Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-09-01 09:28:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Git:95.0
Branches Tags
Git:master Git:Thorin-Oakenpants-patch-1
Git:140.0 Git:135.0 Git:133.0 Git:128.0 Git:126.1 Git:126.0 Git:122.0 Git:119.0 Git:118.0 Git:117.0 Git:115.1 Git:115.0 Git:112.0 Git:111.0 Git:110.0 Git:v110.0 Git:109.0 Git:108.0 Git:107.0 Git:106.0 Git:105.0 Git:104.0 Git:103.0 Git:102.1 Git:102.0 Git:101.0 Git:100.0 Git:99.0 Git:98.0 Git:97.0 Git:96.0 Git:95.0 Git:94.1 Git:94.0 Git:91.1 Git:93.0 Git:92.0 Git:91.0 Git:90.0 Git:89.0 Git:88.0 Git:87.0 Git:86.0 Git:85.0 Git:84.0 Git:83.0 Git:82.0 Git:v82.0-beta Git:81.0 Git:v81.0-beta Git:80.0 Git:v80.0-beta Git:79.0 Git:v79.0-beta Git:78.0 Git:v78.0-beta Git:77.0 Git:v77.0-beta Git:76.0 Git:v76.0-beta Git:75.0 Git:v75.0-beta Git:74.0 Git:v74.0-beta Git:73.0 Git:v73.0-beta Git:72.0 Git:v72.0-beta Git:71.0 Git:v71.0-beta Git:70.0 Git:v70.0-beta Git:69.0 Git:v69.0-beta Git:68.0 Git:v68.0-beta Git:67.0 Git:v67.0-beta Git:66.0 Git:v66.0-beta Git:65.0 Git:v65.0-beta Git:64.0 Git:v64.0-beta Git:63.0 Git:v63.0-beta Git:62.0 Git:v62.0-beta Git:61.0 Git:v61.0-beta Git:60.0 Git:v60.0-beta Git:59.0 Git:v59.0-alpha Git:58.0 Git:v58.0-alpha Git:57.0 Git:v57.0-alpha Git:56.0 Git:v56.0-alpha Git:55.0 Git:v55.0-alpha Git:54.0 Git:v54.0-alpha-rev1 Git:v54.0-alpha Git:53.0 Git:v53.0-alpha Git:52.0 Git:v52.0-alpha Git:51.0
...
compare: Git:96.0
Branches Tags
Git:Thorin-Oakenpants-patch-1 Git:master
Git:140.0 Git:135.0 Git:133.0 Git:128.0 Git:126.1 Git:126.0 Git:122.0 Git:119.0 Git:118.0 Git:117.0 Git:115.1 Git:115.0 Git:112.0 Git:111.0 Git:110.0 Git:v110.0 Git:109.0 Git:108.0 Git:107.0 Git:106.0 Git:105.0 Git:104.0 Git:103.0 Git:102.1 Git:102.0 Git:101.0 Git:100.0 Git:99.0 Git:98.0 Git:97.0 Git:96.0 Git:95.0 Git:94.1 Git:94.0 Git:91.1 Git:93.0 Git:92.0 Git:91.0 Git:90.0 Git:89.0 Git:88.0 Git:87.0 Git:86.0 Git:85.0 Git:84.0 Git:83.0 Git:82.0 Git:v82.0-beta Git:81.0 Git:v81.0-beta Git:80.0 Git:v80.0-beta Git:79.0 Git:v79.0-beta Git:78.0 Git:v78.0-beta Git:77.0 Git:v77.0-beta Git:76.0 Git:v76.0-beta Git:75.0 Git:v75.0-beta Git:74.0 Git:v74.0-beta Git:73.0 Git:v73.0-beta Git:72.0 Git:v72.0-beta Git:71.0 Git:v71.0-beta Git:70.0 Git:v70.0-beta Git:69.0 Git:v69.0-beta Git:68.0 Git:v68.0-beta Git:67.0 Git:v67.0-beta Git:66.0 Git:v66.0-beta Git:65.0 Git:v65.0-beta Git:64.0 Git:v64.0-beta Git:63.0 Git:v63.0-beta Git:62.0 Git:v62.0-beta Git:61.0 Git:v61.0-beta Git:60.0 Git:v60.0-beta Git:59.0 Git:v59.0-alpha Git:58.0 Git:v58.0-alpha Git:57.0 Git:v57.0-alpha Git:56.0 Git:v56.0-alpha Git:55.0 Git:v55.0-alpha Git:54.0 Git:v54.0-alpha-rev1 Git:v54.0-alpha Git:53.0 Git:v53.0-alpha Git:52.0 Git:v52.0-alpha Git:51.0

49 Commits
95.0 ... 96.0

Author SHA1 Message Date
Thorin-Oakenpants
ac0820a5dc add last bits about ETP Strict/dFPI, closes #1337 2022-01-21 03:48:06 +00:00
Thorin-Oakenpants
83b6d64e67 security.insecure_connection_text.enabled 
AF has been using HTTPS-Only mode since v84, the interstitial is more than ample, padlock is still marked as insecure
 2022-01-16 02:36:08 +00:00
Thorin-Oakenpants
b5bf2ee017 oophs, add removed item from last commit to 6050 2022-01-16 02:34:21 +00:00
Thorin-Oakenpants
09d62d2302 remove 1273: "not Secure" text on insecure sites 
AF has been using HTTPS-Only mode since v84, the interstitial is more than ample, padlock is still marked as insecure
 2022-01-16 02:31:57 +00:00
Thorin-Oakenpants
7a4676fe2d make 1601 setup tag more explicit, closes #1326 2022-01-15 05:25:11 +00:00
Thorin-Oakenpants
bc2aba3829 move last update pref to personal 2022-01-12 05:25:31 +00:00
Thorin-Oakenpants
926a2d4ac8 v96 deprecated, #1325 
also tidy the description to reflect that the setting is hidden
 2022-01-12 05:09:17 +00:00
Thorin-Oakenpants
ab7380c93b HoM: tweak background request info 2022-01-11 09:21:37 +00:00
Thorin-Oakenpants
06b8d8bfa3 move 0362 to don't touch 2022-01-07 17:29:26 +00:00
Thorin-Oakenpants
7016c2050d move TLS 1.0/1.1 downgrades to don't bother 
https://bugzilla.mozilla.org/show_bug.cgi?id=1745678
 2021-12-30 03:15:56 +00:00
Thorin-Oakenpants
2787da7f90 Update README.md 2021-12-24 06:04:38 +00:00
Thorin-Oakenpants
7e18f8b473 tweak 2011 
- FF85+ switched to using application regional locale
   - go to about:support > Internationalization & Localization (almost at the very end)
   - look at Application > Regional Preferences
- add test
 2021-12-24 06:01:41 +00:00
Thorin-Oakenpants
d2510b014d move updates to personal 
updating (app, extensions, ext cache) is not a privacy issue
- if you're willing to use Firefox but not trust updating, then I have two bricks to sell you: users who wish to disable it (to check changes first etc) and update in a timely manner, then that is on them - including any prompt fatigue
- same goes for extensions: the end-user installed them (and arkenfox only recommends a very select few) - the onus is on the end-user

The remaining ones I will deal with later
 2021-12-23 23:42:28 +00:00
Thorin-Oakenpants
87bd8683fa 2022: add browser.eme.ui.enabled 
for those who want to remove DRM prompts and have no intention of enabling it
 2021-12-23 21:22:41 +00:00
Thorin-Oakenpants
d48d3ad29a remove browser.eme.ui.enabled 2021-12-23 21:20:28 +00:00
Thorin-Oakenpants
6675225ec4 make 0301 inactive 
auto-updating is not a security nor a privacy risk, by default it should be enabled and it's on end-users if they want to disable it - does not affect windows users
 2021-12-23 06:36:39 +00:00
Thorin-Oakenpants
bb56056a68 explain 0-RTT 2021-12-15 19:23:03 +00:00
Thorin-Oakenpants
93f0ff89c8 move web notifcations to don't bother 2021-12-15 00:05:03 +00:00
Thorin-Oakenpants
7811e912f4 make push notifications inactive 
- they require SWers which are already blocked by virtue of permissions being session only
- also remove "dom.push.userAgentID" as this means prefsCleaner resets it and would wipe user's subscriptions
   - not adding "dom.push.userAgentID" to the cleanup script for the same reason
 2021-12-14 13:25:46 +00:00
Thorin-Oakenpants
238f1545f4 fixup thanks #fxbrit have a 🍥 fish cake 2021-12-13 14:15:25 +00:00
Thorin-Oakenpants
c269ac9f7d remove duplicate 2021-12-13 03:49:42 +00:00
Thorin-Oakenpants
78297132b4 fix syntax 2021-12-12 15:44:39 +00:00
Thorin-Oakenpants
8de87de050 update 0704: GIO, closes #1050 (#1300) 
https://bugzilla.mozilla.org/show_bug.cgi?id=1666725
 2021-12-12 15:41:55 +00:00
Thorin-Oakenpants
8bc25b552d expand 0650 to include any removed item 
this should reduce any dependency on the scratchpad script
 2021-12-12 15:30:53 +00:00
Thorin-Oakenpants
c8c86262d7 enforce SmartBlock shims 2021-12-12 13:51:25 +00:00
Thorin-Oakenpants
f836e55363 tidy ETP stuff 2021-12-12 13:31:01 +00:00
Thorin-Oakenpants
8cdb30cc08 make cookie pref active 
@SkewedZeppelin ... https://github.com/arkenfox/user.js/issues/1051#issuecomment-991806497
 2021-12-12 00:26:12 +00:00
Thorin-Oakenpants
54810e333f typo 2021-12-11 19:17:43 +00:00
Thorin-Oakenpants
7ec13c0323 sharedWorkers tweak 
tested in FF91+. Seems as if sharedWorkers no longer requires an explicit `Allow`
 2021-12-11 12:22:00 +00:00
Thorin-Oakenpants
af109d4696 tweak 7016 2021-12-11 11:15:34 +00:00
Thorin-Oakenpants
460951df9e tidy, add instructions 2021-12-11 09:37:45 +00:00
Thorin-Oakenpants
93874bda43 rename 2021-12-11 09:14:59 +00:00
Thorin-Oakenpants
4ebabbb569 Delete arkenfox-clear-deprecated.js 2021-12-11 09:13:51 +00:00
Thorin-Oakenpants
1f0dc1853d merge scratchpads into one 2021-12-11 09:13:09 +00:00
Thorin-Oakenpants
13e5fe17b1 remove rfpalts (#1288) 2021-12-11 06:56:43 +00:00
Thorin-Oakenpants
ec7cb6a491 2702: partition service workers 2021-12-09 17:17:52 +00:00
Thorin-Oakenpants
d9f49bdf1f make 7017 clearer 2021-12-09 16:17:53 +00:00
Thorin-Oakenpants
d5bc6715cd remove web workers section 
farewell parrot
 2021-12-09 16:14:36 +00:00
Thorin-Oakenpants
8860c90abf make service workers inactive 
currently 3rd party service workers are blocked in FF95 when dFPI is enabled (which this version has should anyone update to 96-alpha)
   - but I get an error even on first party - https://arkenfox.github.io/TZP/tzp.html#storage
   - I get : service worker | test : enabled | failed: SecurityError
in FF96+ service workers they are covered by dFPI
  - see https://bugzilla.mozilla.org/show_bug.cgi?id=1731999
 2021-12-09 14:31:41 +00:00
Thorin-Oakenpants
4d5abd6cc3 tweak 8000 title 
lets not encourage non-RFP users to see this as a sign to use them
 2021-12-09 14:18:25 +00:00
Thorin-Oakenpants
de28689e76 flip from FPI to dFPI 
I will tidy and expand 2700 entries later
 2021-12-09 14:13:39 +00:00
Thorin-Oakenpants
5d508e4242 move LSNG to don't touch 2021-12-09 14:05:47 +00:00
Thorin-Oakenpants
1fc43574d6 move "cookie" permission info into 2801 2021-12-09 14:00:21 +00:00
Thorin-Oakenpants
83602baa38 misc site storage/data prefs 
been inactive since jesus was a baby
 2021-12-09 13:47:57 +00:00
Thorin-Oakenpants
0634a568ef remove redundant site data prefs 
we've never used these
- service workers are disabled (or soon to be covered by dFPI when enabled) and sanitizing is already done (or will be done via enhanced cookie cleaning)
- storage API, storage access API: we sanitize on close, and sites are isolated by eTLD+1
 2021-12-09 13:45:46 +00:00
Thorin-Oakenpants
97322d6e8b various inactive FPI prefs 2021-12-09 12:31:38 +00:00
Thorin-Oakenpants
f7bba92c71 cleanout FPI section 
farewell parrot
 2021-12-09 12:28:45 +00:00
Thorin-Oakenpants
fe75baa79f move DNT to DON'T BOTHER 2021-12-09 11:44:51 +00:00
Thorin-Oakenpants
72cc4d176e 0706: network.proxy.allow_bypass, closes #1292 2021-12-09 11:41:18 +00:00
5 changed files with 347 additions and 435 deletions
Expand all files Collapse all files

1
README.md
View File

@ -20,6 +20,7 @@ Also be aware that the `arkenfox user.js` is made specifically for desktop Firef
- [wiki](https://github.com/arkenfox/user.js/wiki)
- [stickies](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22)
- [diffs](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Adiffs)
- [common questions and answers](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Aanswered)
### 🟥 acknowledgments
Literally thousands of sources, references and suggestions. Many thanks, and much appreciated.

233
scratchpad-scripts/arkenfox-clear-removed.js → scratchpad-scripts/arkenfox-cleanup.js
View File

@ -1,10 +1,29 @@
/***
This will reset the preferences that have been removed completely from the arkenfox user.js.
This will reset the preferences that have been
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
Last updated: 29-August-2021
Last updated: 16-January-2022
Instructions:
- [optional] close Firefox and backup your profile
- [optional] disable your network connection [1]
- start Firefox
- load about:config and press Ctrl+Shift+K to open the Web Console for about:config
- using about:config is important, so the script has the right permissions
- paste this script
- if you edited the list of prefs in the script, make sure the last pref does not have a trailing comma
- hit enter
- check the Info output to see which prefs were reset
- restart
- some prefs require a restart
- a restart will reapply your user.js
- [optional] re-enable your network connection
[1] Blocking Firefox from the internet ensures it cannot act on your reset preferences in the
period before you restart it, such as app and extension auto-updating, or downloading unwanted
components (GMP etc). It depends on what you're resetting and how long before you restart.
For instructions see:
https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
***/
(() => {
@ -12,7 +31,208 @@
if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!');
const aPREFS = [
/* removed in arkenfox user.js */
/* DEPRECATED */
/* FF92+ */
'browser.urlbar.suggest.quicksuggest', // 95
'layout.css.font-visibility.level', // 94
'security.ssl3.rsa_des_ede3_sha', // 93
/* FF79-91 */
'browser.cache.offline.storage.enable',
'browser.download.hide_plugins_without_extensions',
'browser.library.activity-stream.enabled',
'browser.search.geoSpecificDefaults',
'browser.search.geoSpecificDefaults.url',
'dom.ipc.plugins.flash.subprocess.crashreporter.enabled',
'dom.ipc.plugins.reportCrashURL',
'dom.w3c_pointer_events.enabled',
'intl.charset.fallback.override',
'network.ftp.enabled',
'plugin.state.flash',
'security.mixed_content.block_object_subrequest',
'security.ssl.errorReporting.automatic',
'security.ssl.errorReporting.enabled',
'security.ssl.errorReporting.url',
/* 69-78 */
'browser.newtabpage.activity-stream.telemetry.ping.endpoint',
'browser.tabs.remote.allowLinkedWebInFileUriProcess',
'browser.urlbar.oneOffSearches',
'devtools.webide.autoinstallADBExtension',
'devtools.webide.enabled',
'dom.indexedDB.enabled',
'extensions.blocklist.url',
'geo.wifi.logging.enabled',
'geo.wifi.uri',
'gfx.downloadable_fonts.woff2.enabled',
'media.autoplay.allow-muted',
'media.autoplay.enabled.user-gestures-needed',
'offline-apps.allow_by_default',
'plugins.click_to_play',
'privacy.userContext.longPressBehavior',
'toolkit.cosmeticAnimations.enabled',
'toolkit.telemetry.hybridContent.enabled',
'webgl.disable-extensions',
/* 61-68 */
'app.update.enabled',
'browser.aboutHomeSnippets.updateUrl',
'browser.chrome.errorReporter.enabled',
'browser.chrome.errorReporter.submitUrl',
'browser.chrome.favicons',
'browser.ctrlTab.previews',
'browser.fixup.hide_user_pass',
'browser.newtabpage.activity-stream.asrouter.userprefs.cfr',
'browser.newtabpage.activity-stream.disableSnippets',
'browser.onboarding.enabled',
'browser.search.countryCode',
'browser.urlbar.autocomplete.enabled',
'devtools.webide.adbAddonURL',
'devtools.webide.autoinstallADBHelper',
'dom.event.highrestimestamp.enabled',
'experiments.activeExperiment',
'experiments.enabled',
'experiments.manifest.uri',
'experiments.supported',
'lightweightThemes.update.enabled',
'media.autoplay.enabled',
'network.allow-experiments',
'network.cookie.lifetime.days',
'network.jar.block-remote-files',
'network.jar.open-unsafe-types',
'plugin.state.java',
'security.csp.enable_violation_events',
'security.csp.experimentalEnabled',
'shield.savant.enabled',
/* 60 or earlier */
'browser.bookmarks.showRecentlyBookmarked',
'browser.casting.enabled',
'browser.crashReports.unsubmittedCheck.autoSubmit',
'browser.formautofill.enabled',
'browser.formfill.saveHttpsForms',
'browser.fullscreen.animate',
'browser.history.allowPopState',
'browser.history.allowPushState',
'browser.history.allowReplaceState',
'browser.newtabpage.activity-stream.enabled',
'browser.newtabpage.directory.ping',
'browser.newtabpage.directory.source',
'browser.newtabpage.enhanced',
'browser.newtabpage.introShown',
'browser.pocket.api',
'browser.pocket.enabled',
'browser.pocket.oAuthConsumerKey',
'browser.pocket.site',
'browser.polaris.enabled',
'browser.safebrowsing.appRepURL',
'browser.safebrowsing.enabled',
'browser.safebrowsing.gethashURL',
'browser.safebrowsing.malware.reportURL',
'browser.safebrowsing.provider.google.appRepURL',
'browser.safebrowsing.reportErrorURL',
'browser.safebrowsing.reportGenericURL',
'browser.safebrowsing.reportMalwareErrorURL',
'browser.safebrowsing.reportMalwareMistakeURL',
'browser.safebrowsing.reportMalwareURL',
'browser.safebrowsing.reportPhishMistakeURL',
'browser.safebrowsing.reportURL',
'browser.safebrowsing.updateURL',
'browser.search.showOneOffButtons',
'browser.selfsupport.enabled',
'browser.selfsupport.url',
'browser.sessionstore.privacy_level_deferred',
'browser.tabs.animate',
'browser.trackingprotection.gethashURL',
'browser.trackingprotection.updateURL',
'browser.urlbar.unifiedcomplete',
'browser.usedOnWindows10.introURL',
'camera.control.autofocus_moving_callback.enabled',
'camera.control.face_detection.enabled',
'datareporting.healthreport.about.reportUrl',
'datareporting.healthreport.about.reportUrlUnified',
'datareporting.healthreport.documentServerURI',
'datareporting.healthreport.service.enabled',
'datareporting.policy.dataSubmissionEnabled.v2',
'devtools.webide.autoinstallFxdtAdapters',
'dom.archivereader.enabled',
'dom.beforeAfterKeyboardEvent.enabled',
'dom.disable_image_src_set',
'dom.disable_window_open_feature.scrollbars',
'dom.disable_window_status_change',
'dom.enable_user_timing',
'dom.flyweb.enabled',
'dom.idle-observers-api.enabled',
'dom.keyboardevent.code.enabled',
'dom.network.enabled',
'dom.push.udp.wakeupEnabled',
'dom.telephony.enabled',
'dom.vr.oculus050.enabled',
'dom.workers.enabled',
'dom.workers.sharedWorkers.enabled',
'extensions.formautofill.experimental',
'extensions.screenshots.system-disabled',
'extensions.shield-recipe-client.api_url',
'extensions.shield-recipe-client.enabled',
'full-screen-api.approval-required',
'general.useragent.locale',
'geo.security.allowinsecure',
'intl.locale.matchOS',
'loop.enabled',
'loop.facebook.appId',
'loop.facebook.enabled',
'loop.facebook.fallbackUrl',
'loop.facebook.shareUrl',
'loop.feedback.formURL',
'loop.feedback.manualFormURL',
'loop.logDomains',
'loop.server',
'media.block-play-until-visible',
'media.eme.apiVisible',
'media.eme.chromium-api.enabled',
'media.getusermedia.screensharing.allow_on_old_platforms',
'media.getusermedia.screensharing.allowed_domains',
'media.gmp-eme-adobe.autoupdate',
'media.gmp-eme-adobe.enabled',
'media.gmp-eme-adobe.visible',
'network.http.referer.userControlPolicy',
'network.http.sendSecureXSiteReferrer',
'network.http.spdy.enabled.http2draft',
'network.http.spdy.enabled.v3-1',
'network.websocket.enabled',
'pageThumbs.enabled',
'pfs.datasource.url',
'plugin.scan.Acrobat',
'plugin.scan.Quicktime',
'plugin.scan.WindowsMediaPlayer',
'plugins.enumerable_names',
'plugins.update.notifyUser',
'plugins.update.url',
'privacy.clearOnShutdown.passwords',
'privacy.donottrackheader.value',
'security.mixed_content.send_hsts_priming',
'security.mixed_content.use_hsts',
'security.ssl3.ecdhe_ecdsa_rc4_128_sha',
'security.ssl3.ecdhe_rsa_rc4_128_sha',
'security.ssl3.rsa_rc4_128_md5',
'security.ssl3.rsa_rc4_128_sha',
'security.tls.insecure_fallback_hosts.use_static_list',
'security.tls.unrestricted_rc4_fallback',
'security.xpconnect.plugin.unrestricted',
'social.directories',
'social.enabled',
'social.remote-install.enabled',
'social.share.activationPanelEnabled',
'social.shareDirectory',
'social.toast-notifications.enabled',
'social.whitelist',
'toolkit.telemetry.unifiedIsOptIn',
/* REMOVED */
/* 92+ */
'dom.caches.enabled',
'dom.storageManager.enabled',
'dom.storage_access.enabled',
'privacy.firstparty.isolate.block_post_message',
'privacy.firstparty.isolate.restrict_opener_access',
'privacy.firstparty.isolate.use_site',
'security.insecure_connection_text.enabled',
/* 79-91 */
'alerts.showFavicons',
'browser.newtabpage.activity-stream.asrouter.providers.snippets',
@ -68,7 +288,6 @@
'browser.cache.disk.smart_size.first_run',
'browser.cache.offline.insecure.enable',
'browser.contentblocking.enabled',
'browser.eme.ui.enabled',
'browser.laterrun.enabled',
'browser.offline-apps.notify',
'browser.rights.3.shown',
@ -232,6 +451,8 @@
// 'dom.ipc.plugins.sandbox-level.default',
// 'dom.ipc.plugins.sandbox-level.flash',
// 'security.sandbox.logging.enabled',
/* IMPORTANT: last active pref must not have a trailing comma */
/* reset parrot: check your open about:config after running the script */
'_user.js.parrot'
];

232
scratchpad-scripts/arkenfox-clear-deprecated.js
View File

@ -1,232 +0,0 @@
/***
Version: up to and including FF/ESR91
This will reset the preferences that have been deprecated by Mozilla
and used in the arkenfox user.js
It is in reverse order, so feel free to remove sections that do not apply
For instructions see:
https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
***/
(() => {
if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!');
const aPREFS = [
/* deprecated */
/* FF79-91 */
'browser.cache.offline.storage.enable',
'browser.download.hide_plugins_without_extensions',
'browser.library.activity-stream.enabled',
'browser.search.geoSpecificDefaults',
'browser.search.geoSpecificDefaults.url',
'dom.ipc.plugins.flash.subprocess.crashreporter.enabled',
'dom.ipc.plugins.reportCrashURL',
'dom.w3c_pointer_events.enabled',
'intl.charset.fallback.override',
'network.ftp.enabled',
'plugin.state.flash',
'security.mixed_content.block_object_subrequest',
'security.ssl.errorReporting.automatic',
'security.ssl.errorReporting.enabled',
'security.ssl.errorReporting.url',
/* 69-78 */
'browser.newtabpage.activity-stream.telemetry.ping.endpoint',
'browser.tabs.remote.allowLinkedWebInFileUriProcess',
'browser.urlbar.oneOffSearches',
'devtools.webide.autoinstallADBExtension',
'devtools.webide.enabled',
'dom.indexedDB.enabled',
'extensions.blocklist.url',
'geo.wifi.logging.enabled',
'geo.wifi.uri',
'gfx.downloadable_fonts.woff2.enabled',
'media.autoplay.allow-muted',
'media.autoplay.enabled.user-gestures-needed',
'offline-apps.allow_by_default',
'plugins.click_to_play',
'privacy.userContext.longPressBehavior',
'toolkit.cosmeticAnimations.enabled',
'toolkit.telemetry.hybridContent.enabled',
'webgl.disable-extensions',
/* 61-68 */
'app.update.enabled',
'browser.aboutHomeSnippets.updateUrl',
'browser.chrome.errorReporter.enabled',
'browser.chrome.errorReporter.submitUrl',
'browser.chrome.favicons',
'browser.ctrlTab.previews',
'browser.fixup.hide_user_pass',
'browser.newtabpage.activity-stream.asrouter.userprefs.cfr',
'browser.newtabpage.activity-stream.disableSnippets',
'browser.onboarding.enabled',
'browser.search.countryCode',
'browser.urlbar.autocomplete.enabled',
'devtools.webide.adbAddonURL',
'devtools.webide.autoinstallADBHelper',
'dom.event.highrestimestamp.enabled',
'experiments.activeExperiment',
'experiments.enabled',
'experiments.manifest.uri',
'experiments.supported',
'lightweightThemes.update.enabled',
'media.autoplay.enabled',
'network.allow-experiments',
'network.cookie.lifetime.days',
'network.jar.block-remote-files',
'network.jar.open-unsafe-types',
'plugin.state.java',
'security.csp.enable_violation_events',
'security.csp.experimentalEnabled',
'shield.savant.enabled',
/* 60 or earlier */
'browser.bookmarks.showRecentlyBookmarked',
'browser.casting.enabled',
'browser.crashReports.unsubmittedCheck.autoSubmit',
'browser.formautofill.enabled',
'browser.formfill.saveHttpsForms',
'browser.fullscreen.animate',
'browser.history.allowPopState',
'browser.history.allowPushState',
'browser.history.allowReplaceState',
'browser.newtabpage.activity-stream.enabled',
'browser.newtabpage.directory.ping',
'browser.newtabpage.directory.source',
'browser.newtabpage.enhanced',
'browser.newtabpage.introShown',
'browser.pocket.api',
'browser.pocket.enabled',
'browser.pocket.oAuthConsumerKey',
'browser.pocket.site',
'browser.polaris.enabled',
'browser.safebrowsing.appRepURL',
'browser.safebrowsing.enabled',
'browser.safebrowsing.gethashURL',
'browser.safebrowsing.malware.reportURL',
'browser.safebrowsing.provider.google.appRepURL',
'browser.safebrowsing.reportErrorURL',
'browser.safebrowsing.reportGenericURL',
'browser.safebrowsing.reportMalwareErrorURL',
'browser.safebrowsing.reportMalwareMistakeURL',
'browser.safebrowsing.reportMalwareURL',
'browser.safebrowsing.reportPhishMistakeURL',
'browser.safebrowsing.reportURL',
'browser.safebrowsing.updateURL',
'browser.search.showOneOffButtons',
'browser.selfsupport.enabled',
'browser.selfsupport.url',
'browser.sessionstore.privacy_level_deferred',
'browser.tabs.animate',
'browser.trackingprotection.gethashURL',
'browser.trackingprotection.updateURL',
'browser.urlbar.unifiedcomplete',
'browser.usedOnWindows10.introURL',
'camera.control.autofocus_moving_callback.enabled',
'camera.control.face_detection.enabled',
'datareporting.healthreport.about.reportUrl',
'datareporting.healthreport.about.reportUrlUnified',
'datareporting.healthreport.documentServerURI',
'datareporting.healthreport.service.enabled',
'datareporting.policy.dataSubmissionEnabled.v2',
'devtools.webide.autoinstallFxdtAdapters',
'dom.archivereader.enabled',
'dom.battery.enabled',
'dom.beforeAfterKeyboardEvent.enabled',
'dom.disable_image_src_set',
'dom.disable_window_open_feature.scrollbars',
'dom.disable_window_status_change',
'dom.enable_user_timing',
'dom.flyweb.enabled',
'dom.idle-observers-api.enabled',
'dom.keyboardevent.code.enabled',
'dom.network.enabled',
'dom.push.udp.wakeupEnabled',
'dom.telephony.enabled',
'dom.vr.oculus050.enabled',
'dom.workers.enabled',
'dom.workers.sharedWorkers.enabled',
'extensions.formautofill.experimental',
'extensions.screenshots.system-disabled',
'extensions.shield-recipe-client.api_url',
'extensions.shield-recipe-client.enabled',
'full-screen-api.approval-required',
'general.useragent.locale',
'geo.security.allowinsecure',
'intl.locale.matchOS',
'loop.enabled',
'loop.facebook.appId',
'loop.facebook.enabled',
'loop.facebook.fallbackUrl',
'loop.facebook.shareUrl',
'loop.feedback.formURL',
'loop.feedback.manualFormURL',
'loop.logDomains',
'loop.server',
'media.block-play-until-visible',
'media.eme.apiVisible',
'media.eme.chromium-api.enabled',
'media.getusermedia.screensharing.allow_on_old_platforms',
'media.getusermedia.screensharing.allowed_domains',
'media.gmp-eme-adobe.autoupdate',
'media.gmp-eme-adobe.enabled',
'media.gmp-eme-adobe.visible',
'network.http.referer.userControlPolicy',
'network.http.sendSecureXSiteReferrer',
'network.http.spdy.enabled.http2draft',
'network.http.spdy.enabled.v3-1',
'network.websocket.enabled',
'pageThumbs.enabled',
'pfs.datasource.url',
'plugin.scan.Acrobat',
'plugin.scan.Quicktime',
'plugin.scan.WindowsMediaPlayer',
'plugins.enumerable_names',
'plugins.update.notifyUser',
'plugins.update.url',
'privacy.clearOnShutdown.passwords',
'privacy.donottrackheader.value',
'security.mixed_content.send_hsts_priming',
'security.mixed_content.use_hsts',
'security.ssl3.ecdhe_ecdsa_rc4_128_sha',
'security.ssl3.ecdhe_rsa_rc4_128_sha',
'security.ssl3.rsa_rc4_128_md5',
'security.ssl3.rsa_rc4_128_sha',
'security.tls.insecure_fallback_hosts.use_static_list',
'security.tls.unrestricted_rc4_fallback',
'security.xpconnect.plugin.unrestricted',
'social.directories',
'social.enabled',
'social.remote-install.enabled',
'social.share.activationPanelEnabled',
'social.shareDirectory',
'social.toast-notifications.enabled',
'social.whitelist',
'toolkit.telemetry.unifiedIsOptIn',
/* reset parrot: check your open about:config after running the script */
'_user.js.parrot'
];
console.clear();
let c = 0;
for (const sPname of aPREFS) {
if (Services.prefs.prefHasUserValue(sPname)) {
Services.prefs.clearUserPref(sPname);
if (!Services.prefs.prefHasUserValue(sPname)) {
console.info('reset', sPname);
c++;
} else console.warn('failed to reset', sPname);
}
}
focus();
const d = (c==1) ? ' pref' : ' prefs';
alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset');
return 'all done';
})();

11
updater.bat
View File

@ -3,10 +3,10 @@ TITLE arkenfox user.js updater
REM ## arkenfox user.js updater for Windows
REM ## author: @claustromaniac
REM ## version: 4.14
REM ## version: 4.15
REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts
SET v=4.14
SET v=4.15
VERIFY ON
CD /D "%~dp0"
@ -23,7 +23,6 @@ IF /I "%~1"=="-merge" (SET _merge=1)
IF /I "%~1"=="-updatebatch" (SET _updateb=1)
IF /I "%~1"=="-singlebackup" (SET _singlebackup=1)
IF /I "%~1"=="-esr" (SET _esr=1)
IF /I "%~1"=="-rfpalts" (SET _rfpalts=1)
SHIFT
GOTO parse
:endparse
@ -141,10 +140,6 @@ IF EXIST user.js.new (DEL /F "user.js.new")
CALL :message "Retrieving latest user.js file from github repository..."
CALL :psdownload https://raw.githubusercontent.com/arkenfox/user.js/master/user.js "user.js.new"
IF EXIST user.js.new (
IF DEFINED _rfpalts (
CALL :message "Activating RFP Alternatives section..."
CALL :activate user.js.new "[SETUP-non-RFP]"
)
IF DEFINED _esr (
CALL :message "Activating ESR section..."
CALL :activate user.js.new ".x still uses all the following prefs"
@ -320,8 +315,6 @@ ECHO: Run without user input.
CALL :message " -singleBackup"
ECHO: Use a single backup file and overwrite it on new updates, instead of
ECHO: cumulative backups. This was the default behaviour before v4.3.
CALL :message " -rfpAlts"
ECHO: Activate RFP Alternatives section
CALL :message " -updateBatch"
ECHO: Update the script itself on execution, before the normal routine.
CALL :message ""

305
user.js
View File

@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
* date: 8 December 2021
* version 95
* date: 21 January 2021
* version 96
* url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@ -51,18 +51,16 @@
1600: HEADERS / REFERERS
1700: CONTAINERS
2000: PLUGINS / MEDIA / WEBRTC
2300: WEB WORKERS
2400: DOM (DOCUMENT OBJECT MODEL)
2600: MISCELLANEOUS
2700: PERSISTENT STORAGE
2700: ETP (ENHANCED TRACKING PROTECTION)
2800: SHUTDOWN & SANITIZING
4000: FPI (FIRST PARTY ISOLATION)
4500: RFP (RESIST FINGERPRINTING)
5000: OPTIONAL OPSEC
5500: OPTIONAL HARDENING
6000: DON'T TOUCH
7000: DON'T BOTHER
8000: DON'T BOTHER: NON-RFP
8000: DON'T BOTHER: FINGERPRINTING
9000: PERSONAL
9999: DEPRECATED / REMOVED / LEGACY / RENAMED
@ -133,35 +131,14 @@ user_pref("browser.region.update.enabled", false); // [FF79+]
* [SETTING] General>Language and Appearance>Language>Choose your preferred language...
* [TEST] https://addons.mozilla.org/about ***/
user_pref("intl.accept_languages", "en-US, en");
/* 0211: use US English locale regardless of the system locale
/* 0211: use en-US locale regardless of the system or region locale
* [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
* [TEST] https://arkenfox.github.io/TZP/tests/formatting.html
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
/*** [SECTION 0300]: QUIETER FOX ***/
user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!");
/** UPDATES ***/
/* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS]
* [NOTE] You will still get prompts to update, and should do so in a timely manner
* [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/
user_pref("app.update.auto", false);
/* 0302: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS]
* [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running
* [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows ***/
user_pref("app.update.background.scheduling.enabled", false);
/* 0303: disable auto-CHECKING for extension and theme updates ***/
// user_pref("extensions.update.enabled", false);
/* 0304: disable auto-INSTALLING extension and theme updates (after the check in 0303)
* [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/
// user_pref("extensions.update.autoUpdateDefault", false);
/* 0305: disable extension metadata
* used when installing/updating an extension, and in daily background update checks:
* when false, extension detail tabs will have no description ***/
// user_pref("extensions.getAddons.cache.enabled", false);
/* 0306: disable search engine updates (e.g. OpenSearch)
* [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/
user_pref("browser.search.update", false);
/** RECOMMENDATIONS ***/
/* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/
user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF]
@ -233,9 +210,6 @@ user_pref("network.captive-portal-service.enabled", false); // [FF52+]
/* 0361: disable Network Connectivity checks [FF65+]
* [1] https://bugzilla.mozilla.org/1460537 ***/
user_pref("network.connectivity-service.enabled", false);
/* 0362: enforce disabling of Web Compatibility Reporter [FF56+]
* Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/
user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
/*** [SECTION 0400]: SAFE BROWSING (SB)
SB has taken many steps to preserve privacy. If required, a full url is never sent
@ -315,9 +289,9 @@ user_pref("network.proxy.socks_remote_dns", true);
* [SETUP-CHROME] Can break extensions for profiles on network shares
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/
user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
/* 0704: disable GIO as a potential proxy bypass vector [FF60+]
* Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda,
* gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64)
/* 0704: disable GIO as a potential proxy bypass vector
* Gvfs/GIO has a set of supported protocols like obex, network, archive, computer,
* dav, cdda, gphoto2, trash, etc. By default only sftp is accepted (FF87+)
* [1] https://bugzilla.mozilla.org/1433507
* [2] https://en.wikipedia.org/wiki/GVfs
* [3] https://en.wikipedia.org/wiki/GIO_(software) ***/
@ -327,6 +301,12 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
* [SETUP-CHROME] If you use a proxy and you trust your extensions
* [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/
// user_pref("network.proxy.failover_direct", false);
/* 0706: disable proxy bypass for system request failures [FF95+]
* RemoteSettings, UpdateService, Telemetry [1]
* [WARNING] If false, this will break the fallback for some security features
* [SETUP-CHROME] If you use a proxy and you understand the security impact
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
// user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF]
/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
* 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
* see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3]
@ -477,17 +457,18 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
* safe from the attack if it disables renegotiations but the problem is that the browser can't
* know that. Setting this pref to true is the only way for the browser to ensure there will be
* no unsafe renegotiations on the channel between the browser and the server.
* [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation [4]
* [STATS] SSL Labs (July 2021) reports over 99% of top sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://datatracker.ietf.org/doc/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
* [4] https://www.ssllabs.com/ssl-pulse/ ***/
user_pref("security.ssl.require_safe_negotiation", true);
/* 1203: reset TLS 1.0 and 1.1 downgrades i.e. session only ***/
user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
/* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+]
* This data is not forward secret, as it is encrypted solely under keys derived using
* the offered PSK. There are no guarantees of non-replay between connections
* [1] https://github.com/tlswg/tls13-spec/issues/1001
* [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
* [2] https://www.rfc-editor.org/rfc/rfc9001.html#name-replay-attacks-with-0-rtt
* [3] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
user_pref("security.tls.enable_0rtt_data", false);
/** OCSP (Online Certificate Status Protocol)
@ -553,8 +534,8 @@ user_pref("dom.security.https_only_mode", true); // [FF76+]
/* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
// user_pref("dom.security.https_only_mode.upgrade_local", true);
/* 1246: disable HTTP background requests [FF82+]
* When attempting to upgrade, if the server doesn't respond within 3 seconds,
* Firefox sends HTTP requests in order to check if the server supports HTTPS or not
* When attempting to upgrade, if the server doesn't respond within 3 seconds, Firefox sends
* a top-level HTTP request without path in order to check if the server supports HTTPS or not
* This is done to avoid waiting for a timeout which takes 90 seconds
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
user_pref("dom.security.https_only_mode_send_http_background_request", false);
@ -574,8 +555,6 @@ user_pref("browser.ssl_override_behavior", 1);
* i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/)
* [TEST] https://expired.badssl.com/ ***/
user_pref("browser.xul.error_pages.expert_bad_cert", true);
/* 1273: display "Not Secure" text on HTTP sites ***/
user_pref("security.insecure_connection_text.enabled", true); // [FF60+]
/*** [SECTION 1400]: FONTS ***/
user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
@ -592,7 +571,6 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false);
// user_pref("layout.css.font-visibility.trackingprotection", 1);
/*** [SECTION 1600]: HEADERS / REFERERS
Expect some breakage e.g. banks: use an extension if you need precise control
full URI: https://example.com:8888/foo/bar.html?id=1234
scheme+host+port+path: https://example.com:8888/foo/bar.html
scheme+host+port: https://example.com:8888
@ -601,15 +579,12 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false);
user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
/* 1601: control when to send a cross-origin referer
* 0=always (default), 1=only if base domains match, 2=only if hosts match
* [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/
* [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
* If "2" is too strict, then override to "0" and use Smart Referer (Strict mode + add exceptions) ***/
user_pref("network.http.referer.XOriginPolicy", 2);
/* 1602: control the amount of cross-origin information to send [FF52+]
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
/* 1603: enable the DNT (Do Not Track) HTTP header
* [NOTE] DNT is enforced with Enhanced Tracking Protection (2710)
* [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/
// user_pref("privacy.donottrackheader.enabled", true);
/*** [SECTION 1700]: CONTAINERS
Check out Temporary Containers [2], read the article [3], and visit the wiki/repo [4]
@ -657,11 +632,13 @@ user_pref("media.peerconnection.ice.default_address_only", true);
* [NOTE] This is covered by the EME master switch (2022) ***/
// user_pref("media.gmp-widevinecdm.enabled", false);
/* 2022: disable all DRM content (EME: Encryption Media Extension)
* Optionally hide the setting which also disables the DRM prompt
* [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
* [SETTING] General>DRM Content>Play DRM-controlled content
* [TEST] https://bitmovin.com/demos/drm
* [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
user_pref("media.eme.enabled", false);
// user_pref("browser.eme.ui.enabled", false);
/* 2030: disable autoplay of HTML5 media [FF63+]
* 0=Allow all, 1=Block non-muted media (default), 5=Block all
* [NOTE] You can set exceptions under site permissions
@ -674,46 +651,6 @@ user_pref("media.eme.enabled", false);
* [1] https://support.mozilla.org/questions/1293231 ***/
user_pref("media.autoplay.blocking_policy", 2);
/*** [SECTION 2300]: WEB WORKERS
A worker is a JS "background task" running in a global context, i.e. it is different from
the current window. Workers can spawn new workers (must be the same origin & scheme),
including service and shared workers. Shared workers can be utilized by multiple scripts and
communicate between browsing contexts (windows/tabs/iframes) and can even control your cache.
[1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API
[2] Worker: https://developer.mozilla.org/docs/Web/API/Worker
[3] Service Worker: https://developer.mozilla.org/docs/Web/API/Service_Worker_API
[4] SharedWorker: https://developer.mozilla.org/docs/Web/API/SharedWorker
[5] ChromeWorker: https://developer.mozilla.org/docs/Web/API/ChromeWorker
[6] Notifications: https://support.mozilla.org/questions/1165867#answer-981820
***/
user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!");
/* 2302: disable service workers [FF32, FF44-compat]
* Service workers essentially act as proxy servers that sit between web apps, and the
* browser and network, are event driven, and can control the web page/site they are associated
* with, intercepting and modifying navigation and resource requests, and caching resources.
* [NOTE] Service workers require HTTPS, have no DOM access, and are not supported in PB mode [1]
* [SETUP-WEB] Disabling service workers will break some sites. This pref is required true for
* service worker notifications (2304), push notifications (disabled, 2305) and service worker
* cache (2740). If you enable this pref, then check those settings as well
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320796#c7 ***/
user_pref("dom.serviceWorkers.enabled", false);
/* 2304: disable Web Notifications
* [NOTE] Web Notifications can also use service workers (2302) and are behind a prompt (7002)
* [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/
// user_pref("dom.webnotifications.enabled", false); // [FF22+]
// user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+]
/* 2305: disable Push Notifications [FF44+]
* Push is an API that allows websites to send you (subscribed) messages even when the site
* isn't loaded, by pushing messages to your userAgentID through Mozilla's Push Server
* [NOTE] Push requires service workers (2302) to subscribe to and display, and is behind
* a prompt (7002). Disabling service workers alone doesn't stop Firefox polling the
* Mozilla Push Server. To remove all subscriptions, reset your userAgentID.
* [1] https://support.mozilla.org/kb/push-notifications-firefox
* [2] https://developer.mozilla.org/docs/Web/API/Push_API ***/
user_pref("dom.push.enabled", false);
// user_pref("dom.push.userAgentID", "");
/*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/
user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
/* 2401: disable "Confirm you want to leave" dialog on page close
@ -817,66 +754,31 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false);
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
// user_pref("extensions.webextensions.restrictedDomains", "");
/*** [SECTION 2700]: PERSISTENT STORAGE
Data SET by websites including
cookies : profile\cookies.sqlite
localStorage : profile\webappsstore.sqlite
indexedDB : profile\storage\default
serviceWorkers :
[NOTE] indexedDB and serviceWorkers are not available in Private Browsing Mode
[NOTE] Blocking cookies also blocks websites access to: localStorage (incl. sessionStorage),
indexedDB, sharedWorker, and serviceWorker (and therefore service worker cache and notifications)
If you set a site exception for cookies (either "Allow" or "Allow for Session") then they become
accessible to websites except shared/service workers where the cookie setting must be "Allow"
***/
/*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/
user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
/* 2701: disable or isolate 3rd-party cookies and site-data [SETUP-WEB]
* 0 = Accept cookies and site data
* 1 = (Block) All third-party cookies
* 2 = (Block) All cookies
* 3 = (Block) Cookies from unvisited websites
* 4 = (Block) Cross-site tracking cookies (default)
* 5 = (Isolate All) Cross-site cookies (TCP: Total Cookie Protection / dFPI: dynamic FPI) [1] (FF86+)
* Option 5 with FPI enabled (4001) is ignored and not shown, and option 4 used instead
* [NOTE] You can set cookie exceptions under site permissions or use an extension
* [NOTE] Enforcing category to custom ensures ETP related prefs are always honored
* [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies
* [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ ***/
user_pref("network.cookie.cookieBehavior", 1);
user_pref("browser.contentblocking.category", "custom");
/* 2710: enable Enhanced Tracking Protection (ETP) in all windows
* [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Tracking content
/* 2701: enable ETP Strict Mode [FF86+]
* ETP Strict Mode enables Total Cookie Protection (TCP)
* [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of
* cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared
* [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
* [SETTING] to add site exceptions: Urlbar>ETP Shield
* [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/
user_pref("privacy.trackingprotection.enabled", true);
/* 2711: enable various ETP lists ***/
user_pref("privacy.trackingprotection.socialtracking.enabled", true);
// user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
// user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
/* 2740: disable service worker cache and cache storage
* [NOTE] We clear service worker cache on exit (2811)
* [1] https://w3c.github.io/ServiceWorker/#privacy ***/
// user_pref("dom.caches.enabled", false);
/* 2750: disable Storage API [FF51+]
* The API gives sites the ability to find out how much space they can use, how much
* they are already using, and even control whether or not they need to be alerted
* before the user agent disposes of site data in order to make room for other things.
* [1] https://developer.mozilla.org/docs/Web/API/StorageManager
* [2] https://developer.mozilla.org/docs/Web/API/Storage_API
* [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
// user_pref("dom.storageManager.enabled", false);
/* 2755: disable Storage Access API [FF65+]
* [1] https://developer.mozilla.org/docs/Web/API/Storage_Access_API ***/
// user_pref("dom.storage_access.enabled", false);
/* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/
user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
user_pref("browser.contentblocking.category", "strict");
/* 2702: disable ETP web compat features [FF93+]
* [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
* [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
* [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 ***/
// user_pref("privacy.antitracking.enableWebcompat", false);
/* 2710: enable state partitioning of service workers [FF96+] ***/
user_pref("privacy.partition.serviceWorkers", true);
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
/** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/
/* 2801: delete cookies and site data on exit
* 0=keep until they expire (default), 2=keep until you close Firefox
* [NOTE] A "cookie" block permission also controls localStorage/sessionStorage, indexedDB,
* sharedWorkers and serviceWorkers. serviceWorkers require an "Allow" permission
* [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
* [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow
* If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com
@ -939,46 +841,6 @@ user_pref("privacy.cpd.cookies", false);
* which will display a blank value, and are not guaranteed to work ***/
user_pref("privacy.sanitize.timeSpan", 0);
/*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION)
1278037 - indexedDB (FF51+)
1277803 - favicons (FF52+)
1264562 - OCSP cache (FF52+)
1268726 - Shared Workers (FF52+)
1316283 - SSL session cache (FF52+)
1317927 - media cache (FF53+)
1323644 - HSTS and HPKP (FF54+)
1334690 - HTTP Alternative Services (FF54+)
1334693 - SPDY/HTTP2 (FF55+)
1337893 - DNS cache (FF55+)
1344170 - blob: URI (FF55+)
1300671 - data:, about: URLs (FF55+)
1473247 - IP addresses (FF63+)
1542309 - top-level domain URLs when host is in the public suffix list (FF68+)
1506693 - pdfjs range-based requests (FF68+)
1330467 - site permissions (FF69+)
1534339 - IPv6 (FF73+)
1721858 - WebSocket (FF92+)
***/
user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
/* 4001: enable First Party Isolation [FF51+]
* [SETUP-WEB] Breaks some cross-origin logins
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/
user_pref("privacy.firstparty.isolate", true);
/* 4002: enforce FPI restriction for window.opener [FF54+]
* [NOTE] Setting this to false may reduce the breakage in 4001
* FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But
* to reduce breakage it ignores the 1st-party domain (FPD) originAttribute [2][3]
* The 2nd pref removes that limitation and will only allow communication if FPDs also match
* [1] https://bugzilla.mozilla.org/1319773#c22
* [2] https://bugzilla.mozilla.org/1492607
* [3] https://developer.mozilla.org/docs/Web/API/Window/postMessage ***/
// user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
// user_pref("privacy.firstparty.isolate.block_post_message", true);
/* 4003: enable scheme with FPI [FF78+]
* [NOTE] Experimental: existing data and site permissions are incompatible
* and some site exceptions may not work e.g. HTTPS-only mode (1244) ***/
// user_pref("privacy.firstparty.isolate.use_site", true);
/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
RFP covers a wide range of ongoing fingerprinting solutions.
It is an all-or-nothing buy in: you cannot pick and choose what parts you want
@ -1064,7 +926,7 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
// user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
/* 4506: set RFP's font visibility level (1402) [FF94+] ***/
// user_pref("layout.css.font-visibility.resistFingerprinting", 1);
// user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
/* 4507: disable showing about:blank as soon as possible during startup [FF60+]
* When default true this no longer masks the RFP chrome resizing activity
* [1] https://bugzilla.mozilla.org/1448423 ***/
@ -1227,8 +1089,32 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true]
* string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks
* [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/
user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true]
/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/
// placeholder
/* 0607: enforce Local Storage Next Generation (LSNG) [FF65+] ***/
user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
/* 6008: enforce no First Party Isolation [FF51+]
* [WARNING] Replaced with network partitioning (FF85+) and TCP (2701),
* and enabling FPI disables those. FPI is no longer maintained ***/
user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false]
/* 6009: enforce SmartBlock shims [FF81+]
* In FF96+ these are listed in about:compat
* [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/
user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true]
/* 6010: enforce/reset TLS 1.0/1.1 downgrades to session only
* [NOTE] In FF97+ the TLS 1.0/1.1 downgrade UX was removed
* [TEST] https://tls-v1-1.badssl.com:1010/ ***/
user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
/* 6011: enforce disabling of Web Compatibility Reporter [FF56+]
* Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
* [WHY] To prevent wasting Mozilla's time with a custom setup ***/
user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
/* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/
// user_pref("dom.caches.enabled", "");
// user_pref("dom.storageManager.enabled", "");
// user_pref("dom.storage_access.enabled", "");
// user_pref("privacy.firstparty.isolate.block_post_message", "");
// user_pref("privacy.firstparty.isolate.restrict_opener_access", "");
// user_pref("privacy.firstparty.isolate.use_site", "");
// user_pref("security.insecure_connection_text.enabled", "");
/*** [SECTION 7000]: DON'T BOTHER ***/
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@ -1264,16 +1150,17 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
/* 7004: control TLS versions
* [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction ***/
* [WHY] Passive fingerprinting and security ***/
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
// user_pref("security.tls.version.max", 4);
/* 7005: disable SSL session IDs [FF36+]
* [WHY] Passive fingerprinting and perf costs. These are session-only and isolated
* with network partitioning (FF85+) or when using FPI and/or containers ***/
* [WHY] Passive fingerprinting and perf costs. These are session-only
* and isolated with network partitioning (FF85+) and/or containers ***/
// user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
/* 7006: onions
* [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/
// user_pref("dom.securecontext.whitelist_onions", true); // 1382359
// user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
// user_pref("network.http.referer.hideOnionSource", true); // 1305144
/* 7007: referers
* [WHY] Only cross-origin referers (1600s) need control ***/
@ -1292,7 +1179,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("network.http.spdy.enabled.http2", false);
// user_pref("network.http.spdy.websockets", false); // [FF65+]
/* 7010: disable HTTP Alternative Services [FF37+]
* [WHY] Already isolated by network partitioning (FF85+) or FPI ***/
* [WHY] Already isolated with network partitioning (FF85+) ***/
// user_pref("network.http.altsvc.enabled", false);
// user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+]
/* 7011: disable website control over browser right-click context menu
@ -1312,8 +1199,34 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* [WHY] It can compromise security. System addons ship with prefs, use those ***/
// user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
// user_pref("extensions.systemAddon.update.url", ""); // [FF44+]
/* 7015: enable the DNT (Do Not Track) HTTP header
* [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/
// user_pref("privacy.donottrackheader.enabled", true);
/* 7016: customize ETP settings
* [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/
// user_pref("network.cookie.cookieBehavior", 5);
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
// user_pref("privacy.partition.network_state.ocsp_cache", true);
// user_pref("privacy.trackingprotection.enabled", true);
// user_pref("privacy.trackingprotection.socialtracking.enabled", true);
// user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
// user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
/* 7017: disable service workers [FF32, FF44-compat]
* [WHY] Already isolated (FF96+) with TCP (2701) behind a pref (2710)
* or blocked with TCP in 3rd parties (FF95 or lower) ***/
// user_pref("dom.serviceWorkers.enabled", false);
/* 7018: disable Web Notifications
* [WHY] Web Notifications are behind a prompt (7002)
* [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/
// user_pref("dom.webnotifications.enabled", false); // [FF22+]
// user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+]
/* 7019: disable Push Notifications [FF44+]
* [WHY] Push requires subscription
* [NOTE] To remove all subscriptions, reset "dom.push.userAgentID"
* [1] https://support.mozilla.org/kb/push-notifications-firefox ***/
// user_pref("dom.push.enabled", false);
/*** [SECTION 8000]: DON'T BOTHER: NON-RFP
/*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING
[WHY] They are insufficient to help anti-fingerprinting and do more harm than good
[WARNING] DO NOT USE with RFP. RFP already covers these and they can interfere
***/
@ -1361,6 +1274,16 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc
// user_pref("browser.warnOnQuitShortcut", false); // [FF94+]
// user_pref("full-screen-api.warning.delay", 0);
// user_pref("full-screen-api.warning.timeout", 0);
/* UPDATES ***/
// user_pref("app.update.auto", false); // [NON-WINDOWS] disable auto app updates
// [NOTE] You will still get prompts to update, and should do so in a timely manner
// [SETTING] General>Firefox Updates>Check for updates but let you choose to install them
// user_pref("browser.search.update", false); // disable search engine updates (e.g. OpenSearch)
// [NOTE] This does not affect Mozilla's built-in or Web Extension search engines
// user_pref("extensions.update.enabled", false); // disable extension and theme update checks
// user_pref("extensions.update.autoUpdateDefault", false); // disable installing extension and theme updates
// [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle)
// user_pref("extensions.getAddons.cache.enabled", false); // disable extension metadata (extension detail tab)
/* APPEARANCE ***/
// user_pref("browser.download.autohideButton", false); // [FF57+]
// user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent
@ -1415,6 +1338,12 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is m
// 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807
// [-] https://bugzilla.mozilla.org/1735976
user_pref("browser.urlbar.suggest.quicksuggest", false);
// FF96
// 0302: disable auto-INSTALLING Firefox updates via a background service + hide the setting [FF90+] [WINDOWS]
// [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running
// [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows
// [-] https://bugzilla.mozilla.org/1738983
user_pref("app.update.background.scheduling.enabled", false);
// ***/
/* END: internal custom pref to test for syntax errors ***/