Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-09-03 18:38:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Git:95.0
Branches Tags
Git:master Git:Thorin-Oakenpants-patch-1
Git:140.0 Git:135.0 Git:133.0 Git:128.0 Git:126.1 Git:126.0 Git:122.0 Git:119.0 Git:118.0 Git:117.0 Git:115.1 Git:115.0 Git:112.0 Git:111.0 Git:110.0 Git:v110.0 Git:109.0 Git:108.0 Git:107.0 Git:106.0 Git:105.0 Git:104.0 Git:103.0 Git:102.1 Git:102.0 Git:101.0 Git:100.0 Git:99.0 Git:98.0 Git:97.0 Git:96.0 Git:95.0 Git:94.1 Git:94.0 Git:91.1 Git:93.0 Git:92.0 Git:91.0 Git:90.0 Git:89.0 Git:88.0 Git:87.0 Git:86.0 Git:85.0 Git:84.0 Git:83.0 Git:82.0 Git:v82.0-beta Git:81.0 Git:v81.0-beta Git:80.0 Git:v80.0-beta Git:79.0 Git:v79.0-beta Git:78.0 Git:v78.0-beta Git:77.0 Git:v77.0-beta Git:76.0 Git:v76.0-beta Git:75.0 Git:v75.0-beta Git:74.0 Git:v74.0-beta Git:73.0 Git:v73.0-beta Git:72.0 Git:v72.0-beta Git:71.0 Git:v71.0-beta Git:70.0 Git:v70.0-beta Git:69.0 Git:v69.0-beta Git:68.0 Git:v68.0-beta Git:67.0 Git:v67.0-beta Git:66.0 Git:v66.0-beta Git:65.0 Git:v65.0-beta Git:64.0 Git:v64.0-beta Git:63.0 Git:v63.0-beta Git:62.0 Git:v62.0-beta Git:61.0 Git:v61.0-beta Git:60.0 Git:v60.0-beta Git:59.0 Git:v59.0-alpha Git:58.0 Git:v58.0-alpha Git:57.0 Git:v57.0-alpha Git:56.0 Git:v56.0-alpha Git:55.0 Git:v55.0-alpha Git:54.0 Git:v54.0-alpha-rev1 Git:v54.0-alpha Git:53.0 Git:v53.0-alpha Git:52.0 Git:v52.0-alpha Git:51.0
..
compare: Git:91.1
Branches Tags
Git:Thorin-Oakenpants-patch-1 Git:master
Git:140.0 Git:135.0 Git:133.0 Git:128.0 Git:126.1 Git:126.0 Git:122.0 Git:119.0 Git:118.0 Git:117.0 Git:115.1 Git:115.0 Git:112.0 Git:111.0 Git:110.0 Git:v110.0 Git:109.0 Git:108.0 Git:107.0 Git:106.0 Git:105.0 Git:104.0 Git:103.0 Git:102.1 Git:102.0 Git:101.0 Git:100.0 Git:99.0 Git:98.0 Git:97.0 Git:96.0 Git:95.0 Git:94.1 Git:94.0 Git:91.1 Git:93.0 Git:92.0 Git:91.0 Git:90.0 Git:89.0 Git:88.0 Git:87.0 Git:86.0 Git:85.0 Git:84.0 Git:83.0 Git:82.0 Git:v82.0-beta Git:81.0 Git:v81.0-beta Git:80.0 Git:v80.0-beta Git:79.0 Git:v79.0-beta Git:78.0 Git:v78.0-beta Git:77.0 Git:v77.0-beta Git:76.0 Git:v76.0-beta Git:75.0 Git:v75.0-beta Git:74.0 Git:v74.0-beta Git:73.0 Git:v73.0-beta Git:72.0 Git:v72.0-beta Git:71.0 Git:v71.0-beta Git:70.0 Git:v70.0-beta Git:69.0 Git:v69.0-beta Git:68.0 Git:v68.0-beta Git:67.0 Git:v67.0-beta Git:66.0 Git:v66.0-beta Git:65.0 Git:v65.0-beta Git:64.0 Git:v64.0-beta Git:63.0 Git:v63.0-beta Git:62.0 Git:v62.0-beta Git:61.0 Git:v61.0-beta Git:60.0 Git:v60.0-beta Git:59.0 Git:v59.0-alpha Git:58.0 Git:v58.0-alpha Git:57.0 Git:v57.0-alpha Git:56.0 Git:v56.0-alpha Git:55.0 Git:v55.0-alpha Git:54.0 Git:v54.0-alpha-rev1 Git:v54.0-alpha Git:53.0 Git:v53.0-alpha Git:52.0 Git:v52.0-alpha Git:51.0

2 Commits
95.0 ... 91.1

Author SHA1 Message Date
Thorin-Oakenpants
73994f580a update to current 2021-10-27 06:28:57 +00:00
Thorin-Oakenpants
d2fb8296e0 v91.1 2021-10-27 06:26:25 +00:00
12 changed files with 303 additions and 182 deletions
Expand all files Collapse all files

4
README.md
View File

@ -9,7 +9,7 @@ The `arkenfox user.js` is a **template** which aims to provide as much privacy a
Everyone, experts included, should at least read the [implementation](https://github.com/arkenfox/user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings. Everyone, experts included, should at least read the [implementation](https://github.com/arkenfox/user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings.
Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services. Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services.
Also be aware that the `arkenfox user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser. Also be aware that the `arkenfox user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.
@ -23,3 +23,5 @@ Also be aware that the `arkenfox user.js` is made specifically for desktop Firef
### 🟥 acknowledgments ### 🟥 acknowledgments
Literally thousands of sources, references and suggestions. Many thanks, and much appreciated. Literally thousands of sources, references and suggestions. Many thanks, and much appreciated.

72
scratchpad-scripts/arkenfox-clear-RFP-alternatives.js Normal file
View File

@ -0,0 +1,72 @@
/***
This will reset the preferences that are under sections 4600 & 4700 in the
arkenfox user.js. These are the prefs that are no longer necessary, or they
conflict with, privacy.resistFingerprinting if you have that enabled.
Final update: 10-August-2021
As of v91, section 4600 is no longer recommended, and is all inactive. This
now includes the old 4700 section. You can reset them using prefsCleaner.
For instructions see:
https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
***/
(() => {
if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!');
const aPREFS = [
/* section 4600 */
'dom.maxHardwareConcurrency',
'dom.enable_resource_timing',
'dom.enable_performance',
'device.sensors.enabled',
'browser.zoom.siteSpecific',
'dom.gamepad.enabled',
'dom.netinfo.enabled',
'media.webspeech.synth.enabled',
'media.video_stats.enabled',
'dom.w3c_touch_events.enabled',
'media.navigator.enabled',
'media.ondevicechange.enabled',
'webgl.enable-debug-renderer-info',
'ui.prefersReducedMotion',
'dom.w3c_pointer_events.enabled', // deprecated FF87
'ui.use_standins_for_native_colors',
'ui.systemUsesDarkTheme',
'dom.webaudio.enabled',
'layout.css.font-visibility.level',
/* section 4700 */
'general.appname.override',
'general.appversion.override',
'general.buildID.override',
'general.oscpu.override',
'general.platform.override',
'general.useragent.override',
/* reset parrot: check your open about:config after running the script */
'_user.js.parrot'
];
console.clear();
let c = 0;
for (const sPname of aPREFS) {
if (Services.prefs.prefHasUserValue(sPname)) {
Services.prefs.clearUserPref(sPname);
if (!Services.prefs.prefHasUserValue(sPname)) {
console.info('reset', sPname);
c++;
} else console.warn('failed to reset', sPname);
}
}
focus();
const d = (c==1) ? ' pref' : ' prefs';
alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset');
return 'all done';
})();

19
scratchpad-scripts/arkenfox-clear-removed.js
View File

@ -13,29 +13,30 @@
const aPREFS = [ const aPREFS = [
/* removed in arkenfox user.js */ /* removed in arkenfox user.js */
/* 79-91 */ /* 91 */
'alerts.showFavicons', 'alerts.showFavicons',
'browser.newtabpage.activity-stream.asrouter.providers.snippets',
'browser.send_pings.require_same_host',
'browser.urlbar.usepreloadedtopurls.enabled',
'dom.allow_cut_copy', 'dom.allow_cut_copy',
'dom.battery.enabled', 'dom.battery.enabled',
'dom.IntersectionObserver.enabled',
'dom.storage.enabled', 'dom.storage.enabled',
'dom.vibrator.enabled', 'dom.vibrator.enabled',
'extensions.screenshots.upload-disabled',
'general.warnOnAboutConfig', 'general.warnOnAboutConfig',
'gfx.direct2d.disabled', 'gfx.direct2d.disabled',
'layers.acceleration.disabled', 'layers.acceleration.disabled',
'media.getusermedia.audiocapture.enabled', 'media.getusermedia.audiocapture.enabled',
'media.getusermedia.browser.enabled', 'media.getusermedia.browser.enabled',
'media.getusermedia.screensharing.enabled', 'media.getusermedia.screensharing.enabled',
'media.gmp-widevinecdm.visible',
'media.media-capabilities.enabled', 'media.media-capabilities.enabled',
'network.http.redirection-limit',
'privacy.partition.network_state',
'security.insecure_connection_icon.enabled', 'security.insecure_connection_icon.enabled',
'security.mixed_content.block_active_content', 'security.mixed_content.block_active_content',
/* 79-90 */
'browser.newtabpage.activity-stream.asrouter.providers.snippets',
'browser.send_pings.require_same_host',
'browser.urlbar.usepreloadedtopurls.enabled',
'dom.IntersectionObserver.enabled',
'extensions.screenshots.upload-disabled',
'media.gmp-widevinecdm.visible',
'network.http.redirection-limit',
'privacy.partition.network_state',
'security.ssl.enable_ocsp_stapling', 'security.ssl.enable_ocsp_stapling',
'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_128_sha',
'security.ssl3.dhe_rsa_aes_256_sha', 'security.ssl3.dhe_rsa_aes_256_sha',

3
scratchpad-scripts/troubleshooter.js
View File

@ -1,3 +1,4 @@
/*** arkenfox user.js troubleshooter.js v1.6.3 ***/ /*** arkenfox user.js troubleshooter.js v1.6.3 ***/
(function() { (function() {
@ -193,7 +194,7 @@
const aBAK = getMyList(aPREFS); const aBAK = getMyList(aPREFS);
//console.log(aBAK.length, "user-set prefs from our list detected and their values stored."); //console.log(aBAK.length, "user-set prefs from our list detected and their values stored.");
const sMsg = "all detected prefs reset.\n\n" + const sMsg = "all detected prefs reset.\n\n" +
"!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\n" + "!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\n" +
"IF the problem still exists, this script can't help you - click Cancel to re-apply your values and exit.\n\n" + "IF the problem still exists, this script can't help you - click Cancel to re-apply your values and exit.\n\n" +

62
updater.sh
View File

@ -41,9 +41,9 @@ ESR=false
# Download method priority: curl -> wget # Download method priority: curl -> wget
DOWNLOAD_METHOD='' DOWNLOAD_METHOD=''
if command -v curl >/dev/null; then if [[ $(command -v 'curl') ]]; then
DOWNLOAD_METHOD='curl --max-redirs 3 -so' DOWNLOAD_METHOD='curl --max-redirs 3 -so'
elif command -v wget >/dev/null; then elif [[ $(command -v 'wget') ]]; then
DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O' DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O'
else else
echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}" echo -e "${RED}This script requires curl or wget.\nProcess aborted${NC}"
@ -51,7 +51,7 @@ else
fi fi
show_banner() { show_banner () {
echo -e "${BBLUE} echo -e "${BBLUE}
############################################################################ ############################################################################
#### #### #### ####
@ -103,13 +103,13 @@ Optional Arguments:
# File Handling # # File Handling #
######################### #########################
download_file() { # expects URL as argument ($1) download_file () { # expects URL as argument ($1)
declare -r tf=$(mktemp) declare -r tf=$(mktemp)
$DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error $DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error
} }
open_file() { # expects one argument: file_path open_file () { # expects one argument: file_path
if [ "$(uname)" == 'Darwin' ]; then if [ "$(uname)" == 'Darwin' ]; then
open "$1" open "$1"
elif [ "$(uname -s | cut -c -5)" == "Linux" ]; then elif [ "$(uname -s | cut -c -5)" == "Linux" ]; then
@ -119,11 +119,11 @@ open_file() { # expects one argument: file_path
fi fi
} }
readIniFile() { # expects one argument: absolute path of profiles.ini readIniFile () { # expects one argument: absolute path of profiles.ini
declare -r inifile="$1" declare -r inifile="$1"
# tempIni will contain: [ProfileX], Name=, IsRelative= and Path= (and Default= if present) of the only (if) or the selected (else) profile # tempIni will contain: [ProfileX], Name=, IsRelative= and Path= (and Default= if present) of the only (if) or the selected (else) profile
if [ "$(grep -c '^\[Profile' "${inifile}")" -eq "1" ]; then ### only 1 profile found if [ $(grep -c '^\[Profile' "${inifile}") -eq "1" ]; then ### only 1 profile found
tempIni="$(grep '^\[Profile' -A 4 "${inifile}")" tempIni="$(grep '^\[Profile' -A 4 "${inifile}")"
else else
echo -e "Profiles found:\n" echo -e "Profiles found:\n"
@ -150,7 +150,7 @@ readIniFile() { # expects one argument: absolute path of profiles.ini
[[ ${pathisrel} == "1" ]] && PROFILE_PATH="$(dirname "${inifile}")/${PROFILE_PATH}" [[ ${pathisrel} == "1" ]] && PROFILE_PATH="$(dirname "${inifile}")/${PROFILE_PATH}"
} }
getProfilePath() { getProfilePath () {
declare -r f1=~/Library/Application\ Support/Firefox/profiles.ini declare -r f1=~/Library/Application\ Support/Firefox/profiles.ini
declare -r f2=~/.mozilla/firefox/profiles.ini declare -r f2=~/.mozilla/firefox/profiles.ini
@ -175,8 +175,8 @@ getProfilePath() {
######################### #########################
# Returns the version number of a updater.sh file # Returns the version number of a updater.sh file
get_updater_version() { get_updater_version () {
echo "$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")" echo $(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")
} }
# Update updater.sh # Update updater.sh
@ -184,14 +184,14 @@ get_updater_version() {
# Args: # Args:
# -d: New version will not be looked for and update will not occur # -d: New version will not be looked for and update will not occur
# -u: Check for update, if available, execute without asking # -u: Check for update, if available, execute without asking
update_updater() { update_updater () {
[ "$UPDATE" = 'no' ] && return 0 # User signified not to check for updates [ $UPDATE = 'no' ] && return 0 # User signified not to check for updates
declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')" declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')"
[ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed
if [[ $(get_updater_version "$SCRIPT_FILE") < $(get_updater_version "${tmpfile}") ]]; then if [[ $(get_updater_version "$SCRIPT_FILE") < $(get_updater_version "${tmpfile}") ]]; then
if [ "$UPDATE" = 'check' ]; then if [ $UPDATE = 'check' ]; then
echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}"
read -p "" -n 1 -r read -p "" -n 1 -r
echo -e "\n\n" echo -e "\n\n"
@ -211,11 +211,11 @@ update_updater() {
######################### #########################
# Returns version number of a user.js file # Returns version number of a user.js file
get_userjs_version() { get_userjs_version () {
[ -e "$1" ] && echo "$(sed -n '4p' "$1")" || echo "Not detected." [ -e $1 ] && echo "$(sed -n '4p' "$1")" || echo "Not detected."
} }
add_override() { add_override () {
input=$1 input=$1
if [ -f "$input" ]; then if [ -f "$input" ]; then
echo "" >> user.js echo "" >> user.js
@ -235,27 +235,27 @@ add_override() {
fi fi
} }
remove_comments() { # expects 2 arguments: from-file and to-file remove_comments () { # expects 2 arguments: from-file and to-file
sed -e '/^\/\*.*\*\/[[:space:]]*$/d' -e '/^\/\*/,/\*\//d' -e 's|^[[:space:]]*//.*$||' -e '/^[[:space:]]*$/d' -e 's|);[[:space:]]*//.*|);|' "$1" > "$2" sed -e '/^\/\*.*\*\/[[:space:]]*$/d' -e '/^\/\*/,/\*\//d' -e 's|^[[:space:]]*//.*$||' -e '/^[[:space:]]*$/d' -e 's|);[[:space:]]*//.*|);|' "$1" > "$2"
} }
# Applies latest version of user.js and any custom overrides # Applies latest version of user.js and any custom overrides
update_userjs() { update_userjs () {
declare -r newfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')" declare -r newfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')"
[ -z "${newfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && return 1 # check if download failed [ -z "${newfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && return 1 # check if download failed
echo -e "Please observe the following information: echo -e "Please observe the following information:
Firefox profile: ${ORANGE}$(pwd)${NC} Firefox profile: ${ORANGE}$(pwd)${NC}
Available online: ${ORANGE}$(get_userjs_version "$newfile")${NC} Available online: ${ORANGE}$(get_userjs_version $newfile)${NC}
Currently using: ${ORANGE}$(get_userjs_version user.js)${NC}\n\n" Currently using: ${ORANGE}$(get_userjs_version user.js)${NC}\n\n"
if [ "$CONFIRM" = 'yes' ]; then if [ $CONFIRM = 'yes' ]; then
echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}" echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}"
read -p "" -n 1 -r read -p "" -n 1 -r
echo -e "\n" echo -e "\n"
if [[ $REPLY =~ ^[Nn]$ ]]; then if [[ $REPLY =~ ^[Nn]$ ]]; then
echo -e "${RED}Process aborted${NC}" echo -e "${RED}Process aborted${NC}"
rm "$newfile" rm $newfile
return 1 return 1
fi fi
fi fi
@ -269,7 +269,7 @@ update_userjs() {
# backup user.js # backup user.js
mkdir -p userjs_backups mkdir -p userjs_backups
local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")" local bakname="userjs_backups/user.js.backup.$(date +"%Y-%m-%d_%H%M")"
[ "$BACKUP" = 'single' ] && bakname='userjs_backups/user.js.backup' [ $BACKUP = 'single' ] && bakname='userjs_backups/user.js.backup'
cp user.js "$bakname" &>/dev/null cp user.js "$bakname" &>/dev/null
mv "${newfile}" user.js mv "${newfile}" user.js
@ -295,19 +295,19 @@ update_userjs() {
past_nocomments='userjs_diffs/past_userjs.txt' past_nocomments='userjs_diffs/past_userjs.txt'
current_nocomments='userjs_diffs/current_userjs.txt' current_nocomments='userjs_diffs/current_userjs.txt'
remove_comments "$pastuserjs" "$past_nocomments" remove_comments $pastuserjs $past_nocomments
remove_comments user.js "$current_nocomments" remove_comments user.js $current_nocomments
diffname="userjs_diffs/diff_$(date +"%Y-%m-%d_%H%M").txt" diffname="userjs_diffs/diff_$(date +"%Y-%m-%d_%H%M").txt"
diff=$(diff -w -B -U 0 "$past_nocomments" "$current_nocomments") diff=$(diff -w -B -U 0 $past_nocomments $current_nocomments)
if [ -n "$diff" ]; then if [ ! -z "$diff" ]; then
echo "$diff" > "$diffname" echo "$diff" > "$diffname"
echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}" echo -e "Status: ${GREEN}A diff file was created:${NC} ${PWD}/${diffname}"
else else
echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created.${NC}" echo -e "Warning: ${ORANGE}Your new user.js file appears to be identical. No diff file was created.${NC}"
[ "$BACKUP" = 'multiple' ] && rm "$bakname" &>/dev/null [ $BACKUP = 'multiple' ] && rm $bakname &>/dev/null
fi fi
rm "$past_nocomments" "$current_nocomments" "$pastuserjs" &>/dev/null rm $past_nocomments $current_nocomments $pastuserjs &>/dev/null
fi fi
[ "$VIEW" = true ] && open_file "${PWD}/user.js" [ "$VIEW" = true ] && open_file "${PWD}/user.js"
@ -319,7 +319,7 @@ update_userjs() {
if [ $# != 0 ]; then if [ $# != 0 ]; then
# Display usage if first argument is -help or --help # Display usage if first argument is -help or --help
if [ "$1" = '--help' ] || [ "$1" = '-help' ]; then if [ $1 = '--help' ] || [ $1 = '-help' ]; then
usage usage
else else
while getopts ":hp:ludsno:bcvre" opt; do while getopts ":hp:ludsno:bcvre" opt; do
@ -363,7 +363,7 @@ if [ $# != 0 ]; then
r) r)
tfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')" tfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/user.js')"
[ -z "${tfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && exit 1 # check if download failed [ -z "${tfile}" ] && echo -e "${RED}Error! Could not download user.js${NC}" && exit 1 # check if download failed
mv "$tfile" "${tfile}.js" mv $tfile "${tfile}.js"
echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}" echo -e "${ORANGE}Warning: user.js was saved to temporary file ${tfile}.js${NC}"
open_file "${tfile}.js" open_file "${tfile}.js"
exit 0 exit 0
@ -382,7 +382,7 @@ if [ $# != 0 ]; then
fi fi
show_banner show_banner
update_updater "$@" update_updater $@
getProfilePath # updates PROFILE_PATH or exits on error getProfilePath # updates PROFILE_PATH or exits on error
cd "$PROFILE_PATH" && update_userjs cd "$PROFILE_PATH" && update_userjs

325
user.js
View File

@ -1,22 +1,22 @@
/****** /******
* name: arkenfox user.js * name: arkenfox user.js
* date: 8 December 2021 * date: 27 October 2021
* version 95 * version 91.1
* url: https://github.com/arkenfox/user.js * url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
* README: * README:
1. Consider using Tor Browser if it meets your needs or fits your threat model 1. Consider using Tor Browser if it meets your needs or fits your threat model
* https://2019.www.torproject.org/about/torusers.html * https://www.torproject.org/about/torusers.html.en
2. Required reading: Overview, Backing Up, Implementing, and Maintenance entries 2. Required reading: Overview, Backing Up, Implementing, and Maintenance entries
* https://github.com/arkenfox/user.js/wiki * https://github.com/arkenfox/user.js/wiki
3. If you skipped step 2, return to step 2 3. If you skipped step 2, return to step 2
4. Make changes 4. Make changes
* There are often trade-offs and conflicts between security vs privacy vs anti-tracking * There are often trade-offs and conflicts between security vs privacy vs anti-fingerprinting
and these need to be balanced against functionality & convenience & breakage and these need to be balanced against functionality & convenience & breakage
* Some site breakage and unintended consequences will happen. Everyone's experience will differ * Some site breakage and unintended consequences will happen. Everyone's experience will differ
e.g. some user data is erased on exit (section 2800), change this to suit your needs e.g. some user data is erased on close (section 2800), change this to suit your needs
* While not 100% definitive, search for "[SETUP" tags * While not 100% definitive, search for "[SETUP" tags
e.g. third party images/videos not loading on some sites? check 1601 e.g. third party images/videos not loading on some sites? check 1601
* Take the wiki link in step 2 and read the Troubleshooting entry * Take the wiki link in step 2 and read the Troubleshooting entry
@ -31,8 +31,10 @@
* It is best to use the arkenfox release that is optimized for and matches your Firefox version * It is best to use the arkenfox release that is optimized for and matches your Firefox version
* EVERYONE: each release * EVERYONE: each release
- run prefsCleaner to reset prefs made inactive, including deprecated (9999s) - run prefsCleaner to reset prefs made inactive, including deprecated (9999s)
ESR91 ESR78
- If you are not using arkenfox v91... (not a definitive list) - If you are not using arkenfox v78... (not a definitive list)
- 1244: HTTPS-Only mode is enabled
- 4511: non-native widget theme is enforced
- 9999: switch the appropriate deprecated section(s) back on - 9999: switch the appropriate deprecated section(s) back on
* INDEX: * INDEX:
@ -55,7 +57,7 @@
2400: DOM (DOCUMENT OBJECT MODEL) 2400: DOM (DOCUMENT OBJECT MODEL)
2600: MISCELLANEOUS 2600: MISCELLANEOUS
2700: PERSISTENT STORAGE 2700: PERSISTENT STORAGE
2800: SHUTDOWN & SANITIZING 2800: SHUTDOWN
4000: FPI (FIRST PARTY ISOLATION) 4000: FPI (FIRST PARTY ISOLATION)
4500: RFP (RESIST FINGERPRINTING) 4500: RFP (RESIST FINGERPRINTING)
5000: OPTIONAL OPSEC 5000: OPTIONAL OPSEC
@ -85,7 +87,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
user_pref("browser.shell.checkDefaultBrowser", false); user_pref("browser.shell.checkDefaultBrowser", false);
/* 0102: set startup page [SETUP-CHROME] /* 0102: set startup page [SETUP-CHROME]
* 0=blank, 1=home, 2=last visited page, 3=resume previous session * 0=blank, 1=home, 2=last visited page, 3=resume previous session
* [NOTE] Session Restore is cleared with history (2811, 2812), and not used in Private Browsing mode * [NOTE] Session Restore is cleared with history (2803, 2804), and not used in Private Browsing mode
* [SETTING] General>Startup>Restore previous session ***/ * [SETTING] General>Startup>Restore previous session ***/
user_pref("browser.startup.page", 0); user_pref("browser.startup.page", 0);
/* 0103: set HOME+NEWWINDOW page /* 0103: set HOME+NEWWINDOW page
@ -102,7 +104,7 @@ user_pref("browser.newtab.preload", false);
* [SETTING] Home>Firefox Home Content>... to show/hide what you want ***/ * [SETTING] Home>Firefox Home Content>... to show/hide what you want ***/
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false] user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false FF89+]
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
user_pref("browser.newtabpage.activity-stream.showSponsored", false); user_pref("browser.newtabpage.activity-stream.showSponsored", false);
@ -242,6 +244,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
to Google, only a part-hash of the prefix, hidden with noise of other real part-hashes. to Google, only a part-hash of the prefix, hidden with noise of other real part-hashes.
Firefox takes measures such as stripping out identifying parameters and since SBv4 (FF57+) Firefox takes measures such as stripping out identifying parameters and since SBv4 (FF57+)
doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity)
FWIW, Google also swear it is anonymized and only used to flag malicious sites.
[1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
[2] https://wiki.mozilla.org/Security/Safe_Browsing [2] https://wiki.mozilla.org/Security/Safe_Browsing
@ -285,7 +288,7 @@ user_pref("network.dns.disablePrefetch", true);
// user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] // user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true]
/* 0603: disable predictor / prefetching ***/ /* 0603: disable predictor / prefetching ***/
user_pref("network.predictor.enabled", false); user_pref("network.predictor.enabled", false);
user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] // user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
/* 0604: disable link-mouseover opening connection to linked server /* 0604: disable link-mouseover opening connection to linked server
* [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/
user_pref("network.http.speculative-parallel-limit", 0); user_pref("network.http.speculative-parallel-limit", 0);
@ -322,12 +325,7 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
* [2] https://en.wikipedia.org/wiki/GVfs * [2] https://en.wikipedia.org/wiki/GVfs
* [3] https://en.wikipedia.org/wiki/GIO_(software) ***/ * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/
user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
/* 0705: disable proxy direct failover for system requests [FF91+] /* 0705: disable DNS-over-HTTPS (DoH) rollout [FF60+]
* [WARNING] Default true is a security feature against malicious extensions [1]
* [SETUP-CHROME] If you use a proxy and you trust your extensions
* [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/
// user_pref("network.proxy.failover_direct", false);
/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
* 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
* see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3] * see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3]
* [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
@ -335,6 +333,11 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
* [3] https://blog.mozilla.org/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/ * [3] https://blog.mozilla.org/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/
* [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
// user_pref("network.trr.mode", 5); // user_pref("network.trr.mode", 5);
/* 0706: disable proxy direct failover for system requests [FF91+]
* [WARNING] Default true is a security feature against malicious extensions [1]
* [SETUP-CHROME] If you use a proxy and you trust your extensions
* [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/
// user_pref("network.proxy.failover_direct", false);
/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
@ -369,18 +372,13 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
* 0=never resolve single words, 1=heuristic (default), 2=always resolve * 0=never resolve single words, 1=heuristic (default), 2=always resolve
* [1] https://bugzilla.mozilla.org/1642623 ***/ * [1] https://bugzilla.mozilla.org/1642623 ***/
user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
/* 0807: disable location bar contextual suggestions [FF92+]
* [SETTING] Privacy & Security>Address Bar>Suggestions from...
* [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
/* 0808: disable tab-to-search [FF85+] /* 0808: disable tab-to-search [FF85+]
* Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
// user_pref("browser.urlbar.suggest.engines", false); // user_pref("browser.urlbar.suggest.engines", false);
/* 0810: disable search and form history /* 0810: disable search and form history
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [NOTE] We also clear formdata on exit (2811) * [NOTE] We also clear formdata on exit (2803)
* [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
* [2] https://bugzilla.mozilla.org/381681 ***/ * [2] https://bugzilla.mozilla.org/381681 ***/
@ -398,7 +396,7 @@ user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
/* 0820: disable coloring of visited links /* 0820: disable coloring of visited links
* [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
* redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
* attacks. Don't forget clearing history on exit (2811). However, social engineering [2#limits][4][5] * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5]
* and advanced targeted timing attacks could still produce usable results * and advanced targeted timing attacks could still produce usable results
* [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector * [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
* [2] https://dbaron.org/mozilla/visited-privacy * [2] https://dbaron.org/mozilla/visited-privacy
@ -439,10 +437,11 @@ user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false]
user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
/* 1001: disable disk cache /* 1001: disable disk cache
* [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this
* [NOTE] We also clear cache on exit (2811) ***/ * [NOTE] We also clear cache on exit (2803) ***/
user_pref("browser.cache.disk.enable", false); user_pref("browser.cache.disk.enable", false);
/* 1002: disable media cache from writing to disk in Private Browsing /* 1002: disable media cache from writing to disk in Private Browsing
* [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/ * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB
* [SETUP-WEB] ESR78: playback might break on subsequent loading (1650281) ***/
user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+]
user_pref("media.memory_cache_max_size", 65536); user_pref("media.memory_cache_max_size", 65536);
/* 1003: disable storing extra session data [SETUP-CHROME] /* 1003: disable storing extra session data [SETUP-CHROME]
@ -479,7 +478,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
* no unsafe renegotiations on the channel between the browser and the server. * no unsafe renegotiations on the channel between the browser and the server.
* [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation [4] * [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation * [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://datatracker.ietf.org/doc/html/rfc5746 * [2] https://tools.ietf.org/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
* [4] https://www.ssllabs.com/ssl-pulse/ ***/ * [4] https://www.ssllabs.com/ssl-pulse/ ***/
user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.require_safe_negotiation", true);
@ -581,15 +580,12 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+]
user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
/* 1401: disable rendering of SVG OpenType fonts ***/ /* 1401: disable rendering of SVG OpenType fonts ***/
user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.opentype_svg.enabled", false);
/* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] /* 1402: limit font visibility (Windows, Mac, some Linux) [FF79+]
* [NOTE] In FF80+ RFP ignores the pref and uses value 1
* Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
* In normal windows: uses the first applicable: RFP (4506) over TP over Standard
* In Private Browsing windows: uses the most restrictive between normal and private
* 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
* [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/
// user_pref("layout.css.font-visibility.private", 1); // user_pref("layout.css.font-visibility.level", 1);
// user_pref("layout.css.font-visibility.standard", 1);
// user_pref("layout.css.font-visibility.trackingprotection", 1);
/*** [SECTION 1600]: HEADERS / REFERERS /*** [SECTION 1600]: HEADERS / REFERERS
Expect some breakage e.g. banks: use an extension if you need precise control Expect some breakage e.g. banks: use an extension if you need precise control
@ -631,25 +627,19 @@ user_pref("privacy.userContext.ui.enabled", true);
/*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/
user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
/* 2001: disable WebRTC (Web Real-Time Communication) /* 2001: disable WebRTC (Web Real-Time Communication)
* Firefox uses mDNS hostname obfuscation on desktop (except Windows7/8) and the * [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not
* private IP is NEVER exposed, except if required in TRUSTED scenarios; i.e. after * in your threat model, and you want Real-Time Communication, this is the pref for you
* you grant device (microphone or camera) access * [1] https://www.privacytools.io/#webrtc ***/
* [SETUP-HARDEN] Test first. Windows7/8 users only: behind a proxy who never use WebRTC user_pref("media.peerconnection.enabled", false);
/* 2002: limit WebRTC IP leaks if using WebRTC
* In FF70+ these settings match Mode 4 (Mode 3 in older versions) [3]
* [TEST] https://browserleaks.com/webrtc * [TEST] https://browserleaks.com/webrtc
* [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713
* [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy
// user_pref("media.peerconnection.enabled", false); * [3] https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-12#section-5.2 ***/
/* 2002: force WebRTC inside the proxy [FF70+] ***/
user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
/* 2003: force a single network interface for ICE candidates generation [FF42+]
* When using a system-wide proxy, it uses the proxy interface
* [1] https://developer.mozilla.org/en-US/docs/Web/API/RTCIceCandidate
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
user_pref("media.peerconnection.ice.default_address_only", true); user_pref("media.peerconnection.ice.default_address_only", true);
/* 2004: force exclusion of private IPs from ICE candidates [FF51+] user_pref("media.peerconnection.ice.no_host", true); // [FF51+]
* [SETUP-HARDEN] This will protect your private IP even in TRUSTED scenarios after you user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70+]
* grant device access, but often results in breakage on video-conferencing platforms ***/
// user_pref("media.peerconnection.ice.no_host", true);
/* 2020: disable GMP (Gecko Media Plugins) /* 2020: disable GMP (Gecko Media Plugins)
* [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
// user_pref("media.gmp-provider.enabled", false); // user_pref("media.gmp-provider.enabled", false);
@ -731,6 +721,7 @@ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
/*** [SECTION 2600]: MISCELLANEOUS ***/ /*** [SECTION 2600]: MISCELLANEOUS ***/
user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
/* 2601: prevent accessibility services from accessing your browser [RESTART] /* 2601: prevent accessibility services from accessing your browser [RESTART]
* [SETTING] Privacy & Security>Permissions>Prevent accessibility services from accessing your browser (FF80 or lower)
* [1] https://support.mozilla.org/kb/accessibility-services ***/ * [1] https://support.mozilla.org/kb/accessibility-services ***/
user_pref("accessibility.force_disabled", 1); user_pref("accessibility.force_disabled", 1);
/* 2602: disable sending additional analytics to web servers /* 2602: disable sending additional analytics to web servers
@ -797,9 +788,7 @@ user_pref("permissions.delegation.enabled", false);
* [SETUP-CHROME] On Android this blocks longtapping and saving images * [SETUP-CHROME] On Android this blocks longtapping and saving images
* [SETTING] General>Downloads>Always ask you where to save files ***/ * [SETTING] General>Downloads>Always ask you where to save files ***/
user_pref("browser.download.useDownloadDir", false); user_pref("browser.download.useDownloadDir", false);
/* 2652: disable downloads panel opening on every download [FF96+] ***/ /* 2652: disable adding downloads to the system's "recent documents" list ***/
user_pref("browser.download.alwaysOpenPanel", false);
/* 2653: disable adding downloads to the system's "recent documents" list ***/
user_pref("browser.download.manager.addToRecentDocs", false); user_pref("browser.download.manager.addToRecentDocs", false);
/** EXTENSIONS ***/ /** EXTENSIONS ***/
@ -845,6 +834,17 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
* [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ ***/ * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ ***/
user_pref("network.cookie.cookieBehavior", 1); user_pref("network.cookie.cookieBehavior", 1);
user_pref("browser.contentblocking.category", "custom"); user_pref("browser.contentblocking.category", "custom");
/* 2702: set third-party cookies (if enabled, see 2701) to session-only
* [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
* .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
* [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/
user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
/* 2703: delete cookies and site data on close
* 0=keep until they expire (default), 2=keep until you close Firefox
* [NOTE] The setting below is disabled (but not changed) if you block all cookies (2701 = 2)
* [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/
// user_pref("network.cookie.lifetimePolicy", 2);
/* 2710: enable Enhanced Tracking Protection (ETP) in all windows /* 2710: enable Enhanced Tracking Protection (ETP) in all windows
* [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Tracking content * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Tracking content
* [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to add site exceptions: Urlbar>ETP Shield
@ -855,7 +855,7 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true);
// user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
// user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
/* 2740: disable service worker cache and cache storage /* 2740: disable service worker cache and cache storage
* [NOTE] We clear service worker cache on exit (2811) * [NOTE] We clear service worker cache on exit (2803)
* [1] https://w3c.github.io/ServiceWorker/#privacy ***/ * [1] https://w3c.github.io/ServiceWorker/#privacy ***/
// user_pref("dom.caches.enabled", false); // user_pref("dom.caches.enabled", false);
/* 2750: disable Storage API [FF51+] /* 2750: disable Storage API [FF51+]
@ -872,67 +872,52 @@ user_pref("privacy.trackingprotection.socialtracking.enabled", true);
/* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/ /* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/
user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ /*** [SECTION 2800]: SHUTDOWN
* Sanitizing on shutdown is all or nothing. It does not use Managed Exceptions under
Privacy & Security>Delete cookies and site data when Firefox is closed (1681701)
* If you want to keep some sites' cookies (exception as "Allow") and optionally other site
data but clear all the rest on close, then you need to set the "cookie" and optionally the
"offlineApps" prefs below to false, and to set the cookie lifetime pref to 2 (2703)
***/
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
/** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/ /* 2802: enable Firefox to clear items on shutdown (2803)
/* 2801: delete cookies and site data on exit
* 0=keep until they expire (default), 2=keep until you close Firefox
* [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
* [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow
* If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
user_pref("network.cookie.lifetimePolicy", 2);
/* 2802: delete cache on exit [FF96+]
* [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
* [1] https://bugzilla.mozilla.org/1671182 ***/
// user_pref("privacy.clearsitedata.cache.enabled", true);
/* 2803: set third-party cookies to session-only
* [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
* .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
* [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/
user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
/** SANITIZE ON SHUTDOWN : ALL OR NOTHING ***/
/* 2810: enable Firefox to clear items on shutdown (2811)
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/
user_pref("privacy.sanitize.sanitizeOnShutdown", true); user_pref("privacy.sanitize.sanitizeOnShutdown", true);
/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] /* 2803: set what items to clear on shutdown (if 2802 is true) [SETUP-CHROME]
* These items do not use exceptions, it is all or nothing (1681701)
* [NOTE] If "history" is true, downloads will also be cleared * [NOTE] If "history" is true, downloads will also be cleared
* [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies * [NOTE] Active Logins: does not refer to logins via cookies, but rather HTTP Basic Authentication [1]
* [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) * [NOTE] Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings
* [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/
user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.cache", true);
user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.cookies", true);
user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.downloads", true); // see note above
user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History
user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History
user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT: false] user_pref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data
user_pref("privacy.clearOnShutdown.cookies", false); user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins
// user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences
/* 2812: reset default items to clear with Ctrl-Shift-Del (to match 2811) [SETUP-CHROME] /* 2804: reset default items to clear with Ctrl-Shift-Del (to match 2803) [SETUP-CHROME]
* This dialog can also be accessed from the menu History>Clear Recent History * This dialog can also be accessed from the menu History>Clear Recent History
* Firefox remembers your last choices. This will reset them when you start Firefox * Firefox remembers your last choices. This will reset them when you start Firefox
* [NOTE] Regardless of what you set "downloads" to, as soon as the dialog * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog
* for "Clear Recent History" is opened, it is synced to the same as "history" ***/ * for "Clear Recent History" is opened, it is synced to the same as "history" ***/
user_pref("privacy.cpd.cache", true); // [DEFAULT: true] user_pref("privacy.cpd.cache", true);
user_pref("privacy.cpd.formdata", true); // [DEFAULT: true] user_pref("privacy.cpd.cookies", true);
user_pref("privacy.cpd.history", true); // [DEFAULT: true]
user_pref("privacy.cpd.sessions", true); // [DEFAULT: true]
user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false]
user_pref("privacy.cpd.cookies", false);
// user_pref("privacy.cpd.downloads", true); // not used, see note above // user_pref("privacy.cpd.downloads", true); // not used, see note above
// user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] not listed user_pref("privacy.cpd.formdata", true); // Form & Search History
// user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false] user_pref("privacy.cpd.history", true); // Browsing & Download History
/* 2813: clear Session Restore data when sanitizing on shutdown or manually [FF34+] user_pref("privacy.cpd.offlineApps", true); // Offline Website Data
* [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) user_pref("privacy.cpd.passwords", false); // this is not listed
user_pref("privacy.cpd.sessions", true); // Active Logins
user_pref("privacy.cpd.siteSettings", false); // Site Preferences
/* 2805: clear Session Restore data when sanitizing on shutdown or manually [FF34+]
* [NOTE] Not needed if Session Restore is not used (0102) or is already cleared with history (2803)
* [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008)
* [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/ * [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/
// user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.clearOnShutdown.openWindows", true);
// user_pref("privacy.cpd.openWindows", true); // user_pref("privacy.cpd.openWindows", true);
/* 2814: reset default "Time range to clear" for "Clear Recent History" (2812) /* 2806: reset default "Time range to clear" for "Clear Recent History" (2804)
* Firefox remembers your last choice. This will reset the value when you start Firefox * Firefox remembers your last choice. This will reset the value when you start Firefox
* 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today
* [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown, * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown,
@ -988,13 +973,14 @@ user_pref("privacy.firstparty.isolate", true);
418986 - limit window.screen & CSS media queries (FF41) 418986 - limit window.screen & CSS media queries (FF41)
[TEST] https://arkenfox.github.io/TZP/tzp.html#screen [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
1281949 - spoof screen orientation (FF50) 1281949 - spoof screen orientation (FF50)
1281963 - hide contents of navigator.plugins and navigator.mimeTypes (FF50-88)
1330890 - spoof timezone as UTC0 (FF55) 1330890 - spoof timezone as UTC0 (FF55)
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
1217238 - reduce precision of time exposed by javascript (FF55) 1217238 - reduce precision of time exposed by javascript (FF55)
FF56 FF56
1369303 - spoof/disable performance API 1369303 - spoof/disable performance API
1333651 - spoof User Agent & Navigator API 1333651 - spoof User Agent & Navigator API
JS: the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux JS: FF91+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux
HTTP Headers: spoofed as Windows or Android HTTP Headers: spoofed as Windows or Android
1369319 - disable device sensor API 1369319 - disable device sensor API
1369357 - disable site specific zoom 1369357 - disable site specific zoom
@ -1007,6 +993,8 @@ user_pref("privacy.firstparty.isolate", true);
1217290 & 1409677 - enable some fingerprinting resistance for WebGL 1217290 & 1409677 - enable some fingerprinting resistance for WebGL
1382545 - reduce fingerprinting in Animation API 1382545 - reduce fingerprinting in Animation API
1354633 - limit MediaError.message to a whitelist 1354633 - limit MediaError.message to a whitelist
1382533 & 1697680 - enable fingerprinting resistance for Presentation API (FF57-87)
Blocks exposure of local IP Addresses via mDNS (Multicast DNS)
FF58-90 FF58-90
967895 - spoof canvas and enable site permission prompt (FF58) 967895 - spoof canvas and enable site permission prompt (FF58)
1372073 - spoof/block fingerprinting in MediaDevices API (FF59) 1372073 - spoof/block fingerprinting in MediaDevices API (FF59)
@ -1038,11 +1026,12 @@ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs")
* RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
* [1] https://bugzilla.mozilla.org/418986 ***/ * [1] https://bugzilla.mozilla.org/418986 ***/
user_pref("privacy.resistFingerprinting", true); user_pref("privacy.resistFingerprinting", true);
/* 4502: set new window size rounding max values [FF55+] /* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME]
* [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen * Width will round down to multiples of 200s and height to 100s, to fit your screen.
* The max values are a starting point to round from if you want some control
* [1] https://bugzilla.mozilla.org/1330882 ***/ * [1] https://bugzilla.mozilla.org/1330882 ***/
user_pref("privacy.window.maxInnerWidth", 1600); // user_pref("privacy.window.maxInnerWidth", 1000);
user_pref("privacy.window.maxInnerHeight", 900); // user_pref("privacy.window.maxInnerHeight", 1000);
/* 4503: disable mozAddonManager Web API [FF57+] /* 4503: disable mozAddonManager Web API [FF57+]
* [NOTE] To allow extensions to work on AMO, you also need 2662 * [NOTE] To allow extensions to work on AMO, you also need 2662
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
@ -1063,15 +1052,13 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
* [1] https://bugzilla.mozilla.org/1635603 ***/ * [1] https://bugzilla.mozilla.org/1635603 ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
// user_pref("privacy.resistFingerprinting.testGranularityMask", 0); // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
/* 4506: set RFP's font visibility level (1402) [FF94+] ***/ /* 4506: disable showing about:blank as soon as possible during startup [FF60+]
// user_pref("layout.css.font-visibility.resistFingerprinting", 1);
/* 4507: disable showing about:blank as soon as possible during startup [FF60+]
* When default true this no longer masks the RFP chrome resizing activity * When default true this no longer masks the RFP chrome resizing activity
* [1] https://bugzilla.mozilla.org/1448423 ***/ * [1] https://bugzilla.mozilla.org/1448423 ***/
user_pref("browser.startup.blankWindow", false); user_pref("browser.startup.blankWindow", false);
/* 4510: disable using system colors /* 4510: enforce no system colors
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT false NON-WINDOWS] user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
/* 4511: enforce non-native widget theme /* 4511: enforce non-native widget theme
* Security: removes/reduces system API calls, e.g. win32k API [1] * Security: removes/reduces system API calls, e.g. win32k API [1]
* Fingerprinting: provides a uniform look and feel across platforms [2] * Fingerprinting: provides a uniform look and feel across platforms [2]
@ -1127,7 +1114,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
/* 5006: disable favicons in history and bookmarks /* 5006: disable favicons in history and bookmarks
* [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your * [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your
* actual history (and bookmarks) already do. Your history is more detailed, so * actual history (and bookmarks) already do. Your history is more detailed, so
* control that instead; e.g. disable history, clear history on exit, use PB mode * control that instead; e.g. disable history, clear history on close, use PB mode
* [NOTE] favicons.sqlite is sanitized on Firefox close ***/ * [NOTE] favicons.sqlite is sanitized on Firefox close ***/
// user_pref("browser.chrome.site_icons", false); // user_pref("browser.chrome.site_icons", false);
/* 5007: exclude "Undo Closed Tabs" in Session Restore ***/ /* 5007: exclude "Undo Closed Tabs" in Session Restore ***/
@ -1151,7 +1138,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
* [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ * [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
// user_pref("browser.urlbar.autoFill", false); // user_pref("browser.urlbar.autoFill", false);
/* 5013: disable browsing and download history /* 5013: disable browsing and download history
* [NOTE] We also clear history and downloads on exit (2811) * [NOTE] We also clear history and downloads on exit (2803)
* [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/
// user_pref("places.history.enabled", false); // user_pref("places.history.enabled", false);
/* 5014: disable Windows jumplist [WINDOWS] ***/ /* 5014: disable Windows jumplist [WINDOWS] ***/
@ -1187,10 +1174,9 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
* [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ * [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/
// user_pref("javascript.options.asmjs", false); // user_pref("javascript.options.asmjs", false);
/* 5505: disable Ion and baseline JIT to harden against JS exploits /* 5505: disable Ion and baseline JIT to harden against JS exploits
* [NOTE] When both Ion and JIT are disabled, and trustedprincipals * [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new
* is enabled, then Ion can still be used by extensions (1599226) * hidden pref is enabled, then Ion can still be used by extensions (1599226)
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit ***/
* [2] https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ ***/
// user_pref("javascript.options.ion", false); // user_pref("javascript.options.ion", false);
// user_pref("javascript.options.baselinejit", false); // user_pref("javascript.options.baselinejit", false);
// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
@ -1221,14 +1207,29 @@ user_pref("security.csp.enable", true); // [DEFAULT: true]
user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
/* 6005: enforce window.opener protection [FF65+] /* 6005: enforce window.opener protection [FF65+]
* Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
/* 6006: enforce "window.name" protection [FF82+] /* 6006: enforce "window.name" protection [FF82+]
* If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original
* string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks
* [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/
user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true] user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+]
/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/ /* 6050: prefsCleaner: reset previously active items removed from arkenfox in 79-91 ***/
// placeholder // user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "");
// user_pref("browser.send_pings.require_same_host", "");
// user_pref("dom.allow_cut_copy", "");
// user_pref("dom.vibrator.enabled", "");
// user_pref("media.getusermedia.audiocapture.enabled", "");
// user_pref("media.getusermedia.browser.enabled", "");
// user_pref("media.getusermedia.screensharing.enabled", "");
// user_pref("media.gmp-widevinecdm.visible", "");
// user_pref("network.http.redirection-limit", "");
// user_pref("privacy.partition.network_state", "");
// user_pref("security.insecure_connection_icon.enabled", ""); // [DEFAULT: true FF70+]
// user_pref("security.mixed_content.block_active_content", ""); // [DEFAULT: true since at least FF60]
// user_pref("security.ssl.enable_ocsp_stapling", ""); // [DEFAULT: true FF26+]
// user_pref("webgl.disable-fail-if-major-performance-caveat", ""); // [DEFAULT: true FF86+]
// user_pref("webgl.enable-webgl2", "");
// user_pref("webgl.min_capability_mode", "");
/*** [SECTION 7000]: DON'T BOTHER ***/ /*** [SECTION 7000]: DON'T BOTHER ***/
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@ -1263,6 +1264,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS // user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
// user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES
/* 7004: control TLS versions /* 7004: control TLS versions
* [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction ***/ * [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction ***/
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
@ -1282,7 +1284,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
/* 7008: set the default Referrer Policy [FF59+] /* 7008: set the default Referrer Policy [FF59+]
* 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
* [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/ * [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/
// user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2] // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+]
// user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
/* 7009: disable HTTP2 /* 7009: disable HTTP2
* [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1] * [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1]
@ -1294,7 +1296,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
/* 7010: disable HTTP Alternative Services [FF37+] /* 7010: disable HTTP Alternative Services [FF37+]
* [WHY] Already isolated by network partitioning (FF85+) or FPI ***/ * [WHY] Already isolated by network partitioning (FF85+) or FPI ***/
// user_pref("network.http.altsvc.enabled", false); // user_pref("network.http.altsvc.enabled", false);
// user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+] // user_pref("network.http.altsvc.oe", false);
/* 7011: disable website control over browser right-click context menu /* 7011: disable website control over browser right-click context menu
* [WHY] Just use Shift-Right-Click ***/ * [WHY] Just use Shift-Right-Click ***/
// user_pref("dom.event.contextmenu.enabled", false); // user_pref("dom.event.contextmenu.enabled", false);
@ -1355,19 +1357,18 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc
// user_pref("startup.homepage_welcome_url.additional", ""); // user_pref("startup.homepage_welcome_url.additional", "");
// user_pref("startup.homepage_override_url", ""); // What's New page after updates // user_pref("startup.homepage_override_url", ""); // What's New page after updates
/* WARNINGS ***/ /* WARNINGS ***/
// user_pref("browser.tabs.warnOnClose", false); // [DEFAULT false FF94+] // user_pref("browser.tabs.warnOnClose", false);
// user_pref("browser.tabs.warnOnCloseOtherTabs", false); // user_pref("browser.tabs.warnOnCloseOtherTabs", false);
// user_pref("browser.tabs.warnOnOpen", false); // user_pref("browser.tabs.warnOnOpen", false);
// user_pref("browser.warnOnQuitShortcut", false); // [FF94+]
// user_pref("full-screen-api.warning.delay", 0); // user_pref("full-screen-api.warning.delay", 0);
// user_pref("full-screen-api.warning.timeout", 0); // user_pref("full-screen-api.warning.timeout", 0);
/* APPEARANCE ***/ /* APPEARANCE ***/
// user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("browser.download.autohideButton", false); // [FF57+]
// user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF]
// 0=light, 1=dark: with RFP this only affects chrome
// user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent
// user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF] // user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF]
// 0=no-preference, 1=reduce: with RFP this only affects chrome // 0=no-preference, 1=reduce: with RFP this only affects chrome
// user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF]
// 0=light, 1=dark: with RFP this only affects chrome
/* CONTENT BEHAVIOR ***/ /* CONTENT BEHAVIOR ***/
// user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type"
// user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX]
@ -1397,24 +1398,68 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features",
// user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED
Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1] Documentation denoted as [-]. Items deprecated in FF78 or earlier have been archived at [1]
[1] https://github.com/arkenfox/user.js/issues/123 [1] https://github.com/arkenfox/user.js/issues/123
***/ ***/
user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
/* ESR91.x still uses all the following prefs /* ESR78.x still uses all the following prefs
// [NOTE] replace the * with a slash in the line above to re-enable them // [NOTE] replace the * with a slash in the line above to re-enable them
// FF93 // FF79
// 7003: disable non-modern cipher suites // 0212: enforce fallback text encoding to match en-US
// [-] https://bugzilla.mozilla.org/1724072 // When the content or server doesn't declare a charset the browser will
// user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES // fallback to the "Current locale" based on your application language
// FF94 // [TEST] https://hsivonen.com/test/moz/check-charset.htm
// 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] - replaced by new 1402 // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
// [-] https://bugzilla.mozilla.org/1715507 // [-] https://bugzilla.mozilla.org/1603712
// user_pref("layout.css.font-visibility.level", 1); user_pref("intl.charset.fallback.override", "windows-1252");
// FF95 // FF82
// 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807 // 0206: disable geographically specific results/search engines e.g. "browser.search.*.US"
// [-] https://bugzilla.mozilla.org/1735976 // i.e. ignore all of Mozilla's various search engines in multiple locales
user_pref("browser.urlbar.suggest.quicksuggest", false); // [-] https://bugzilla.mozilla.org/1619926
user_pref("browser.search.geoSpecificDefaults", false);
user_pref("browser.search.geoSpecificDefaults.url", "");
// FF86
// 1205: disable SSL Error Reporting
// [1] https://firefox-source-docs.mozilla.org/main/65.0/browser/base/sslerrorreport/preferences.html
// [-] https://bugzilla.mozilla.org/1681839
user_pref("security.ssl.errorReporting.automatic", false);
user_pref("security.ssl.errorReporting.enabled", false);
user_pref("security.ssl.errorReporting.url", "");
// 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin
// [-] https://bugzilla.mozilla.org/1581678
user_pref("browser.download.hide_plugins_without_extensions", false);
// FF87
// 0105d: disable Activity Stream recent Highlights in the Library [FF57+]
// [-] https://bugzilla.mozilla.org/1689405
// user_pref("browser.library.activity-stream.enabled", false);
// 8002: disable PointerEvents
// [1] https://developer.mozilla.org/docs/Web/API/PointerEvent
// [-] https://bugzilla.mozilla.org/1688105
// user_pref("dom.w3c_pointer_events.enabled", false);
// FF89
// 0309: disable sending Flash crash reports
// [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
// 0310: disable sending the URL of the website where a plugin crashed
// [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
user_pref("dom.ipc.plugins.reportCrashURL", false);
// 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+]
// [1] https://bugzilla.mozilla.org/1190623
// [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
user_pref("security.mixed_content.block_object_subrequest", true);
// 1803: disable Flash plugin
// 0=deactivated, 1=ask, 2=enabled
// ESR52.x is the last branch to fully support NPAPI, FF52+ stable only supports Flash
// [NOTE] You can still override individual sites via site permissions
// [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
user_pref("plugin.state.flash", 0); // [DEFAULT: 1]
// FF90
// 0708: disable FTP [FF60+]
// [-] https://bugzilla.mozilla.org/1574475
// user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+]
// 7001: enforce no offline cache storage (appCache) [FF71+]
// [-] https://bugzilla.mozilla.org/1694662
user_pref("browser.cache.offline.storage.enable", false); // [DEFAULT: false FF84+]
// ***/ // ***/
/* END: internal custom pref to test for syntax errors ***/ /* END: internal custom pref to test for syntax errors ***/

BIN
wikipiki/concurrent01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

BIN
wikipiki/concurrent02.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

BIN
wikipiki/concurrent03.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
wikipiki/concurrent04.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
wikipiki/profiles01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

BIN
wikipiki/profiles02.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB