1202: aaaaaaand actually change the pref this time

1202: TLS min raised to 1.2 #167
nits
2025-09-04 10:58:31 +02:00 · 2017-07-10 06:26:55 +12:00 · 2017-07-10 06:22:52 +12:00 · 2017-07-10 05:52:44 +12:00 · 2017-07-09 18:51:32 +02:00 · 2017-07-09 18:49:39 +02:00
2 changed files with 1928 additions and 1831 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,8 @@
+* text=auto
+
+*.js text
+*.md text
+*.yml text
+*.txt text
+
+*.png binary
--- a/user.js
+++ b/user.js
@ -1,8 +1,8 @@
 /******
 * name: ghacks user.js
-* date: 27 April 2017
-* version 53: Achy Breaky Pants
-*   "But don't tell my pants, my achy breaky pants, I just don't think they'd understand"
+* date: 14 June 2017
+* version 54: Pantsthumping
+*   "I get pulled down, but I get up again, you're never gonna keep me down"
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js

@ -94,7 +94,7 @@ user_pref("intl.accept_languages", "en-US, en");
 /* 0208: enforce US English locale regardless of the system locale
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/
 user_pref("javascript.use_us_english_locale", true); // (hidden pref)
-/* 0209: disable geolocation on non-secure origins (FF55+)
+/* 0209: disable geolocation on non-secure origins (FF54+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859
 * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/
 user_pref("geo.security.allowinsecure", false);
@ -190,6 +190,9 @@ user_pref("browser.newtabpage.directory.source", "data:text/plain,");
 user_pref("browser.newtabpage.enabled", false);
 user_pref("browser.newtabpage.enhanced", false);
 user_pref("browser.newtabpage.introShown", true);
+/* 0361: disable Activity Stream (system addon) (FF54+)
+ * [1] https://wiki.mozilla.org/Firefox/Activity_Stream ***/
+user_pref("browser.newtabpage.activity-stream.enabled", false);
 /* 0370: disable "Snippets" (Mozilla content shown on about:home screen)
 * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks
 * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/
@ -212,7 +215,7 @@ user_pref("social.share.activationPanelEnabled", false);
 user_pref("social.enabled", false); // (hidden pref)
 /* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers
 * [1] https://wiki.mozilla.org/FlyWeb
- * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/
+ * [2] https://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/
 user_pref("dom.flyweb.enabled", false);

 /*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION
@ -276,8 +279,6 @@ user_pref("browser.safebrowsing.downloads.remote.enabled", false);
 user_pref("browser.safebrowsing.downloads.remote.url", "");
 /* 0415: disable reporting URLs ***/
 user_pref("browser.safebrowsing.provider.google.reportURL", "");
-user_pref("browser.safebrowsing.reportMalwareMistakeURL", "");
-user_pref("browser.safebrowsing.reportPhishMistakeURL", "");
 user_pref("browser.safebrowsing.reportPhishURL", "");
 user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+)
 user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); // (FF54+)
@ -293,10 +294,11 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); //
    There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well,
    as it offers more comprehensive and specialized lists. It also allows per domain control. ***/
 /* 0420: enable Tracking Protection in all windows
+ * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610)
 * [1] https://wiki.mozilla.org/Security/Tracking_protection
 * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/
-user_pref("privacy.trackingprotection.pbmode.enabled", true);
-user_pref("privacy.trackingprotection.enabled", true);
+   // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default true
+   // user_pref("privacy.trackingprotection.enabled", true); // default false
 /* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection
 * Displays three choices: "Always", "Only in private windows", "Never" ***/
 user_pref("privacy.trackingprotection.ui.enabled", true);
@ -305,7 +307,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true);
   // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic
   // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict
 /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+)
- * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
+ * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/
   // user_pref("browser.safebrowsing.blockedURIs.enabled", false);
 /* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/
@ -318,7 +320,7 @@ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!");
 * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/
 user_pref("network.prefetch-next", false);
 /* 0602: disable DNS prefetching
- * [1] http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/
+ * [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/
 * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/
 user_pref("network.dns.disablePrefetch", true);
 user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref)
@ -327,20 +329,21 @@ user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref)
 user_pref("network.predictor.enabled", false);
 /* 0603b: disable more Necko/Captive Portal
 * [1] https://en.wikipedia.org/wiki/Captive_portal
- * [2] https://wiki.mozilla.org/Necko/CaptivePortal ***/
+ * [2] https://wiki.mozilla.org/Necko/CaptivePortal
+ * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/
 user_pref("captivedetect.canonicalURL", "");
 user_pref("network.captive-portal-service.enabled", false); // (FF52+)
 /* 0605: disable link-mouseover opening connection to linked server
 * [1] http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests
- * [2] http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/
+ * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/
 user_pref("network.http.speculative-parallel-limit", 0);
 /* 0606: disable pings (but enforce same host in case)
 * [1] http://kb.mozillazine.org/Browser.send_pings
 * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/
 user_pref("browser.send_pings", false);
 user_pref("browser.send_pings.require_same_host", true);
-/* 0607: disable links launching Windows Store on Windows 8/8.1/10
- * [1] http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
+/* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS]
+ * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
 user_pref("network.protocol-handler.external.ms-windows-store", false);
 /* 0608: disable predictor / prefetching (FF48+) ***/
 user_pref("network.predictor.enable-prefetch", false);
@ -390,6 +393,9 @@ user_pref("browser.search.suggest.enabled", false);
 * [SETTING] Options>Search>Show search suggestions in location bar results ***/
 user_pref("browser.urlbar.suggest.searches", false);
 user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+)
+/* 0809: disable location bar suggesting "preloaded" top websites (FF54+)
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1211726 ***/
+user_pref("browser.urlbar.usepreloadedtopurls.enabled", false);
 /* 0850a: disable location bar autocomplete [controlled by 0850b]
   // user_pref("browser.urlbar.autocomplete.enabled", false);
 /* 0850b: disable location bar suggestion types [controls 0850a]
@ -413,7 +419,7 @@ user_pref("browser.urlbar.suggest.openpage", false);
 user_pref("browser.urlbar.autoFill", false);
 user_pref("browser.urlbar.autoFill.typed", false);
 /* 0850e: disable location bar one-off searches (FF51+)
- * [1] http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
+ * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
 user_pref("browser.urlbar.oneOffSearches", false);
 /* 0860: disable search and form history
 * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history
@ -428,6 +434,10 @@ user_pref("browser.urlbar.oneOffSearches", false);
 * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history
 * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/
   // user_pref("places.history.enabled", false);
+/* 0863: disable Form Autofill (FF54+)
+ * [1] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/
+ * [2] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/
+user_pref("browser.formautofill.enabled", false);
 /* 0870: disable Windows jumplist [WINDOWS] ***/
 user_pref("browser.taskbar.lists.enabled", false);
 user_pref("browser.taskbar.lists.frequent.enabled", false);
@ -488,7 +498,8 @@ user_pref("browser.cache.disk.smart_size.first_run", false);
 /* 1002: disable disk cache for SSL pages
 * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/
 user_pref("browser.cache.disk_cache_ssl", false);
-/* 1003: disable memory cache ***/
+/* 1003: disable memory cache
+ * [NOTE] Not recommended due to performance issues ***/
   // user_pref("browser.cache.memory.enable", false);
 /* 1004: disable offline cache ***/
 user_pref("browser.cache.offline.enable", false);
@ -496,9 +507,11 @@ user_pref("browser.cache.offline.enable", false);
 * To improve performance when pressing back/forward Firefox stores visited pages
 * so they don't have to be re-parsed. This is not the same as memory cache.
 * 0=none, -1=auto (that's minus 1), or for other values see [1]
+ * [NOTE] Not recommended unless you know what you're doing
 * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/
   // user_pref("browser.sessionhistory.max_total_viewers", 0);
 /* 1006: disable permissions manager from writing to disk (requires restart)
+ * [NOTE] This means any permission changes are session only
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/
   // user_pref("permissions.memory_only", true); // (hidden pref)
 /* 1007: disable randomized FF HTTP cache decay experiments
@ -539,7 +552,7 @@ user_pref("browser.shell.shortcutFavicons", false);
   // user_pref("browser.chrome.site_icons", false);
   // user_pref("browser.chrome.favicons", false);
 /* 1032: disable favicons in web notifications ***/
-   // user_pref("alerts.showFavicons", false);
+user_pref("alerts.showFavicons", false);

 /*** 1100: MULTI-PROCESS (e10s)
     We recommend you let Firefox handle this. Until e10s is enforced, if
@ -554,8 +567,8 @@ user_pref("browser.shell.shortcutFavicons", false);
   // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref)
   // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
   // user_pref("extensions.e10sBlocksEnabling", false);
-/* 1102: control number of e10s processes
- * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
+/* 1102: control number of content rendering processes
+ * [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
   // user_pref("dom.ipc.processCount", 4);
 /* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+)
@ -563,17 +576,21 @@ user_pref("browser.shell.shortcutFavicons", false);
   // user_pref("extensions.webextensions.remote", true);
 /* 1104: enforce separate content process for file://URLs (FF53+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
- * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
+ * [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
   // user_pref("browser.tabs.remote.separateFileUriProcess", true);
 /* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/
 user_pref("dom.ipc.shims.enabledWarnings", true);
+/* 1106: control number of WebExtension processes ***/
+   // user_pref("dom.ipc.processCount.extension", 1);
 /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play
 * with them. The values are integers, but the code below deliberately contains a data mismatch
 * [1] https://wiki.mozilla.org/Sandbox
- * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/
+ * [2] https://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/
   // user_pref("security.sandbox.content.level", "donotuse");
   // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse");
   // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse");
+/* 1111: enable sandbox logging ***/
+   // user_pref("security.sandbox.logging.enabled", true);

 /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS )
   Note that your cipher and other settings can be used server side as a fingerprint attack
@ -598,12 +615,15 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
   // user_pref("security.ssl.require_safe_negotiation", true);
 /* 1202: control TLS versions with min and max
 * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc
- * [WARNING] Firefox and Chrome currently allow TLS 1.0 by default, so this is your call.
+ * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
+ * [WARNING] If you get an "SSL_ERROR_NO_CYPHER_OVERLAP" error temporarily
+ * set a lower value for 'security.tls.version.min' in about:config
 * [1] http://kb.mozillazine.org/Security.tls.version.*
- * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/
-   // user_pref("security.tls.version.min", 2);
-   // user_pref("security.tls.version.fallback-limit", 3);
-   // user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3
+ * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
+ * [2] archived: https://archive.is/hY2Mm ***/
+user_pref("security.tls.version.min", 3);
+user_pref("security.tls.version.fallback-limit", 3);
+user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3
 /* 1203: disable SSL session tracking (FF36+)
 * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 48hrs.
 * Since the ID is unique, web servers can (and do) use it for tracking. If set to true,
@ -616,7 +636,8 @@ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref)
 user_pref("security.ssl.errorReporting.automatic", false);
 user_pref("security.ssl.errorReporting.enabled", false);
 user_pref("security.ssl.errorReporting.url", "");
-/** OCSP (Online Certificate Status Protocol) ***/
+/** OCSP (Online Certificate Status Protocol)
+    #Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/
 /* 1210: enable OCSP Stapling
 * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
 user_pref("security.ssl.enable_ocsp_stapling", true);
@ -629,15 +650,15 @@ user_pref("security.ssl.enable_ocsp_stapling", true);
 user_pref("security.OCSP.enabled", 1);
 /* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently
 * continues the connection. With OCSP revocation, Firefox terminates the connection instead.
- * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some
- * site breakage. Some users have previously mentioned issues with youtube, microsoft etc
+ * [WARNING] Since FF44 the default is false. If set to true, this will cause some site breakage
 * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
-   // user_pref("security.OCSP.require", true);
+user_pref("security.OCSP.require", true);
 /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
 /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
 * 0=disable detecting Family Safety mode and importing the root
 * 1=only attempt to detect Family Safety mode (don't import the root)
- * 2=detect Family Safety mode and import the root ***/
+ * 2=detect Family Safety mode and import the root
+ * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/
 user_pref("security.family_safety.mode", 0);
 /* 1221: disable intermediate certificate caching (fingerprinting attack vector)
 * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift)
@ -659,7 +680,8 @@ user_pref("security.cert_pinning.enforcement_level", 2);
 * [2] https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List ***/
 user_pref("network.stricttransportsecurity.preloadlist", true);
 /** MIXED CONTENT ***/
-/* 1240: disable insecure active content on https pages - mixed content ***/
+/* 1240: disable insecure active content on https pages - mixed content
+ * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/
 user_pref("security.mixed_content.block_active_content", true);
 /* 1241: disable insecure passive content (such as images) on https pages - mixed context
 * [WARNING] When set to true, this will visually break many sites (March 2017) ***/
@ -748,7 +770,8 @@ user_pref("layout.css.font-loading-api.enabled", false);
 * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/
 user_pref("font.blacklist.underline_offset", "");
 /* 1408: disable graphite which FF49 turned back on by default
- * In the past it had security issues - need citation ***/
+ * In the past it had security issues. Update: This continues to be the case, see [1]
+ * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
 user_pref("gfx.font_rendering.graphite.enabled", false);
 /* 1409: limit system font exposure to a whitelist (FF52+) [SETUP]
 * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
@ -801,14 +824,18 @@ user_pref("network.http.referer.spoofSource", false);
 * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
 * [1] https://www.w3.org/TR/referrer-policy/
 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/
-   // user_pref("network.http.referer.userControlPolicy", 3);
+user_pref("network.http.referer.userControlPolicy", 3);
 /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+)
 * [NOTE] Firefox cannot access .onion sites by default. We recommend you use
 * TBB (Tor Browser Bundle) which is specifically designed for the dark web
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 ***/
 user_pref("network.http.referer.hideOnionSource", true);
-/* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy)
- * [SETTING] Options>Privacy>Tracking>Request that sites not track you
+/* 1610: ALL: disable the DNT HTTP header, which is essentially USELESS
+ * It is voluntary and most ad networks do not honor it. DNT is *NOT* how you stop being data mined.
+ * Don't encourage a setting that gives any legitimacy to 3rd parties being in control of your privacy.
+ * Sending a DNT header *highly likely* raises entropy, especially in standard windows.
+ * [SETTING] Options>Privacy>Use Tracking Protecting>manage your Do Not Track settings
+ * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (eg in default PB Mode)
 * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/
 user_pref("privacy.donottrackheader.enabled", false);

@ -845,7 +872,7 @@ user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0);
 /* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example)
 * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config
 * [NOTE] You can still over-ride individual sites eg youtube via site permissions
- * [1] http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/
+ * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/
   // user_pref("plugin.state.flash", 0);
 /* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/
 user_pref("security.xpconnect.plugin.unrestricted", false);
@ -865,7 +892,6 @@ user_pref("media.gmp-widevinecdm.autoupdate", false);
 /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/
 user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content
 user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required
-user_pref("media.eme.apiVisible", false); // block websites detecting DRM is disabled
 /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate"
 * and disable pings to the external update/download server
 * This is the bundled codec used for video chat in WebRTC ***/
@ -876,13 +902,14 @@ user_pref("media.gmp-manager.url", "data:text/plain,");
 /*** 2000: MEDIA / CAMERA / MIC ***/
 user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
 /* 2001: disable WebRTC (Web Real-Time Communication)
- * [1] https://www.privacytools.io/#webrtc ***/
+ * [1] https://privacytoolsio.github.io/privacytools.io/#webrtc ***/
 user_pref("media.peerconnection.enabled", false);
 user_pref("media.peerconnection.use_document_iceservers", false);
 user_pref("media.peerconnection.video.enabled", false);
 user_pref("media.peerconnection.identity.enabled", false);
 user_pref("media.peerconnection.identity.timeout", 1);
 user_pref("media.peerconnection.turn.disable", true);
+user_pref("media.peerconnection.ice.tcp", false);
 user_pref("media.navigator.video.enabled", false); // video capability for WebRTC
 /* 2002: limit WebRTC IP leaks if using WebRTC
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1189041
@ -919,7 +946,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false);
 /* 2023: disable camera stuff ***/
 user_pref("camera.control.face_detection.enabled", false);
 /* 2024: enable/disable MSE (Media Source Extensions)
- * [1] http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/
+ * [1] https://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/
 user_pref("media.mediasource.enabled", true);
 user_pref("media.mediasource.mp4.enabled", true);
 user_pref("media.mediasource.webm.audio.enabled", true);
@ -937,7 +964,7 @@ user_pref("gfx.offscreencanvas.enabled", false);
 * [WARNING] This may break video playback on various sites ***/
 user_pref("media.autoplay.enabled", false);
 /* 2031: disable audio auto-play in non-active tabs (FF51+)
- * [1] http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
+ * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
 user_pref("media.block-autoplay-until-in-foreground", true);

 /*** 2200: UI MEDDLING
@ -974,33 +1001,48 @@ user_pref("browser.link.open_newwindow.restriction", 0);
 * [2] https://support.mozilla.org/en-US/questions/1043508 ***/
 user_pref("dom.disable_beforeunload", true);

-/*** 2300: SERVICE WORKERS ***/
+/*** 2300: WEB WORKERS [SETUP]
+     A worker is a JS "background task" running in a global context, i.e it is different from
+     the current window. Workers can spawn new workers (must be the same origin & scheme),
+     including service and shared workers. Shared workers can be utilized by multiple scripts
+     and communicate between browsing contexts (windows/tabs/iframes) and can even control your
+     cache. Push and web notifications require service workers, which in turn require workers.
+
+     [WARNING] Disabling workers *will* break sites (eg Google Street View, Twitter).
+     It is recommended that you use a separate profile for these sorts of sites.
+
+     [1]    Web Workers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API
+     [2]         Worker: https://developer.mozilla.org/en-US/docs/Web/API/Worker
+     [3] Service Worker: https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API
+     [4]   SharedWorker: https://developer.mozilla.org/en-US/docs/Web/API/SharedWorker
+     [5]   ChromeWorker: https://developer.mozilla.org/en-US/docs/Web/API/ChromeWorker
+ ***/
 user_pref("ghacks_user.js.parrot", "2300 syntax error: the parrot's off the twig!");
-/* 2301: disable workers API and service workers API
- * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed)
- * [WARNING] Will break sites especially workers eg Google Street View
- * [1] https://developer.mozilla.org/en-US/docs/Web/API/Worker
- * [2] https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API
- * [3] http://www.ghacks.net/2016/03/02/manage-service-workers-in-firefox-and-chrome/ ***/
+/* 2301: disable workers
+ * [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) ***/
 user_pref("dom.workers.enabled", false);
+/* 2302: disable service workers
+ * Service workers essentially act as proxy servers that sit between web apps, and the browser
+ * and network, are event driven, and can control the web page/site it is associated with,
+ * intercepting and modifying navigation and resource requests, and caching resources.
+ * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode.
+ * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/
 user_pref("dom.serviceWorkers.enabled", false);
-/* 2302: disable service workers cache and cache storage ***/
+/* 2303: disable service workers' cache and cache storage ***/
 user_pref("dom.caches.enabled", false);
-/* 2303: disable push notifications (FF44+) [requires serviceWorkers to be enabled]
+/* 2304: disable web notifications
+ * [NOTE] You can still override individual domains under site permissions (FF44+)
+ * [1] https://developer.mozilla.org/en-US/docs/Web/API/Notifications_API ***/
+user_pref("dom.webnotifications.enabled", false);
+user_pref("dom.webnotifications.serviceworker.enabled", false);
+/* 2305: disable push notifications (FF44+)
 * web apps can receive messages pushed to them from a server, whether or
 * not the web app is in the foreground, or even currently loaded
- * [WARNING] May affect social media sites like Twitter
 * [1] https://developer.mozilla.org/en/docs/Web/API/Push_API ***/
 user_pref("dom.push.enabled", false);
 user_pref("dom.push.connection.enabled", false);
 user_pref("dom.push.serverURL", "");
 user_pref("dom.push.userAgentID", "");
-/* 2304: disable web/push notifications
- * [NOTE] You can still override individual domains under site permissions (FF44+)
- * [WARNING] May affect social media sites like Twitter
- * [1] https://developer.mozilla.org/en-US/docs/Web/API/notification ***/
-user_pref("dom.webnotifications.enabled", false);
-user_pref("dom.webnotifications.serviceworker.enabled", false);

 /*** 2400: DOM & JAVASCRIPT ***/
 user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
@ -1008,7 +1050,7 @@ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the b
 * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress
 * this applies to onCut, onCopy, onPaste events - i.e you have to interact with
 * the website for it to look at the clipboard
- * [1] http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/
+ * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/
 user_pref("dom.event.clipboardevents.enabled", false);
 /* 2403: disable clipboard commands (cut/copy) from "non-privileged" content (FF41+)
 * this disables document.execCommand("cut"/"copy") to protect your clipboard
@ -1059,9 +1101,6 @@ user_pref("javascript.options.asmjs", false);
 /* 2422: disable WebAssembly for now (FF52+)
 * [1] https://developer.mozilla.org/en-US/docs/WebAssembly ***/
 user_pref("javascript.options.wasm", false);
-/* 2425: disable ArchiveAPI i.e reading content of archives, such as zip files, directly
- * in the browser, through DOM file objects. Default is false. ***/
-user_pref("dom.archivereader.enabled", false);
 /* 2426: disable Intersection Observer API (FF53+)
 * Almost a year to complete, three versions late to stable (as default false),
 * number #1 cause of crashes in nightly numerous times, and is (primarily) an
@ -1087,7 +1126,7 @@ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off
 /* 2501: disable gamepad API - USB device ID enumeration
 * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/
 user_pref("dom.gamepad.enabled", false);
-/* 2503: disable giving away network info
+/* 2503: disable giving away network info (FF31+)
 * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
 * [1] https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API
 * [2] https://wicg.github.io/netinfo/
@ -1104,7 +1143,7 @@ user_pref("dom.vr.openvr.enabled", false); // (FF51+)
 * [1] https://wiki.mozilla.org/Media/getUserMedia
 * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/
 user_pref("media.navigator.enabled", false);
-/* 2506: disable video statistics - JS performance fingerprinting
+/* 2506: disable video statistics - JS performance fingerprinting (FF25+)
 * [1] https://trac.torproject.org/projects/tor/ticket/15757 ***/
 user_pref("media.video_stats.enabled", false);
 /* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards)
@ -1159,6 +1198,11 @@ user_pref("dom.presentation.session_transport.data_channel.enable", false);
 * [3] https://trac.torproject.org/projects/tor/ticket/22127
 * [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency ***/
   // user_pref("dom.maxHardwareConcurrency", 2);
+/* 2515: disable site specific zoom
+ * Zoom levels affect screen res and are highly fingerprintable. This does not stop you using
+ * zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs
+ * and new windows are reset to default and only the current tab retains the current zoom ***/
+user_pref("browser.zoom.siteSpecific", false);

 /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/
 user_pref("ghacks_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
@ -1267,8 +1311,8 @@ user_pref("general.useragent.compatMode.firefox", false);
 /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/
 user_pref("browser.uitour.enabled", false);
 user_pref("browser.uitour.url", "");
-/* 2629: disable remote JAR files being opened, regardless of content type
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/
+/* 2629: disable remote JAR files being opened, regardless of content type (FF42+)
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/
 user_pref("network.jar.block-remote-files", true);
 /* 2662: disable "open with" in download dialog (FF50+)
 * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
@ -1286,7 +1330,7 @@ user_pref("device.storage.enabled", false);
 /* 2665: remove webchannel whitelist ***/
 user_pref("webchannel.allowObject.urlWhitelist", "");
 /* 2666: disable HTTP Alternative Services
- * [1] http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/
+ * [1] https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/
 user_pref("network.http.altsvc.enabled", false);
 user_pref("network.http.altsvc.oe", false);
 /* 2667: disable various developer tools in browser context
@ -1296,7 +1340,7 @@ user_pref("devtools.chrome.enabled", false);
 /* 2668: lock down allowed extension directories
 * [WARNING] This will break add-ons that do not use the default XPI directories
 * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
- * [2] archived: http://archive.is/DYjAM ***/
+ * [1] archived: http://archive.is/DYjAM ***/
 user_pref("extensions.enabledScopes", 1); // (hidden pref)
 user_pref("extensions.autoDisableScopes", 15);
 /* 2669: remove paths when sending URLs to PAC scripts (FF51+)
@ -1359,69 +1403,95 @@ user_pref("security.csp.experimentalEnabled", true);
   // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref)
 /* 2697g: general.useragent.locale (related, see 0204) ***/

-/*** 2698: FIRST PARTY ISOLATION (FPI) ***/
-/* 2698a: enable first party isolation pref and OriginAttribute (FF51+)
- * [WARNING] Breaks lots of cross-domain logins and site functionality until perfected
+/*** 2698: FIRST PARTY ISOLATION (FPI)
+ ** isolate favicons (FF52+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803
+ ** isolate OCSP cache (FF52+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562
+ ** isolate Shared Workers (FF52+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726
+ ** isolate SSL session cache (FF52+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283
+ ** isolate media cache (FF53+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927
+ ** isolate HSTS and HPKP (FF54+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644
+ ** isolate HTTP Alternative Services (FF54+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690
+ ** isolate SPDY/HTTP2 (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693
+ ** isolate DNS cache (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893
+ ** isolate blob: URI (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170
+ ** isolate data://, about: URLs (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1300671
+***/
+/* 2698a: enable First Party Isolation (FF51+)
+ * [WARNING] May break cross-domain logins and site functionality until perfected
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/
-/* 2698b: isolate favicons (FF52+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/
-/* 2698c: isolate OCSP cache (FF52+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/
-/* 2698d: isolate Shared Workers (FF52+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/
-/* 2698e: isolate SSL session cache (FF52+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 ***/
-/* 2698f: isolate media cache (FF53+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 ***/
-/* 2698g: isolate HSTS and HPKP (FF54+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/
-/* 2698h: isolate HTTP Alternative Services (FF54+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/
-/* 2698i: isolate SPDY/HTTP2 (FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/
-/* 2698j: isolate DNS cache (FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/
-/* 2698k: isolate blob: URI (FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 ***/
-   // user_pref("privacy.firstparty.isolate", true);
-   // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // (FF54+)
+user_pref("privacy.firstparty.isolate", true);
+/* 2698b: enforce FPI restriction for window.opener (FF54+)
+ * [NOTE] Setting this to false may reduce the breakage in 2698a
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/
+user_pref("privacy.firstparty.isolate.restrict_opener_access", true);

-/*** 2699: TOR UPLIFT: privacy.resistFingerprinting
-     This preference will be used as a generic switch for a wide range of items.
-     This section will attempt to list all the ramifications and Mozilla tickets ***/
-/* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info.
- * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match)
- * [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800
- * [NOTE] This will probably make your values pretty unique until you resize or snap the
- * inner window width + height into standard/common resolutions (mine is at 1366x768)
- * To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit
- * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test
- * your window size, do some math, resize to allow for all the non inner window elements
- * [TEST] http://browserspy.dk/screen.php
+/*** 2699: privacy.resistFingerprinting
+   This master switch will be used for a wide range of items,
+   many of which will **override** existing prefs from FF55+
+ ** limit window.screen & CSS media queries leaking identifiable info (FF41+)
+   [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match)
+   [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800
+   [NOTE] This will probably make your values pretty unique until you resize or snap the
+   inner window width + height into standard/common resolutions (such as 1366x768)
+   To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit
+   Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test
+   your window size, do some math, resize to allow for all the non inner window elements
+   [TEST] http://browserspy.dk/screen.php
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986
+ ** spoof screen orientation (FF50+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949
+ ** hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963
+ ** spoof timezone as UTC 0 (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890
+ ** spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+)
+   This spoof *shouldn't* affect core chrome/Firefox performance
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039
+ ** reduce precision of time exposed by javascript (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238
+ ** spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369303
+ ** spoof Navigator API (see section 2697) (FF56+)
+   The version number will be rounded to the "nearest" multiple of 10
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1333651
+ ** disable device sensor API (see 2512) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369319
+ ** disable site specific zoom (see 2515) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369357
+ ** disable gamepad API (see 2501) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337161
+ ** spoof network information API as "unknown" (see 2503) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1372072
+***/
+/* 2699a: enable privacy.resistFingerprinting (FF41+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/
-/* 2699b: spoof screen orientation
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/
-/* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/
-/* 2699d: set new window sizes to round to hundreds (FF55+) [SETUP]
+user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+)
+/* 2699b: set new window sizes to round to hundreds (FF55+) [SETUP]
 * [NOTE] If override values are too big, the code determines it for you
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882
 * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/
   // user_pref("privacy.window.maxInnerWidth", 1366);
   // user_pref("privacy.window.maxInnerHeight", 768);
-/* 2699e: spoof timezone as UTC 0 (FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/
-/* 2699f: spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+)
- * This spoof *shouldn't* affect core chrome/Firefox performance
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/
-user_pref("privacy.resistFingerprinting", true); // (hidden pref)

 /*** 2700: COOKIES & DOM STORAGE ***/
 user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
 /* 2701: disable cookies on all sites [SETUP]
 * You can set exceptions under site permissions or use an extension (eg Cookie Controller)
 * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie
- * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites ***/
+ * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites
+ * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache
+ * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/
 user_pref("network.cookie.cookieBehavior", 2);
 /* 2702: set third-party cookies (if enabled, see above pref) to session-only
 * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
@ -1493,10 +1563,11 @@ user_pref("privacy.cpd.offlineApps", true); // Offline Website Data
 user_pref("privacy.cpd.passwords", false); // this is not listed
 user_pref("privacy.cpd.sessions", true); // Active Logins
 user_pref("privacy.cpd.siteSettings", false); // Site Preferences
-/* 2805: privacy.*.openWindows (FF34+)
- * We don't know what they do because we don't care what they do ***/
-user_pref("privacy.clearOnShutdown.openWindows", false);
-user_pref("privacy.cpd.openWindows", false);
+/* 2805: privacy.*.openWindows (clear session restore data) (FF34+)
+ * [NOTE] There is a years-old bug that these cause two windows when Firefox restarts.
+ * You do not need these anyway if session restore is disabled (see 1020) ***/
+   // user_pref("privacy.clearOnShutdown.openWindows", true);
+   // user_pref("privacy.cpd.openWindows", true);
 /* 2806: reset default 'Time range to clear' for 'Clear Recent History' (see 2804)
 * Firefox remembers your last choice. This will reset the value when you start Firefox.
 * 0=everything, 1=last hour, 2=last two hours, 3=last four hours
@ -1533,7 +1604,7 @@ user_pref("browser.backspace_action", 2);
 * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/
 user_pref("browser.link.open_newwindow", 3);
 /* 3009: enable APZ (Async Pan/Zoom) - requires e10s
- * [1] http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/
+ * [1] https://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/
   // user_pref("layers.async-pan-zoom.enabled", true);
 /* 3010: enable ctrl-tab previews ***/
 user_pref("browser.ctrlTab.previews", true);
@ -1596,6 +1667,10 @@ user_pref("browser.bookmarks.showRecentlyBookmarked", false);
 user_pref("browser.urlbar.decodeURLsOnCopy", true);
 /* 3028: disable middle-click enabling auto-scrolling [WINDOWS] [MAC] ***/
   // user_pref("general.autoScroll", false);
+/* 3029: disable Firefox Screenshots (FF54+)
+ * [1] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/
+ * [2] https://github.com/mozilla-services/screenshots ***/
+   // user_pref("extensions.screenshots.system-disabled", true);

 /* END: internal custom pref to test for syntax errors ***/
 user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue");
@ -1726,7 +1801,7 @@ user_pref("browser.history.allowReplaceState", false);
 // ***/
 /* FF48
 // 0806: disable 'unified complete': 'Search with [default search engine]'
-   // [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html
+   // [-] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html
   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1181078
 user_pref("browser.urlbar.unifiedcomplete", false);
 // ***/
@ -1758,12 +1833,13 @@ user_pref("browser.usedOnWindows10.introURL", "");
 // 0308: disable plugin update notifications
   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905
 user_pref("plugins.update.notifyUser", false);
-// 0410: disable "Block dangerous and deceptive content"- replaced by browser.safebrowsing.phishing.enabled
+// 0410: disable "Block dangerous and deceptive content" - replaced by browser.safebrowsing.phishing.enabled
   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1025965
   // user_pref("browser.safebrowsing.enabled", false);
 // 1266: disable rc4 ciphers
   // [1] https://trac.torproject.org/projects/tor/ticket/17369
   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1268728
+   // [-] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/
 user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
 user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
 user_pref("security.ssl3.rsa_rc4_128_md5", false);
@ -1829,3 +1905,16 @@ user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false);
   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1322736
 user_pref("dom.beforeAfterKeyboardEvent.enabled", false);
 // ***/
+/* FF54
+// 0415: disable reporting URLs (safe browsing)
+   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1288633
+user_pref("browser.safebrowsing.reportMalwareMistakeURL", "");
+user_pref("browser.safebrowsing.reportPhishMistakeURL", "");
+// 1830: block websites detecting DRM is disabled
+   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1242321
+user_pref("media.eme.apiVisible", false);
+// 2425: disable Archive Reader API
+   // i.e reading archive contents directly in the browser, through DOM file objects
+   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1342361
+user_pref("dom.archivereader.enabled", false);
+// ***/
Author	SHA1	Message	Date
Thorin-Oakenpants	132e0fa503	1202: aaaaaaand actually change the pref this time	2017-07-10 06:26:55 +12:00
Thorin-Oakenpants	c864c8ebb0	1202: TLS min raised to 1.2 #167	2017-07-10 06:22:52 +12:00
Thorin-Oakenpants	063b731054	nits	2017-07-10 05:52:44 +12:00
earthlng	d7c282c0fa	Merge pull request #168 from ghacksuserjs/earthlng-patch-1 update ghacks.net links to use https	2017-07-09 18:51:32 +02:00
earthlng	b24dd123d0	update ghacks.net links to use https	2017-07-09 18:49:39 +02:00
earthlng	8b0bc463c5	2001: link update www.privacytools.io redirects to https://privacytoolsio.github.io/privacytools.io/ and in the process drops the anchor info (#webrtc)	2017-07-09 17:58:05 +02:00
Thorin-Oakenpants	4d31983e06	0420: TP fixup default values	2017-07-09 22:58:57 +12:00
Thorin-Oakenpants	e018583082	2701: cookies & 3rd party info #159	2017-07-08 05:24:33 +12:00
Thorin-Oakenpants	6348826519	1212: turn on OCSP	2017-07-08 05:12:52 +12:00
Thorin-Oakenpants	b55a986d52	1210's: OCSP add reference	2017-07-07 00:09:54 +12:00
Thorin-Oakenpants	ba78702686	1610 DNT & 0420 TP clarify conflicts #163	2017-07-06 19:03:36 +12:00
Thorin-Oakenpants	32327e15c1	2699: spoof network info API	2017-07-01 03:05:45 +12:00
Thorin-Oakenpants	d1306aee26	2699: gamepad API	2017-06-30 03:10:39 +12:00
Thorin-Oakenpants	ac77e65d82	2699: site specific zoom	2017-06-30 03:09:19 +12:00
Thorin-Oakenpants	6b7032ccaf	2699: device sensor API	2017-06-29 04:48:56 +12:00
Thorin-Oakenpants	6ef86fbde6	0209 FF version fix, 2699a hidden pref info I removed the "(hidden pref)" info when we revamped 2699, as it will no longer be hidden. In hindsight, that info needs to stay (we haven't archived off end-of-life 54, and it's good information for backwards compatibility).	2017-06-22 05:37:47 +12:00
Thorin-Oakenpants	0176d8676c	2698: isolate data://, about:	2017-06-21 18:37:27 +12:00
Thorin-Oakenpants	da1b9054ad	2629: fix ref source	2017-06-21 18:31:00 +12:00
Thorin-Oakenpants	fba479944d	spacing nit	2017-06-21 17:17:15 +12:00
Thorin-Oakenpants	791b4114c6	2699: spoof Navigator API https://reviewboard.mozilla.org/r/147474/diff/4#index_header I would have thought rounding DOWN to the nearest multiple of 10 would be better. Imagine being on FF61 and claiming to be 70 = might cause site issues	2017-06-21 17:15:56 +12:00
Thorin-Oakenpants	8cdc6e766c	2699 revamp #143	2017-06-20 10:47:11 +12:00
Thorin-Oakenpants	319db71e82	nits	2017-06-20 03:56:15 +12:00
Thorin-Oakenpants	907e0aaa24	1408: graphite: update & add ref	2017-06-20 03:25:31 +12:00
Thorin-Oakenpants	5e0f37c925	2698 revamp #143 & FPI=>active	2017-06-20 03:05:51 +12:00
Thorin-Oakenpants	06018367a1	Merge pull request #146 from carmenbianca/line-endings Convert line endings to LF	2017-06-19 09:11:20 +12:00
Carmen Bianca Bakker	7b2d67976c	Convert line endings to LF Added .gitattributes file to prevent CRLF from being committed in the future. Fixes #145	2017-06-17 09:13:14 +02:00
Thorin-Oakenpants	7a0fbb6a31	end of 54 commits ready for alpha release and changelog	2017-06-15 02:48:55 +12:00
Thorin-Oakenpants	1f18162d56	Merge pull request #141 from ghacksuserjs/138-patch #138 add notes to some inactive prefs	2017-06-15 02:06:26 +12:00
Thorin-Oakenpants	eba592c7e5	minor edit	2017-06-14 06:08:25 +12:00
Thorin-Oakenpants	46bfeca8c2	#138 These all seem kinda lame TBH	2017-06-14 06:04:32 +12:00
Thorin-Oakenpants	eeedf0db72	1032: favicons in web notifications=>active enforce default	2017-06-14 04:56:00 +12:00
Thorin-Oakenpants	1ad970741c	1606: default Referrer Policy=>active	2017-06-14 04:37:46 +12:00
Thorin-Oakenpants	f61c951ca0	3029: disable Firefox Screenshots	2017-06-14 04:13:53 +12:00
Thorin-Oakenpants	b9e321c45a	2805: privacy.*.openWindows	2017-06-14 04:09:31 +12:00
Thorin-Oakenpants	8a9a4fe427	2515: disable site specific zoom #135	2017-06-14 03:38:45 +12:00
Thorin-Oakenpants	44c4a62820	fix syntax from last commit	2017-06-13 19:24:23 +12:00
Thorin-Oakenpants	ab7dfb7f43	2001: disable WebRTC over TCP	2017-06-13 19:12:34 +12:00
Thorin-Oakenpants	3c7789defc	2300 revamp #71	2017-06-13 00:11:26 +12:00
Thorin-Oakenpants	82432a3d40	FF54 deprecated	2017-06-12 23:55:17 +12:00
Thorin-Oakenpants	75f6bc8b5d	2699g: reduce precision of time exposed by JS	2017-06-10 07:33:04 +12:00
Thorin-Oakenpants	b53b4832d4	1220: add reference	2017-06-09 01:11:55 +12:00
Thorin-Oakenpants	9719fc319d	0603b: add reference	2017-06-09 01:08:19 +12:00
Thorin-Oakenpants	9340f8ba04	1240: add reference	2017-06-09 01:05:56 +12:00
Thorin-Oakenpants	dd01dd54c6	1100s: add 2 process/sandbox prefs => inactive	2017-06-06 06:22:19 +12:00
Thorin-Oakenpants	1a04c1314e	0809: disable preloaded top website suggestions	2017-06-06 05:11:59 +12:00
Thorin-Oakenpants	ec03969d98	0863: disable Form Autofill	2017-06-06 05:07:48 +12:00
Thorin-Oakenpants	1621cd5e48	0361: disable Activity Stream	2017-06-06 04:38:38 +12:00
Thorin-Oakenpants	0006ee04b4	1202: TLS max+fallback=>active regardless of default, time to turn it on in 54	2017-06-06 04:08:24 +12:00
Thorin-Oakenpants	08fbc37870	1266: add ref link	2017-06-05 16:12:55 +12:00
earthlng	9859cc8889	9999 nits	2017-06-04 18:11:46 +02:00
Thorin-Oakenpants	a4be5471f1	0607 [WINDOWS] tag	2017-06-04 09:15:09 +12:00
Thorin-Oakenpants	d1e02e407b	start 54 commits 10 days to go guys and gals	2017-06-04 08:08:26 +12:00