced>General>Use hardware acceleration when available
|
||||
@ -1063,7 +1099,10 @@ user_pref("dom.webaudio.enabled", false);
|
||||
* [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange ***/
|
||||
user_pref("media.ondevicechange.enabled", false);
|
||||
/* 2512: disable device sensor API
|
||||
* [1] https://trac.torproject.org/projects/tor/ticket/15758 ***/
|
||||
* [1] https://trac.torproject.org/projects/tor/ticket/15758
|
||||
* [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
|
||||
* [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733
|
||||
* [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/
|
||||
user_pref("device.sensors.enabled", false);
|
||||
|
||||
/*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/
|
||||
@ -1164,24 +1203,6 @@ user_pref("browser.uitour.url", "");
|
||||
/* 2629: disable remote JAR files being opened, regardless of content type
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/
|
||||
user_pref("network.jar.block-remote-files", true);
|
||||
/* 2650: start the browser in e10s mode (FF48+)
|
||||
* After restarting the browser, you can check whether it's enabled by visiting
|
||||
* about:support and checking that "Multiprocess Windows" = 1
|
||||
* use force-enable and extensions.e10sblocksenabling if you have add-ons ***/
|
||||
// user_pref("browser.tabs.remote.autostart", true);
|
||||
// user_pref("browser.tabs.remote.autostart.2", true); // (FF49+)
|
||||
// user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
|
||||
// user_pref("extensions.e10sBlocksEnabling", false);
|
||||
/* 2651: control e10s number of container processes
|
||||
* [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
|
||||
* [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
|
||||
// user_pref("dom.ipc.processCount", 4);
|
||||
/* 2652: enable console shim warnings for extensions that don't have the flag 'multiprocessCompatible' as true ***/
|
||||
user_pref("dom.ipc.shims.enabledWarnings", true);
|
||||
/* 2660: enforce separate content process for file://URLs (FF53+?)
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
|
||||
* [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
|
||||
user_pref("browser.tabs.remote.separateFileUriProcess", true);
|
||||
/* 2662: disable "open with" in download dialog (FF50+)
|
||||
* This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
|
||||
* in such a way that it is forbidden to run external applications.
|
||||
@ -1220,8 +1241,9 @@ user_pref("network.proxy.autoconfig_url.include_path", false);
|
||||
user_pref("security.block_script_with_wrong_mime", true);
|
||||
/* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+)
|
||||
* [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage
|
||||
* including youtube player controls. Best left for "hardened" or specific profiles.
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/
|
||||
user_pref("svg.disabled", true);
|
||||
// user_pref("svg.disabled", true);
|
||||
/* 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk
|
||||
* Firefox has *some* protections to mitigate the risk, but it is better to be safe
|
||||
* than sorry. The downside: it will also display legitimate IDN's punycoded, which
|
||||
@ -1332,13 +1354,15 @@ user_pref("network.cookie.thirdparty.sessionOnly", true);
|
||||
* [WARNING] this will break a LOT of sites' functionality.
|
||||
* You are better off using an extension for more granular control ***/
|
||||
// user_pref("dom.storage.enabled", false);
|
||||
/* 2706: disable Storage API (FF51+)
|
||||
/* 2706: disable Storage API
|
||||
* The API gives sites the ability to find out how much space they can use, how much
|
||||
* they are already using, and even control whether or not they need to be alerted
|
||||
* before the user agent disposes of site data in order to make room for other things.
|
||||
* [1] https://developer.mozilla.org/en-US/docs/Web/API/StorageManager
|
||||
* [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API ***/
|
||||
user_pref("dom.storageManager.enabled", false);
|
||||
* [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API
|
||||
* [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
|
||||
user_pref("dom.storageManager.enabled", false); // (FF51+)
|
||||
user_pref("browser.storageManager.enabled", false); // (FF53+)
|
||||
/* 2707: clear localStorage and UUID when a WebExtension is uninstalled
|
||||
* [NOTE] both preferences must be the same
|
||||
* [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local
|
||||
@ -1466,7 +1490,7 @@ user_pref("browser.tabs.loadDivertedInBackground", false);
|
||||
/* 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/
|
||||
user_pref("browser.bookmarks.showRecentlyBookmarked", false);
|
||||
/* 3023: disable automigrate (FF49+)
|
||||
* default is false in FF49+ and true in FF53+
|
||||
* default is false in FF49+
|
||||
* need more info, but lock down for now ***/
|
||||
user_pref("browser.migrate.automigrate.enabled", false);
|
||||
/* 3024: enable "Find As You Type"
|
||||
@ -1482,6 +1506,11 @@ user_pref("browser.migrate.automigrate.enabled", false);
|
||||
// user_pref("media.wave.enabled", false);
|
||||
// user_pref("media.webm.enabled", false);
|
||||
// user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries
|
||||
/* 3026: disable "Reader View" ***/
|
||||
// user_pref("reader.parse-on-load.enabled", false);
|
||||
/* 3027: decode URLs on copy from the urlbar (FF53+)
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/
|
||||
user_pref("browser.urlbar.decodeURLsOnCopy", true);
|
||||
|
||||
/* END: internal custom pref to test for syntax errors ***/
|
||||
user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue");
|
||||
@ -1646,3 +1675,14 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem
|
||||
* [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code.
|
||||
* [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/
|
||||
// user_pref("dom.battery.enabled", false);
|
||||
/* 1265: (53+) block rc4 fallback ***/
|
||||
// user_pref("security.tls.unrestricted_rc4_fallback", false);
|
||||
/* 1806: (53+) disable Acrobat, Quicktime, WMP
|
||||
* The string refers to min version number allowed ***/
|
||||
// user_pref("plugin.scan.Acrobat", "99999");
|
||||
// user_pref("plugin.scan.Quicktime", "99999");
|
||||
// user_pref("plugin.scan.WindowsMediaPlayer", "99999");
|
||||
/* 2022: (53+) disable screensharing ***/
|
||||
// user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false);
|
||||
/* 2507: (53+) disable keyboard fingerprinting ***/
|
||||
// user_pref("dom.beforeAfterKeyboardEvent.enabled", false);
|
||||
|
||||
Reference in New Issue
Block a user