77-beta

remove extra line from last commit, save one byte
RFP alts: prefers-reduced-motion
2025-09-01 17:38:30 +02:00 · 2020-06-12 17:39:28 +00:00 · 2020-06-05 03:10:09 +00:00 · 2020-06-05 03:08:16 +00:00 · 2020-06-02 20:48:41 +00:00 · 2020-06-01 15:27:38 +00:00
3 changed files with 57 additions and 32 deletions
--- a/scratchpad-scripts/troubleshooter.js
+++ b/scratchpad-scripts/troubleshooter.js
@ -1,5 +1,5 @@

-/*** ghacks-user.js troubleshooter.js v1.6.0 ***/
+/*** ghacks-user.js troubleshooter.js v1.6.1 ***/

 (function() {

@ -107,7 +107,7 @@
  ]

  // any runtime-set pref that everyone will have and that can be safely reset
-  const oFILLER = { type: 64, name: 'extensions.blocklist.pingCountTotal', value: -1 };
+  const oFILLER = { type: 64, name: 'app.update.lastUpdateTime.browser-cleanup-thumbnails', value: 1580000000 };

  function getMyList(arr) {
    const aRet = [];
--- a/updater.sh
+++ b/updater.sh
@ -2,7 +2,7 @@

 ## ghacks-user.js updater for macOS and Linux

-## version: 2.5
+## version: 2.6
 ## Author: Pat Johnson (@overdodactyl)
 ## Additional contributors: @earthlng, @ema-pe, @claustromaniac

@ -313,8 +313,10 @@ update_userjs () {

  # apply overrides
  if [ "$SKIPOVERRIDE" = false ]; then
-    while IFS=',' read -ra FILE; do
+    while IFS=',' read -ra FILES; do
+      for FILE in "${FILES[@]}"; do
        add_override "$FILE"
+      done
    done <<< "$OVERRIDE"
  fi

--- a/user.js
+++ b/user.js
@ -1,7 +1,7 @@
 /******
 * name: ghacks user.js
-* date: 23 April 2020
-* version 75
+* date: 12 Jun 2020
+* version 77-beta
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
 * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
@ -272,12 +272,10 @@ user_pref("network.connectivity-service.enabled", false);
 /*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING (SB) ***/
 user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!");
 /** BLOCKLISTS ***/
-/* 0401: enforce Firefox blocklist, but sanitize blocklist url
+/* 0401: enforce Firefox blocklist
 * [NOTE] It includes updates for "revoked certificates"
- * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
- * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/
+ * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ ***/
 user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true]
-user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/");

 /** SAFE BROWSING (SB)
    Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never
@ -443,6 +441,11 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
 * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/
 user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]

+/*** [SECTION 0709]: HOTFIX for FF77, FIXED in FF78 ***/
+/* 0709: disabling UNC can cause extension storage to fail
+ * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/923 ***/
+user_pref("network.file.disable_unc_paths", false); // [HIDDEN PREF]
+
 /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
     Change items 0850 and above to suit for privacy vs convenience and functionality. Consider
     your environment (no unwanted eyeballs), your device (restricted access), your device's
@ -508,9 +511,6 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
 /* 0850d: disable location bar autofill
 * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
   // user_pref("browser.urlbar.autoFill", false);
-/* 0850e: disable location bar one-off searches [FF51+]
- * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
-   // user_pref("browser.urlbar.oneOffSearches", false);
 /* 0860: disable search and form history
 * [SETUP-WEB] Be aware thet autocomplete form data can be read by third parties, see [1] [2]
 * [NOTE] We also clear formdata on exit (see 2803)
@ -738,6 +738,11 @@ user_pref("security.mixed_content.block_display_content", true);
 /* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+]
 * [1] https://bugzilla.mozilla.org/1190623 ***/
 user_pref("security.mixed_content.block_object_subrequest", true);
+/* 1244: enable https-only-mode [FF76+]
+ * [NOTE] This is experimental
+ * [1] https://bugzilla.mozilla.org/1613063 */
+   // user_pref("dom.security.https_only_mode", true); // [FF76+]
+   // user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+]

 /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] ***/
 /* 1261: disable 3DES (effective key size < 128)
@ -750,8 +755,8 @@ user_pref("security.mixed_content.block_object_subrequest", true);
   // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
 /* 1263: disable DHE (Diffie-Hellman Key Exchange)
 * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/
-   // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
-   // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
+   // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false FF79+]
+   // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false FF79+]
 /* 1264: disable the remaining non-modern cipher suites as of FF52 ***/
   // user_pref("security.ssl3.rsa_aes_128_sha", false);
   // user_pref("security.ssl3.rsa_aes_256_sha", false);
@ -779,7 +784,7 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+]
 user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
 /* 1401: disable websites choosing fonts (0=block, 1=allow)
 * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector
- * [SETUP-WEB] Disabling fonts can uglify the web a fair bit.
+ * [SETUP-WEB] Can break some PDFs (missing text). Limiting to default fonts can "uglify" the web
 * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/
 user_pref("browser.display.use_document_fonts", 0);
 /* 1403: disable icon fonts (glyphs) and local fallback rendering
@ -1129,10 +1134,6 @@ user_pref("browser.helperApps.deleteTempFileOnExit", true);
 /* 2604: disable page thumbnail collection
 * look in profile/thumbnails directory - you may want to clean that out ***/
 user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
-/* 2605: block web content in file processes [FF55+]
- * [SETUP-WEB] You may want to disable this for corporate or developer environments
- * [1] https://bugzilla.mozilla.org/1343184 ***/
-user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
 /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
 user_pref("browser.uitour.enabled", false);
 user_pref("browser.uitour.url", "");
@ -1142,7 +1143,7 @@ user_pref("browser.uitour.url", "");
 user_pref("devtools.chrome.enabled", false);
 /* 2608: disable remote debugging
 * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/
-user_pref("devtools.debugger.remote-enabled", false);
+user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
 /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN]
 * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc
 * [1] https://bugzilla.mozilla.org/1173199 ***/
@ -1410,12 +1411,13 @@ user_pref("privacy.firstparty.isolate", true);
      This spoof *shouldn't* affect core chrome/Firefox performance
 ** 1217238 - reduce precision of time exposed by javascript (FF55+)
 ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+)
- ** 1333651 & 1383495 & 1396468 - spoof Navigator API (see section 4700) (FF56+)
-      FF56: The version number will be rounded down to the nearest multiple of 10
-      FF57: The version number will match current ESR (1393283, 1418672, 1418162, 1511763)
-      FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608)
-      FF66: The OS in HTTP Headers will be reduced to Windows or Android (1509829)
-      FF68: Reported OS versions updated to Windows 10, OS 10.14, and Adnroid 8.1 (1511434)
+ ** 1333651 & 1383495 & 1396468 - spoof User Agent & Navigator API (see section 4700) (FF56+)
+      FF56: Version: rounded down to the nearest multiple of 10
+      FF57: Version: match current ESR (1393283, 1418672, 1418162, 1511763)
+      FF59: OS: Windows, OSX, Android, or Linux (to reduce breakage) (1404608)
+      FF66: OS: HTTP Headers reduced to Windows or Android (1509829)
+      FF68: OS: updated to Windows 10, OS 10.14, and Android 8.1 (1511434)
+      FF78: OS: updated to OS 10.15 and Android 9.0 (1635011)
 ** 1369319 - disable device sensor API (see 4604) (FF56+)
 ** 1369357 - disable site specific zoom (see 4605) (FF56+)
 ** 1337161 - hide gamepads from content (see 4606) (FF56+)
@ -1429,7 +1431,7 @@ user_pref("privacy.firstparty.isolate", true);
 ** 1354633 - limit MediaError.message to a whitelist (FF57+)
 ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+)
      This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
- **  967895 - enable site permission prompt before allowing canvas data extraction (FF58+)
+ **  967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction (FF58+)
      FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865)
 ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+)
      Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if
@ -1442,7 +1444,7 @@ user_pref("privacy.firstparty.isolate", true);
      FF60: Fix keydown/keyup events (1438795)
 ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+)
 ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+)
- ** 1479239 - return "no-preference" with prefers-reduced-motion (FF63+)
+ ** 1479239 - return "no-preference" with prefers-reduced-motion (see 4617) (FF63+)
 ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+)
      FF65: pointerEvent.pointerid (1492766)
 ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+)
@ -1452,6 +1454,7 @@ user_pref("privacy.firstparty.isolate", true);
 ** 1564422 - spoof audioContext outputLatency (FF70+)
 ** 1595823 - spoof audioContext sampleRate (FF72+)
 ** 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+)
+ ** 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting [FF41+]
@ -1581,6 +1584,9 @@ user_pref("ui.use_standins_for_native_colors", true);
 // 4616: enforce prefers-color-scheme as light [FF67+]
   // 0=light, 1=dark : This overrides your OS value
 user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
+// 4617: enforce prefers-reduced-motion as no-preference [FF63+]
+   // 0=no-preference, 1=reduce
+user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF]
 // * * * /
 // ***/

@ -1589,8 +1595,8 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
     to use RFP (4500) or an extension, in which case they become POINTLESS.
     (a) Many of the components that make up your UA can be derived by other means.
         And when those values differ, you provide more bits and raise entropy.
-         Examples of leaks include navigator objects, date locale/formats, iframes,
-         headers, tcp/ip attributes, feature detection, and **many** more.
+         Examples of leaks include workers, navigator objects, date locale/formats,
+         iframes, headers, tcp/ip attributes, feature detection, and **many** more.
     ALL values below intentionally left blank - use RFP, or get a vetted, tested
         extension and mimic RFP values to *lower* entropy, or randomize to *raise* it
 ***/
@ -1718,6 +1724,23 @@ user_pref("privacy.userContext.longPressBehavior", 2);
   // [-] https://bugzilla.mozilla.org/1477756
 user_pref("webgl.disable-extensions", true);
 // * * * /
+// FF76
+// 0401: sanitize blocklist url
+   // [2] https://trac.torproject.org/projects/tor/ticket/16931
+   // [-] https://bugzilla.mozilla.org/1618188
+user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/");
+// * * * /
+// FF77
+// 0850e: disable location bar one-off searches [FF51+]
+   // [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/
+   // [-] https://bugzilla.mozilla.org/1628926
+   // user_pref("browser.urlbar.oneOffSearches", false);
+// 2605: block web content in file processes [FF55+]
+   // [SETUP-WEB] You may want to disable this for corporate or developer environments
+   // [1] https://bugzilla.mozilla.org/1343184
+   // [-] https://bugzilla.mozilla.org/1603007
+user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
+// * * * /
 // ***/

 /* END: internal custom pref to test for syntax errors ***/
Author	SHA1	Message	Date
Thorin-Oakenpants	9d78e050ee	77-beta	2020-06-12 17:39:28 +00:00
Thorin-Oakenpants	b07cf1f03d	remove extra line from last commit, save one byte	2020-06-05 03:10:09 +00:00
Thorin-Oakenpants	683ef63b37	RFP alts: prefers-reduced-motion	2020-06-05 03:08:16 +00:00
Thorin-Oakenpants	05580f5e99	0709 hotfix, #923 , #951	2020-06-02 20:48:41 +00:00
Thorin-Oakenpants	ecc62554e5	2608: remote debugging: default value, closes #950	2020-06-01 15:27:38 +00:00
Thorin-Oakenpants	f6e6de8444	77 deprecated	2020-05-29 12:41:59 +00:00
Thorin-Oakenpants	f69d92e6dd	1244: https upgrade local	2020-05-29 12:23:17 +00:00
Matt Loberg	3edc48da56	fix updater.sh when dealing with multiple overrides (#947 ) thanks @mloberg !	2020-05-26 11:54:55 +00:00
Thorin-Oakenpants	868882ae33	start 77-alpha	2020-05-24 18:11:55 +00:00
Thorin-Oakenpants	ff9bf76e52	76 final, save some bytes in RFP section	2020-05-24 18:09:46 +00:00
Thorin-Oakenpants	4bc5b89cfe	4500: RFP changes 78+ re canvas	2020-05-15 23:18:11 +00:00
Thorin-Oakenpants	bb1e5bfd54	76-beta	2020-05-07 14:56:49 +00:00
Thorin-Oakenpants	27d72eda9e	1244: https-only-mode	2020-05-07 06:20:10 +00:00
Thorin-Oakenpants	07117c65c1	RFP spoofs FF78+	2020-05-07 05:13:19 +00:00
Thorin-Oakenpants	919d4bfe96	godamnit, also move related reference	2020-05-04 10:52:25 +00:00
Thorin-Oakenpants	e38e253c25	oophs, forgot deprecation source	2020-05-04 10:49:07 +00:00
Thorin-Oakenpants	14aaec71fb	76 deprecated	2020-05-04 07:34:23 +00:00
Thorin-Oakenpants	c0780df24d	1401: PDF breakage, closes #937	2020-04-30 21:50:50 +00:00
Thorin-Oakenpants	0ea1605642	start 76-alpha, 2605 default	2020-04-30 18:52:27 +00:00
earthlng	bd384622db	Update troubleshooter.js (#935 ) extensions.blocklist.pingCountTotal is not used anymore in FF76+	2020-04-29 12:00:10 +00:00