mirror of
https://github.com/arkenfox/user.js.git
synced 2025-09-01 01:18:30 +02:00
Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 73994f580a | |||
| d2fb8296e0 |
@ -9,7 +9,7 @@ The `arkenfox user.js` is a **template** which aims to provide as much privacy a
|
||||
|
||||
Everyone, experts included, should at least read the [implementation](https://github.com/arkenfox/user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings.
|
||||
|
||||
Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services.
|
||||
Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services.
|
||||
|
||||
Also be aware that the `arkenfox user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.
|
||||
|
||||
@ -23,3 +23,5 @@ Also be aware that the `arkenfox user.js` is made specifically for desktop Firef
|
||||
|
||||
### 🟥 acknowledgments
|
||||
Literally thousands of sources, references and suggestions. Many thanks, and much appreciated.
|
||||
|
||||
|
||||
|
||||
72
scratchpad-scripts/arkenfox-clear-RFP-alternatives.js
Normal file
72
scratchpad-scripts/arkenfox-clear-RFP-alternatives.js
Normal file
@ -0,0 +1,72 @@
|
||||
/***
|
||||
This will reset the preferences that are under sections 4600 & 4700 in the
|
||||
arkenfox user.js. These are the prefs that are no longer necessary, or they
|
||||
conflict with, privacy.resistFingerprinting if you have that enabled.
|
||||
|
||||
Final update: 10-August-2021
|
||||
|
||||
As of v91, section 4600 is no longer recommended, and is all inactive. This
|
||||
now includes the old 4700 section. You can reset them using prefsCleaner.
|
||||
|
||||
For instructions see:
|
||||
https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
|
||||
***/
|
||||
|
||||
(() => {
|
||||
|
||||
if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!');
|
||||
|
||||
const aPREFS = [
|
||||
/* section 4600 */
|
||||
'dom.maxHardwareConcurrency',
|
||||
'dom.enable_resource_timing',
|
||||
'dom.enable_performance',
|
||||
'device.sensors.enabled',
|
||||
'browser.zoom.siteSpecific',
|
||||
'dom.gamepad.enabled',
|
||||
'dom.netinfo.enabled',
|
||||
'media.webspeech.synth.enabled',
|
||||
'media.video_stats.enabled',
|
||||
'dom.w3c_touch_events.enabled',
|
||||
'media.navigator.enabled',
|
||||
'media.ondevicechange.enabled',
|
||||
'webgl.enable-debug-renderer-info',
|
||||
'ui.prefersReducedMotion',
|
||||
'dom.w3c_pointer_events.enabled', // deprecated FF87
|
||||
'ui.use_standins_for_native_colors',
|
||||
'ui.systemUsesDarkTheme',
|
||||
'dom.webaudio.enabled',
|
||||
'layout.css.font-visibility.level',
|
||||
/* section 4700 */
|
||||
'general.appname.override',
|
||||
'general.appversion.override',
|
||||
'general.buildID.override',
|
||||
'general.oscpu.override',
|
||||
'general.platform.override',
|
||||
'general.useragent.override',
|
||||
/* reset parrot: check your open about:config after running the script */
|
||||
'_user.js.parrot'
|
||||
];
|
||||
|
||||
console.clear();
|
||||
|
||||
let c = 0;
|
||||
for (const sPname of aPREFS) {
|
||||
if (Services.prefs.prefHasUserValue(sPname)) {
|
||||
Services.prefs.clearUserPref(sPname);
|
||||
if (!Services.prefs.prefHasUserValue(sPname)) {
|
||||
console.info('reset', sPname);
|
||||
c++;
|
||||
} else console.warn('failed to reset', sPname);
|
||||
}
|
||||
}
|
||||
|
||||
focus();
|
||||
|
||||
const d = (c==1) ? ' pref' : ' prefs';
|
||||
alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset');
|
||||
|
||||
return 'all done';
|
||||
|
||||
})();
|
||||
|
||||
@ -13,29 +13,30 @@
|
||||
|
||||
const aPREFS = [
|
||||
/* removed in arkenfox user.js */
|
||||
/* 79-91 */
|
||||
/* 91 */
|
||||
'alerts.showFavicons',
|
||||
'browser.newtabpage.activity-stream.asrouter.providers.snippets',
|
||||
'browser.send_pings.require_same_host',
|
||||
'browser.urlbar.usepreloadedtopurls.enabled',
|
||||
'dom.allow_cut_copy',
|
||||
'dom.battery.enabled',
|
||||
'dom.IntersectionObserver.enabled',
|
||||
'dom.storage.enabled',
|
||||
'dom.vibrator.enabled',
|
||||
'extensions.screenshots.upload-disabled',
|
||||
'general.warnOnAboutConfig',
|
||||
'gfx.direct2d.disabled',
|
||||
'layers.acceleration.disabled',
|
||||
'media.getusermedia.audiocapture.enabled',
|
||||
'media.getusermedia.browser.enabled',
|
||||
'media.getusermedia.screensharing.enabled',
|
||||
'media.gmp-widevinecdm.visible',
|
||||
'media.media-capabilities.enabled',
|
||||
'network.http.redirection-limit',
|
||||
'privacy.partition.network_state',
|
||||
'security.insecure_connection_icon.enabled',
|
||||
'security.mixed_content.block_active_content',
|
||||
/* 79-90 */
|
||||
'browser.newtabpage.activity-stream.asrouter.providers.snippets',
|
||||
'browser.send_pings.require_same_host',
|
||||
'browser.urlbar.usepreloadedtopurls.enabled',
|
||||
'dom.IntersectionObserver.enabled',
|
||||
'extensions.screenshots.upload-disabled',
|
||||
'media.gmp-widevinecdm.visible',
|
||||
'network.http.redirection-limit',
|
||||
'privacy.partition.network_state',
|
||||
'security.ssl.enable_ocsp_stapling',
|
||||
'security.ssl3.dhe_rsa_aes_128_sha',
|
||||
'security.ssl3.dhe_rsa_aes_256_sha',
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
|
||||
/*** arkenfox user.js troubleshooter.js v1.6.3 ***/
|
||||
|
||||
(function() {
|
||||
@ -193,7 +194,7 @@
|
||||
|
||||
const aBAK = getMyList(aPREFS);
|
||||
//console.log(aBAK.length, "user-set prefs from our list detected and their values stored.");
|
||||
|
||||
|
||||
const sMsg = "all detected prefs reset.\n\n" +
|
||||
"!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\n" +
|
||||
"IF the problem still exists, this script can't help you - click Cancel to re-apply your values and exit.\n\n" +
|
||||
|
||||
62
updater.sh
62
updater.sh
@ -41,9 +41,9 @@ ESR=false
|
||||
|
||||
# Download method priority: curl -> wget
|
||||
DOWNLOAD_METHOD=''
|
||||
if command -v curl >/dev/null; then
|
||||
if [[ $(command -v 'curl') ]]; then
|
||||
DOWNLOAD_METHOD='curl --max-redirs 3 -so'
|
||||
elif command -v wget >/dev/null; then
|
||||
elif [[ $(command -v 'wget') ]]; then
|
||||
DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O'
|
||||
else
|
||||
echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}"
|
||||
@ -51,7 +51,7 @@ else
|
||||
fi
|
||||
|
||||
|
||||
show_banner() {
|
||||
show_banner () {
|
||||
echo -e "${BBLUE}
|
||||
############################################################################
|
||||
#### ####
|
||||
@ -103,13 +103,13 @@ Optional Arguments:
|
||||
# File Handling #
|
||||
#########################
|
||||
|
||||
download_file() { # expects URL as argument ($1)
|
||||
download_file () { # expects URL as argument ($1)
|
||||
declare -r tf=$(mktemp)
|
||||
|
||||
$DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error
|
||||
}
|
||||
|
||||
open_file() { # expects one argument: file_path
|
||||
open_file () { # expects one argument: file_path
|
||||
if [ "$(uname)" == 'Darwin' ]; then
|
||||
open "$1"
|
||||
elif [ "$(uname -s | cut -c -5)" == "Linux" ]; then
|
||||
@ -119,11 +119,11 @@ open_file() { # expects one argument: file_path
|
||||
fi
|
||||
}
|
||||
|
||||
readIniFile() { # expects one argument: absolute path of profiles.ini
|
||||
readIniFile () { # expects one argument: absolute path of profiles.ini
|
||||
declare -r inifile="$1"
|
||||
|
||||
# tempIni will contain: [ProfileX], Name=, IsRelative= and Path= (and Default= if present) of the only (if) or the selected (else) profile
|
||||
if [ "$(grep -c '^\[Profile' "${inifile}")" -eq "1" ]; then ### only 1 profile found
|
||||
if [ $(grep -c '^\[Profile' "${inifile}") -eq "1" ]; then ### only 1 profile found
|
||||
tempIni="$(grep '^\[Profile' -A 4 "${inifile}")"
|
||||
else
|
||||
echo -e "Profiles found:\n––––––––––––––––––––––––––––––"
|
||||
@ -150,7 +150,7 @@ readIniFile() { # expects one argument: absolute path of profiles.ini
|
||||
[[ ${pathisrel} == "1" ]] && PROFILE_PATH="$(dirname "${inifile}")/${PROFILE_PATH}"
|
||||
}
|
||||
|
||||
getProfilePath() {
|
||||
getProfilePath () {
|
||||
declare -r f1=~/Library/Application\ Support/Firefox/profiles.ini
|
||||
declare -r f2=~/.mozilla/firefox/profiles.ini
|
||||
|
||||
@ -175,8 +175,8 @@ getProfilePath() {
|
||||
#########################
|
||||
|
||||
# Returns the version number of a updater.sh file
|
||||
get_updater_version() {
|
||||
echo "$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")"
|
||||
get_updater_version () {
|
||||
echo $(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")
|
||||
}
|
||||
|
||||
# Update updater.sh
|
||||
@ -184,14 +184,14 @@ get_updater_version() {
|
||||
# Args:
|
||||
# -d: New version will not be looked for and update will not occur
|
||||
# -u: Check for update, if available, execute without asking
|
||||
update_updater() {
|
||||
[ "$UPDATE" = 'no' ] && return 0 # User signified not to check for updates
|
||||
update_updater () {
|
||||
[ $UPDATE = 'no' ] && return 0 # User signified not to check for updates
|
||||
|
||||
declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')"
|
||||
[ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed
|
||||
|
||||
if [[ $(get_updater_version "$SCRIPT_FILE") < $(get_updater_version "${tmpfile}") ]]; then
|
||||
if [ "$UPDATE" = 'check' ]; then
|
||||
if [ $UPDATE = 'check' ]; then
|
||||
echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}"
|
||||
read -p "" -n 1 -r
|
||||
echo -e "\n\n"
|
||||
@ -211,11 +211,11 @@ update_updater() {
|
||||
#########################
|
||||
|
||||
# Returns version number of a user.js file
|
||||
get_userjs_version() {
|
||||
[ -e "$1" ] && echo "$(sed -n '4p' "$1")" || echo "Not detected."
|
||||
get_userjs_version () {
|
||||
[ -e $1 ] && echo "$(sed -n '4p' "$1")" || echo "Not detected."
|
||||
}
|
||||
|
||||
add_override() {
|
||||
add_override () {
|
||||
input=$1
|
||||
if [ -f "$input" ]; then
|
||||
echo "" >> user.js
|
||||
@ -235,27 +235,27 @@ add_override() {
|
||||
fi
|
||||
}
|
||||
|
||||
remove_comments() { # expects 2 arguments: from-file and to-file
|
||||
remove_comments () { # expects 2 arguments: from-file and to-file
|
||||
sed -e '/^\/\*.*\*\/[[:space:]]*$/d' -e '/^\/\*/,/\*\//d' -e 's|^[[:space:]]*//.*$||' -e '/^[[:space:]]*$/d' -e 's|);[[:space:]]*//.*|);|' "$1" > "$2"
|
||||
}
|
||||
|
||||
# Applies latest version of user.js and any custom overrides
|
||||
update_userjs() {
|
||||
update_userjs () {
|
||||
declare -r newfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')"
|
||||
[ -z "${newfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && return 1 # check if download failed
|
||||
|
||||
echo -e "Please observe the following information:
|
||||
Firefox profile: ${ORANGE}$(pwd)${NC}
|
||||
Available online: ${ORANGE}$(get_userjs_version "$newfile")${NC}
|
||||
Available online: ${ORANGE}$(get_userjs_version $newfile)${NC}
|
||||
Currently using: ${ORANGE}$(get_userjs_version user.js)${NC}\n\n"
|
||||
|
||||
if [ "$CONFIRM" = 'yes' ]; then
|
||||
if [ $CONFIRM = 'yes' ]; then
|
||||
echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}"
|
||||
read -p "" -n 1 -r
|
||||
echo -e "\n"
|
||||
if [[ $REPLY =~ ^[Nn]$ ]]; then
|
||||
echo -e "${RED}Process aborted${NC}"
|
||||
rm "$newfile"
|
||||
rm $newfile
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
@ -269,7 +269,7 @@ update_userjs() {
|
||||
# backup user.js
|
||||
mkdir -p userjs_backups
|
||||
local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")"
|
||||
[ "$BACKUP" = 'single' ] && bakname='userjs_backups/user.js.backup'
|
||||
[ $BACKUP = 'single' ] && bakname='userjs_backups/user.js.backup'
|
||||
cp user.js "$bakname" &>/dev/null
|
||||
|
||||
mv "${newfile}" user.js
|
||||
@ -295,19 +295,19 @@ update_userjs() {
|
||||
past_nocomments='userjs_diffs/past_userjs.txt'
|
||||
current_nocomments='userjs_diffs/current_userjs.txt'
|
||||
|
||||
remove_comments "$pastuserjs" "$past_nocomments"
|
||||
remove_comments user.js "$current_nocomments"
|
||||
remove_comments $pastuserjs $past_nocomments
|
||||
remove_comments user.js $current_nocomments
|
||||
|
||||
diffname="userjs_diffs/diff_$(date +"%Y-%m-%d_%H%M").txt"
|
||||
diff=$(diff -w -B -U 0 "$past_nocomments" "$current_nocomments")
|
||||
if [ -n "$diff" ]; then
|
||||
diff=$(diff -w -B -U 0 $past_nocomments $current_nocomments)
|
||||
if [ ! -z "$diff" ]; then
|
||||
echo "$diff" > "$diffname"
|
||||
echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}"
|
||||
else
|
||||
echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created.${NC}"
|
||||
[ "$BACKUP" = 'multiple' ] && rm "$bakname" &>/dev/null
|
||||
[ $BACKUP = 'multiple' ] && rm $bakname &>/dev/null
|
||||
fi
|
||||
rm "$past_nocomments" "$current_nocomments" "$pastuserjs" &>/dev/null
|
||||
rm $past_nocomments $current_nocomments $pastuserjs &>/dev/null
|
||||
fi
|
||||
|
||||
[ "$VIEW" = true ] && open_file "${PWD}/user.js"
|
||||
@ -319,7 +319,7 @@ update_userjs() {
|
||||
|
||||
if [ $# != 0 ]; then
|
||||
# Display usage if first argument is -help or --help
|
||||
if [ "$1" = '--help' ] || [ "$1" = '-help' ]; then
|
||||
if [ $1 = '--help' ] || [ $1 = '-help' ]; then
|
||||
usage
|
||||
else
|
||||
while getopts ":hp:ludsno:bcvre" opt; do
|
||||
@ -363,7 +363,7 @@ if [ $# != 0 ]; then
|
||||
r)
|
||||
tfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')"
|
||||
[ -z "${tfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && exit 1 # check if download failed
|
||||
mv "$tfile" "${tfile}.js"
|
||||
mv $tfile "${tfile}.js"
|
||||
echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}"
|
||||
open_file "${tfile}.js"
|
||||
exit 0
|
||||
@ -382,7 +382,7 @@ if [ $# != 0 ]; then
|
||||
fi
|
||||
|
||||
show_banner
|
||||
update_updater "$@"
|
||||
update_updater $@
|
||||
|
||||
getProfilePath # updates PROFILE_PATH or exits on error
|
||||
cd "$PROFILE_PATH" && update_userjs
|
||||
|
||||
325
user.js
325
user.js
@ -1,22 +1,22 @@
|
||||
/******
|
||||
* name: arkenfox user.js
|
||||
* date: 8 December 2021
|
||||
* version 95
|
||||
* date: 27 October 2021
|
||||
* version 91.1
|
||||
* url: https://github.com/arkenfox/user.js
|
||||
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
|
||||
|
||||
* README:
|
||||
|
||||
1. Consider using Tor Browser if it meets your needs or fits your threat model
|
||||
* https://2019.www.torproject.org/about/torusers.html
|
||||
* https://www.torproject.org/about/torusers.html.en
|
||||
2. Required reading: Overview, Backing Up, Implementing, and Maintenance entries
|
||||
* https://github.com/arkenfox/user.js/wiki
|
||||
3. If you skipped step 2, return to step 2
|
||||
4. Make changes
|
||||
* There are often trade-offs and conflicts between security vs privacy vs anti-tracking
|
||||
* There are often trade-offs and conflicts between security vs privacy vs anti-fingerprinting
|
||||
and these need to be balanced against functionality & convenience & breakage
|
||||
* Some site breakage and unintended consequences will happen. Everyone's experience will differ
|
||||
e.g. some user data is erased on exit (section 2800), change this to suit your needs
|
||||
e.g. some user data is erased on close (section 2800), change this to suit your needs
|
||||
* While not 100% definitive, search for "[SETUP" tags
|
||||
e.g. third party images/videos not loading on some sites? check 1601
|
||||
* Take the wiki link in step 2 and read the Troubleshooting entry
|
||||
@ -31,8 +31,10 @@
|
||||
* It is best to use the arkenfox release that is optimized for and matches your Firefox version
|
||||
* EVERYONE: each release
|
||||
- run prefsCleaner to reset prefs made inactive, including deprecated (9999s)
|
||||
ESR91
|
||||
- If you are not using arkenfox v91... (not a definitive list)
|
||||
ESR78
|
||||
- If you are not using arkenfox v78... (not a definitive list)
|
||||
- 1244: HTTPS-Only mode is enabled
|
||||
- 4511: non-native widget theme is enforced
|
||||
- 9999: switch the appropriate deprecated section(s) back on
|
||||
|
||||
* INDEX:
|
||||
@ -55,7 +57,7 @@
|
||||
2400: DOM (DOCUMENT OBJECT MODEL)
|
||||
2600: MISCELLANEOUS
|
||||
2700: PERSISTENT STORAGE
|
||||
2800: SHUTDOWN & SANITIZING
|
||||
2800: SHUTDOWN
|
||||
4000: FPI (FIRST PARTY ISOLATION)
|
||||
4500: RFP (RESIST FINGERPRINTING)
|
||||
5000: OPTIONAL OPSEC
|
||||
@ -85,7 +87,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
|
||||
user_pref("browser.shell.checkDefaultBrowser", false);
|
||||
/* 0102: set startup page [SETUP-CHROME]
|
||||
* 0=blank, 1=home, 2=last visited page, 3=resume previous session
|
||||
* [NOTE] Session Restore is cleared with history (2811, 2812), and not used in Private Browsing mode
|
||||
* [NOTE] Session Restore is cleared with history (2803, 2804), and not used in Private Browsing mode
|
||||
* [SETTING] General>Startup>Restore previous session ***/
|
||||
user_pref("browser.startup.page", 0);
|
||||
/* 0103: set HOME+NEWWINDOW page
|
||||
@ -102,7 +104,7 @@ user_pref("browser.newtab.preload", false);
|
||||
* [SETTING] Home>Firefox Home Content>... to show/hide what you want ***/
|
||||
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
|
||||
user_pref("browser.newtabpage.activity-stream.telemetry", false);
|
||||
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false]
|
||||
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false FF89+]
|
||||
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
|
||||
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
|
||||
user_pref("browser.newtabpage.activity-stream.showSponsored", false);
|
||||
@ -242,6 +244,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
|
||||
to Google, only a part-hash of the prefix, hidden with noise of other real part-hashes.
|
||||
Firefox takes measures such as stripping out identifying parameters and since SBv4 (FF57+)
|
||||
doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity)
|
||||
FWIW, Google also swear it is anonymized and only used to flag malicious sites.
|
||||
|
||||
[1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
|
||||
[2] https://wiki.mozilla.org/Security/Safe_Browsing
|
||||
@ -285,7 +288,7 @@ user_pref("network.dns.disablePrefetch", true);
|
||||
// user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true]
|
||||
/* 0603: disable predictor / prefetching ***/
|
||||
user_pref("network.predictor.enabled", false);
|
||||
user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
|
||||
// user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
|
||||
/* 0604: disable link-mouseover opening connection to linked server
|
||||
* [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/
|
||||
user_pref("network.http.speculative-parallel-limit", 0);
|
||||
@ -322,12 +325,7 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
|
||||
* [2] https://en.wikipedia.org/wiki/GVfs
|
||||
* [3] https://en.wikipedia.org/wiki/GIO_(software) ***/
|
||||
user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
|
||||
/* 0705: disable proxy direct failover for system requests [FF91+]
|
||||
* [WARNING] Default true is a security feature against malicious extensions [1]
|
||||
* [SETUP-CHROME] If you use a proxy and you trust your extensions
|
||||
* [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/
|
||||
// user_pref("network.proxy.failover_direct", false);
|
||||
/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
|
||||
/* 0705: disable DNS-over-HTTPS (DoH) rollout [FF60+]
|
||||
* 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
|
||||
* see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3]
|
||||
* [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
|
||||
@ -335,6 +333,11 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
|
||||
* [3] https://blog.mozilla.org/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/
|
||||
* [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
|
||||
// user_pref("network.trr.mode", 5);
|
||||
/* 0706: disable proxy direct failover for system requests [FF91+]
|
||||
* [WARNING] Default true is a security feature against malicious extensions [1]
|
||||
* [SETUP-CHROME] If you use a proxy and you trust your extensions
|
||||
* [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/
|
||||
// user_pref("network.proxy.failover_direct", false);
|
||||
|
||||
/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
|
||||
user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
|
||||
@ -369,18 +372,13 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
|
||||
* 0=never resolve single words, 1=heuristic (default), 2=always resolve
|
||||
* [1] https://bugzilla.mozilla.org/1642623 ***/
|
||||
user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
|
||||
/* 0807: disable location bar contextual suggestions [FF92+]
|
||||
* [SETTING] Privacy & Security>Address Bar>Suggestions from...
|
||||
* [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
|
||||
user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
|
||||
user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
|
||||
/* 0808: disable tab-to-search [FF85+]
|
||||
* Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
|
||||
* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
|
||||
// user_pref("browser.urlbar.suggest.engines", false);
|
||||
/* 0810: disable search and form history
|
||||
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
|
||||
* [NOTE] We also clear formdata on exit (2811)
|
||||
* [NOTE] We also clear formdata on exit (2803)
|
||||
* [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
|
||||
* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
|
||||
* [2] https://bugzilla.mozilla.org/381681 ***/
|
||||
@ -398,7 +396,7 @@ user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
|
||||
/* 0820: disable coloring of visited links
|
||||
* [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
|
||||
* redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
|
||||
* attacks. Don't forget clearing history on exit (2811). However, social engineering [2#limits][4][5]
|
||||
* attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5]
|
||||
* and advanced targeted timing attacks could still produce usable results
|
||||
* [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
|
||||
* [2] https://dbaron.org/mozilla/visited-privacy
|
||||
@ -439,10 +437,11 @@ user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false]
|
||||
user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
|
||||
/* 1001: disable disk cache
|
||||
* [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this
|
||||
* [NOTE] We also clear cache on exit (2811) ***/
|
||||
* [NOTE] We also clear cache on exit (2803) ***/
|
||||
user_pref("browser.cache.disk.enable", false);
|
||||
/* 1002: disable media cache from writing to disk in Private Browsing
|
||||
* [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/
|
||||
* [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB
|
||||
* [SETUP-WEB] ESR78: playback might break on subsequent loading (1650281) ***/
|
||||
user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+]
|
||||
user_pref("media.memory_cache_max_size", 65536);
|
||||
/* 1003: disable storing extra session data [SETUP-CHROME]
|
||||
@ -479,7 +478,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
|
||||
* no unsafe renegotiations on the channel between the browser and the server.
|
||||
* [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation [4]
|
||||
* [1] https://wiki.mozilla.org/Security:Renegotiation
|
||||
* [2] https://datatracker.ietf.org/doc/html/rfc5746
|
||||
* [2] https://tools.ietf.org/html/rfc5746
|
||||
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
|
||||
* [4] https://www.ssllabs.com/ssl-pulse/ ***/
|
||||
user_pref("security.ssl.require_safe_negotiation", true);
|
||||
@ -581,15 +580,12 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+]
|
||||
user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
|
||||
/* 1401: disable rendering of SVG OpenType fonts ***/
|
||||
user_pref("gfx.font_rendering.opentype_svg.enabled", false);
|
||||
/* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
|
||||
/* 1402: limit font visibility (Windows, Mac, some Linux) [FF79+]
|
||||
* [NOTE] In FF80+ RFP ignores the pref and uses value 1
|
||||
* Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
|
||||
* In normal windows: uses the first applicable: RFP (4506) over TP over Standard
|
||||
* In Private Browsing windows: uses the most restrictive between normal and private
|
||||
* 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
|
||||
* [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/
|
||||
// user_pref("layout.css.font-visibility.private", 1);
|
||||
// user_pref("layout.css.font-visibility.standard", 1);
|
||||
// user_pref("layout.css.font-visibility.trackingprotection", 1);
|
||||
// user_pref("layout.css.font-visibility.level", 1);
|
||||
|
||||
/*** [SECTION 1600]: HEADERS / REFERERS
|
||||
Expect some breakage e.g. banks: use an extension if you need precise control
|
||||
@ -631,25 +627,19 @@ user_pref("privacy.userContext.ui.enabled", true);
|
||||
/*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/
|
||||
user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
|
||||
/* 2001: disable WebRTC (Web Real-Time Communication)
|
||||
* Firefox uses mDNS hostname obfuscation on desktop (except Windows7/8) and the
|
||||
* private IP is NEVER exposed, except if required in TRUSTED scenarios; i.e. after
|
||||
* you grant device (microphone or camera) access
|
||||
* [SETUP-HARDEN] Test first. Windows7/8 users only: behind a proxy who never use WebRTC
|
||||
* [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not
|
||||
* in your threat model, and you want Real-Time Communication, this is the pref for you
|
||||
* [1] https://www.privacytools.io/#webrtc ***/
|
||||
user_pref("media.peerconnection.enabled", false);
|
||||
/* 2002: limit WebRTC IP leaks if using WebRTC
|
||||
* In FF70+ these settings match Mode 4 (Mode 3 in older versions) [3]
|
||||
* [TEST] https://browserleaks.com/webrtc
|
||||
* [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ
|
||||
* [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/
|
||||
// user_pref("media.peerconnection.enabled", false);
|
||||
/* 2002: force WebRTC inside the proxy [FF70+] ***/
|
||||
user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
|
||||
/* 2003: force a single network interface for ICE candidates generation [FF42+]
|
||||
* When using a system-wide proxy, it uses the proxy interface
|
||||
* [1] https://developer.mozilla.org/en-US/docs/Web/API/RTCIceCandidate
|
||||
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
|
||||
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713
|
||||
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy
|
||||
* [3] https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-12#section-5.2 ***/
|
||||
user_pref("media.peerconnection.ice.default_address_only", true);
|
||||
/* 2004: force exclusion of private IPs from ICE candidates [FF51+]
|
||||
* [SETUP-HARDEN] This will protect your private IP even in TRUSTED scenarios after you
|
||||
* grant device access, but often results in breakage on video-conferencing platforms ***/
|
||||
// user_pref("media.peerconnection.ice.no_host", true);
|
||||
user_pref("media.peerconnection.ice.no_host", true); // [FF51+]
|
||||
user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70+]
|
||||
/* 2020: disable GMP (Gecko Media Plugins)
|
||||
* [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
|
||||
// user_pref("media.gmp-provider.enabled", false);
|
||||
@ -731,6 +721,7 @@ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
|
||||
/*** [SECTION 2600]: MISCELLANEOUS ***/
|
||||
user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
|
||||
/* 2601: prevent accessibility services from accessing your browser [RESTART]
|
||||
* [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser (FF80 or lower)
|
||||
* [1] https://support.mozilla.org/kb/accessibility-services ***/
|
||||
user_pref("accessibility.force_disabled", 1);
|
||||
/* 2602: disable sending additional analytics to web servers
|
||||
@ -797,9 +788,7 @@ user_pref("permissions.delegation.enabled", false);
|
||||
* [SETUP-CHROME] On Android this blocks longtapping and saving images
|
||||
* [SETTING] General>Downloads>Always ask you where to save files ***/
|
||||
user_pref("browser.download.useDownloadDir", false);
|
||||
/* 2652: disable downloads panel opening on every download [FF96+] ***/
|
||||
user_pref("browser.download.alwaysOpenPanel", false);
|
||||
/* 2653: disable adding downloads to the system's "recent documents" list ***/
|
||||
/* 2652: disable adding downloads to the system's "recent documents" list ***/
|
||||
user_pref("browser.download.manager.addToRecentDocs", false);
|
||||
|
||||
/** EXTENSIONS ***/
|
||||
@ -845,6 +834,17 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
|
||||
* [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ ***/
|
||||
user_pref("network.cookie.cookieBehavior", 1);
|
||||
user_pref("browser.contentblocking.category", "custom");
|
||||
/* 2702: set third-party cookies (if enabled, see 2701) to session-only
|
||||
* [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
|
||||
* .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
|
||||
* [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/
|
||||
user_pref("network.cookie.thirdparty.sessionOnly", true);
|
||||
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
|
||||
/* 2703: delete cookies and site data on close
|
||||
* 0=keep until they expire (default), 2=keep until you close Firefox
|
||||
* [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2)
|
||||
* [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/
|
||||
// user_pref("network.cookie.lifetimePolicy", 2);
|
||||
/* 2710: enable Enhanced Tracking Protection (ETP) in all windows
|
||||
* [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Tracking content
|
||||
* [SETTING] to add site exceptions: Urlbar>ETP Shield
|
||||
@ -855,7 +855,7 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true);
|
||||
// user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
|
||||
// user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
|
||||
/* 2740: disable service worker cache and cache storage
|
||||
* [NOTE] We clear service worker cache on exit (2811)
|
||||
* [NOTE] We clear service worker cache on exit (2803)
|
||||
* [1] https://w3c.github.io/ServiceWorker/#privacy ***/
|
||||
// user_pref("dom.caches.enabled", false);
|
||||
/* 2750: disable Storage API [FF51+]
|
||||
@ -872,67 +872,52 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true);
|
||||
/* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/
|
||||
user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
|
||||
|
||||
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
|
||||
/*** [SECTION 2800]: SHUTDOWN
|
||||
* Sanitizing on shutdown is all or nothing. It does not use Managed Exceptions under
|
||||
Privacy & Security>Delete cookies and site data when Firefox is closed (1681701)
|
||||
* If you want to keep some sites' cookies (exception as "Allow") and optionally other site
|
||||
data but clear all the rest on close, then you need to set the "cookie" and optionally the
|
||||
"offlineApps" prefs below to false, and to set the cookie lifetime pref to 2 (2703)
|
||||
***/
|
||||
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
|
||||
/** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/
|
||||
/* 2801: delete cookies and site data on exit
|
||||
* 0=keep until they expire (default), 2=keep until you close Firefox
|
||||
* [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
|
||||
* [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow
|
||||
* If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com
|
||||
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
|
||||
user_pref("network.cookie.lifetimePolicy", 2);
|
||||
/* 2802: delete cache on exit [FF96+]
|
||||
* [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
|
||||
* [1] https://bugzilla.mozilla.org/1671182 ***/
|
||||
// user_pref("privacy.clearsitedata.cache.enabled", true);
|
||||
/* 2803: set third-party cookies to session-only
|
||||
* [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
|
||||
* .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
|
||||
* [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/
|
||||
user_pref("network.cookie.thirdparty.sessionOnly", true);
|
||||
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
|
||||
|
||||
/** SANITIZE ON SHUTDOWN : ALL OR NOTHING ***/
|
||||
/* 2810: enable Firefox to clear items on shutdown (2811)
|
||||
/* 2802: enable Firefox to clear items on shutdown (2803)
|
||||
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/
|
||||
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
|
||||
/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME]
|
||||
* These items do not use exceptions, it is all or nothing (1681701)
|
||||
/* 2803: set what items to clear on shutdown (if 2802 is true) [SETUP-CHROME]
|
||||
* [NOTE] If "history" is true, downloads will also be cleared
|
||||
* [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies
|
||||
* [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
|
||||
* [NOTE] Active Logins: does not refer to logins via cookies, but rather HTTP Basic Authentication [1]
|
||||
* [NOTE] Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
|
||||
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings
|
||||
* [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/
|
||||
user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true]
|
||||
user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true]
|
||||
user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true]
|
||||
user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true]
|
||||
user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true]
|
||||
user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT: false]
|
||||
user_pref("privacy.clearOnShutdown.cookies", false);
|
||||
// user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false]
|
||||
/* 2812: reset default items to clear with Ctrl-Shift-Del (to match 2811) [SETUP-CHROME]
|
||||
user_pref("privacy.clearOnShutdown.cache", true);
|
||||
user_pref("privacy.clearOnShutdown.cookies", true);
|
||||
user_pref("privacy.clearOnShutdown.downloads", true); // see note above
|
||||
user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History
|
||||
user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History
|
||||
user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data
|
||||
user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins
|
||||
user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences
|
||||
/* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803) [SETUP-CHROME]
|
||||
* This dialog can also be accessed from the menu History>Clear Recent History
|
||||
* Firefox remembers your last choices. This will reset them when you start Firefox
|
||||
* [NOTE] Regardless of what you set "downloads" to, as soon as the dialog
|
||||
* for "Clear Recent History" is opened, it is synced to the same as "history" ***/
|
||||
user_pref("privacy.cpd.cache", true); // [DEFAULT: true]
|
||||
user_pref("privacy.cpd.formdata", true); // [DEFAULT: true]
|
||||
user_pref("privacy.cpd.history", true); // [DEFAULT: true]
|
||||
user_pref("privacy.cpd.sessions", true); // [DEFAULT: true]
|
||||
user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false]
|
||||
user_pref("privacy.cpd.cookies", false);
|
||||
user_pref("privacy.cpd.cache", true);
|
||||
user_pref("privacy.cpd.cookies", true);
|
||||
// user_pref("privacy.cpd.downloads", true); // not used, see note above
|
||||
// user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] not listed
|
||||
// user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false]
|
||||
/* 2813: clear Session Restore data when sanitizing on shutdown or manually [FF34+]
|
||||
* [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811)
|
||||
user_pref("privacy.cpd.formdata", true); // Form & Search History
|
||||
user_pref("privacy.cpd.history", true); // Browsing & Download History
|
||||
user_pref("privacy.cpd.offlineApps", true); // Offline Website Data
|
||||
user_pref("privacy.cpd.passwords", false); // this is not listed
|
||||
user_pref("privacy.cpd.sessions", true); // Active Logins
|
||||
user_pref("privacy.cpd.siteSettings", false); // Site Preferences
|
||||
/* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+]
|
||||
* [NOTE] Not needed if Session Restore is not used (0102) or is already cleared with history (2803)
|
||||
* [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008)
|
||||
* [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/
|
||||
// user_pref("privacy.clearOnShutdown.openWindows", true);
|
||||
// user_pref("privacy.cpd.openWindows", true);
|
||||
/* 2814: reset default "Time range to clear" for "Clear Recent History" (2812)
|
||||
/* 2806: reset default "Time range to clear" for "Clear Recent History" (2804)
|
||||
* Firefox remembers your last choice. This will reset the value when you start Firefox
|
||||
* 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today
|
||||
* [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown,
|
||||
@ -988,13 +973,14 @@ user_pref("privacy.firstparty.isolate", true);
|
||||
418986 - limit window.screen & CSS media queries (FF41)
|
||||
[TEST] https://arkenfox.github.io/TZP/tzp.html#screen
|
||||
1281949 - spoof screen orientation (FF50)
|
||||
1281963 - hide contents of navigator.plugins and navigator.mimeTypes (FF50-88)
|
||||
1330890 - spoof timezone as UTC0 (FF55)
|
||||
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
|
||||
1217238 - reduce precision of time exposed by javascript (FF55)
|
||||
FF56
|
||||
1369303 - spoof/disable performance API
|
||||
1333651 - spoof User Agent & Navigator API
|
||||
JS: the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux
|
||||
JS: FF91+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux
|
||||
HTTP Headers: spoofed as Windows or Android
|
||||
1369319 - disable device sensor API
|
||||
1369357 - disable site specific zoom
|
||||
@ -1007,6 +993,8 @@ user_pref("privacy.firstparty.isolate", true);
|
||||
1217290 & 1409677 - enable some fingerprinting resistance for WebGL
|
||||
1382545 - reduce fingerprinting in Animation API
|
||||
1354633 - limit MediaError.message to a whitelist
|
||||
1382533 & 1697680 - enable fingerprinting resistance for Presentation API (FF57-87)
|
||||
Blocks exposure of local IP Addresses via mDNS (Multicast DNS)
|
||||
FF58-90
|
||||
967895 - spoof canvas and enable site permission prompt (FF58)
|
||||
1372073 - spoof/block fingerprinting in MediaDevices API (FF59)
|
||||
@ -1038,11 +1026,12 @@ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs")
|
||||
* RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
|
||||
* [1] https://bugzilla.mozilla.org/418986 ***/
|
||||
user_pref("privacy.resistFingerprinting", true);
|
||||
/* 4502: set new window size rounding max values [FF55+]
|
||||
* [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen
|
||||
/* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME]
|
||||
* Width will round down to multiples of 200s and height to 100s, to fit your screen.
|
||||
* The max values are a starting point to round from if you want some control
|
||||
* [1] https://bugzilla.mozilla.org/1330882 ***/
|
||||
user_pref("privacy.window.maxInnerWidth", 1600);
|
||||
user_pref("privacy.window.maxInnerHeight", 900);
|
||||
// user_pref("privacy.window.maxInnerWidth", 1000);
|
||||
// user_pref("privacy.window.maxInnerHeight", 1000);
|
||||
/* 4503: disable mozAddonManager Web API [FF57+]
|
||||
* [NOTE] To allow extensions to work on AMO, you also need 2662
|
||||
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
|
||||
@ -1063,15 +1052,13 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
|
||||
* [1] https://bugzilla.mozilla.org/1635603 ***/
|
||||
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
|
||||
// user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
|
||||
/* 4506: set RFP's font visibility level (1402) [FF94+] ***/
|
||||
// user_pref("layout.css.font-visibility.resistFingerprinting", 1);
|
||||
/* 4507: disable showing about:blank as soon as possible during startup [FF60+]
|
||||
/* 4506: disable showing about:blank as soon as possible during startup [FF60+]
|
||||
* When default true this no longer masks the RFP chrome resizing activity
|
||||
* [1] https://bugzilla.mozilla.org/1448423 ***/
|
||||
user_pref("browser.startup.blankWindow", false);
|
||||
/* 4510: disable using system colors
|
||||
/* 4510: enforce no system colors
|
||||
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
|
||||
user_pref("browser.display.use_system_colors", false); // [DEFAULT false NON-WINDOWS]
|
||||
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
|
||||
/* 4511: enforce non-native widget theme
|
||||
* Security: removes/reduces system API calls, e.g. win32k API [1]
|
||||
* Fingerprinting: provides a uniform look and feel across platforms [2]
|
||||
@ -1127,7 +1114,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
|
||||
/* 5006: disable favicons in history and bookmarks
|
||||
* [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your
|
||||
* actual history (and bookmarks) already do. Your history is more detailed, so
|
||||
* control that instead; e.g. disable history, clear history on exit, use PB mode
|
||||
* control that instead; e.g. disable history, clear history on close, use PB mode
|
||||
* [NOTE] favicons.sqlite is sanitized on Firefox close ***/
|
||||
// user_pref("browser.chrome.site_icons", false);
|
||||
/* 5007: exclude "Undo Closed Tabs" in Session Restore ***/
|
||||
@ -1151,7 +1138,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
|
||||
* [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
|
||||
// user_pref("browser.urlbar.autoFill", false);
|
||||
/* 5013: disable browsing and download history
|
||||
* [NOTE] We also clear history and downloads on exit (2811)
|
||||
* [NOTE] We also clear history and downloads on exit (2803)
|
||||
* [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/
|
||||
// user_pref("places.history.enabled", false);
|
||||
/* 5014: disable Windows jumplist [WINDOWS] ***/
|
||||
@ -1187,10 +1174,9 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
|
||||
* [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/
|
||||
// user_pref("javascript.options.asmjs", false);
|
||||
/* 5505: disable Ion and baseline JIT to harden against JS exploits
|
||||
* [NOTE] When both Ion and JIT are disabled, and trustedprincipals
|
||||
* is enabled, then Ion can still be used by extensions (1599226)
|
||||
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit
|
||||
* [2] https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ ***/
|
||||
* [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new
|
||||
* hidden pref is enabled, then Ion can still be used by extensions (1599226)
|
||||
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit ***/
|
||||
// user_pref("javascript.options.ion", false);
|
||||
// user_pref("javascript.options.baselinejit", false);
|
||||
// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
|
||||
@ -1221,14 +1207,29 @@ user_pref("security.csp.enable", true); // [DEFAULT: true]
|
||||
user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
|
||||
/* 6005: enforce window.opener protection [FF65+]
|
||||
* Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
|
||||
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true]
|
||||
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
|
||||
/* 6006: enforce "window.name" protection [FF82+]
|
||||
* If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original
|
||||
* string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks
|
||||
* [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/
|
||||
user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true]
|
||||
/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/
|
||||
// placeholder
|
||||
user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+]
|
||||
/* 6050: prefsCleaner: reset previously active items removed from arkenfox in 79-91 ***/
|
||||
// user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "");
|
||||
// user_pref("browser.send_pings.require_same_host", "");
|
||||
// user_pref("dom.allow_cut_copy", "");
|
||||
// user_pref("dom.vibrator.enabled", "");
|
||||
// user_pref("media.getusermedia.audiocapture.enabled", "");
|
||||
// user_pref("media.getusermedia.browser.enabled", "");
|
||||
// user_pref("media.getusermedia.screensharing.enabled", "");
|
||||
// user_pref("media.gmp-widevinecdm.visible", "");
|
||||
// user_pref("network.http.redirection-limit", "");
|
||||
// user_pref("privacy.partition.network_state", "");
|
||||
// user_pref("security.insecure_connection_icon.enabled", ""); // [DEFAULT: true FF70+]
|
||||
// user_pref("security.mixed_content.block_active_content", ""); // [DEFAULT: true since at least FF60]
|
||||
// user_pref("security.ssl.enable_ocsp_stapling", ""); // [DEFAULT: true FF26+]
|
||||
// user_pref("webgl.disable-fail-if-major-performance-caveat", ""); // [DEFAULT: true FF86+]
|
||||
// user_pref("webgl.enable-webgl2", "");
|
||||
// user_pref("webgl.min_capability_mode", "");
|
||||
|
||||
/*** [SECTION 7000]: DON'T BOTHER ***/
|
||||
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
|
||||
@ -1263,6 +1264,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
|
||||
// user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS
|
||||
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
|
||||
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
|
||||
// user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES
|
||||
/* 7004: control TLS versions
|
||||
* [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction ***/
|
||||
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
|
||||
@ -1282,7 +1284,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
|
||||
/* 7008: set the default Referrer Policy [FF59+]
|
||||
* 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
|
||||
* [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/
|
||||
// user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2]
|
||||
// user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+]
|
||||
// user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
|
||||
/* 7009: disable HTTP2
|
||||
* [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1]
|
||||
@ -1294,7 +1296,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
|
||||
/* 7010: disable HTTP Alternative Services [FF37+]
|
||||
* [WHY] Already isolated by network partitioning (FF85+) or FPI ***/
|
||||
// user_pref("network.http.altsvc.enabled", false);
|
||||
// user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+]
|
||||
// user_pref("network.http.altsvc.oe", false);
|
||||
/* 7011: disable website control over browser right-click context menu
|
||||
* [WHY] Just use Shift-Right-Click ***/
|
||||
// user_pref("dom.event.contextmenu.enabled", false);
|
||||
@ -1355,19 +1357,18 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc
|
||||
// user_pref("startup.homepage_welcome_url.additional", "");
|
||||
// user_pref("startup.homepage_override_url", ""); // What's New page after updates
|
||||
/* WARNINGS ***/
|
||||
// user_pref("browser.tabs.warnOnClose", false); // [DEFAULT false FF94+]
|
||||
// user_pref("browser.tabs.warnOnClose", false);
|
||||
// user_pref("browser.tabs.warnOnCloseOtherTabs", false);
|
||||
// user_pref("browser.tabs.warnOnOpen", false);
|
||||
// user_pref("browser.warnOnQuitShortcut", false); // [FF94+]
|
||||
// user_pref("full-screen-api.warning.delay", 0);
|
||||
// user_pref("full-screen-api.warning.timeout", 0);
|
||||
/* APPEARANCE ***/
|
||||
// user_pref("browser.download.autohideButton", false); // [FF57+]
|
||||
// user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF]
|
||||
// 0=light, 1=dark: with RFP this only affects chrome
|
||||
// user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent
|
||||
// user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF]
|
||||
// 0=no-preference, 1=reduce: with RFP this only affects chrome
|
||||
// user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF]
|
||||
// 0=light, 1=dark: with RFP this only affects chrome
|
||||
/* CONTENT BEHAVIOR ***/
|
||||
// user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type"
|
||||
// user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX]
|
||||
@ -1397,24 +1398,68 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features",
|
||||
// user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
|
||||
|
||||
/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED
|
||||
Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1]
|
||||
Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1]
|
||||
[1] https://github.com/arkenfox/user.js/issues/123
|
||||
***/
|
||||
user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
|
||||
/* ESR91.x still uses all the following prefs
|
||||
/* ESR78.x still uses all the following prefs
|
||||
// [NOTE] replace the * with a slash in the line above to re-enable them
|
||||
// FF93
|
||||
// 7003: disable non-modern cipher suites
|
||||
// [-] https://bugzilla.mozilla.org/1724072
|
||||
// user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES
|
||||
// FF94
|
||||
// 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] - replaced by new 1402
|
||||
// [-] https://bugzilla.mozilla.org/1715507
|
||||
// user_pref("layout.css.font-visibility.level", 1);
|
||||
// FF95
|
||||
// 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807
|
||||
// [-] https://bugzilla.mozilla.org/1735976
|
||||
user_pref("browser.urlbar.suggest.quicksuggest", false);
|
||||
// FF79
|
||||
// 0212: enforce fallback text encoding to match en-US
|
||||
// When the content or server doesn't declare a charset the browser will
|
||||
// fallback to the "Current locale" based on your application language
|
||||
// [TEST] https://hsivonen.com/test/moz/check-charset.htm
|
||||
// [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
|
||||
// [-] https://bugzilla.mozilla.org/1603712
|
||||
user_pref("intl.charset.fallback.override", "windows-1252");
|
||||
// FF82
|
||||
// 0206: disable geographically specific results/search engines e.g. "browser.search.*.US"
|
||||
// i.e. ignore all of Mozilla's various search engines in multiple locales
|
||||
// [-] https://bugzilla.mozilla.org/1619926
|
||||
user_pref("browser.search.geoSpecificDefaults", false);
|
||||
user_pref("browser.search.geoSpecificDefaults.url", "");
|
||||
// FF86
|
||||
// 1205: disable SSL Error Reporting
|
||||
// [1] https://firefox-source-docs.mozilla.org/main/65.0/browser/base/sslerrorreport/preferences.html
|
||||
// [-] https://bugzilla.mozilla.org/1681839
|
||||
user_pref("security.ssl.errorReporting.automatic", false);
|
||||
user_pref("security.ssl.errorReporting.enabled", false);
|
||||
user_pref("security.ssl.errorReporting.url", "");
|
||||
// 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin
|
||||
// [-] https://bugzilla.mozilla.org/1581678
|
||||
user_pref("browser.download.hide_plugins_without_extensions", false);
|
||||
// FF87
|
||||
// 0105d: disable Activity Stream recent Highlights in the Library [FF57+]
|
||||
// [-] https://bugzilla.mozilla.org/1689405
|
||||
// user_pref("browser.library.activity-stream.enabled", false);
|
||||
// 8002: disable PointerEvents
|
||||
// [1] https://developer.mozilla.org/docs/Web/API/PointerEvent
|
||||
// [-] https://bugzilla.mozilla.org/1688105
|
||||
// user_pref("dom.w3c_pointer_events.enabled", false);
|
||||
// FF89
|
||||
// 0309: disable sending Flash crash reports
|
||||
// [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
|
||||
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
|
||||
// 0310: disable sending the URL of the website where a plugin crashed
|
||||
// [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
|
||||
user_pref("dom.ipc.plugins.reportCrashURL", false);
|
||||
// 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+]
|
||||
// [1] https://bugzilla.mozilla.org/1190623
|
||||
// [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
|
||||
user_pref("security.mixed_content.block_object_subrequest", true);
|
||||
// 1803: disable Flash plugin
|
||||
// 0=deactivated, 1=ask, 2=enabled
|
||||
// ESR52.x is the last branch to fully support NPAPI, FF52+ stable only supports Flash
|
||||
// [NOTE] You can still override individual sites via site permissions
|
||||
// [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
|
||||
user_pref("plugin.state.flash", 0); // [DEFAULT: 1]
|
||||
// FF90
|
||||
// 0708: disable FTP [FF60+]
|
||||
// [-] https://bugzilla.mozilla.org/1574475
|
||||
// user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+]
|
||||
// 7001: enforce no offline cache storage (appCache) [FF71+]
|
||||
// [-] https://bugzilla.mozilla.org/1694662
|
||||
user_pref("browser.cache.offline.storage.enable", false); // [DEFAULT: false FF84+]
|
||||
// ***/
|
||||
|
||||
/* END: internal custom pref to test for syntax errors ***/
|
||||
|
||||
BIN
wikipiki/concurrent01.png
Normal file
BIN
wikipiki/concurrent01.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 32 KiB |
BIN
wikipiki/concurrent02.png
Normal file
BIN
wikipiki/concurrent02.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 104 KiB |
BIN
wikipiki/concurrent03.png
Normal file
BIN
wikipiki/concurrent03.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 28 KiB |
BIN
wikipiki/concurrent04.png
Normal file
BIN
wikipiki/concurrent04.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 28 KiB |
BIN
wikipiki/profiles01.png
Normal file
BIN
wikipiki/profiles01.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 32 KiB |
BIN
wikipiki/profiles02.png
Normal file
BIN
wikipiki/profiles02.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 26 KiB |
Reference in New Issue
Block a user