mirror of
https://github.com/arkenfox/user.js.git
synced 2025-09-01 09:28:31 +02:00
Compare commits
36 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 560acfc94f | |||
| fb263f5624 | |||
| 19b392b83d | |||
| 2db76c95c3 | |||
| b6fbf77dde | |||
| a4ba22e912 | |||
| 163e18ce6d | |||
| a13027905e | |||
| 8f76d9439f | |||
| f0980b5cb8 | |||
| 450c9a9e0f | |||
| 6acfdaccbd | |||
| a0e0a2a6c9 | |||
| f67e729197 | |||
| 19526b573c | |||
| b0221ec838 | |||
| a3611b7cf8 | |||
| bff1e84afa | |||
| 1d31da40ec | |||
| 0d57cfc44a | |||
| 0cfb2fb06d | |||
| d5f297ed42 | |||
| c13dbdf40d | |||
| 6173104a9e | |||
| 0c79b8b45b | |||
| 895f8d01d5 | |||
| 65dfad5c76 | |||
| fdaf22780f | |||
| 16756646bb | |||
| e4f80225d8 | |||
| 67eec9c85c | |||
| 539750d2f2 | |||
| d91226ed55 | |||
| 301fcd059d | |||
| 1cc9a08a18 | |||
| 5d1857ddd8 |
@ -8,7 +8,7 @@ Everyone, experts included, should at least read the [implementation](https://gi
|
||||
|
||||
Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services.
|
||||
|
||||
Also be aware that this `user.js` is made specifically for Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.
|
||||
Also be aware that this `user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.
|
||||
|
||||
Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs)
|
||||
|
||||
@ -18,7 +18,7 @@ Literally thousands of sources, references and suggestions. That said...
|
||||
* Martin Brinkmann at [ghacks](https://www.ghacks.net/) <sup>1</sup>
|
||||
* The ghacks community and commentators
|
||||
* [12bytes](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs)
|
||||
* The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [GitLab](https://gitlab.com/labwrat/Firefox-user.js/tree/master)
|
||||
* The 12bytes article now uses this user.js and supplements it with an additional JS hosted at [Codeberg](https://codeberg.org/12bytes.org/Firefox-user.js-supplement)
|
||||
|
||||
<sup>1</sup> The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name.
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/***
|
||||
This will reset the preferences that are under sections 4600 & 4700 in the ghacks user.js
|
||||
up to and including release 60-beta. These are the prefs that are no longer necessary,
|
||||
up to and including Firefox/ESR 68. These are the prefs that are no longer necessary,
|
||||
or they conflict with, privacy.resistFingerprinting if you have that enabled.
|
||||
|
||||
For instructions see:
|
||||
@ -22,6 +22,8 @@
|
||||
'dom.w3c_touch_events.enabled',
|
||||
'media.ondevicechange.enabled',
|
||||
'webgl.enable-debug-renderer-info',
|
||||
'dom.w3c_pointer_events.enabled',
|
||||
'ui.use_standins_for_native_colors',
|
||||
/* section 4700 */
|
||||
'general.useragent.override',
|
||||
'general.buildID.override',
|
||||
@ -1,6 +1,6 @@
|
||||
/***
|
||||
This will reset the preferences that have been deprecated by Mozilla
|
||||
and used in the ghacks user.js up to and including release 60-beta
|
||||
and used in the ghacks user.js up to and including Firefox/ESR 68
|
||||
|
||||
It is in reverse order, so feel free to remove sections that do not apply
|
||||
|
||||
@ -12,8 +12,43 @@
|
||||
let ops = [
|
||||
/* deprecated */
|
||||
|
||||
/* ESR52.x users can remove sections 53-60 but it is not
|
||||
crucial as your user.js will reinstate them */
|
||||
/* 68 */
|
||||
'browser.newtabpage.activity-stream.disableSnippets',
|
||||
'browser.aboutHomeSnippets.updateUrl',
|
||||
'lightweightThemes.update.enabled',
|
||||
'security.csp.experimentalEnabled',
|
||||
/* F67 */
|
||||
'dom.event.highrestimestamp.enabled',
|
||||
'browser.newtabpage.activity-stream.asrouter.userprefs.cfr',
|
||||
/* 66 */
|
||||
'browser.chrome.errorReporter.enabled',
|
||||
'browser.chrome.errorReporter.submitUrl',
|
||||
'network.allow-experiments',
|
||||
/* 65 */
|
||||
'browser.urlbar.autocomplete.enabled',
|
||||
'browser.fixup.hide_user_pass',
|
||||
/* 64 */
|
||||
'browser.onboarding.enabled',
|
||||
'devtools.webide.autoinstallADBHelper',
|
||||
'devtools.webide.adbAddonURL',
|
||||
'security.csp.enable_violation_events',
|
||||
/* 63 */
|
||||
'browser.search.countryCode',
|
||||
'app.update.enabled',
|
||||
'shield.savant.enabled',
|
||||
'browser.chrome.favicons',
|
||||
'media.autoplay.enabled',
|
||||
'network.cookie.lifetime.days',
|
||||
'browser.ctrlTab.previews',
|
||||
/* 62 */
|
||||
'plugin.state.java',
|
||||
/* 61 */
|
||||
'experiments.enabled',
|
||||
'experiments.manifest.uri',
|
||||
'experiments.supported',
|
||||
'experiments.activeExperiment',
|
||||
'network.jar.block-remote-files',
|
||||
'network.jar.open-unsafe-types',
|
||||
/* 60 */
|
||||
'browser.newtabpage.directory.source',
|
||||
'browser.newtabpage.enhanced',
|
||||
@ -22,7 +57,6 @@
|
||||
'extensions.shield-recipe-client.api_url',
|
||||
'browser.newtabpage.activity-stream.enabled',
|
||||
'dom.workers.enabled',
|
||||
'view_source.tab',
|
||||
/* 59 */
|
||||
'intl.locale.matchOS',
|
||||
'general.useragent.locale',
|
||||
@ -76,8 +110,6 @@
|
||||
'plugin.scan.WindowsMediaPlayer',
|
||||
'media.getusermedia.screensharing.allow_on_old_platforms',
|
||||
'dom.beforeAfterKeyboardEvent.enabled',
|
||||
/* End of ESR52.x section */
|
||||
|
||||
/* 52 */
|
||||
'network.http.sendSecureXSiteReferrer',
|
||||
'media.gmp-eme-adobe.enabled',
|
||||
@ -1,7 +1,7 @@
|
||||
/***
|
||||
This will reset the preferences that have been removed completely from the ghacks user.js.
|
||||
|
||||
Last updated: 15-October-2019
|
||||
Last updated: 11-November-2019
|
||||
|
||||
For instructions see:
|
||||
https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
|
||||
@ -204,13 +204,16 @@
|
||||
/* 70-beta */
|
||||
'browser.cache.disk_cache_ssl',
|
||||
'browser.sessionhistory.max_entries',
|
||||
'dom.push.connection.enabled',
|
||||
'dom.push.serverURL',
|
||||
'extensions.getAddons.discovery.api_url',
|
||||
'extensions.htmlaboutaddons.discover.enabled',
|
||||
'extensions.webservice.discoverURL',
|
||||
'intl.locale.requested',
|
||||
'intl.regional_prefs.use_os_locales',
|
||||
'dom.push.connection.enabled',
|
||||
'dom.push.serverURL',
|
||||
'privacy.usercontext.about_newtab_segregation.enabled',
|
||||
'security.insecure_connection_icon.pbmode.enabled',
|
||||
'security.insecure_connection_text.pbmode.enabled',
|
||||
'webgl.dxgl.enabled',
|
||||
/* reset parrot: check your open about:config after running the script */
|
||||
'_user.js.parrot'
|
||||
|
||||
@ -1,65 +1,11 @@
|
||||
|
||||
/*** ghacks-user.js troubleshooter.js v1.5.2 ***/
|
||||
/*** ghacks-user.js troubleshooter.js v1.6.0 ***/
|
||||
|
||||
(function() {
|
||||
|
||||
if("undefined" === typeof(Services)) {
|
||||
alert("about:config needs to be the active tab!");
|
||||
return;
|
||||
}
|
||||
if ("undefined" === typeof(Services)) return alert('about:config needs to be the active tab!');
|
||||
|
||||
function getMyList(arr) {
|
||||
let aRet = [];
|
||||
let dummy = 0;
|
||||
for (let i = 0, len = arr.length; i < len; i++) {
|
||||
if (Services.prefs.prefHasUserValue(arr[i])) {
|
||||
dummy = Services.prefs.getPrefType(arr[i]);
|
||||
switch (dummy) {
|
||||
case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31)
|
||||
dummy = Services.prefs.getCharPref(arr[i]);
|
||||
aRet.push({'name':arr[i],'value': dummy,'type':32});
|
||||
break;
|
||||
case 64: // int
|
||||
dummy = Services.prefs.getIntPref(arr[i]);
|
||||
aRet.push({'name':arr[i],'value': dummy,'type':64});
|
||||
break;
|
||||
case 128: // boolean
|
||||
dummy = Services.prefs.getBoolPref(arr[i]);
|
||||
aRet.push({'name':arr[i],'value': dummy,'type':128});
|
||||
break;
|
||||
default:
|
||||
console.log("error detecting pref-type for '"+arr[i]+"' !");
|
||||
}
|
||||
}
|
||||
}
|
||||
return aRet;
|
||||
}
|
||||
|
||||
function reapply(arr) {
|
||||
for (let i = 0, len = arr.length; i < len; i++) {
|
||||
switch (arr[i].type) {
|
||||
case 32: // string
|
||||
Services.prefs.setCharPref(arr[i].name, arr[i].value);
|
||||
break;
|
||||
case 64: // int
|
||||
Services.prefs.setIntPref(arr[i].name, arr[i].value);
|
||||
break;
|
||||
case 128: // boolean
|
||||
Services.prefs.setBoolPref(arr[i].name, arr[i].value);
|
||||
break;
|
||||
default:
|
||||
console.log("error re-appyling value for '"+arr[i].name+"' !"); // should never happen
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function myreset(arr) {
|
||||
for (let i = 0, len = arr.length; i < len; i++) {
|
||||
Services.prefs.clearUserPref(arr[i].name);
|
||||
}
|
||||
}
|
||||
|
||||
let ops = [
|
||||
const aPREFS = [
|
||||
|
||||
/* known culprits */
|
||||
'network.cookie.cookieBehavior',
|
||||
@ -160,56 +106,108 @@
|
||||
'last.one.without.comma'
|
||||
]
|
||||
|
||||
// any runtime-set pref that everyone will have and that can be safely reset
|
||||
const oFILLER = { type: 64, name: 'extensions.blocklist.pingCountTotal', value: -1 };
|
||||
|
||||
// reset prefs that set the same value as FFs default value
|
||||
let aTEMP = getMyList(ops);
|
||||
myreset(aTEMP);
|
||||
reapply(aTEMP);
|
||||
function getMyList(arr) {
|
||||
const aRet = [];
|
||||
for (const sPname of arr) {
|
||||
if (Services.prefs.prefHasUserValue(sPname)) {
|
||||
const ptype = Services.prefs.getPrefType(sPname);
|
||||
switch (ptype) {
|
||||
case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31)
|
||||
aRet.push({'type':ptype,'name':sPname,'value':Services.prefs.getCharPref(sPname)});
|
||||
break;
|
||||
case 64: // int
|
||||
aRet.push({'type':ptype,'name':sPname,'value':Services.prefs.getIntPref(sPname)});
|
||||
break;
|
||||
case 128: // boolean
|
||||
aRet.push({'type':ptype,'name':sPname,'value':Services.prefs.getBoolPref(sPname)});
|
||||
break;
|
||||
default:
|
||||
console.log("error detecting pref-type for '"+sPname+"' !");
|
||||
}
|
||||
}
|
||||
}
|
||||
return aRet;
|
||||
}
|
||||
|
||||
const aBACKUP = getMyList(ops);
|
||||
//console.log(aBACKUP.length, "user-set prefs from our list detected and their values stored.");
|
||||
function reapply(arr) {
|
||||
for (const oPref of arr) {
|
||||
switch (oPref.type) {
|
||||
case 32: // string
|
||||
Services.prefs.setCharPref(oPref.name, oPref.value);
|
||||
break;
|
||||
case 64: // int
|
||||
Services.prefs.setIntPref(oPref.name, oPref.value);
|
||||
break;
|
||||
case 128: // boolean
|
||||
Services.prefs.setBoolPref(oPref.name, oPref.value);
|
||||
break;
|
||||
default:
|
||||
console.log("error re-appyling value for '"+oPref.name+"' !"); // should never happen
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let myArr = aBACKUP;
|
||||
let found = false;
|
||||
let aDbg = [];
|
||||
focus();
|
||||
myreset(aBACKUP); // reset all detected prefs
|
||||
if (confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) {
|
||||
aDbg = myArr;
|
||||
reapply(aBACKUP);
|
||||
myreset(myArr.slice(0, parseInt(myArr.length/2)));
|
||||
while (myArr.length >= 2) {
|
||||
function myreset(arr) {
|
||||
for (const oPref of arr) Services.prefs.clearUserPref(oPref.name);
|
||||
}
|
||||
|
||||
function resetAllMatchingDefault(arr) {
|
||||
const aTmp = getMyList(arr);
|
||||
myreset(aTmp);
|
||||
reapply(aTmp);
|
||||
}
|
||||
|
||||
function _main(aALL) {
|
||||
const _h = (arr) => Math.ceil(arr.length/2);
|
||||
|
||||
let aTmp = aALL, aDbg = aALL;
|
||||
reapply(aALL);
|
||||
myreset(aTmp.slice(0, _h(aTmp)));
|
||||
while (aTmp.length) {
|
||||
alert("NOW TEST AGAIN !");
|
||||
if (confirm("if the problem still exists click OK, otherwise click cancel.")) {
|
||||
myArr = myArr.slice(parseInt(myArr.length/2));
|
||||
if (myArr.length == 1) {
|
||||
alert("The problem is caused by more than 1 pref !\n\nNarrowed it down to "+ aDbg.length.toString() +" prefs, check the console ...");
|
||||
break;
|
||||
}
|
||||
aTmp = aTmp.slice(_h(aTmp));
|
||||
} else {
|
||||
myArr = myArr.slice(0, parseInt(myArr.length/2));
|
||||
aDbg = myArr;
|
||||
if (myArr.length == 1) { found = true; break; }
|
||||
aTmp = aTmp.slice(0, _h(aTmp));
|
||||
aDbg = aTmp; // update narrowed down list
|
||||
if (aDbg.length == 1) break;
|
||||
}
|
||||
reapply(aBACKUP);
|
||||
myreset(myArr.slice(0, parseInt(myArr.length/2))); // reset half of the remaining prefs
|
||||
reapply(aALL);
|
||||
myreset(aTmp.slice(0, _h(aTmp))); // reset half of the remaining prefs
|
||||
}
|
||||
reapply(aBACKUP);
|
||||
reapply(aALL);
|
||||
|
||||
if (aDbg.length == 1) return alert("narrowed it down to:\n\n"+aDbg[0].name+"\n");
|
||||
if (aDbg.length == aALL.length) {
|
||||
let msg = "Failed to narrow it down beyond the initial "+aALL.length+" prefs. The problem is most likely caused by at least 2 prefs!\n\n";
|
||||
msg += "Either those prefs are too far apart in the list or there are exactly 2 culprits and they just happen to be at the wrong place.\n\n";
|
||||
msg += "In case it's the latter, the script can add a dummy pref and you can try again - Try again?";
|
||||
if (confirm(msg)) return _main([...aALL, oFILLER]);
|
||||
} else if (aDbg.length > 10 && confirm("Narrowed it down to "+aDbg.length+" prefs. Try narrowing it down further?")) {
|
||||
return _main(aDbg.reverse());
|
||||
}
|
||||
else {
|
||||
reapply(aBACKUP);
|
||||
|
||||
alert("Narrowed it down to "+ aDbg.length.toString() +" prefs, check the console ...");
|
||||
console.log("The problem is caused by 2 or more of these prefs:");
|
||||
for (const oPref of aDbg) console.log(oPref.name);
|
||||
}
|
||||
|
||||
|
||||
resetAllMatchingDefault(aPREFS); // reset user-set prefs matching FFs default value
|
||||
|
||||
const aBAK = getMyList(aPREFS);
|
||||
//console.log(aBAK.length, "user-set prefs from our list detected and their values stored.");
|
||||
|
||||
focus();
|
||||
myreset(aBAK);
|
||||
if (!confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) {
|
||||
reapply(aBAK);
|
||||
return;
|
||||
}
|
||||
|
||||
if (found) {
|
||||
alert("narrowed it down to:\n\n"+myArr[0].name+"\n");
|
||||
myreset(myArr); // reset the culprit
|
||||
}
|
||||
else {
|
||||
console.log("the problem is caused by a combination of the following prefs:");
|
||||
for (let i = 0, len = aDbg.length; i < len; i++) {
|
||||
console.log(aDbg[i].name);
|
||||
}
|
||||
}
|
||||
_main(aBAK);
|
||||
|
||||
})();
|
||||
|
||||
114
user.js
114
user.js
@ -1,8 +1,8 @@
|
||||
/******
|
||||
* name: ghacks user.js
|
||||
* date: 20 September 2019
|
||||
* version 69: Pants One More Time
|
||||
* "When I'm not with pants I lose my mind. Give me a sign. Hit me, pants, one more time."
|
||||
* date: 03 December 2019
|
||||
* version 70: Pinpants Wizard
|
||||
* "Ever since I was a young pants, I've played the silver ball"
|
||||
* authors: v52+ github | v51- www.ghacks.net
|
||||
* url: https://github.com/ghacksuserjs/ghacks-user.js
|
||||
* license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
|
||||
@ -246,8 +246,7 @@ user_pref("datareporting.healthreport.uploadEnabled", false);
|
||||
* [1] https://bugzilla.mozilla.org/1195552 ***/
|
||||
user_pref("datareporting.policy.dataSubmissionEnabled", false);
|
||||
/* 0342: disable Studies (see 0503)
|
||||
* [NOTE] This pref has no effect when Health Reports (0340) are disabled
|
||||
* [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to install and run studies ***/
|
||||
* [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to install and run studies ***/
|
||||
user_pref("app.shield.optoutstudies.enabled", false);
|
||||
/* 0343: disable personalized Extension Recommendations in about:addons and AMO [FF65+]
|
||||
* [NOTE] This pref has no effect when Health Reports (0340) are disabled
|
||||
@ -375,7 +374,7 @@ user_pref("network.prefetch-next", false);
|
||||
* [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/
|
||||
* [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/
|
||||
user_pref("network.dns.disablePrefetch", true);
|
||||
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF]
|
||||
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR] [DEFAULT: true FF70+]
|
||||
/* 0603: disable predictor / prefetching ***/
|
||||
user_pref("network.predictor.enabled", false);
|
||||
user_pref("network.predictor.enable-prefetch", false); // [FF48+]
|
||||
@ -428,16 +427,6 @@ user_pref("network.http.altsvc.oe", false);
|
||||
* as a remote Tor node will handle the DNS request
|
||||
* [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/
|
||||
user_pref("network.proxy.socks_remote_dns", true);
|
||||
/* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+]
|
||||
* TRR = Trusted Recursive Resolver
|
||||
* 0=off by default, 1=race (removed in FF69), 2=TRR first, 3=TRR only,
|
||||
* 4=race for stats but always use native result (removed in FF69), 5=explicitly off
|
||||
* [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
|
||||
* [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
|
||||
* [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ ***/
|
||||
// user_pref("network.trr.mode", 0);
|
||||
// user_pref("network.trr.bootstrapAddress", "");
|
||||
// user_pref("network.trr.uri", "");
|
||||
/* 0708: disable FTP [FF60+]
|
||||
* [1] https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/ ***/
|
||||
// user_pref("network.ftp.enabled", false);
|
||||
@ -596,7 +585,7 @@ user_pref("browser.cache.disk.enable", false);
|
||||
/* 1003: disable memory cache
|
||||
/* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes ***/
|
||||
// user_pref("browser.cache.memory.enable", false);
|
||||
// user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF]
|
||||
// user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF ESR]
|
||||
/* 1006: disable permissions manager from writing to disk [RESTART]
|
||||
* [NOTE] This means any permission changes are session only
|
||||
* [1] https://bugzilla.mozilla.org/967812 ***/
|
||||
@ -630,35 +619,30 @@ user_pref("toolkit.winRegisterApplicationRestart", false);
|
||||
* profile/shortcutCache directory. The .ico remains after the shortcut is deleted.
|
||||
* If set to false then the shortcuts use a generic Firefox icon ***/
|
||||
user_pref("browser.shell.shortcutFavicons", false);
|
||||
/* 1031: disable favicons in tabs and new bookmarks
|
||||
* bookmark favicons are stored as data blobs in favicons.sqlite ***/
|
||||
/* 1031: disable favicons in history and bookmarks
|
||||
* Stored as data blobs in favicons.sqlite, these don't reveal anything that your
|
||||
* actual history (and bookmarks) already do. Your history is more detailed, so
|
||||
* control that instead; e.g. disable history, clear history on close, use PB mode
|
||||
* [NOTE] favicons.sqlite is sanitized on Firefox close, not in-session ***/
|
||||
// user_pref("browser.chrome.site_icons", false);
|
||||
/* 1032: disable favicons in web notifications ***/
|
||||
user_pref("alerts.showFavicons", false); // [DEFAULT: false]
|
||||
// user_pref("alerts.showFavicons", false); // [DEFAULT: false]
|
||||
|
||||
/*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP / CIPHERS)
|
||||
Note that your cipher and other settings can be used server side as a fingerprint attack
|
||||
vector, see [1] (It's quite technical but the first part is easy to understand
|
||||
and you can stop reading when you reach the second section titled "Enter Bro")
|
||||
|
||||
Option 1: Use defaults for ciphers (1260's). There is nothing *weak* about these, but
|
||||
due to breakage, browsers can't deprecate them until the web stops using them
|
||||
Option 2: Disable the ciphers in 1261, 1262 and 1263. These shouldn't break anything.
|
||||
Optionally, disable the ciphers in 1264.
|
||||
|
||||
Your cipher and other settings can be used in server side fingerprinting
|
||||
[TEST] https://www.ssllabs.com/ssltest/viewMyClient.html
|
||||
[1] https://www.securityartwork.es/2017/02/02/tls-client-fingerprinting-with-bro/
|
||||
***/
|
||||
user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
|
||||
/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
|
||||
/* 1201: disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack)
|
||||
* [SETUP-WEB] <2% of secure sites do NOT support the newer "secure" renegotiation, see [2]
|
||||
* [1] https://wiki.mozilla.org/Security:Renegotiation
|
||||
* [2] https://www.ssllabs.com/ssl-pulse/ ***/
|
||||
/* 1201: disable old SSL/TLS "insecure" negotiation (vulnerable to a MiTM attack)
|
||||
* [1] https://wiki.mozilla.org/Security:Renegotiation ***/
|
||||
user_pref("security.ssl.require_safe_negotiation", true);
|
||||
/* 1202: control TLS versions with min and max
|
||||
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
|
||||
* [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
|
||||
* Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 ***/
|
||||
* Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1
|
||||
* [1] https://www.ssllabs.com/ssl-pulse/ ***/
|
||||
// user_pref("security.tls.version.min", 3);
|
||||
// user_pref("security.tls.version.max", 4);
|
||||
/* 1203: disable SSL session tracking [FF36+]
|
||||
@ -740,7 +724,7 @@ user_pref("security.mixed_content.block_display_content", true);
|
||||
* [1] https://bugzilla.mozilla.org/1190623 ***/
|
||||
user_pref("security.mixed_content.block_object_subrequest", true);
|
||||
|
||||
/** CIPHERS [see the section 1200 intro] ***/
|
||||
/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] ***/
|
||||
/* 1261: disable 3DES (effective key size < 128)
|
||||
* [1] https://en.wikipedia.org/wiki/3des#Security
|
||||
* [2] https://en.wikipedia.org/wiki/Meet-in-the-middle_attack
|
||||
@ -771,10 +755,8 @@ user_pref("browser.ssl_override_behavior", 1);
|
||||
* [TEST] https://expired.badssl.com/ ***/
|
||||
user_pref("browser.xul.error_pages.expert_bad_cert", true);
|
||||
/* 1273: display "insecure" icon and "Not Secure" text on HTTP sites ***/
|
||||
user_pref("security.insecure_connection_icon.enabled", true); // [FF59+]
|
||||
user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] [DEFAULT: true FF70+]
|
||||
user_pref("security.insecure_connection_text.enabled", true); // [FF60+]
|
||||
// user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [FF59+] private windows only
|
||||
// user_pref("security.insecure_connection_text.pbmode.enabled", true); // [FF60+] private windows only
|
||||
|
||||
/*** [SECTION 1400]: FONTS ***/
|
||||
user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
|
||||
@ -827,7 +809,7 @@ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
|
||||
// user_pref("network.http.referer.trimmingPolicy", 0); // [DEFAULT: 0]
|
||||
/* 1603: CROSS ORIGIN: control when to send a referer
|
||||
* 0=always (default), 1=only if base domains match, 2=only if hosts match
|
||||
* [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo ***/
|
||||
* [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud ***/
|
||||
user_pref("network.http.referer.XOriginPolicy", 1);
|
||||
/* 1604: CROSS ORIGIN: control the amount of information to send [FF52+]
|
||||
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
|
||||
@ -869,8 +851,6 @@ user_pref("privacy.userContext.ui.enabled", true);
|
||||
/* 1702: enable Container Tabs [FF50+]
|
||||
* [SETTING] General>Tabs>Enable Container Tabs ***/
|
||||
user_pref("privacy.userContext.enabled", true);
|
||||
/* 1703: enable a private container for thumbnail loads [FF51+] ***/
|
||||
user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true in FF61+]
|
||||
/* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME]
|
||||
* 0=no menu (default), 1=show when clicked, 2=show on long press
|
||||
* [1] https://bugzilla.mozilla.org/1328756 ***/
|
||||
@ -905,11 +885,14 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
|
||||
* [1] https://www.privacytools.io/#webrtc ***/
|
||||
user_pref("media.peerconnection.enabled", false);
|
||||
/* 2002: limit WebRTC IP leaks if using WebRTC
|
||||
* In FF70+ these settings match Mode 4 (Mode 3 in older versions) (see [3])
|
||||
* [TEST] https://browserleaks.com/webrtc
|
||||
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416
|
||||
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
|
||||
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713
|
||||
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy
|
||||
* [3] https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-12#section-5.2 ***/
|
||||
user_pref("media.peerconnection.ice.default_address_only", true);
|
||||
user_pref("media.peerconnection.ice.no_host", true); // [FF51+]
|
||||
user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70+]
|
||||
/* 2010: disable WebGL (Web Graphics Library)
|
||||
* [SETUP-WEB] When disabled, may break some websites. When enabled, provides high entropy,
|
||||
* especially with readPixels(). Some of the other entropy is lessened with RFP (see 4501)
|
||||
@ -1065,6 +1048,7 @@ user_pref("javascript.options.asmjs", false);
|
||||
// user_pref("javascript.options.ion", false);
|
||||
// user_pref("javascript.options.baselinejit", false);
|
||||
/* 2422: disable WebAssembly [FF52+] [SETUP-PERF]
|
||||
* [NOTE] In FF71+ this no longer affects extensions (1576254)
|
||||
* [1] https://developer.mozilla.org/docs/WebAssembly ***/
|
||||
user_pref("javascript.options.wasm", false);
|
||||
/* 2426: disable Intersection Observer API [FF55+]
|
||||
@ -1139,13 +1123,14 @@ user_pref("devtools.chrome.enabled", false);
|
||||
/* 2608: disable WebIDE to prevent remote debugging and ADB extension download
|
||||
* [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/
|
||||
user_pref("devtools.debugger.remote-enabled", false);
|
||||
user_pref("devtools.webide.enabled", false);
|
||||
user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+]
|
||||
user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+]
|
||||
/* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN]
|
||||
* [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc
|
||||
* [1] https://bugzilla.mozilla.org/1173199 ***/
|
||||
// user_pref("mathml.disabled", true);
|
||||
/* 2610: disable in-content SVG (Scalable Vector Graphics) [FF53+]
|
||||
* [NOTE] In FF70+ and ESR68.1.0+ this no longer affects extensions (1564208)
|
||||
* [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile.
|
||||
* [1] https://bugzilla.mozilla.org/1216893 ***/
|
||||
// user_pref("svg.disabled", true);
|
||||
@ -1174,7 +1159,7 @@ user_pref("webchannel.allowObject.urlWhitelist", "");
|
||||
* [3] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/
|
||||
* [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/
|
||||
user_pref("network.IDN_show_punycode", true);
|
||||
/* 2620: enable Firefox's built-in PDF reader [SETUP-CHROME]
|
||||
/* 2620: enforce Firefox's built-in PDF reader [SETUP-CHROME]
|
||||
* This setting controls if the option "Display in Firefox" is available in the setting below
|
||||
* and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With")
|
||||
* PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most)
|
||||
@ -1222,7 +1207,8 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
|
||||
// user_pref("extensions.webextensions.restrictedDomains", "");
|
||||
|
||||
/** SECURITY ***/
|
||||
/* 2680: enable CSP (Content Security Policy)
|
||||
/* 2680: enforce CSP (Content Security Policy)
|
||||
* [WARNING] CSP is a very important and widespread security feature. Don't disable it!
|
||||
* [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/
|
||||
user_pref("security.csp.enable", true); // [DEFAULT: true]
|
||||
/* 2684: enforce a security delay on some confirmation dialogs such as install, open/save
|
||||
@ -1246,7 +1232,7 @@ user_pref("security.dialog_enable_delay", 700);
|
||||
user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
|
||||
/* 2701: disable 3rd-party cookies and site-data [SETUP-WEB]
|
||||
* 0=Accept cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies,
|
||||
* 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers (FF63+) (default FF69+)
|
||||
* 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (FF63+) (default FF69+)
|
||||
* [NOTE] You can set exceptions under site permissions or use an extension
|
||||
* [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/
|
||||
user_pref("network.cookie.cookieBehavior", 1);
|
||||
@ -1337,6 +1323,7 @@ user_pref("privacy.cpd.sessions", true); // Active Logins
|
||||
user_pref("privacy.cpd.siteSettings", false); // Site Preferences
|
||||
/* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+]
|
||||
* [NOTE] Not needed if Session Restore is not used (see 0102) or is already cleared with history (see 2803)
|
||||
* [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (see 1022)
|
||||
* [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/
|
||||
// user_pref("privacy.clearOnShutdown.openWindows", true);
|
||||
// user_pref("privacy.cpd.openWindows", true);
|
||||
@ -1366,6 +1353,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
|
||||
** 1542309 - isolate top-level domain URLs when host is in the public suffix list (FF68+)
|
||||
** 1506693 - isolate pdfjs range-based requests (FF68+)
|
||||
** 1330467 - isolate site permissions (FF69+)
|
||||
** 1534339 - isolate IPv6 (coming soon)
|
||||
***/
|
||||
user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
|
||||
/* 4001: enable First Party Isolation [FF51+]
|
||||
@ -1381,7 +1369,7 @@ user_pref("privacy.firstparty.isolate", true);
|
||||
* [2] https://bugzilla.mozilla.org/1492607
|
||||
* [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/
|
||||
user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
|
||||
// user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF]
|
||||
// user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR]
|
||||
|
||||
/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
|
||||
This master switch will be used for a wide range of items, many of which will
|
||||
@ -1445,6 +1433,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL
|
||||
** 1540726 - return "light" with prefers-color-scheme (FF67+)
|
||||
[1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme
|
||||
** 1564422 - spoof audioContext outputLatency (FF70+)
|
||||
** 1595823 - spoof audioContext sampleRate (FF72+)
|
||||
***/
|
||||
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
|
||||
/* 4501: enable privacy.resistFingerprinting [FF41+]
|
||||
@ -1633,16 +1622,18 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
|
||||
// user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC]
|
||||
// user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
|
||||
// user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under]
|
||||
/* UX: FEATURES: disable and hide the icons and menus ***/
|
||||
// user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF69+]
|
||||
// user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+]
|
||||
// user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART]
|
||||
// user_pref("reader.parse-on-load.enabled", false); // Reader View
|
||||
/* OTHER ***/
|
||||
// user_pref("browser.bookmarks.max_backups", 2);
|
||||
// user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+]
|
||||
// [SETTING] General>Browsing>Recommend extensions as you browse
|
||||
// user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+]
|
||||
// [SETTING] General>Browsing>Recommend features as you browse
|
||||
// user_pref("extensions.pocket.enabled", false); // disable and hide Pocket [FF46+]
|
||||
// user_pref("identity.fxaccounts.enabled", false); // disable and hide Firefox Accounts and Sync [FF60+] [RESTART]
|
||||
// user_pref("network.manage-offline-status", false); // see bugzilla 620472
|
||||
// user_pref("reader.parse-on-load.enabled", false); // "Reader View"
|
||||
// user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
|
||||
|
||||
/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED
|
||||
@ -1651,9 +1642,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
|
||||
[1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123
|
||||
***/
|
||||
user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!");
|
||||
/* ESR60.x still uses all the following prefs
|
||||
// [NOTE] replace the * with a slash in the line above to re-enable them
|
||||
// FF61
|
||||
/* FF61
|
||||
// 0501: disable experiments
|
||||
// [1] https://wiki.mozilla.org/Telemetry/Experiments
|
||||
// [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801
|
||||
@ -1670,12 +1659,12 @@ user_pref("network.jar.block-remote-files", true);
|
||||
// [-] https://bugzilla.mozilla.org/1427726
|
||||
user_pref("network.jar.open-unsafe-types", false);
|
||||
// ***/
|
||||
// FF62
|
||||
/* FF62
|
||||
// 1803: disable Java plugin
|
||||
// [-] (part5) https://bugzilla.mozilla.org/1461243
|
||||
user_pref("plugin.state.java", 0);
|
||||
// ***/
|
||||
// FF63
|
||||
/* FF63
|
||||
// 0205: disable GeoIP-based search results
|
||||
// [NOTE] May not be hidden if Firefox has changed your settings due to your locale
|
||||
// [-] https://bugzilla.mozilla.org/1462015
|
||||
@ -1701,7 +1690,7 @@ user_pref("media.autoplay.enabled", false);
|
||||
// [-] https://bugzilla.mozilla.org/1473595
|
||||
// user_pref("browser.ctrlTab.previews", true);
|
||||
// ***/
|
||||
// FF64
|
||||
/* FF64
|
||||
// 0516: disable Onboarding [FF55+]
|
||||
// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time
|
||||
// about:home or about:newtab is opened, the onboarding overlay is injected into that page
|
||||
@ -1721,7 +1710,7 @@ user_pref("devtools.webide.adbAddonURL", "");
|
||||
// [-] https://bugzilla.mozilla.org/1488165
|
||||
user_pref("security.csp.enable_violation_events", false);
|
||||
// ***/
|
||||
// FF65
|
||||
/* FF65
|
||||
// 0850a: disable location bar autocomplete and suggestion types
|
||||
// If you enforce any of the suggestion types (see the other 0850a), you MUST enforce 'autocomplete'
|
||||
// - If *ALL* of the suggestion types are false, 'autocomplete' must also be false
|
||||
@ -1733,7 +1722,7 @@ user_pref("browser.urlbar.autocomplete.enabled", false);
|
||||
// [-] https://bugzilla.mozilla.org/1510580
|
||||
user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true]
|
||||
// ***/
|
||||
// FF66
|
||||
/* FF66
|
||||
// 0380: disable Browser Error Reporter [FF60+]
|
||||
// [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection
|
||||
// [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html
|
||||
@ -1744,7 +1733,7 @@ user_pref("browser.chrome.errorReporter.submitUrl", "");
|
||||
// [-] https://bugzilla.mozilla.org/1415625
|
||||
user_pref("network.allow-experiments", false);
|
||||
// ***/
|
||||
// FF67
|
||||
/* FF67
|
||||
// 2428: enforce DOMHighResTimeStamp API
|
||||
// [WARNING] Required for normalization of timestamps and any timer resolution mitigations
|
||||
// [-] https://bugzilla.mozilla.org/1485264
|
||||
@ -1755,7 +1744,7 @@ user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true]
|
||||
// [-] https://bugzilla.mozilla.org/1528953
|
||||
// user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false);
|
||||
// ***/
|
||||
// FF68
|
||||
/* FF68
|
||||
// 0105b: disable Activity Stream Legacy Snippets
|
||||
// [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1546190,1540939
|
||||
user_pref("browser.newtabpage.activity-stream.disableSnippets", true);
|
||||
@ -1771,7 +1760,6 @@ user_pref("lightweightThemes.update.enabled", false);
|
||||
// [-] https://bugzilla.mozilla.org/1386214
|
||||
user_pref("security.csp.experimentalEnabled", true);
|
||||
// ***/
|
||||
// ***/
|
||||
|
||||
/* ESR68.x still uses all the following prefs
|
||||
// [NOTE] replace the * with a slash in the line above to re-enable them
|
||||
@ -1781,7 +1769,7 @@ user_pref("security.csp.experimentalEnabled", true);
|
||||
// user_pref("gfx.downloadable_fonts.woff2.enabled", false);
|
||||
// 1802: enforce click-to-play for plugins
|
||||
// [-] https://bugzilla.mozilla.org/1519434
|
||||
user_pref("plugins.click_to_play", true); // [DEFAULT: true in FF25+]
|
||||
user_pref("plugins.click_to_play", true); // [DEFAULT: true FF25+]
|
||||
// 2033: disable autoplay for muted videos [FF63+] - replaced by 'media.autoplay.default' options (2030)
|
||||
// [-] https://bugzilla.mozilla.org/1562331
|
||||
// user_pref("media.autoplay.allow-muted", false);
|
||||
|
||||
Reference in New Issue
Block a user