upgrade 53-beta to 53

ready for alpha release and changelog
typo
2025-09-04 19:08:30 +02:00 · 2017-04-28 04:18:55 +12:00 · 2017-04-26 18:18:52 +12:00 · 2017-04-26 18:17:22 +12:00 · 2017-04-26 18:02:33 +12:00 · 2017-04-26 17:37:48 +12:00
1 changed files with 81 additions and 41 deletions
--- a/user.js
+++ b/user.js
@ -1,13 +1,12 @@
 /******
 * name: ghacks user.js
-* date: 11 March 2017
+* date: 27 April 2017
-* version 52: Daypants Believer
+* version 53: Achy Breaky Pants
-*   "Cheer up, Sleepy JEANS. Oh, what can it mean."
+*   "But don't tell my pants, my achy breaky pants, I just don't think they'd understand"
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
-* releases: These are end-of-stable-life-cycle legacy archives. They are not "releases"
+* releases: These are end-of-stable-life-cycle legacy archives.
            in the sense that they are done to coincide with when Firefox versions land.
            *Always* use the master branch user.js for a current up-to-date version.
       url: https://github.com/ghacksuserjs/ghacks-user.js/releases
@ -18,6 +17,7 @@
  3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum
     * The settings below will turn off Tracking Protection, Safe Browsing and Auto Updates
       You need to read, understand, and decide about these. Don't leave yourself less secure
     * Some user data is erased (section 2800), namely history (browsing, form, download)
     * Site breakage WILL happen
         - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting
           and these need to be balanced against Functionality & Convenience & Breakage
@ -172,7 +172,8 @@ user_pref("network.allow-experiments", false);
 user_pref("breakpad.reportURL", "");
 /* 0351: disable sending of crash reports (FF44+) ***/
 user_pref("browser.tabs.crashReporting.sendReport", false);
-user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
+user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+)
 user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+)
 /* 0360: disable new tab tile ads & preload & marketing junk ***/
 user_pref("browser.newtab.preload", false);
 user_pref("browser.newtabpage.directory.ping", "data:text/plain,");
@ -200,14 +201,16 @@ user_pref("social.remote-install.enabled", false);
 user_pref("social.directories", "");
 user_pref("social.share.activationPanelEnabled", false);
 user_pref("social.enabled", false); // (hidden pref)
 /* 0375: disable "Reader View" [SETUP] ***/
 user_pref("reader.parse-on-load.enabled", false);
 /* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers
 * [1] https://wiki.mozilla.org/FlyWeb
 * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/
 user_pref("dom.flyweb.enabled", false);
 /* 0380: disable sync [SETUP] ***/
 user_pref("services.sync.enabled", false); // (hidden pref)
 /* 0381: disable WebExtension sync
 * [1] https://wiki.mozilla.org/WebExtensions/chrome.storage.sync ***/
 user_pref("webextensions.storage.sync.enabled", false);
 user_pref("webextensions.storage.sync.serverURL", "");
 /*** 0400: QUIET FOX [PART 2] [WARNING] [SETUP]
     This section has security & tracking protection implications vs privacy concerns vs effectiveness.
@ -533,6 +536,40 @@ user_pref("browser.shell.shortcutFavicons", false);
 /* 1032: disable favicons in web notifications ***/
   // user_pref("alerts.showFavicons", false);
 /*** 1100: MULTI-PROCESS (e10s)
     We recommend you let Firefox handle this. Until e10s is enforced, if
     - all your add-ons have the 'multiprocessCompatible' flag as true, then FF = e10s
     - any add-ons have 'multiprocessCompatible' flag as false, then FF != e10s
     - any add-ons are missing the 'multiprocessCompatible' flag *might* be disabled (FF53+)
     [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/
 ***/
 /* 1101: start the browser in e10s mode (FF48+)
 * about:support>Application Basics>Multiprocess Windows ***/
   // user_pref("browser.tabs.remote.autostart", true);
   // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref)
   // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
   // user_pref("extensions.e10sBlocksEnabling", false);
 /* 1102: control number of e10s processes
 * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
   // user_pref("dom.ipc.processCount", 4);
 /* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+)
 * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process */
   // user_pref("extensions.webextensions.remote", true);
 /* 1104: enforce separate content process for file://URLs (FF53+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
 * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
   // user_pref("browser.tabs.remote.separateFileUriProcess", true);
 /* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/
 user_pref("dom.ipc.shims.enabledWarnings", true);
 /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play
 * with them. The values are integers, but the code below deliberately contains a data mismatch
 * [1] https://wiki.mozilla.org/Sandbox
 * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 */
   // user_pref("security.sandbox.content.level", "donotuse")
   // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse");
   // user_pref("dom.ipc.plugins.sandbox-level.flash, "donotuse");
 /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS )
   Note that your cipher and other settings can be used server side as a fingerprint attack
   vector, see [1] (It's quite technical but the first part is easy to understand
@ -651,8 +688,6 @@ user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
 * [NOTE] commented out because it still breaks too many sites ***/
   // user_pref("security.ssl3.rsa_aes_128_sha", false);
   // user_pref("security.ssl3.rsa_aes_256_sha", false);
 /* 1265: block rc4 fallback (will be deprecated in 53) ***/
 user_pref("security.tls.unrestricted_rc4_fallback", false);
 /** UI (User Interface) ***/
 /* 1270: display warning (red padlock) for "broken security"
 * [1] https://wiki.mozilla.org/Security:Renegotiation ***/
@ -781,11 +816,6 @@ user_pref("security.xpconnect.plugin.unrestricted", false);
 * includes: RealPlayer, Next-Generation Java Plug-In, Adobe Flash, Antivirus etc
 * [WARNING] [SETUP] This means Firefox will not load ANY plugins. Try it. You are not missing anything. ***/
 user_pref("plugin.scan.plid.all", false);
 /* 1806: Acrobat, Quicktime, WMP are handled separately from 1805 above.
 * The string refers to min version number allowed ***/
 user_pref("plugin.scan.Acrobat", "99999");
 user_pref("plugin.scan.Quicktime", "99999");
 user_pref("plugin.scan.WindowsMediaPlayer", "99999");
 /* 1820: disable all GMP (Gecko Media Plugins) [SETUP]
 * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
 user_pref("media.gmp-provider.enabled", false);
@ -845,7 +875,6 @@ user_pref("media.webspeech.synth.enabled", false);
 /* 2022: disable screensharing ***/
 user_pref("media.getusermedia.screensharing.enabled", false);
 user_pref("media.getusermedia.screensharing.allowed_domains", "");
 user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false);
 user_pref("media.getusermedia.browser.enabled", false);
 user_pref("media.getusermedia.audiocapture.enabled", false);
 /* 2023: disable camera stuff ***/
@ -995,6 +1024,14 @@ user_pref("javascript.options.wasm", false);
 /* 2425: disable ArchiveAPI i.e reading content of archives, such as zip files, directly
 * in the browser, through DOM file objects. Default is false. ***/
 user_pref("dom.archivereader.enabled", false);
 /* 2426: disable Intersection Observer API (FF53+)
 * Almost a year to complete, three versions late to stable (as default false),
 * number #1 cause of crashes in nightly numerous times, and is (primarily) an
 * ad network API for "ad viewability checks" down to a pixel level
 * [1] https://developer.mozilla.org/en-US/docs/Web/API/Intersection_Observer_API
 * [2] https://wicg.github.io/IntersectionObserver/
 * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/
 user_pref("dom.IntersectionObserver.enabled", false);
 /* 2450a: force Firefox to tell you if a website asks to store data for offline use
 * [1] https://support.mozilla.org/en-US/questions/1098540
 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/
@ -1041,7 +1078,6 @@ user_pref("media.video_stats.enabled", false);
 * [1] https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code
 * [2] https://www.privacy-handbuch.de/handbuch_21v.htm ***/
 user_pref("dom.keyboardevent.code.enabled", false);
 user_pref("dom.beforeAfterKeyboardEvent.enabled", false);
 user_pref("dom.keyboardevent.dispatch_during_composition", false);
 /* 2508: disable hardware acceleration to reduce graphics fingerprinting
 * [SETTING] Options>Advanced>General>Use hardware acceleration when available
@ -1063,7 +1099,10 @@ user_pref("dom.webaudio.enabled", false);
 * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/ondevicechange ***/
 user_pref("media.ondevicechange.enabled", false);
 /* 2512: disable device sensor API
- * [1] https://trac.torproject.org/projects/tor/ticket/15758 ***/
+ * [1] https://trac.torproject.org/projects/tor/ticket/15758
 * [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
 * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733
 * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/
 user_pref("device.sensors.enabled", false);
 /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/
@ -1164,24 +1203,6 @@ user_pref("browser.uitour.url", "");
 /* 2629: disable remote JAR files being opened, regardless of content type
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/
 user_pref("network.jar.block-remote-files", true);
 /* 2650: start the browser in e10s mode (FF48+)
 * After restarting the browser, you can check whether it's enabled by visiting
 * about:support and checking that "Multiprocess Windows" = 1
 * use force-enable and extensions.e10sblocksenabling if you have add-ons ***/
   // user_pref("browser.tabs.remote.autostart", true);
   // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+)
   // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
   // user_pref("extensions.e10sBlocksEnabling", false);
 /* 2651: control e10s number of container processes
 * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
   // user_pref("dom.ipc.processCount", 4);
 /* 2652: enable console shim warnings for extensions that don't have the flag 'multiprocessCompatible' as true ***/
 user_pref("dom.ipc.shims.enabledWarnings", true);
 /* 2660: enforce separate content process for file://URLs (FF53+?)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
 * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
 user_pref("browser.tabs.remote.separateFileUriProcess", true);
 /* 2662: disable "open with" in download dialog (FF50+)
 * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
 * in such a way that it is forbidden to run external applications.
@ -1220,8 +1241,9 @@ user_pref("network.proxy.autoconfig_url.include_path", false);
 user_pref("security.block_script_with_wrong_mime", true);
 /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+)
 * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage
 * including youtube player controls. Best left for "hardened" or specific profiles.
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 ***/
-user_pref("svg.disabled", true);
+   // user_pref("svg.disabled", true);
 /* 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk
 * Firefox has *some* protections to mitigate the risk, but it is better to be safe
 * than sorry. The downside: it will also display legitimate IDN's punycoded, which
@ -1332,13 +1354,15 @@ user_pref("network.cookie.thirdparty.sessionOnly", true);
 * [WARNING] this will break a LOT of sites' functionality.
 * You are better off using an extension for more granular control ***/
   // user_pref("dom.storage.enabled", false);
-/* 2706: disable Storage API (FF51+)
+/* 2706: disable Storage API
 * The API gives sites the ability to find out how much space they can use, how much
 * they are already using, and even control whether or not they need to be alerted
 * before the user agent disposes of site data in order to make room for other things.
 * [1] https://developer.mozilla.org/en-US/docs/Web/API/StorageManager
- * [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API ***/
+ * [2] https://developer.mozilla.org/en-US/docs/Web/API/Storage_API
-user_pref("dom.storageManager.enabled", false);
+ * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
 user_pref("dom.storageManager.enabled", false); // (FF51+)
 user_pref("browser.storageManager.enabled", false); // (FF53+)
 /* 2707: clear localStorage and UUID when a WebExtension is uninstalled
 * [NOTE] both preferences must be the same
 * [1] https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/local
@ -1466,7 +1490,7 @@ user_pref("browser.tabs.loadDivertedInBackground", false);
 /* 3022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/
 user_pref("browser.bookmarks.showRecentlyBookmarked", false);
 /* 3023: disable automigrate (FF49+)
- * default is false in FF49+ and true in FF53+
+ * default is false in FF49+
 * need more info, but lock down for now ***/
 user_pref("browser.migrate.automigrate.enabled", false);
 /* 3024: enable "Find As You Type"
@ -1482,6 +1506,11 @@ user_pref("browser.migrate.automigrate.enabled", false);
   // user_pref("media.wave.enabled", false);
   // user_pref("media.webm.enabled", false);
   // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries
 /* 3026: disable "Reader View" ***/
   // user_pref("reader.parse-on-load.enabled", false);
 /* 3027: decode URLs on copy from the urlbar (FF53+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320061 ***/
 user_pref("browser.urlbar.decodeURLsOnCopy", true);
 /* END: internal custom pref to test for syntax errors ***/
 user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue");
@ -1646,3 +1675,14 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem
 * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code.
 * [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/
   // user_pref("dom.battery.enabled", false);
 /* 1265: (53+) block rc4 fallback ***/
   // user_pref("security.tls.unrestricted_rc4_fallback", false);
 /* 1806: (53+) disable Acrobat, Quicktime, WMP
 * The string refers to min version number allowed ***/
   // user_pref("plugin.scan.Acrobat", "99999");
   // user_pref("plugin.scan.Quicktime", "99999");
   // user_pref("plugin.scan.WindowsMediaPlayer", "99999");
 /* 2022: (53+) disable screensharing ***/
   // user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false);
 /* 2507: (53+) disable keyboard fingerprinting ***/
   // user_pref("dom.beforeAfterKeyboardEvent.enabled", false);
Author	SHA1	Message	Date
Thorin-Oakenpants	30bb523b11	upgrade 53-beta to 53 ready for alpha release and changelog	2017-04-28 04:18:55 +12:00
Thorin-Oakenpants	b26175494b	typo earthlng!!!! we use urlbar not URL bar .. bad earthlng :)	2017-04-26 18:18:52 +12:00
Thorin-Oakenpants	7496b873b7	3027 browser.urlbar.decodeURLsOnCopy added	2017-04-26 18:17:22 +12:00
Thorin-Oakenpants	8ca3176ab1	2426 dom.IntersectionObserver.enabled added default is false anyway. We can readdress this if it ever gets turned on, or used for purposes other than ad networks - I suspect there's nothing really out there using it right now, and the fact 53 is false, I bet there's no big hurry to turn it on due to stability and real world usage.	2017-04-26 18:02:33 +12:00
Thorin-Oakenpants	5cf2de570a	2706 browser.storageManager.enabled added its added as default false, but looks like we'll need to check out what options the two prefs (dom from 51 and browser from 53) when true show in the options UI	2017-04-26 17:37:48 +12:00
Thorin-Oakenpants	37b8ad66b8	2512 device.sensors.enabled references The blog entry [2] and subsequent ticket [3] are new. Francois mentioned the older ticket [4]. FYI: `device.sensors.enabled` was introduced in FF15 (don't think I need to add that in)	2017-04-26 12:48:57 +12:00
Thorin-Oakenpants	4d1689b7a5	forgot a closing ***/ in deprecated section no syntax issues, calm down	2017-04-21 01:04:28 +12:00
Thorin-Oakenpants	d87bcfde58	FF53 deprecated	2017-04-20 12:47:28 +12:00
earthlng	c194e21d5c	Update user.js	2017-04-19 14:22:31 +02:00
Thorin-Oakenpants	49e2025bc5	add e10s section 1100 #82 noted added roadmap link to section header, reworded FF53+ multiprocessCompatibility flag as `might disable` (from `will disable`)	2017-04-18 11:12:55 +12:00
Thorin-Oakenpants	2d0e27cb43	"reader view" -> personal section -> inactive #84	2017-04-18 10:56:29 +12:00
Thorin-Oakenpants	9bbe074960	minor readme section edits	2017-04-17 23:34:44 +12:00
Thorin-Oakenpants	ec5fdfcdaa	0381: disable WebExtension sync	2017-04-16 11:50:08 +12:00
Thorin-Oakenpants	e1a5f80063	start v53 commits	2017-04-16 11:45:28 +12:00
Thorin-Oakenpants	bc70023b54	0351: crashReports enforce extra pref at default enforces default false (future proofing, because sh*t happens), plus added the FF version numbers.	2017-04-15 18:41:14 +12:00
Thorin-Oakenpants	551427fccc	2671 svg.disabled-> inactive for FF53+	2017-04-15 12:27:41 +12:00