1202: aaaaaaand actually change the pref this time

update ghacks.net links to use https

user.js

@@ -94,7 +94,7 @@ user_pref("intl.accept_languages", "en-US, en");
 /* 0208: enforce US English locale regardless of the system locale
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/
 user_pref("javascript.use_us_english_locale", true); // (hidden pref)
-/* 0209: disable geolocation on non-secure origins (FF55+)
+/* 0209: disable geolocation on non-secure origins (FF54+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859
  * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/
 user_pref("geo.security.allowinsecure", false);
@@ -215,7 +215,7 @@ user_pref("social.share.activationPanelEnabled", false);
 user_pref("social.enabled", false); // (hidden pref)
 /* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers
  * [1] https://wiki.mozilla.org/FlyWeb
- * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/
+ * [2] https://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/
 user_pref("dom.flyweb.enabled", false);
 
 /*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION
@@ -294,10 +294,11 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); //
     There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well,
     as it offers more comprehensive and specialized lists. It also allows per domain control. ***/
 /* 0420: enable Tracking Protection in all windows
+ * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610)
  * [1] https://wiki.mozilla.org/Security/Tracking_protection
  * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/
-user_pref("privacy.trackingprotection.pbmode.enabled", true);
-user_pref("privacy.trackingprotection.enabled", true);
+   // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default true
+   // user_pref("privacy.trackingprotection.enabled", true); // default false
 /* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection
  * Displays three choices: "Always", "Only in private windows", "Never" ***/
 user_pref("privacy.trackingprotection.ui.enabled", true);
@@ -306,7 +307,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true);
    // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic
    // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict
 /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+)
- * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
+ * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
  * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/
    // user_pref("browser.safebrowsing.blockedURIs.enabled", false);
 /* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/
@@ -319,7 +320,7 @@ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!");
  * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/
 user_pref("network.prefetch-next", false);
 /* 0602: disable DNS prefetching
- * [1] http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/
+ * [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/
  * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/
 user_pref("network.dns.disablePrefetch", true);
 user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref)
@@ -334,7 +335,7 @@ user_pref("captivedetect.canonicalURL", "");
 user_pref("network.captive-portal-service.enabled", false); // (FF52+)
 /* 0605: disable link-mouseover opening connection to linked server
  * [1] http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests
- * [2] http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/
+ * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/
 user_pref("network.http.speculative-parallel-limit", 0);
 /* 0606: disable pings (but enforce same host in case)
  * [1] http://kb.mozillazine.org/Browser.send_pings
@@ -342,7 +343,7 @@ user_pref("network.http.speculative-parallel-limit", 0);
 user_pref("browser.send_pings", false);
 user_pref("browser.send_pings.require_same_host", true);
 /* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS]
- * [1] http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
+ * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
 user_pref("network.protocol-handler.external.ms-windows-store", false);
 /* 0608: disable predictor / prefetching (FF48+) ***/
 user_pref("network.predictor.enable-prefetch", false);
@@ -418,7 +419,7 @@ user_pref("browser.urlbar.suggest.openpage", false);
 user_pref("browser.urlbar.autoFill", false);
 user_pref("browser.urlbar.autoFill.typed", false);
 /* 0850e: disable location bar one-off searches (FF51+)
- * [1] http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
+ * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
 user_pref("browser.urlbar.oneOffSearches", false);
 /* 0860: disable search and form history
  * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history
@@ -567,7 +568,7 @@ user_pref("alerts.showFavicons", false);
    // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
    // user_pref("extensions.e10sBlocksEnabling", false);
 /* 1102: control number of content rendering processes
- * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
+ * [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
  * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
    // user_pref("dom.ipc.processCount", 4);
 /* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+)
@@ -575,7 +576,7 @@ user_pref("alerts.showFavicons", false);
    // user_pref("extensions.webextensions.remote", true);
 /* 1104: enforce separate content process for file://URLs (FF53+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
- * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
+ * [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
    // user_pref("browser.tabs.remote.separateFileUriProcess", true);
 /* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/
 user_pref("dom.ipc.shims.enabledWarnings", true);
@@ -584,7 +585,7 @@ user_pref("dom.ipc.shims.enabledWarnings", true);
 /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play
  * with them. The values are integers, but the code below deliberately contains a data mismatch
  * [1] https://wiki.mozilla.org/Sandbox
- * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/
+ * [2] https://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/
    // user_pref("security.sandbox.content.level", "donotuse");
    // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse");
    // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse");
@@ -614,10 +615,13 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
    // user_pref("security.ssl.require_safe_negotiation", true);
 /* 1202: control TLS versions with min and max
  * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc
- * [WARNING] Firefox and Chrome currently allow TLS 1.0 by default, so this is your call.
+ * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
+ * [WARNING] If you get an "SSL_ERROR_NO_CYPHER_OVERLAP" error temporarily
+ * set a lower value for 'security.tls.version.min' in about:config
  * [1] http://kb.mozillazine.org/Security.tls.version.*
- * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/
-   // user_pref("security.tls.version.min", 2);
+ * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
+ * [2] archived: https://archive.is/hY2Mm ***/
+user_pref("security.tls.version.min", 3);
 user_pref("security.tls.version.fallback-limit", 3);
 user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3
 /* 1203: disable SSL session tracking (FF36+)
@@ -632,7 +636,8 @@ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref)
 user_pref("security.ssl.errorReporting.automatic", false);
 user_pref("security.ssl.errorReporting.enabled", false);
 user_pref("security.ssl.errorReporting.url", "");
-/** OCSP (Online Certificate Status Protocol) ***/
+/** OCSP (Online Certificate Status Protocol)
+    #Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/
 /* 1210: enable OCSP Stapling
  * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
 user_pref("security.ssl.enable_ocsp_stapling", true);
@@ -645,10 +650,9 @@ user_pref("security.ssl.enable_ocsp_stapling", true);
 user_pref("security.OCSP.enabled", 1);
 /* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently
  * continues the connection. With OCSP revocation, Firefox terminates the connection instead.
- * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some
- * site breakage. Some users have previously mentioned issues with youtube, microsoft etc
+ * [WARNING] Since FF44 the default is false. If set to true, this will cause some site breakage
  * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
-   // user_pref("security.OCSP.require", true);
+user_pref("security.OCSP.require", true);
 /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
 /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
  * 0=disable detecting Family Safety mode and importing the root
@@ -766,7 +770,8 @@ user_pref("layout.css.font-loading-api.enabled", false);
  * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/
 user_pref("font.blacklist.underline_offset", "");
 /* 1408: disable graphite which FF49 turned back on by default
- * In the past it had security issues - need citation ***/
+ * In the past it had security issues. Update: This continues to be the case, see [1]
+ * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
 user_pref("gfx.font_rendering.graphite.enabled", false);
 /* 1409: limit system font exposure to a whitelist (FF52+) [SETUP]
  * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
@@ -825,8 +830,12 @@ user_pref("network.http.referer.userControlPolicy", 3);
  * TBB (Tor Browser Bundle) which is specifically designed for the dark web
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 ***/
 user_pref("network.http.referer.hideOnionSource", true);
-/* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy)
- * [SETTING] Options>Privacy>Tracking>Request that sites not track you
+/* 1610: ALL: disable the DNT HTTP header, which is essentially USELESS
+ * It is voluntary and most ad networks do not honor it. DNT is *NOT* how you stop being data mined.
+ * Don't encourage a setting that gives any legitimacy to 3rd parties being in control of your privacy.
+ * Sending a DNT header *highly likely* raises entropy, especially in standard windows.
+ * [SETTING] Options>Privacy>Use Tracking Protecting>manage your Do Not Track settings
+ * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (eg in default PB Mode)
  * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/
 user_pref("privacy.donottrackheader.enabled", false);
 
@@ -863,7 +872,7 @@ user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0);
 /* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example)
  * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config
  * [NOTE] You can still over-ride individual sites eg youtube via site permissions
- * [1] http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/
+ * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/
    // user_pref("plugin.state.flash", 0);
 /* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/
 user_pref("security.xpconnect.plugin.unrestricted", false);
@@ -893,7 +902,7 @@ user_pref("media.gmp-manager.url", "data:text/plain,");
 /*** 2000: MEDIA / CAMERA / MIC ***/
 user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
 /* 2001: disable WebRTC (Web Real-Time Communication)
- * [1] https://www.privacytools.io/#webrtc ***/
+ * [1] https://privacytoolsio.github.io/privacytools.io/#webrtc ***/
 user_pref("media.peerconnection.enabled", false);
 user_pref("media.peerconnection.use_document_iceservers", false);
 user_pref("media.peerconnection.video.enabled", false);
@@ -937,7 +946,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false);
 /* 2023: disable camera stuff ***/
 user_pref("camera.control.face_detection.enabled", false);
 /* 2024: enable/disable MSE (Media Source Extensions)
- * [1] http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/
+ * [1] https://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/
 user_pref("media.mediasource.enabled", true);
 user_pref("media.mediasource.mp4.enabled", true);
 user_pref("media.mediasource.webm.audio.enabled", true);
@@ -955,7 +964,7 @@ user_pref("gfx.offscreencanvas.enabled", false);
  * [WARNING] This may break video playback on various sites ***/
 user_pref("media.autoplay.enabled", false);
 /* 2031: disable audio auto-play in non-active tabs (FF51+)
- * [1] http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
+ * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
 user_pref("media.block-autoplay-until-in-foreground", true);
 
 /*** 2200: UI MEDDLING
@@ -1041,7 +1050,7 @@ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the b
  * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress
  * this applies to onCut, onCopy, onPaste events - i.e you have to interact with
  * the website for it to look at the clipboard
- * [1] http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/
+ * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/
 user_pref("dom.event.clipboardevents.enabled", false);
 /* 2403: disable clipboard commands (cut/copy) from "non-privileged" content (FF41+)
  * this disables document.execCommand("cut"/"copy") to protect your clipboard
@@ -1117,7 +1126,7 @@ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off
 /* 2501: disable gamepad API - USB device ID enumeration
  * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/
 user_pref("dom.gamepad.enabled", false);
-/* 2503: disable giving away network info
+/* 2503: disable giving away network info (FF31+)
  * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
  * [1] https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API
  * [2] https://wicg.github.io/netinfo/
@@ -1134,7 +1143,7 @@ user_pref("dom.vr.openvr.enabled", false); // (FF51+)
  * [1] https://wiki.mozilla.org/Media/getUserMedia
  * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/
 user_pref("media.navigator.enabled", false);
-/* 2506: disable video statistics - JS performance fingerprinting
+/* 2506: disable video statistics - JS performance fingerprinting (FF25+)
  * [1] https://trac.torproject.org/projects/tor/ticket/15757 ***/
 user_pref("media.video_stats.enabled", false);
 /* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards)
@@ -1302,8 +1311,8 @@ user_pref("general.useragent.compatMode.firefox", false);
 /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/
 user_pref("browser.uitour.enabled", false);
 user_pref("browser.uitour.url", "");
-/* 2629: disable remote JAR files being opened, regardless of content type
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/
+/* 2629: disable remote JAR files being opened, regardless of content type (FF42+)
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/
 user_pref("network.jar.block-remote-files", true);
 /* 2662: disable "open with" in download dialog (FF50+)
  * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
@@ -1321,7 +1330,7 @@ user_pref("device.storage.enabled", false);
 /* 2665: remove webchannel whitelist ***/
 user_pref("webchannel.allowObject.urlWhitelist", "");
 /* 2666: disable HTTP Alternative Services
- * [1] http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/
+ * [1] https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/
 user_pref("network.http.altsvc.enabled", false);
 user_pref("network.http.altsvc.oe", false);
 /* 2667: disable various developer tools in browser context
@@ -1331,7 +1340,7 @@ user_pref("devtools.chrome.enabled", false);
 /* 2668: lock down allowed extension directories
  * [WARNING] This will break add-ons that do not use the default XPI directories
  * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
- * [2] archived: http://archive.is/DYjAM ***/
+ * [1] archived: http://archive.is/DYjAM ***/
 user_pref("extensions.enabledScopes", 1); // (hidden pref)
 user_pref("extensions.autoDisableScopes", 15);
 /* 2669: remove paths when sending URLs to PAC scripts (FF51+)
@@ -1394,71 +1403,95 @@ user_pref("security.csp.experimentalEnabled", true);
    // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref)
 /* 2697g: general.useragent.locale (related, see 0204) ***/
 
-/*** 2698: FIRST PARTY ISOLATION (FPI) ***/
-/* 2698a: enable first party isolation pref and OriginAttribute (FF51+)
- * [WARNING] Breaks lots of cross-domain logins and site functionality until perfected
+/*** 2698: FIRST PARTY ISOLATION (FPI)
+ ** isolate favicons (FF52+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803
+ ** isolate OCSP cache (FF52+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562
+ ** isolate Shared Workers (FF52+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726
+ ** isolate SSL session cache (FF52+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283
+ ** isolate media cache (FF53+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927
+ ** isolate HSTS and HPKP (FF54+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644
+ ** isolate HTTP Alternative Services (FF54+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690
+ ** isolate SPDY/HTTP2 (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693
+ ** isolate DNS cache (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893
+ ** isolate blob: URI (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170
+ ** isolate data://, about: URLs (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1300671
+***/
+/* 2698a: enable First Party Isolation (FF51+)
+ * [WARNING] May break cross-domain logins and site functionality until perfected
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/
-/* 2698b: isolate favicons (FF52+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/
-/* 2698c: isolate OCSP cache (FF52+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/
-/* 2698d: isolate Shared Workers (FF52+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/
-/* 2698e: isolate SSL session cache (FF52+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 ***/
-/* 2698f: isolate media cache (FF53+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 ***/
-/* 2698g: isolate HSTS and HPKP (FF54+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/
-/* 2698h: isolate HTTP Alternative Services (FF54+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/
-/* 2698i: isolate SPDY/HTTP2 (FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/
-/* 2698j: isolate DNS cache (FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/
-/* 2698k: isolate blob: URI (FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 ***/
-   // user_pref("privacy.firstparty.isolate", true);
-   // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // (FF54+)
+user_pref("privacy.firstparty.isolate", true);
+/* 2698b: enforce FPI restriction for window.opener (FF54+)
+ * [NOTE] Setting this to false may reduce the breakage in 2698a
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/
+user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
 
-/*** 2699: TOR UPLIFT: privacy.resistFingerprinting
-     This preference will be used as a generic switch for a wide range of items.
-     This section will attempt to list all the ramifications and Mozilla tickets ***/
-/* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info.
- * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match)
- * [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800
- * [NOTE] This will probably make your values pretty unique until you resize or snap the
- * inner window width + height into standard/common resolutions (mine is at 1366x768)
- * To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit
- * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test
- * your window size, do some math, resize to allow for all the non inner window elements
- * [TEST] http://browserspy.dk/screen.php
+/*** 2699: privacy.resistFingerprinting
+   This master switch will be used for a wide range of items,
+   many of which will **override** existing prefs from FF55+
+ ** limit window.screen & CSS media queries leaking identifiable info (FF41+)
+   [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match)
+   [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800
+   [NOTE] This will probably make your values pretty unique until you resize or snap the
+   inner window width + height into standard/common resolutions (such as 1366x768)
+   To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit
+   Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test
+   your window size, do some math, resize to allow for all the non inner window elements
+   [TEST] http://browserspy.dk/screen.php
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986
+ ** spoof screen orientation (FF50+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949
+ ** hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963
+ ** spoof timezone as UTC 0 (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890
+ ** spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+)
+   This spoof *shouldn't* affect core chrome/Firefox performance
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039
+ ** reduce precision of time exposed by javascript (FF55+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238
+ ** spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369303
+ ** spoof Navigator API (see section 2697) (FF56+)
+   The version number will be rounded to the "nearest" multiple of 10
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1333651
+ ** disable device sensor API (see 2512) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369319
+ ** disable site specific zoom (see 2515) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369357
+ ** disable gamepad API (see 2501) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337161
+ ** spoof network information API as "unknown" (see 2503) (FF56+)
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1372072
+***/
+/* 2699a: enable privacy.resistFingerprinting (FF41+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/
-/* 2699b: spoof screen orientation
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/
-/* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/
-/* 2699d: set new window sizes to round to hundreds (FF55+) [SETUP]
+user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+)
+/* 2699b: set new window sizes to round to hundreds (FF55+) [SETUP]
  * [NOTE] If override values are too big, the code determines it for you
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882
  * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/
    // user_pref("privacy.window.maxInnerWidth", 1366);
    // user_pref("privacy.window.maxInnerHeight", 768);
-/* 2699e: spoof timezone as UTC 0 (FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/
-/* 2699f: spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+)
- * This spoof *shouldn't* affect core chrome/Firefox performance
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/
-/* 2699g: reduce precision of time exposed by javascript (FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 ***/
-user_pref("privacy.resistFingerprinting", true); // (hidden pref)
 
 /*** 2700: COOKIES & DOM STORAGE ***/
 user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
 /* 2701: disable cookies on all sites [SETUP]
  * You can set exceptions under site permissions or use an extension (eg Cookie Controller)
  * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie
- * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites ***/
+ * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites
+ * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache
+ * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/
 user_pref("network.cookie.cookieBehavior", 2);
 /* 2702: set third-party cookies (if enabled, see above pref) to session-only
  * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
@@ -1571,7 +1604,7 @@ user_pref("browser.backspace_action", 2);
  * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/
 user_pref("browser.link.open_newwindow", 3);
 /* 3009: enable APZ (Async Pan/Zoom) - requires e10s
- * [1] http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/
+ * [1] https://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/
    // user_pref("layers.async-pan-zoom.enabled", true);
 /* 3010: enable ctrl-tab previews ***/
 user_pref("browser.ctrlTab.previews", true);