update to current

v91.1
2025-09-01 09:28:31 +02:00 · 2021-10-27 06:28:57 +00:00 · 2021-10-27 06:26:25 +00:00
5 changed files with 123 additions and 59 deletions
--- a/README.md
+++ b/README.md
@ -9,7 +9,7 @@ The `arkenfox user.js` is a **template** which aims to provide as much privacy a

 Everyone, experts included, should at least read the [implementation](https://github.com/arkenfox/user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings.

-Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services.
+Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. 

 Also be aware that the `arkenfox user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.

@ -23,3 +23,5 @@ Also be aware that the `arkenfox user.js` is made specifically for desktop Firef

 ### 🟥  acknowledgments
 Literally thousands of sources, references and suggestions. Many thanks, and much appreciated.
+
+
--- a/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js
+++ b/scratchpad-scripts/arkenfox-clear-RFP-alternatives.js
@ -0,0 +1,72 @@
+/***
+  This will reset the preferences that are under sections 4600 & 4700 in the
+  arkenfox user.js. These are the prefs that are no longer necessary, or they
+  conflict with, privacy.resistFingerprinting if you have that enabled.
+
+  Final update: 10-August-2021
+
+  As of v91, section 4600 is no longer recommended, and is all inactive. This
+  now includes the old 4700 section. You can reset them using prefsCleaner.
+  
+  For instructions see:
+  https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+***/
+
+(() => {
+
+  if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!');
+
+  const aPREFS = [
+    /* section 4600 */
+    'dom.maxHardwareConcurrency',
+    'dom.enable_resource_timing',
+    'dom.enable_performance',
+    'device.sensors.enabled',
+    'browser.zoom.siteSpecific',
+    'dom.gamepad.enabled',
+    'dom.netinfo.enabled',
+    'media.webspeech.synth.enabled',
+    'media.video_stats.enabled',
+    'dom.w3c_touch_events.enabled',
+    'media.navigator.enabled',
+    'media.ondevicechange.enabled',
+    'webgl.enable-debug-renderer-info',
+    'ui.prefersReducedMotion',
+    'dom.w3c_pointer_events.enabled', // deprecated FF87
+    'ui.use_standins_for_native_colors',
+    'ui.systemUsesDarkTheme',
+    'dom.webaudio.enabled',
+    'layout.css.font-visibility.level',
+    /* section 4700 */
+    'general.appname.override',
+    'general.appversion.override',
+    'general.buildID.override',
+    'general.oscpu.override',
+    'general.platform.override',
+    'general.useragent.override',
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ];
+
+  console.clear();
+
+  let c = 0;
+  for (const sPname of aPREFS) {
+    if (Services.prefs.prefHasUserValue(sPname)) {
+      Services.prefs.clearUserPref(sPname);
+      if (!Services.prefs.prefHasUserValue(sPname)) {
+        console.info('reset', sPname);
+        c++;
+      } else console.warn('failed to reset', sPname);
+    }
+  }
+
+  focus();
+
+  const d = (c==1) ? ' pref' : ' prefs';
+  alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset');
+
+  return 'all done';
+
+})();
+
--- a/scratchpad-scripts/troubleshooter.js
+++ b/scratchpad-scripts/troubleshooter.js
@ -1,3 +1,4 @@
+
 /*** arkenfox user.js troubleshooter.js v1.6.3 ***/

 (function() {
@ -193,7 +194,7 @@

  const aBAK = getMyList(aPREFS);
  //console.log(aBAK.length, "user-set prefs from our list detected and their values stored.");
-
+  
  const sMsg = "all detected prefs reset.\n\n" +
        "!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\n" +
        "IF the problem still exists, this script can't help you - click Cancel to re-apply your values and exit.\n\n" +
--- a/updater.sh
+++ b/updater.sh
@ -41,9 +41,9 @@ ESR=false

 # Download method priority: curl -> wget
 DOWNLOAD_METHOD=''
-if command -v curl >/dev/null; then
+if [[ $(command -v 'curl') ]]; then
  DOWNLOAD_METHOD='curl --max-redirs 3 -so'
-elif command -v wget >/dev/null; then
+elif [[ $(command -v 'wget') ]]; then
  DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O'
 else
  echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}"
@ -51,7 +51,7 @@ else
 fi


-show_banner() {
+show_banner () {
  echo -e "${BBLUE}
                ############################################################################
                ####                                                                    ####
@ -103,13 +103,13 @@ Optional Arguments:
 #     File Handling     #
 #########################

-download_file() { # expects URL as argument ($1)
+download_file () { # expects URL as argument ($1)
  declare -r tf=$(mktemp)

  $DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error
 }

-open_file() { # expects one argument: file_path
+open_file () { # expects one argument: file_path
  if [ "$(uname)" == 'Darwin' ]; then
    open "$1"
  elif [ "$(uname -s | cut -c -5)" == "Linux" ]; then
@ -119,11 +119,11 @@ open_file() { # expects one argument: file_path
  fi
 }

-readIniFile() { # expects one argument: absolute path of profiles.ini
+readIniFile () { # expects one argument: absolute path of profiles.ini
  declare -r inifile="$1"

  # tempIni will contain: [ProfileX], Name=, IsRelative= and Path= (and Default= if present) of the only (if) or the selected (else) profile
-  if [ "$(grep -c '^\[Profile' "${inifile}")" -eq "1" ]; then ### only 1 profile found
+  if [ $(grep -c '^\[Profile' "${inifile}") -eq "1" ]; then ### only 1 profile found
    tempIni="$(grep '^\[Profile' -A 4 "${inifile}")"
  else
    echo -e "Profiles found:\n––––––––––––––––––––––––––––––"
@ -150,7 +150,7 @@ readIniFile() { # expects one argument: absolute path of profiles.ini
  [[ ${pathisrel} == "1" ]] && PROFILE_PATH="$(dirname "${inifile}")/${PROFILE_PATH}"
 }

-getProfilePath() {
+getProfilePath () {
  declare -r f1=~/Library/Application\ Support/Firefox/profiles.ini
  declare -r f2=~/.mozilla/firefox/profiles.ini

@ -175,8 +175,8 @@ getProfilePath() {
 #########################

 # Returns the version number of a updater.sh file
-get_updater_version() {
-  echo "$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")"
+get_updater_version () {
+  echo $(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")
 }

 # Update updater.sh
@ -184,14 +184,14 @@ get_updater_version() {
 # Args:
 #   -d: New version will not be looked for and update will not occur
 #   -u: Check for update, if available, execute without asking
-update_updater() {
-  [ "$UPDATE" = 'no' ] && return 0 # User signified not to check for updates
+update_updater () {
+  [ $UPDATE = 'no' ] && return 0 # User signified not to check for updates

  declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')"
  [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed

  if [[ $(get_updater_version "$SCRIPT_FILE") < $(get_updater_version "${tmpfile}") ]]; then
-    if [ "$UPDATE" = 'check' ]; then
+    if [ $UPDATE = 'check' ]; then
      echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}"
      read -p "" -n 1 -r
      echo -e "\n\n"
@ -211,11 +211,11 @@ update_updater() {
 #########################

 # Returns version number of a user.js file
-get_userjs_version() {
-  [ -e "$1" ] && echo "$(sed -n '4p' "$1")" || echo "Not detected."
+get_userjs_version () {
+  [ -e $1 ] && echo "$(sed -n '4p' "$1")" || echo "Not detected."
 }

-add_override() {
+add_override () {
  input=$1
  if [ -f "$input" ]; then
    echo "" >> user.js
@ -235,27 +235,27 @@ add_override() {
  fi
 }

-remove_comments() { # expects 2 arguments: from-file and to-file
+remove_comments () { # expects 2 arguments: from-file and to-file
  sed -e '/^\/\*.*\*\/[[:space:]]*$/d' -e '/^\/\*/,/\*\//d' -e 's|^[[:space:]]*//.*$||' -e '/^[[:space:]]*$/d' -e 's|);[[:space:]]*//.*|);|' "$1" > "$2"
 }

 # Applies latest version of user.js and any custom overrides
-update_userjs() {
+update_userjs () {
  declare -r newfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')"
  [ -z "${newfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && return 1 # check if download failed

  echo -e "Please observe the following information:
    Firefox profile:  ${ORANGE}$(pwd)${NC}
-    Available online: ${ORANGE}$(get_userjs_version "$newfile")${NC}
+    Available online: ${ORANGE}$(get_userjs_version $newfile)${NC}
    Currently using:  ${ORANGE}$(get_userjs_version user.js)${NC}\n\n"

-  if [ "$CONFIRM" = 'yes' ]; then
+  if [ $CONFIRM = 'yes' ]; then
    echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}"
    read -p "" -n 1 -r
    echo -e "\n"
    if [[ $REPLY =~ ^[Nn]$ ]]; then
      echo -e "${RED}Process aborted${NC}"
-      rm "$newfile"
+      rm $newfile
      return 1
    fi
  fi
@ -269,7 +269,7 @@ update_userjs() {
  # backup user.js
  mkdir -p userjs_backups
  local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")"
-  [ "$BACKUP" = 'single' ] && bakname='userjs_backups/user.js.backup'
+  [ $BACKUP = 'single' ] && bakname='userjs_backups/user.js.backup'
  cp user.js "$bakname" &>/dev/null

  mv "${newfile}" user.js
@ -295,19 +295,19 @@ update_userjs() {
    past_nocomments='userjs_diffs/past_userjs.txt'
    current_nocomments='userjs_diffs/current_userjs.txt'

-    remove_comments "$pastuserjs" "$past_nocomments"
-    remove_comments user.js "$current_nocomments"
+    remove_comments $pastuserjs $past_nocomments
+    remove_comments user.js $current_nocomments

    diffname="userjs_diffs/diff_$(date +"%Y-%m-%d_%H%M").txt"
-    diff=$(diff -w -B -U 0 "$past_nocomments" "$current_nocomments")
-    if [ -n "$diff" ]; then
+    diff=$(diff -w -B -U 0 $past_nocomments $current_nocomments)
+    if [ ! -z "$diff" ]; then
      echo "$diff" > "$diffname"
      echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}"
    else
      echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical.  No diff file was created.${NC}"
-      [ "$BACKUP" = 'multiple' ] && rm "$bakname" &>/dev/null
+      [ $BACKUP = 'multiple' ] && rm $bakname &>/dev/null
    fi
-    rm "$past_nocomments" "$current_nocomments" "$pastuserjs" &>/dev/null
+    rm $past_nocomments $current_nocomments $pastuserjs &>/dev/null
  fi

  [ "$VIEW" = true ] && open_file "${PWD}/user.js"
@ -319,7 +319,7 @@ update_userjs() {

 if [ $# != 0 ]; then
  # Display usage if first argument is -help or --help
-  if [ "$1" = '--help' ] || [ "$1" = '-help' ]; then
+  if [ $1 = '--help' ] || [ $1 = '-help' ]; then
    usage
  else
    while getopts ":hp:ludsno:bcvre" opt; do
@ -363,7 +363,7 @@ if [ $# != 0 ]; then
        r)
          tfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')"
          [ -z "${tfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && exit 1 # check if download failed
-          mv "$tfile" "${tfile}.js"
+          mv $tfile "${tfile}.js"
          echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}"
          open_file "${tfile}.js"
          exit 0
@ -382,7 +382,7 @@ if [ $# != 0 ]; then
 fi

 show_banner
-update_updater "$@"
+update_updater $@

 getProfilePath # updates PROFILE_PATH or exits on error
 cd "$PROFILE_PATH" && update_userjs
--- a/user.js
+++ b/user.js
@ -1,7 +1,7 @@
 /******
 * name: arkenfox user.js
-* date: 12 October 2021
-* version 93
+* date: 27 October 2021
+* version 91.1
 * url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt

@ -127,7 +127,7 @@ user_pref("geo.provider.use_gpsd", false); // [LINUX]
 /* 0203: disable region updates
 * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/
 user_pref("browser.region.network.url", ""); // [FF78+]
-user_pref("browser.region.update.enabled", false); // [[FF79+]
+user_pref("browser.region.update.enabled", false); // [FF79+]
 /* 0204: set search region
 * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/
   // user_pref("browser.search.region", "US"); // [HIDDEN PREF]
@ -163,9 +163,6 @@ user_pref("app.update.background.scheduling.enabled", false);
 /* 0306: disable search engine updates (e.g. OpenSearch)
 * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/
 user_pref("browser.search.update", false);
-/* 0307: disable System Add-on updates ***/
-user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
-user_pref("extensions.systemAddon.update.url", ""); // [FF44+]

 /** RECOMMENDATIONS ***/
 /* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/
@ -321,13 +318,12 @@ user_pref("network.proxy.socks_remote_dns", true);
 * [SETUP-CHROME] Can break extensions for profiles on network shares
 * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/
 user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
-/* 0704: disable GIO as a potential proxy bypass vector
+/* 0704: disable GIO as a potential proxy bypass vector [FF60+]
 * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda,
 * gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64)
 * [1] https://bugzilla.mozilla.org/1433507
- * [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23044
- * [3] https://en.wikipedia.org/wiki/GVfs
- * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/
+ * [2] https://en.wikipedia.org/wiki/GVfs
+ * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/
 user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
 /* 0705: disable DNS-over-HTTPS (DoH) rollout [FF60+]
 * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
@ -338,8 +334,9 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
 * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
   // user_pref("network.trr.mode", 5);
 /* 0706: disable proxy direct failover for system requests [FF91+]
- * [WARNING] Default true is a security feature against malicious extensions
- * [SETUP-CHROME] If you use a proxy and you trust your extensions ***/
+ * [WARNING] Default true is a security feature against malicious extensions [1]
+ * [SETUP-CHROME] If you use a proxy and you trust your extensions
+ * [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/
   // user_pref("network.proxy.failover_direct", false);

 /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
@ -375,11 +372,6 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
 * 0=never resolve single words, 1=heuristic (default), 2=always resolve
 * [1] https://bugzilla.mozilla.org/1642623 ***/
 user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
-/* 0807: disable location bar contextual suggestions [FF92+]
- * [SETTING] Privacy & Security>Address Bar>Contextual Suggestions
- * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
-user_pref("browser.urlbar.suggest.quicksuggest", false);
-user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
 /* 0808: disable tab-to-search [FF85+]
 * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
 * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
@ -1072,7 +1064,7 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
 * Fingerprinting: provides a uniform look and feel across platforms [2]
 * [1] https://bugzilla.mozilla.org/1381938
 * [2] https://bugzilla.mozilla.org/1411425 ***/
-user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+]
+user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
 /* 4512: enforce links targeting new windows to open in a new tab instead
 * 1=most recent window or tab, 2=new window, 3=new tab
 * Stops malicious window sizes and some screen resolution leaks.
@ -1272,6 +1264,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
   // user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS
   // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
   // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
+   // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES
 /* 7004: control TLS versions
 * [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction ***/
   // user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
@ -1317,6 +1310,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 * [WHY] Fingerprintable. Breakage. Cut/copy/paste require user
 * interaction, and paste is limited to focused editable fields ***/
   // user_pref("dom.event.clipboardevents.enabled", false);
+/* 7014: disable System Add-on updates
+ * [WHY] It can compromise security. System addons ship with prefs, use those ***/
+   // user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
+   // user_pref("extensions.systemAddon.update.url", ""); // [FF44+]

 /*** [SECTION 8000]: DON'T BOTHER: NON-RFP
   [WHY] They are insufficient to help anti-fingerprinting and do more harm than good
@ -1405,14 +1402,6 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features",
   [1] https://github.com/arkenfox/user.js/issues/123
 ***/
 user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
-/* ESR91.x still uses all the following prefs
-// [NOTE] replace the * with a slash in the line above to re-enable them
-// FF93
-// 7003: disable non-modern cipher suites
-   // [-] https://bugzilla.mozilla.org/1724072
-   // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES
-// ***/
-
 /* ESR78.x still uses all the following prefs
 // [NOTE] replace the * with a slash in the line above to re-enable them
 // FF79
Author	SHA1	Message	Date
Thorin-Oakenpants	73994f580a	update to current	2021-10-27 06:28:57 +00:00
Thorin-Oakenpants	d2fb8296e0	v91.1	2021-10-27 06:26:25 +00:00