66-beta

Update user.js (#676 )
- to avoid confusion with the setting tag, split the prefs into separate numbers, thus shove 2031->2031, reuse 2031 - remove the default value notation as Mozilla will roll out default change gradually to users
2025-09-01 17:38:30 +02:00 · 2019-03-27 04:35:42 +00:00 · 2019-03-26 19:05:55 +00:00 · 2019-03-19 19:58:15 +00:00 · 2019-03-19 09:00:39 +00:00 · 2019-03-17 22:43:27 +00:00
4 changed files with 281 additions and 187 deletions
--- a/scratchpad-scripts/ghacks-clear-[removed].js
+++ b/scratchpad-scripts/ghacks-clear-[removed].js
@ -1,7 +1,7 @@
 /***
 This will reset the preferences that have been removed completely from the ghacks user.js.
- Last updated: 18-Mov-2018
+ Last updated: 30-Jan-2019
 For instructions see:
 https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
@ -108,6 +108,18 @@
    'privacy.trackingprotection.ui.enabled',
    /* 64-beta */
    'browser.eme.ui.enabled',
    'browser.sessionstore.max_windows_undo',
    'network.auth.subresource-img-cross-origin-http-auth-allow',
    'media.peerconnection.ice.tcp',
    'media.peerconnection.identity.enabled',
    'media.peerconnection.identity.timeout',
    'media.peerconnection.turn.disable',
    'media.peerconnection.use_document_iceservers',
    'media.peerconnection.video.enabled',
    'media.navigator.video.enabled',
    /* 65-beta */
    'browser.contentblocking.enabled',
    'browser.urlbar.maxHistoricalSearchSuggestions',
    /* reset parrot: check your open about:config after running the script */
    '_user.js.parrot'
  ]
--- a/scratchpad-scripts/troubleshooter.js
+++ b/scratchpad-scripts/troubleshooter.js
@ -1,5 +1,5 @@
-/*** ghacks-user.js troubleshooter.js v1.5 ***/
+/*** ghacks-user.js troubleshooter.js v1.5.2 ***/
 (function() {
@ -82,7 +82,6 @@
    'dom.push.enabled',
    'dom.push.serverURL',
    'dom.serviceWorkers.enabled',
    'dom.workers.enabled',
    'dom.webnotifications.enabled',
    'dom.webnotifications.serviceworker.enabled',
@ -116,6 +115,7 @@
    /* Audio + Video */
    'dom.webaudio.enabled',
    'media.autoplay.enabled',
    'media.autoplay.default', // FF63+
    /* Forms */
    'browser.formfill.enable',
@ -125,7 +125,6 @@
    /* HTTPS */
    'security.cert_pinning.enforcement_level',
    'security.family_safety.mode',
    'security.mixed_content.use_hsts',
    'security.OCSP.require',
    'security.pki.sha1_enforcement_level',
    'security.ssl.require_safe_negotiation',
@ -152,7 +151,7 @@
    'dom.popup_maximum',
    'layout.css.visited_links_enabled',
    'mathml.disabled',
-    'network.auth.subresource-img-cross-origin-http-auth-allow',
+    'network.auth.subresource-http-auth-allow',
    'network.http.redirection-limit',
    'network.protocol-handler.external.ms-windows-store',
    'privacy.trackingprotection.enabled',
--- a/updater.sh
+++ b/updater.sh
@ -2,7 +2,7 @@
 ## ghacks-user.js updater for macOS and Linux
-## version: 2.4
+## version: 2.5
 ## Author: Pat Johnson (@overdodactyl)
 ## Additional contributors: @earthlng, @ema-pe, @claustromaniac
@ -227,7 +227,7 @@ update_updater () {
  fi
  mv "${tmpfile}" "${SCRIPT_DIR}/updater.sh"
  chmod u+x "${SCRIPT_DIR}/updater.sh"
-  "${SCRIPT_DIR}/updater.sh" "$@ -d"
+  "${SCRIPT_DIR}/updater.sh" "$@" -d
  exit 1
 }
@ -334,6 +334,9 @@ update_userjs () {
      echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}"
    else
      echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical.  No diff file was created.${NC}"
      if [ $BACKUP = 'multiple' ]; then
        rm $bakname &>/dev/null
      fi
    fi
    rm $past_nocomments $current_nocomments $pastuserjs &>/dev/null
  fi
@ -416,7 +419,7 @@ if [ $# != 0 ]; then
 fi
 show_banner
-update_updater
+update_updater $@
 getProfilePath # updates PROFILE_PATH or exits on error
 cd "$PROFILE_PATH" && update_userjs
--- a/user.js
+++ b/user.js
@ -1,8 +1,8 @@
 /******
 * name: ghacks user.js
-* date: 11 December 2018
+* date: 27 March 2019
-* version 63: Pants Romance
+* version 66-beta: The Power of Pants
-*   "Rah rah ah-ah-ah! Ro mah ro-mah-mah. Gaga oh-la-la! Want your pants romance"
+*   "The power of pants is a curious thing. Make a one man weep, make another man sing"
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
 * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
@ -51,7 +51,7 @@
     0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
     0900: PASSWORDS
     1000: CACHE / SESSION (RE)STORE / FAVICONS
-     1200: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS)
+     1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS)
     1400: FONTS
     1600: HEADERS / REFERERS
     1700: CONTAINERS
@ -86,6 +86,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
 * [SETTING] General>Startup>Always check if Firefox is your default browser ***/
 user_pref("browser.shell.checkDefaultBrowser", false);
 /* 0102: set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session)
 * [NOTE] Session Restore is not used in PB mode (0110) and is cleared with history (2803, 2804)
 * [SETTING] General>Startup>Restore previous session ***/
 user_pref("browser.startup.page", 0);
 /* 0103: set HOME+NEWWINDOW page
@ -105,17 +106,19 @@ user_pref("browser.newtab.preload", false);
 user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
 user_pref("browser.newtabpage.activity-stream.telemetry", false);
 user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
-/* 0105b: disable AS Snippets
+/* 0105b: disable Activity Stream Snippets
 * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
 * [1] https://abouthome-snippets-service.readthedocs.io/ ***/
 user_pref("browser.newtabpage.activity-stream.disableSnippets", true);
 user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // has setting (see 0105)
 user_pref("browser.aboutHomeSnippets.updateUrl", "");
-/* 0105c: disable AS Top Stories, Pocket-based and/or sponsored content ***/
+user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "");
-user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // has setting (see 0105)
+user_pref("browser.newtabpage.activity-stream.disableSnippets", true);
-user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // has setting (see 0105)
+user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
-user_pref("browser.newtabpage.activity-stream.showSponsored", false); // has setting (see 0105)
+/* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/
-/* 0105d: disable AS recent Highlights in the Library [FF57+] ***/
+user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
 user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
 user_pref("browser.newtabpage.activity-stream.showSponsored", false);
 user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+]
 /* 0105d: disable Activity Stream recent Highlights in the Library [FF57+] ***/
   // user_pref("browser.library.activity-stream.enabled", false);
 /* 0110: start Firefox in PB (Private Browsing) mode
 * [NOTE] In this mode *all* windows are "private windows" and the PB mode icon is not displayed
@ -126,7 +129,8 @@ user_pref("browser.newtabpage.activity-stream.showSponsored", false); // has set
 * new instance. Closing all Private Windows clears all traces. Repeat as required. PB also does
 * not allow indexedDB which breaks many Extensions that use it including uBlock Origin and uMatrix
 * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode
- * [1] https://wiki.mozilla.org/Private_Browsing ***/
+ * [1] https://wiki.mozilla.org/Private_Browsing
 * [2] https://spreadprivacy.com/is-private-browsing-really-private/ ***/
   // user_pref("browser.privatebrowsing.autostart", true);
 /*** [SECTION 0200]: GEOLOCATION ***/
@ -136,7 +140,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease
   // user_pref("geo.enabled", false);
 /* 0201b: set a default permission for Location [FF58+]
 * 0=always ask (default), 1=allow, 2=block
- * [NOTE] best left at default "always ask", fingerprintable via Permissions API
+ * [NOTE] Best left at default "always ask", fingerprintable via Permissions API
 * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/
   // user_pref("permissions.default.geo", 2);
@ -158,13 +162,17 @@ user_pref("intl.accept_languages", "en-US, en");
 /* 0208: enforce US English locale regardless of the system locale
 * [1] https://bugzilla.mozilla.org/867501 ***/
 user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
-/* 0209: use APP locale over OS locale in regional preferences [FF56+] 
+/* 0209: use APP locale over OS locale in regional preferences [FF56+]
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789 ***/
 user_pref("intl.regional_prefs.use_os_locales", false);
 /* 0210: use Mozilla geolocation service instead of Google when geolocation is enabled
 * Optionally enable logging to the console (defaults to false) ***/
 user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
   // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF]
 /* 0211: disable using the OS's geolocation service ***/
 user_pref("geo.provider.ms-windows-location", false); // [WINDOWS]
 user_pref("geo.provider.use_corelocation", false); // [MAC]
 user_pref("geo.provider.use_gpsd", false); // [LINUX]
 /*** [SECTION 0300]: QUIET FOX
     We choose to not disable auto-CHECKs (0301's) but to disable auto-INSTALLs (0302's).
@ -172,13 +180,13 @@ user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?ke
     monetized extensions, time constraints, legacy issues, and fear of breakage/bugs.
     It is still important to do updates for security reasons, please do so manually. ***/
 user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!");
-/* 0301b: disable auto-update checks for extensions
+/* 0301b: disable auto-CHECKING for extension and theme updates ***/
 * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/
   // user_pref("extensions.update.enabled", false);
-/* 0302a: disable auto update installing for Firefox
+/* 0302a: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+]
 * [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed
 * [SETTING] General>Firefox Updates>Check for updates but let you choose... ***/
 user_pref("app.update.auto", false);
-/* 0302b: disable auto update installing for extensions (after the check in 0301b)
+/* 0302b: disable auto-INSTALLING extension and theme updates (after the check in 0301b)
 * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/
 user_pref("extensions.update.autoUpdateDefault", false);
 /* 0303: disable background update service [WINDOWS]
@ -189,10 +197,14 @@ user_pref("app.update.staging.enabled", false);
 /* 0305: enforce update information is displayed
 * This is the update available, downloaded, error and success information ***/
 user_pref("app.update.silent", false);
-/* 0306: disable extension metadata updating
+/* 0306: disable extension metadata
- * sends daily pings to Mozilla about extensions and recent startups ***/
+ * used when installing/updating an extension, and in daily background update checks: if false, it
-user_pref("extensions.getAddons.cache.enabled", false);
+ * hides the expanded text description (if it exists) when you "show more details about an addon" ***/
-/* 0307: disable auto updating of personas (themes) ***/
+   // user_pref("extensions.getAddons.cache.enabled", false);
 /* 0307: disable auto updating of lightweight themes (LWT)
 * Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API
 * Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1]
 * [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ ***/
 user_pref("lightweightThemes.update.enabled", false);
 /* 0308: disable search update
 * [SETTING] General>Firefox Updates>Automatically update search engines ***/
@ -201,7 +213,7 @@ user_pref("browser.search.update", false);
 user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
 /* 0310: disable sending the URL of the website where a plugin crashed ***/
 user_pref("dom.ipc.plugins.reportCrashURL", false);
-/* 0320: disable about:addons' Get Add-ons panel (uses Google-Analytics) ***/
+/* 0320: disable about:addons' Get Add-ons panel (uses Google Analytics) ***/
 user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF]
 user_pref("extensions.webservice.discoverURL", "");
 /* 0330: disable telemetry
@ -224,24 +236,48 @@ user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+]
 user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter
 user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+]
 user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+]
-/* 0333: disable health report
+/* 0331: disable Telemetry Coverage
 * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/
 user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
 user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF]
 user_pref("toolkit.coverage.endpoint.base", "");
 /* 0340: disable Health Reports
 * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/
 user_pref("datareporting.healthreport.uploadEnabled", false);
-/* 0334: disable new data submission, master kill switch [FF41+]
+/* 0341: disable new data submission, master kill switch [FF41+]
 * If disabled, no policy is shown or upload takes place, ever
 * [1] https://bugzilla.mozilla.org/1195552 ***/
 user_pref("datareporting.policy.dataSubmissionEnabled", false);
-/* 0350: disable crash reports ***/
+/* 0342: disable Studies (see 0503)
 * [NOTE] This pref has no effect when Health Reports (0340) are disabled
 * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to install and run studies ***/
 user_pref("app.shield.optoutstudies.enabled", false);
 /* 0343: disable personalized Extension Recommendations in about:addons and AMO [FF65+]
 * [NOTE] This pref has no effect when Health Reports (0340) are disabled
 * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to make personalized extension rec.
 * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/
 user_pref("browser.discovery.enabled", false);
 /* 0350: disable Crash Reports ***/
 user_pref("breakpad.reportURL", "");
 /* 0351: disable sending of crash reports ***/
 user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+]
 user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+]
 /* 0351: disable backlogged Crash Reports
 * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports  ***/
 user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+]
-/* 0380: disable Browser Error Reporter [FF60+]
+/* 0370: disable Pocket [FF46+]
- * [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection
+ * Pocket is a third party (now owned by Mozilla) "save for later" cloud service
- * [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html ***/
+ * [1] https://en.wikipedia.org/wiki/Pocket_(application)
-user_pref("browser.chrome.errorReporter.enabled", false);
+ * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/
-user_pref("browser.chrome.errorReporter.submitUrl", "");
+user_pref("extensions.pocket.enabled", false);
 /* 0390: disable Captive Portal detection
 * [1] https://en.wikipedia.org/wiki/Captive_portal
 * [2] https://wiki.mozilla.org/Necko/CaptivePortal
 * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/
 user_pref("captivedetect.canonicalURL", "");
 user_pref("network.captive-portal-service.enabled", false); // [FF52+]
 /* 0391: disable Network Connectivity checks [FF65+]
 * [1] https://bugzilla.mozilla.org/1460537 ***/
 user_pref("network.connectivity-service.enabled", false);
 /*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION
     This section has security & tracking protection implications vs privacy concerns vs effectiveness
@ -347,8 +383,6 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/
   // user_pref("privacy.trackingprotection.annotate_channels", false);
   // user_pref("privacy.trackingprotection.lower_network_priority", false);
 /* 0426: enforce Content Blocking (required to block cookies) [FF63+] ***/
 user_pref("browser.contentblocking.enabled", true); // [DEFAULT: true]
 /*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS
     System Add-ons are a method for shipping extensions, considered to be
@ -367,41 +401,24 @@ user_pref("browser.contentblocking.enabled", true); // [DEFAULT: true]
     [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions
 ***/
 user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!");
 /* 0502: disable Mozilla permission to silently opt you into tests ***/
 user_pref("network.allow-experiments", false);
 /* 0503: disable Normandy/Shield [FF60+]
 * Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
 * [1] https://wiki.mozilla.org/Firefox/Shield
 * [2] https://github.com/mozilla/normandy ***/
 user_pref("app.normandy.enabled", false);
 user_pref("app.normandy.api_url", "");
-user_pref("app.shield.optoutstudies.enabled", false);
+/* 0505: disable System Add-on updates ***/
-/* 0505: disable System Add-on updates
+user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
- * [NOTE] In FF61 and lower, you will not get any System Add-on updates except when you update Firefox ***/
+user_pref("extensions.systemAddon.update.url", ""); // [FF44+]
   // user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
   // user_pref("extensions.systemAddon.update.url", "");
 /* 0506: disable PingCentre telemetry (used in several System Add-ons) [FF57+]
- * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/
+ * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0340) ***/
 user_pref("browser.ping-centre.telemetry", false);
 /* 0510: disable Pocket [FF46+]
 * Pocket is a third party (now owned by Mozilla) "save for later" cloud service
 * [1] https://en.wikipedia.org/wiki/Pocket_(application)
 * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/
 user_pref("extensions.pocket.enabled", false);
 /* 0515: disable Screenshots
 * alternatively in FF60+, disable uploading to the Screenshots server
 * [1] https://github.com/mozilla-services/screenshots
 * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/
   // user_pref("extensions.screenshots.disabled", true); // [FF55+]
   // user_pref("extensions.screenshots.upload-disabled", true); // [FF60+]
 /* 0516: disable Onboarding [FF55+]
 * Onboarding is an interactive tour/setup for new installs/profiles and features. Every time
 * about:home or about:newtab is opened, the onboarding overlay is injected into that page
 * [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3]
 * [1] https://wiki.mozilla.org/Firefox/Onboarding
 * [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf
 * [3] https://bugzilla.mozilla.org/863246#c154 ***/
 user_pref("browser.onboarding.enabled", false);
 /* 0517: disable Form Autofill
 * [NOTE] Stored data is NOT secure (uses a JSON file)
 * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
@ -426,15 +443,9 @@ user_pref("network.prefetch-next", false);
 * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/
 user_pref("network.dns.disablePrefetch", true);
 user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF]
-/* 0603a: disable Seer/Necko
+/* 0603: disable Seer/Necko
 * [1] https://developer.mozilla.org/docs/Mozilla/Projects/Necko ***/
 user_pref("network.predictor.enabled", false);
 /* 0603b: disable more Necko/Captive Portal
 * [1] https://en.wikipedia.org/wiki/Captive_portal
 * [2] https://wiki.mozilla.org/Necko/CaptivePortal
 * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/
 user_pref("captivedetect.canonicalURL", "");
 user_pref("network.captive-portal-service.enabled", false); // [FF52+]
 /* 0605: disable link-mouseover opening connection to linked server
 * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests
 * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links/ ***/
@ -444,9 +455,6 @@ user_pref("network.http.speculative-parallel-limit", 0);
 * [2] http://kb.mozillazine.org/Browser.send_pings.require_same_host ***/
 user_pref("browser.send_pings", false);
 user_pref("browser.send_pings.require_same_host", true);
 /* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS]
 * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
 user_pref("network.protocol-handler.external.ms-windows-store", false);
 /* 0608: disable predictor / prefetching [FF48+] ***/
 user_pref("network.predictor.enable-prefetch", false);
@ -464,6 +472,9 @@ user_pref("network.dns.disableIPv6", true);
 /* 0702: disable HTTP2 (which was based on SPDY which is now deprecated)
 * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance
 * privacy, and in fact opens up a number of server-side fingerprinting opportunities
 * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the
 * consequences. FPI isolates these, but it was designed with the Tor protocol in mind,
 * and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
 * [1] https://http2.github.io/faq/
 * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html
 * [3] https://queue.acm.org/detail.cfm?id=2716278
@ -471,7 +482,11 @@ user_pref("network.dns.disableIPv6", true);
 user_pref("network.http.spdy.enabled", false);
 user_pref("network.http.spdy.enabled.deps", false);
 user_pref("network.http.spdy.enabled.http2", false);
 user_pref("network.http.spdy.websockets", false); // [FF65+]
 /* 0703: disable HTTP Alternative Services [FF37+]
 * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the
 * consequences. FPI isolates these, but it was designed with the Tor protocol in mind,
 * and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
 * [1] https://tools.ietf.org/html/rfc7838#section-9
 * [2] https://www.mnot.net/blog/2016/03/09/alt-svc ***/
 user_pref("network.http.altsvc.enabled", false);
@ -499,6 +514,7 @@ user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: fals
 * [1] https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/ ***/
   // user_pref("network.ftp.enabled", false);
 /* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+]
 * [SETUP-CHROME] Can break extensions for profiles on network shares
 * [1] https://trac.torproject.org/projects/tor/ticket/26424 ***/
 user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
 /* 0710: disable GIO as a potential proxy bypass vector
@ -511,10 +527,10 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
 user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
 /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP-CHROME]
-     If you are in a private environment (no unwanted eyeballs) and your device is private
+     Change items 0850 and above to suit for privacy vs convenience and functionality. Consider
-     (restricted access), and the device is secure when unattended (locked, encrypted, forensic
+     your environment (no unwanted eyeballs), your device (restricted access), your device's
-     hardened), then items 0850 and above can be relaxed in return for more convenience and
+     unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check
-     functionality. Likewise, you may want to check the items cleared on shutdown in section 2800.
+     the items cleared on shutdown in section 2800.
     [NOTE] The urlbar is also commonly referred to as the location bar and address bar
     #Required reading [#] https://xkcd.com/538/
 ***/
@ -561,16 +577,12 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false);
 /* 0810: disable location bar making speculative connections [FF56+]
 * [1] https://bugzilla.mozilla.org/1348275 ***/
 user_pref("browser.urlbar.speculativeConnect.enabled", false);
-/* 0850a: disable location bar autocomplete and suggestion types
+/* 0850a: disable location bar suggestion types
 * If you enforce any of the suggestion types, you MUST enforce 'autocomplete'
 *   - If *ALL* of the suggestion types are false, 'autocomplete' must also be false
 *   - If *ANY* of the suggestion types are true, 'autocomplete' must also be true
 * [SETUP-CHROME] If all three suggestion types are false, search engine keywords are disabled
 * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/
-user_pref("browser.urlbar.autocomplete.enabled", false);
+   // user_pref("browser.urlbar.suggest.history", false);
-user_pref("browser.urlbar.suggest.history", false);
+   // user_pref("browser.urlbar.suggest.bookmark", false);
-user_pref("browser.urlbar.suggest.bookmark", false);
+   // user_pref("browser.urlbar.suggest.openpage", false);
 user_pref("browser.urlbar.suggest.openpage", false);
 /* 0850c: disable location bar dropdown
 * This value controls the total number of entries to appear in the location bar dropdown
 * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always
@ -581,13 +593,10 @@ user_pref("browser.urlbar.suggest.openpage", false);
   // user_pref("browser.urlbar.maxRichResults", 0);
 /* 0850d: disable location bar autofill
 * [1] http://kb.mozillazine.org/Inline_autocomplete ***/
-user_pref("browser.urlbar.autoFill", false);
+   // user_pref("browser.urlbar.autoFill", false);
 /* 0850e: disable location bar one-off searches [FF51+]
 * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
-user_pref("browser.urlbar.oneOffSearches", false);
+   // user_pref("browser.urlbar.oneOffSearches", false);
 /* 0850f: disable location bar suggesting local search history [FF57+]
 * [1] https://bugzilla.mozilla.org/1181644 ***/
 user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0);
 /* 0860: disable search and form history
 * [NOTE] You can clear formdata on exiting Firefox (see 2803)
 * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history ***/
@ -637,9 +646,6 @@ user_pref("signon.storeWhenAutocompleteOff", true); // [DEFAULT: true]
 /* 0907: display warnings for logins on non-secure (non HTTPS) pages
 * [1] https://bugzilla.mozilla.org/1217156 ***/
 user_pref("security.insecure_password.ui.enabled", true);
 /* 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true)
 * e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/
 user_pref("browser.fixup.hide_user_pass", true);
 /* 0909: disable formless login capture for Password Manager [FF51+] ***/
 user_pref("signon.formlessCapture.enabled", false);
 /* 0910: disable autofilling saved passwords on HTTP pages and show warning [FF52+]
@ -647,9 +653,13 @@ user_pref("signon.formlessCapture.enabled", false);
 * [2] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119 ***/
 user_pref("signon.autofillForms.http", false);
 user_pref("security.insecure_field_warning.contextual.enabled", true);
-/* 0911: prevent cross-origin images from triggering an HTTP-Authentication prompt [FF55+]
+/* 0912: limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources [FF41+]
- * [1] https://bugzilla.mozilla.org/1357835 ***/
+ * hardens against potential credentials phishing
-user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false);
+ * 0=don't allow sub-resources to open HTTP authentication credentials dialogs
 * 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
 * 2=allow sub-resources to open HTTP authentication credentials dialogs (default)
 * [1] https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/ ***/
 user_pref("network.auth.subresource-http-auth-allow", 1);
 /*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS [SETUP-CHROME]
     ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by
@ -693,21 +703,18 @@ user_pref("browser.cache.disk_cache_ssl", false);
   // user_pref("network.dnsCacheExpiration", 60);
 /** SESSIONS & SESSION RESTORE ***/
-/* 1020: limit Session Restore to last active tab and window
+/* 1020: exclude "Undo Closed Tabs" in Session Restore ***/
- * [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature
+   // user_pref("browser.sessionstore.max_tabs_undo", 0);
 * It does not affect "Recently Closed Windows" or any history. ***/
 user_pref("browser.sessionstore.max_tabs_undo", 0);
 user_pref("browser.sessionstore.max_windows_undo", 0);
 /* 1021: disable storing extra session data [SETUP-CHROME]
 * extra session data contains contents of forms, scrollbar positions, cookies and POST data
 * define on which sites to save extra session data:
 * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/
 user_pref("browser.sessionstore.privacy_level", 2);
 /* 1022: disable resuming session from crash ***/
-user_pref("browser.sessionstore.resume_from_crash", false);
+   // user_pref("browser.sessionstore.resume_from_crash", false);
 /* 1023: set the minimum interval between session save operations
 * Increasing this can help on older machines and some websites, as well as reducing writes, see [1]
- * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc
+ * Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc
 * [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature:
 * i.e. the longer the interval the more chance a quick tab open/close won't be captured.
 * This longer interval *may* affect history but we cannot replicate any history not recorded
@ -729,14 +736,13 @@ user_pref("browser.shell.shortcutFavicons", false);
 /* 1032: disable favicons in web notifications ***/
 user_pref("alerts.showFavicons", false); // [DEFAULT: false]
-/*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS)
+/*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS)
   Note that your cipher and other settings can be used server side as a fingerprint attack
   vector, see [1] (It's quite technical but the first part is easy to understand
   and you can stop reading when you reach the second section titled "Enter Bro")
-   Option 1: Use Firefox defaults for the 1260's items (item 1260 default for SHA-1, is local
+   Option 1: Use defaults for ciphers (1260's). There is nothing *weak* about these, but
-             only anyway). There is nothing *weak* about Firefox's defaults, but Mozilla (and
+             due to breakage, browsers can't deprecate them until the web stops using them
             other browsers) will always lag for fear of breakage and upset end-users
   Option 2: Disable the ciphers in 1261, 1262 and 1263. These shouldn't break anything.
             Optionally, disable the ciphers in 1264.
@ -758,11 +764,13 @@ user_pref("security.ssl.require_safe_negotiation", true);
   // user_pref("security.tls.version.min", 3);
 user_pref("security.tls.version.max", 4);
 /* 1203: disable SSL session tracking [FF36+]
- * SSL Session IDs speed up HTTPS connections (no need to renegotiate) and last for 24hrs.
+ * SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking
- * Since the ID is unique, web servers can (and do) use it for tracking. If set to true,
+ * [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the
- * this disables sending SSL Session IDs and TLS Session Tickets to prevent session tracking
+ * consequences. FPI isolates these, but it was designed with the Tor protocol in mind,
 * and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
 * [1] https://tools.ietf.org/html/rfc5077
- * [2] https://bugzilla.mozilla.org/967977 ***/
+ * [2] https://bugzilla.mozilla.org/967977
 * [3] https://arxiv.org/abs/1810.07304 ***/
 user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
 /* 1204: disable SSL Error Reporting
 * [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/
@ -795,21 +803,31 @@ user_pref("security.OCSP.enabled", 1);
 * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/
 user_pref("security.OCSP.require", true);
-/** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
+/** CERTS / HPKP (HTTP Public Key Pinning) ***/
-/* 1220: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
+/* 1220: disable or limit SHA-1 certificates
 * 0=all SHA1 certs are allowed
 * 1=all SHA1 certs are blocked
 * 2=deprecated option that now maps to 1
 * 3=only allowed for locally-added roots (e.g. anti-virus)
 * 4=only allowed for locally-added roots or for certs in 2015 and earlier
 * [SETUP-CHROME] When disabled, some man-in-the-middle devices (e.g. security scanners and
 * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete.
 * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/
 user_pref("security.pki.sha1_enforcement_level", 1);
 /* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
 * 0=disable detecting Family Safety mode and importing the root
 * 1=only attempt to detect Family Safety mode (don't import the root)
 * 2=detect Family Safety mode and import the root
 * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/
 user_pref("security.family_safety.mode", 0);
-/* 1221: disable intermediate certificate caching (fingerprinting attack vector) [RESTART]
+/* 1222: disable intermediate certificate caching (fingerprinting attack vector) [RESTART]
 * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only.
 * Saved logins and passwords are not available. Reset the pref and restart to return them.
 * [TEST] https://fiprinca.0x90.eu/poc/
 * [1] https://bugzilla.mozilla.org/1334485 - related bug
 * [2] https://bugzilla.mozilla.org/1216882 - related bug (see comment 9) ***/
   // user_pref("security.nocertdb", true); // [HIDDEN PREF]
-/* 1222: enforce strict pinning
+/* 1223: enforce strict pinning
 * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict
 * [WARNING] If you rely on an AV (antivirus) to protect your web browsing
 * by inspecting ALL your web traffic, then leave at current default=1
@ -827,16 +845,6 @@ user_pref("security.mixed_content.block_display_content", true);
 user_pref("security.mixed_content.block_object_subrequest", true);
 /** CIPHERS [see the section 1200 intro] ***/
 /* 1260: disable or limit SHA-1
 * 0=all SHA1 certs are allowed
 * 1=all SHA1 certs are blocked (including perfectly valid ones from 2015 and earlier)
 * 2=deprecated option that now maps to 1
 * 3=only allowed for locally-added roots (e.g. anti-virus)
 * 4=only allowed for locally-added roots or for certs in 2015 and earlier
 * [SETUP-CHROME] When disabled, some man-in-the-middle devices (e.g. security scanners and
 * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete.
 * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/
 user_pref("security.pki.sha1_enforcement_level", 1);
 /* 1261: disable 3DES (effective key size < 128)
 * [1] https://en.wikipedia.org/wiki/3des#Security
 * [2] http://en.citizendium.org/wiki/Meet-in-the-middle_attack
@ -924,7 +932,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
     Our default settings provide the best balance between protection and amount of breakage.
     To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2).
     To fix broken sites (including your modem/router), temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config,
-     use the site and then change the values back. If you visit those sites regularly (e.g. Vimeo), use an extension.
+     use the site and then change the values back. If you visit those sites regularly (e.g. vimeo), use an extension.
                    full URI: https://example.com:8888/foo/bar.html?id=1234
       scheme+host+port+path: https://example.com:8888/foo/bar.html
@ -968,9 +976,12 @@ user_pref("network.http.referer.hideOnionSource", true);
 user_pref("privacy.donottrackheader.enabled", true);
 /*** [SECTION 1700]: CONTAINERS
-     [1] https://support.mozilla.org/kb/containers-experiment
+     If you want to *really* leverage containers, we highly recommend Temporary Containers [2].
-     [2] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
+     Read the article by the extension author [3], and check out the github wiki/repo [4].
-     [3] https://github.com/mozilla/testpilot-containers
+     [1] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
     [2] https://addons.mozilla.org/firefox/addon/temporary-containers/
     [3] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21
     [4] https://github.com/stoically/temporary-containers/wiki
 ***/
 user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!");
 /* 1701: enable Container Tabs setting in preferences (see 1702) [FF50+]
@ -1032,18 +1043,11 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
 /* 2001: disable WebRTC (Web Real-Time Communication)
 * [1] https://www.privacytools.io/#webrtc ***/
 user_pref("media.peerconnection.enabled", false);
 user_pref("media.peerconnection.use_document_iceservers", false);
 user_pref("media.peerconnection.video.enabled", false);
 user_pref("media.peerconnection.identity.enabled", false);
 user_pref("media.peerconnection.identity.timeout", 1);
 user_pref("media.peerconnection.turn.disable", true);
 user_pref("media.peerconnection.ice.tcp", false);
 user_pref("media.navigator.video.enabled", false); // video capability for WebRTC
 /* 2002: limit WebRTC IP leaks if using WebRTC
 * [TEST] https://browserleaks.com/webrtc
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416
 * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
-user_pref("media.peerconnection.ice.default_address_only", true); // [FF42-FF50]
+user_pref("media.peerconnection.ice.default_address_only", true);
 user_pref("media.peerconnection.ice.no_host", true); // [FF51+]
 /* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions
 * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/
@ -1075,11 +1079,14 @@ user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false]
 /* 2028: disable offscreen canvas [FF44+]
 * [1] https://developer.mozilla.org/docs/Web/API/OffscreenCanvas ***/
 user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false]
-/* 2030: disable auto-play of HTML5 media [FF63+]
+/* 2030: disable autoplay of HTML5 media [FF63+]
- * 0=Allowed (default), 1=Blocked, 2=Prompt
+ * 0=Allowed, 1=Blocked, 2=Prompt
- * [SETUP-WEB] This may break video playback on various sites ***/
+ * [NOTE] You can set exceptions under site permissions
 * [SETTING] Privacy & Security>Permissions>Block websites from automatically playing sound ***/
 user_pref("media.autoplay.default", 1);
-/* 2031: disable audio auto-play in non-active tabs [FF51+]
+/* 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] ***/
 user_pref("media.autoplay.enabled.user-gestures-needed", false);
 /* 2032: disable audio autoplay in non-active tabs [FF51+]
 * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
 user_pref("media.block-autoplay-until-in-foreground", true);
@ -1151,7 +1158,7 @@ user_pref("dom.webnotifications.enabled", false); // [FF22+]
 user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+]
 /* 2305: set a default permission for Notifications (see 2304) [FF58+]
 * 0=always ask (default), 1=allow, 2=block
- * [NOTE] best left at default "always ask", fingerprintable via Permissions API
+ * [NOTE] Best left at default "always ask", fingerprintable via Permissions API
 * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/
   // user_pref("permissions.default.desktop-notification", 2);
@ -1186,7 +1193,7 @@ user_pref("dom.allow_cut_copy", false); // [HIDDEN PREF]
 user_pref("dom.disable_beforeunload", true);
 /* 2414: disable shaking the screen ***/
 user_pref("dom.vibrator.enabled", false);
-/* 2420: disable asm.js [FF22+]
+/* 2420: disable asm.js [FF22+] [SETUP-PERF]
 * [1] http://asmjs.org/
 * [2] https://www.mozilla.org/security/advisories/mfsa2015-29/
 * [3] https://www.mozilla.org/security/advisories/mfsa2015-50/
@ -1199,7 +1206,7 @@ user_pref("javascript.options.asmjs", false);
 * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/
   // user_pref("javascript.options.ion", false);
   // user_pref("javascript.options.baselinejit", false);
-/* 2422: disable WebAssembly [FF52+]
+/* 2422: disable WebAssembly [FF52+] [SETUP-PERF]
 * [1] https://developer.mozilla.org/docs/WebAssembly ***/
 user_pref("javascript.options.wasm", false);
 /* 2426: disable Intersection Observer API [FF53+]
@ -1217,6 +1224,9 @@ user_pref("javascript.options.shared_memory", false);
 /* 2428: enforce DOMHighResTimeStamp API
 * [WARNING] Required for normalization of timestamps and any timer resolution mitigations ***/
 user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true]
 /* 2429: enable (limited but sufficient) window.opener protection [FF65+]
 * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
 user_pref("dom.targetBlankNoOpener.enabled", true);
 /*** [SECTION 2500]: HARDWARE FINGERPRINTING ***/
 user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!");
@ -1246,9 +1256,6 @@ user_pref("layers.acceleration.disabled", true);
 /* 2510: disable Web Audio API [FF51+]
 * [1] https://bugzilla.mozilla.org/1288359 ***/
 user_pref("dom.webaudio.enabled", false);
 /* 2516: disable PointerEvents
 * [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent ***/
 user_pref("dom.w3c_pointer_events.enabled", false);
 /* 2517: disable Media Capabilities API [FF63+]
 * [SETUP-PERF] This *may* affect media performance if disabled, no one is sure
 * [1] https://github.com/WICG/media-capabilities
@ -1281,11 +1288,11 @@ user_pref("browser.uitour.url", "");
 * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes
 * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/
 user_pref("devtools.chrome.enabled", false);
-/* 2608: disable WebIDE to prevent remote debugging and extension downloads
+/* 2608: disable WebIDE to prevent remote debugging and ADB extension download
 * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/
 user_pref("devtools.webide.autoinstallADBHelper", false);
 user_pref("devtools.debugger.remote-enabled", false);
 user_pref("devtools.webide.enabled", false);
 user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+]
 /* 2609: disable MathML (Mathematical Markup Language) [FF51+]
 * [TEST] http://browserspy.dk/mathml.php
 * [1] https://bugzilla.mozilla.org/1173199 ***/
@ -1304,7 +1311,7 @@ user_pref("middlemouse.contentLoadURL", false);
 user_pref("network.http.redirection-limit", 10);
 /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+]
 * 0 (default) or 1=allow, 2=block
- * [NOTE] At the time of writing, causes issues with delete and backspace keys
+ * [NOTE] In FF65 and under, causes issues with delete and backspace keys (see 1445942)
 * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/
   // user_pref("permissions.default.shortcuts", 2);
 /* 2616: remove special permissions for certain mozilla domains [FF35+]
@ -1313,7 +1320,7 @@ user_pref("permissions.manager.defaultsUrl", "");
 /* 2617: remove webchannel whitelist ***/
 user_pref("webchannel.allowObject.urlWhitelist", "");
 /* 2618: disable exposure of system colors to CSS or canvas [FF44+]
- * [NOTE] see second listed bug: may cause black on black for elements with undefined colors
+ * [NOTE] See second listed bug: may cause black on black for elements with undefined colors
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 ***/
 user_pref("ui.use_standins_for_native_colors", true); // [HIDDEN PREF]
 /* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
@ -1336,6 +1343,9 @@ user_pref("network.IDN_show_punycode", true);
 * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare)
 * [SETTING] General>Applications>Portable Document Format (PDF) ***/
 user_pref("pdfjs.disabled", false);
 /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS]
 * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
 user_pref("network.protocol-handler.external.ms-windows-store", false);
 /** DOWNLOADS ***/
 /* 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used)
@ -1373,9 +1383,6 @@ user_pref("xpinstall.whitelist.required", true); // [DEFAULT: true]
 /* 2680: enable CSP (Content Security Policy)
 * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/
 user_pref("security.csp.enable", true); // [DEFAULT: true]
 /* 2681: disable CSP violation events [FF59+]
 * [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent ***/
 user_pref("security.csp.enable_violation_events", false);
 /* 2682: enable CSP 1.1 experimental hash-source directive [FF29+]
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/
 user_pref("security.csp.experimentalEnabled", true);
@ -1396,17 +1403,20 @@ user_pref("security.dialog_enable_delay", 700);
          indexedDB : profile\storage\default
           appCache : profile\OfflineCache
     serviceWorkers :
     [NOTE] indexedDB and serviceWorkers are not available in Private Browsing Mode
     [NOTE] Blocking cookies also blocks websites access to: localStorage (incl. sessionStorage),
     indexedDB, sharedWorker, and serviceWorker (and therefore service worker cache and notifications)
     If you set a site exception for cookies (either "Allow" or "Allow for Session") then they become
     accessible to websites except shared/service workers where the cookie setting *must* be "Allow"
 ***/
 user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
 /* 2701: disable 3rd-party cookies and site-data
- * You can set exceptions under site permissions or use an extension
+ * 0=Accept cookies and site data (default), 1=(Block) All third-party cookies, 2=(Block) All cookies,
- * 0=Accept cookies and site data, 1=Block third-party cookies, 2=Block all cookies,
+ * 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+)
- * 3=Block cookies from unvisited sites, 4=Block third-party trackers (FF63+)
+ * [NOTE] Value 4 is tied to the Tracking Protection lists
- * [NOTE] value 4 is tied to the Tracking Protection lists so make sure you have 0424 + 0425 on default values!
+ * [NOTE] You can set exceptions under site permissions or use an extension
- * [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache.
+ * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/
 * Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB).
 * [SETTING] Privacy & Security>Cookies and Site Data>Type blocked
 * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/
 user_pref("network.cookie.cookieBehavior", 1);
 /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only
   and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only
@ -1416,11 +1426,11 @@ user_pref("network.cookie.cookieBehavior", 1);
 * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/
 user_pref("network.cookie.thirdparty.sessionOnly", true);
 user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
-/* 2703: set cookie lifetime policy
+/* 2703: delete cookies and site data on close
- * 0=until they expire (default), 2=until you close Firefox
+ * 0=keep until they expire (default), 2=keep until you close Firefox
- * [NOTE] 3=for n days : no longer supported in FF63+ (see 2704-deprecated)
+ * [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2)
- * [SETTING] Privacy & Security>Cookies and Site Data>Keep until... ***/
+ * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/
-   // user_pref("network.cookie.lifetimePolicy", 0);
+   // user_pref("network.cookie.lifetimePolicy", 2);
 /* 2705: disable HTTP sites setting cookies with the "secure" directive [FF52+]
 * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/
 user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true]
@ -1438,7 +1448,7 @@ user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true]
 * To control *website* IDB data, control allowing cookies and service workers, or use
 * Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize
 * on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically
- * via an extenion. Note that IDB currently cannot be sanitized by host.
+ * via an extension. Note that IDB currently cannot be sanitized by host.
 * [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ ***/
 user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true]
 /* 2730: disable offline cache ***/
@ -1461,6 +1471,9 @@ user_pref("dom.caches.enabled", false);
 * [2] https://developer.mozilla.org/docs/Web/API/Storage_API
 * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
   // user_pref("dom.storageManager.enabled", false);
 /* 2755: disable Storage Access API [FF65+]
 * [1] https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API ***/
   // user_pref("dom.storage_access.enabled", false);
 /*** [SECTION 2800]: SHUTDOWN [SETUP-CHROME]
     You should set the values to what suits you best.
@ -1470,10 +1483,10 @@ user_pref("dom.caches.enabled", false);
       Firefox interface as "Browsing & Download History" and their values will be synced
 ***/
 user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
-/* 2802: enable Firefox to clear history items on shutdown
+/* 2802: enable Firefox to clear items on shutdown (see 2803)
 * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/
 user_pref("privacy.sanitize.sanitizeOnShutdown", true);
-/* 2803: set what history items to clear on shutdown
+/* 2803: set what items to clear on shutdown (if 2802 is true)
 * [NOTE] If 'history' is true, downloads will also be cleared regardless of the value
 * but if 'history' is false, downloads can still be cleared independently
 * However, this may not always be the case. The interface combines and syncs these
@ -1487,7 +1500,7 @@ user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download Histo
 user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data
 user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins
 user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences
-/* 2804: reset default history items to clear with Ctrl-Shift-Del (to match above)
+/* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803)
 * This dialog can also be accessed from the menu History>Clear Recent History
 * Firefox remembers your last choices. This will reset them when you start Firefox.
 * [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog
@ -1561,7 +1574,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL
      To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit
      Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test
      your window size, do some math, resize to allow for all the non inner window elements
-      [TEST] http://browserspy.dk/screen.php
+      [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen
 ** 1281949 - spoof screen orientation (FF50+)
 ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
      FF53: Fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044)
@ -1574,12 +1587,13 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL
 ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+)
 ** 1333651 & 1383495 & 1396468 - spoof Navigator API (see section 4700) (FF56+)
      FF56: The version number will be rounded down to the nearest multiple of 10
-      FF57: The version number will match current ESR (1393283, 1418672, 1418162)
+      FF57: The version number will match current ESR (1393283, 1418672, 1418162, 1511763)
      FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608)
      FF66: The OS in HTTP Headers will be reduced to Windows or Android (1509829)
 ** 1369319 - disable device sensor API (see 4604) (FF56+)
 ** 1369357 - disable site specific zoom (see 4605) (FF56+)
 ** 1337161 - hide gamepads from content (see 4606) (FF56+)
- ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+)
+ ** 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true (see 4607) (FF56+)
 ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+)
 ** 1372069 & 1403813 & 1441295 - block geolocation requests (same as denying a site permission) (see 0201, 0201b) (FF56-62)
 ** 1369309 - spoof media statistics (see 4610) (FF57+)
@ -1591,7 +1605,10 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL
      This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
 **  967895 - enable site permission prompt before allowing canvas data extraction (FF58+)
      FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865)
- ** 1372073 - spoof/block fingerprinting in MediaDevices API (see 4612) (FF59+)
+ ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+)
      Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if
             media.navigator.enabled is true (see 2505 which we chose to keep disabled)
      Block: suppresses the ondevicechange event (see 4612)
 ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+)
 ** 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59+)
      Spoofing mimics the content language of the document. Currently it only supports en-US.
@ -1599,11 +1616,14 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL
      FF60: Fix keydown/keyup events (1438795)
 ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+)
 ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+)
- ** 1363508 - spoof/suppress Pointer Events (see 2516) (FF64+)
+ ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+)
      FF65: pointerEvent.pointerid (1492766)
 ** 1485266 - disable exposure of system colors to CSS or canvas (see 2618) (FF67+)
 ** 1407366 - enable inner window letterboxing (see 4504) (FF67+)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting [FF41+]
 * This pref is the master switch for all other privacy.resist* prefs unless stated
 * [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage
 * [1] https://bugzilla.mozilla.org/418986 ***/
 user_pref("privacy.resistFingerprinting", true);
@ -1619,8 +1639,17 @@ user_pref("privacy.resistFingerprinting", true);
 * to sanitize or clear extensions.webextensions.restrictedDomains (see 2662) to keep that side-effect
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
 user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF]
-/* 4504: disable showing about:blank as soon as possible during startup [FF60+]
+/* 4504: enable RFP letterboxing [FF67+]
- * When default true (FF62+) this no longer masks the RFP resizing activity
+ * Dynamically resizes the inner window in 200w x100h steps by applying letterboxing, using dimensions
 * which waste the least content area, If you use the dimension pref, then it will only apply those
 * resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
 * [NOTE] This does NOT require RFP (see 4501) **for now**
 * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it
 * [1] https://bugzilla.mozilla.org/1407366 ***/
 user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
   // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
 /* 4510: disable showing about:blank as soon as possible during startup [FF60+]
 * When default true (FF62+) this no longer masks the RFP chrome resizing activity
 * [1] https://bugzilla.mozilla.org/1448423 ***/
 user_pref("browser.startup.blankWindow", false);
@ -1667,7 +1696,7 @@ user_pref("browser.zoom.siteSpecific", false);
   // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API
   // [2] https://wicg.github.io/netinfo/
   // [3] https://bugzilla.mozilla.org/960426
-user_pref("dom.netinfo.enabled", false);
+user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android]
 // 4608: [2021] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API
   // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API
   // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
@ -1699,6 +1728,11 @@ user_pref("media.ondevicechange.enabled", false);
   // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info
 user_pref("webgl.enable-debug-renderer-info", false);
 // * * * /
 // FF65+
 // 4614: [2516] disable PointerEvents
   // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent
 user_pref("dom.w3c_pointer_events.enabled", false);
 // * * * /
 // ***/
 /*** [SECTION 4700]: RFP ALTERNATIVES (NAVIGATOR / USER AGENT (UA) SPOOFING)
@ -1754,13 +1788,16 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
   // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing
   // user_pref("browser.tabs.closeWindowWithLastTab", false);
   // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+]
-   // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see Bugzilla 1320061 [FF53+]
+   // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+]
   // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC]
   // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
 /* OTHER ***/
   // user_pref("browser.bookmarks.max_backups", 2);
   // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // disable CFR [FF64+]
      // [SETTING] General>Browsing>Recommend extensions as you browse
      // [1] https://support.mozilla.org/en-US/kb/extension-recommendations
   // user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync [FF60+] [RESTART]
-   // user_pref("network.manage-offline-status", false); // see Bugzilla 620472
+   // user_pref("network.manage-offline-status", false); // see bugzilla 620472
   // user_pref("reader.parse-on-load.enabled", false); // "Reader View"
   // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
@ -1854,11 +1891,11 @@ user_pref("dom.workers.sharedWorkers.enabled", false);
 user_pref("browser.sessionstore.privacy_level_deferred", 2);
 // ***/
 /* FF46
-// 0333: disable health report
+// 0340: disable health report
   // [-] https://bugzilla.mozilla.org/1234526
 user_pref("datareporting.healthreport.service.enabled", false); // [HIDDEN PREF]
 user_pref("datareporting.healthreport.documentServerURI", ""); // [HIDDEN PREF]
-// 0334b: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers
+// 0341: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers
   // [-] https://bugzilla.mozilla.org/1234522
 user_pref("datareporting.policy.dataSubmissionEnabled.v2", false);
 // 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url
@ -1879,7 +1916,7 @@ user_pref("browser.pocket.oAuthConsumerKey", "");
   // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled
   // [-] https://bugzilla.mozilla.org/1236580
 user_pref("toolkit.telemetry.unifiedIsOptIn", true); // [HIDDEN PREF]
-// 0333b: disable about:healthreport page UNIFIED
+// 0340b: disable about:healthreport page UNIFIED
   // [-] https://bugzilla.mozilla.org/1236580
 user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,");
 // 0807: disable history manipulation
@ -2081,7 +2118,7 @@ user_pref("intl.locale.matchOS", false);
 // 0204: set APP locale - replaced by intl.locale.requested
   // [-] https://bugzilla.mozilla.org/1414390
 user_pref("general.useragent.locale", "en-US");
-// 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json)
+// 0340b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json)
   // If you have disabled health reports, then this about page is useless - disable it
   // If you want to see what health data is present, then this must be set at default
   // [-] https://bugzilla.mozilla.org/1352497
@ -2196,7 +2233,7 @@ user_pref("shield.savant.enabled", false);
 // 1031: disable favicons in tabs and new bookmarks - merged into browser.chrome.site_icons
   // [-] https://bugzilla.mozilla.org/1453751
   // user_pref("browser.chrome.favicons", false);
-// 2030: disable auto-play of HTML5 media - replaced by media.autoplay.default
+// 2030: disable autoplay of HTML5 media - replaced by media.autoplay.default
   // [SETUP-WEB] This may break video playback on various sites
   // [-] https://bugzilla.mozilla.org/1470082
 user_pref("media.autoplay.enabled", false);
@ -2207,6 +2244,49 @@ user_pref("media.autoplay.enabled", false);
   // [-] https://bugzilla.mozilla.org/1473595
   // user_pref("browser.ctrlTab.previews", true);
 // * * * /
 // FF64
 // 0516: disable Onboarding [FF55+]
   // Onboarding is an interactive tour/setup for new installs/profiles and features. Every time
   // about:home or about:newtab is opened, the onboarding overlay is injected into that page
   // [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3]
   // [1] https://wiki.mozilla.org/Firefox/Onboarding
   // [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf
   // [3] https://bugzilla.mozilla.org/863246#c154
   // [-] https://bugzilla.mozilla.org/1462415
 user_pref("browser.onboarding.enabled", false);
 // 2608: disable WebIDE ADB extension downloads - both renamed
   // [1] https://trac.torproject.org/projects/tor/ticket/16222
   // [-] https://bugzilla.mozilla.org/1491315
 user_pref("devtools.webide.autoinstallADBHelper", false);
 user_pref("devtools.webide.adbAddonURL", "");
 // 2681: disable CSP violation events [FF59+]
   // [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent
   // [-] https://bugzilla.mozilla.org/1488165
 user_pref("security.csp.enable_violation_events", false);
 // * * * /
 // FF65
 // 0850a: disable location bar autocomplete and suggestion types
   // If you enforce any of the suggestion types (see the other 0850a), you MUST enforce 'autocomplete'
   //   - If *ALL* of the suggestion types are false, 'autocomplete' must also be false
   //   - If *ANY* of the suggestion types are true, 'autocomplete' must also be true
   // [-] https://bugzilla.mozilla.org/1502392
 user_pref("browser.urlbar.autocomplete.enabled", false);
 // 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true)
   // e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix)
   // [-] https://bugzilla.mozilla.org/1510580
 user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true]
 // * * * /
 // FF66
 // 0380: disable Browser Error Reporter [FF60+]
   // [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection
   // [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html
   // [-] https://bugzilla.mozilla.org/1509888
 user_pref("browser.chrome.errorReporter.enabled", false);
 user_pref("browser.chrome.errorReporter.submitUrl", "");
 // 0502: disable Mozilla permission to silently opt you into tests
   // [-] https://bugzilla.mozilla.org/1415625
 user_pref("network.allow-experiments", false);
 // * * * /
 // ***/
 /* END: internal custom pref to test for syntax errors ***/
Author	SHA1	Message	Date
Thorin-Oakenpants	bee47f33cd	66-beta	2019-03-27 04:35:42 +00:00
earthlng	2fcec590b4	Update user.js (#676 ) - to avoid confusion with the setting tag, split the prefs into separate numbers, thus shove 2031->2031, reuse 2031 - remove the default value notation as Mozilla will roll out default change gradually to users	2019-03-26 19:05:55 +00:00
Thorin-Oakenpants	3c4b312cc7	2030: default didn't change not putting the setup-web tag back in, as users now have site exceptions	2019-03-19 19:58:15 +00:00
Thorin-Oakenpants	0354895a2e	2030: add [setting] for autoplay	2019-03-19 09:00:39 +00:00
Thorin-Oakenpants	462db2062c	2030: remove setup tag If Firefox see fit to set this as 1 by now, then breakage is probably rare, and I'm not encouraging users to reduce security/privacy etc from default	2019-03-17 22:43:27 +00:00
earthlng	d9e24e5095	Update user.js (#667 )	2019-03-18 07:07:15 +13:00
Thorin-Oakenpants	b1aa1f5619	2030: default change	2019-03-16 22:51:58 +00:00
Thorin-Oakenpants	a349662f69	66 deprecated prefs	2019-03-16 22:44:24 +00:00
Thorin-Oakenpants	28a7226235	4510: clarify this is the chrome	2019-03-16 22:36:31 +00:00
Thorin-Oakenpants	97f08ad3cd	4504: RFP letterboxing, closes #659	2019-03-16 22:34:45 +00:00
Thorin-Oakenpants	68584a3397	some 2505+RFP clarity, closes #661	2019-03-13 15:15:23 +00:00
Thorin-Oakenpants	8b4f45774a	4607+RFP clarity, closes #656	2019-03-13 14:46:33 +00:00
Thorin-Oakenpants	f8428dcc0a	a better test - more metrics covered/displayed - test page site is https	2019-03-07 14:55:03 +00:00
Thorin-Oakenpants	6d6cd5f410	2802 applies to 2803, closes #658	2019-03-05 03:26:39 +00:00
Thorin-Oakenpants	eae8434853	start 66 commits	2019-02-26 07:53:21 +00:00
Thorin-Oakenpants	2cff24f12e	65 final	2019-02-26 05:42:32 +00:00
Thorin-Oakenpants	60be8be5ec	UNC and extensions, closes #651	2019-02-17 03:51:44 +00:00
Thorin-Oakenpants	981dd83c15	clarify themes info, closes #648	2019-02-17 16:34:34 +13:00
Thorin-Oakenpants	5c703f0262	65-beta	2019-02-09 10:05:45 +00:00
Thorin-Oakenpants	de0ebbed21	0343: even MOAR clarification	2019-02-08 11:38:17 +00:00
Thorin-Oakenpants	e448015704	0343: clarify where TAAR is extension recommendations in the "Add-ons Manager" (not sure how it's displayed) CFR is extension recommendations as you browse the web, via a drop down panel	2019-02-07 16:55:04 +00:00
Thorin-Oakenpants	d3b1ed45ad	RFP: UA spoof is now 60+8's	2019-02-07 15:14:08 +00:00
earthlng	ed140425ea	move shit around	2019-02-08 03:41:23 +13:00
Thorin-Oakenpants	3847f97f41	some more 65+ diffs, #610	2019-02-07 13:41:15 +00:00
Thorin-Oakenpants	d81e8ae583	i need a break	2019-02-07 11:11:16 +00:00
Thorin-Oakenpants	7a8381d894	typo	2019-02-07 11:01:31 +00:00
Thorin-Oakenpants	649699ad22	0609: disable connectivity service #610	2019-02-07 11:00:07 +00:00
Thorin-Oakenpants	1d5289dd94	RFP 67+	2019-02-06 16:59:28 +00:00
Thorin-Oakenpants	74c8f294d6	0306: extension metadata, closes #615	2019-02-05 04:51:07 +00:00
Thorin-Oakenpants	a0508eccf6	capital letter after [note]	2019-02-04 13:41:56 +00:00
Thorin-Oakenpants	25acd9f63e	2703 again - description needs to stay changed from just cookies since it also clears site data - keep the info about n days out of it, it's just messy (ESR users should be on version 60) - get the values correct (I mixed them up earlier) - fixup [setting] path - leave in one (of two) extra [notes] I previously added	2019-02-04 13:40:45 +00:00
Thorin-Oakenpants	74a08114a8	2701: refix setting	2019-02-04 13:28:29 +00:00
Thorin-Oakenpants	71ffc661b2	2701 again	2019-02-04 13:26:19 +00:00
Thorin-Oakenpants	e432a22693	0306: moar info #615 see https://github.com/ghacksuserjs/ghacks-user.js/issues/615#issuecomment-460243162 - checking for updates is not a trigger, having an update and applying it is	2019-02-04 13:08:41 +00:00
Thorin-Oakenpants	f06c78f897	update cookie settings info	2019-02-05 02:00:19 +13:00
Thorin-Oakenpants	847eb80877	0306 => inactive, closes #615 whatever we thought it may have done in the past, it doesn't do that now as far as we know. And it's not an issue since we allow extension update-CHECKs anyway.	2019-02-04 06:39:29 +00:00
Thorin-Oakenpants	ec0e58099f	pointer events -> RFP ALTS	2019-02-01 13:53:04 +00:00
Thorin-Oakenpants	e6eb473071	dom.storage_access.enabled regardless of this pref setting: the permissions.sqlite file will still be abused to store a flag for this for every single site you connect to (as third party?) - fun.	2019-02-01 13:41:00 +00:00
Thorin-Oakenpants	f1b892bc1c	clean up "Firefox Data Collection & Use" (#627 ) * clean up "Firefox Data Collection & Use" - telemetry prefs to 330's - Firefox Data Collection & Use prefs to 340's (but leave crash reports in 350s) - move `app.shield.optoutstudies.enabled` to 330's - this is an internal pref which controls if you get the system addon - make notes that `datareporting.healthreport.uploadEnabled` controls studies and ext recommendations - split crash reports better to reflex the UI setting	2019-02-02 00:57:22 +13:00
Thorin-Oakenpants	524b5f79dc	setting changes re cookies	2019-01-31 18:42:59 +00:00
Thorin-Oakenpants	24f2e1d982	disable storage access api see: https://old.reddit.com/r/firefox/comments/alnn3f/storageaccessapi_permissions/effg5tp/	2019-01-31 16:16:59 +00:00
Thorin-Oakenpants	c6060e5645	storage access api	2019-01-31 16:03:39 +00:00
Thorin-Oakenpants	d0b8a08a4b	browser.urlbar.maxHistoricalSearchSuggestions default 0 in ESR60 and FF60+	2019-01-30 16:16:12 +00:00
Thorin-Oakenpants	f047fe93c0	remove 0850f `browser.urlbar.maxHistoricalSearchSuggestions` is default 0 is FF60 thru to FF66. It is also default 0 in ESR60.1 thru 60.5. (at least on Windows) IDK if this has ever been used, maybe android, in which case it's probably useful?	2019-01-30 16:14:39 +00:00
Thorin-Oakenpants	6147fed61c	and the rest of the 0850's The location bar dropdown cannot be disabled via prefs except with css, in which case the whole thing is hidden regardless of he above prefs. So there is no point in making any of them active. This is also in line with what we can achieve with relaxed and hardened tags / sticky issues - that is we can find a better balance, Shoulder surfers is a low risk, not even Tor Browser disables this stuff. People need to take responsibility and/or use common sense. Sure, we can leave em in for users to know about and enable if they want. End of story. userChrome.css code is ```css /* locationbar dropdown FF65+ */ #PopupAutoCompleteRichResult {display: none!important;} ```	2019-01-30 15:44:08 +00:00
Thorin-Oakenpants	54f79604da	Make Firefox Great Again (#626 ) * location bar changes * if the dropdown is going to be used, then no point hiding search engines on the bottom line	2019-01-30 15:06:32 +00:00
Thorin-Oakenpants	2f351fa5ce	0702: http2 websockets might as well add it: needs t be taken into consideration when looking at the whole http2 thing. Will be interesting to see what Tor Browser does with it in ESR68	2019-01-30 14:09:39 +00:00
Thorin-Oakenpants	5dc3ea66cd	browser.contentblocking.enabled only existed for FF63+64, default true anyway	2019-01-30 12:38:07 +00:00
earthlng	d9a87b3ac4	FF65 removals (#624 )	2019-01-30 12:27:53 +00:00
Thorin-Oakenpants	95b75a065d	up date info on what cookies control #622	2019-01-30 10:23:42 +00:00
claustromaniac	8c96432eb8	Update updater.sh (#618 ) Closes #616 + #617	2019-01-25 14:28:00 +00:00
Thorin-Oakenpants	1c09ec36e3	0306: extra info, closes #615	2019-01-18 04:24:13 +00:00
Thorin-Oakenpants	f1e6d164f7	start 65 commits	2019-01-17 05:19:11 +00:00
Thorin-Oakenpants	3b90e6e592	end of v64	2019-01-17 05:11:29 +00:00
Thorin-Oakenpants	45bd5ccc02	PB Mode: ref added	2019-01-16 02:07:06 +00:00
Thorin-Oakenpants	7bf5790f2b	RFP: FF66 changes to UA HTTP Headers	2019-01-11 05:14:59 +00:00
Thorin-Oakenpants	075d6fe6e4	2615: s/cut keys: bug fix in 66+	2019-01-11 05:09:14 +00:00
Thorin-Oakenpants	4604cf0d4e	references to other prefs s/be explicit	2018-12-21 11:02:40 +00:00
claustromaniac	b845f8fe3a	Update README.md OK, I give up. I would've removed those commits by force-pushing, but the branch is protected. #NotMyFault	2018-12-20 19:53:48 +00:00
claustromaniac	96063027ba	Update README.md second attempt at fixing the weird title...	2018-12-20 19:44:27 +00:00
claustromaniac	186fb1c9be	Update README.md fix for the weird page title ![][b] https://ghacksuserjs.github.io/ghacks-user.js/	2018-12-20 19:42:28 +00:00
Thorin-Oakenpants	ac4e764c37	http2, altsvc, ssl session ids vs FPI vs TB #571	2018-12-18 15:54:57 +00:00
earthlng	5b0952f60a	network.auth.subresource-http-auth-allow	2018-12-17 13:00:27 +00:00
Thorin-Oakenpants	5bd5f6b28e	0912: HTTP Auth sub-resources #585 (#602 )	2018-12-18 01:41:37 +13:00
earthlng	55c2cacbce	0335: toolkit.telemetry.coverage.opt-out (#600 )	2018-12-17 22:43:45 +13:00
Thorin-Oakenpants	4badc42879	0105b: kill snippets endpoint #528 it's too hard to follow AS changes, and work out if disabling showing items (basic toggling of show/hide sections etc) actually stops downloading a localized local copy etc. For items we actually want to block, let the endpoint slaughter begin.	2018-12-17 09:36:26 +00:00
earthlng	6946a01232	Update troubleshooter.js	2018-12-17 08:19:14 +00:00
Thorin-Oakenpants	da80e39064	0105s: description s/be self explanatory #578 when filtered and 0105a is not shown, AS doesn't mean anything	2018-12-16 17:37:42 +00:00
Thorin-Oakenpants	c1d6d81528	add PERF tags to wasm, asm.js, closes #599	2018-12-16 14:10:32 +00:00
Thorin-Oakenpants	d5ece0f6f4	1700s: revamp Containers header #585 (#596 )	2018-12-14 07:05:43 +00:00
Thorin-Oakenpants	f6ea20a8b0	0335: Telemetry Coverage endpoint let's just coverage-our-ass on this one While I don't mind telemetry (development needs meaningful feedback to better the product), and I trust the data is not PII, and/or anonymized into buckets etc (you can check this you know), and I understand this one needs to be outside the Telemetry pref in order to gather the one-time ping ... and I trust Mozilla's motives ... I'm starting to get a little annoyed at the non-stop incessant increasing telemetry bullshittery and ass-fuckery around sending data home, and the lengths some Mozilla devs will go to, to hide this info (hidden prefs, access denied tickets to hide discussion of what should be public, and even not even adhering to their own documentation). I will also be killing as many Activity Stream endpoints as well - as long as they are in line with our js - pocket, snippets, onboarding etc. And I will add those from personal as inactive for end-users - eg cfr	2018-12-13 17:28:16 +00:00
Thorin-Oakenpants	645492e82f	grammar, case, etc, closes #594 thanks @Just-me-ghacks	2018-12-14 04:49:50 +13:00
earthlng	15c68dc344	disable System Add-on updates (#595 ) remember the new Coverage Telemetry shit? with a hidden opt-out pref? guess what, they are already collecting for 3 months ... https://bugzilla.mozilla.org/show_bug.cgi?id=1487578 - 3 months ago: "I see data coming in that looks reasonable" guess what else ... "It has also replaced the previous version that was there (from bug 1480194)" and oh, surprise surprise, 1480194 is ACCESS DENIED! they're not just using private tickets to hide security critical information from potential hackers and blackhats, no they also use it to hide shady AF things. Things that they fully know are shady as fuck and that they absolutely know a lot of people would not like. There's simply no other reason why they'd do that but wait, that's not all. If you think an opt-out pref that 99% of people wouldn't know about even if it showed up in about:config BUT ALSO HAPPENS TO BE HIDDEN is kind of questionable, well ... the system addon that they use for this shit apparently looked or still looks for `toolkit.telemetry.coverage.opt-out` [1] instead of `toolkit.coverage.opt-out` as their documentation [2] claims [1] https://github.com/mozilla/one-off-system-add-ons/pull/131/files#diff-6e0cbf76986d04383ccb32a29ef27a7aR25 [2] https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/docs/data/coverage-ping.rst#l32 It's time to opt out of all that shit for good. Disable system addon updates and kill it at the root > In FF61 and lower, you will not get any System Add-on updates except when you update Firefox on its own that's not true. You will get SA updates unless you disable app update checks + auto install. Let's just remove that as well.	2018-12-14 03:21:57 +13:00
Thorin-Oakenpants	04b797f1aa	0209: remove trailing space @Just-me-ghacks 💋	2018-12-13 11:14:44 +00:00
Thorin-Oakenpants	e60abd6c44	64-beta	2018-12-12 17:17:33 +00:00
Thorin-Oakenpants	d55b8176ad	dyslexia and/or dementia	2018-12-12 16:52:12 +00:00
Thorin-Oakenpants	31adbba774	5000s: disable CFR	2018-12-12 16:34:27 +00:00
Thorin-Oakenpants	3c247a2c5b	Update ghacks-clear-[removed].js	2018-12-12 13:22:58 +00:00
Thorin-Oakenpants	879f0abf28	2201: more garbage	2018-12-12 13:21:24 +00:00
Thorin-Oakenpants	d97d0ec0f5	media.peerconnection* covered by user_pref("media.peerconnection.enabled", false);	2018-12-12 13:09:03 +00:00
earthlng	3916e38681	taking out the garbage (#590 )	2018-12-13 02:02:38 +13:00
Thorin-Oakenpants	51ac69874b	0105* remove // has setting	2018-12-12 11:58:48 +00:00
earthlng	2d956d04f3	move 1260 to 122x (#591 ) * move 1260 to 122x "disable or limit SHA-1 certificates" is about certs, not ciphers. Because CERTS is 1st in the title I moved it to the 1st item there because it's arguably also the most important of the lot (and renumbered the rest) We can also drop HSTS from the subgroup title because there's nothing HSTS left atm.	2018-12-13 00:52:49 +13:00
Thorin-Oakenpants	9d6bfb650c	disable Telemetry Coverage (#589 )	2018-12-13 00:29:29 +13:00
Thorin-Oakenpants	ccdd4decf0	Pocket: 0510->0370 Pocket is no longer a System Add-on in FF64+	2018-12-12 08:25:25 +00:00
Thorin-Oakenpants	f0fbfd3086	network.auth.subresource-img-cross-origin-http-auth-allow #585	2018-12-11 17:44:19 +00:00
Thorin-Oakenpants	88b747ef36	0911: remove it, #585 it is default false in FF59+	2018-12-11 17:42:19 +00:00
Thorin-Oakenpants	c6ebe36165	1022: resume from crash=>inactive, closes #575	2018-12-11 17:28:21 +00:00
Thorin-Oakenpants	7684e83aba	0102 add SR info #575	2018-12-11 17:18:26 +00:00
Thorin-Oakenpants	4f37975566	browser.sessionstore.max_windows_undo #575	2018-12-11 16:49:38 +00:00
Thorin-Oakenpants	26b874bed7	1020: remove max_windows #575	2018-12-11 16:43:11 +00:00
earthlng	61be5ae563	all Deprecations + new ADB extension prefs (#587 )	2018-12-12 05:07:28 +13:00
Thorin-Oakenpants	ef1e61ebcd	start 64-alpha	2018-12-11 16:05:07 +00:00