1202: aaaaaaand actually change the pref this time

1202: TLS min raised to 1.2 #167
nits
2025-09-04 10:58:31 +02:00 · 2017-07-10 06:26:55 +12:00 · 2017-07-10 06:22:52 +12:00 · 2017-07-10 05:52:44 +12:00 · 2017-07-09 18:51:32 +02:00 · 2017-07-09 18:49:39 +02:00
2 changed files with 1928 additions and 1887 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,8 @@
 * text=auto
 *.js text
 *.md text
 *.yml text
 *.txt text
 *.png binary
--- a/user.js
+++ b/user.js
@ -94,7 +94,7 @@ user_pref("intl.accept_languages", "en-US, en");
 /* 0208: enforce US English locale regardless of the system locale
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=867501 ***/
 user_pref("javascript.use_us_english_locale", true); // (hidden pref)
-/* 0209: disable geolocation on non-secure origins (FF55+)
+/* 0209: disable geolocation on non-secure origins (FF54+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1072859
 * [2] https://www.ghacks.net/2017/03/14/firefox-55-geolocation-requires-secure-origin/ ***/
 user_pref("geo.security.allowinsecure", false);
@ -215,7 +215,7 @@ user_pref("social.share.activationPanelEnabled", false);
 user_pref("social.enabled", false); // (hidden pref)
 /* 0376: disable FlyWeb, a set of APIs for advertising and discovering local-area web servers
 * [1] https://wiki.mozilla.org/FlyWeb
- * [2] http://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/
+ * [2] https://www.ghacks.net/2016/07/26/firefox-flyweb/ ***/
 user_pref("dom.flyweb.enabled", false);
 /*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION
@ -294,10 +294,11 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); //
    There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well,
    as it offers more comprehensive and specialized lists. It also allows per domain control. ***/
 /* 0420: enable Tracking Protection in all windows
 * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610)
 * [1] https://wiki.mozilla.org/Security/Tracking_protection
 * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/
-user_pref("privacy.trackingprotection.pbmode.enabled", true);
+   // user_pref("privacy.trackingprotection.pbmode.enabled", true); // default true
-user_pref("privacy.trackingprotection.enabled", true);
+   // user_pref("privacy.trackingprotection.enabled", true); // default false
 /* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection
 * Displays three choices: "Always", "Only in private windows", "Never" ***/
 user_pref("privacy.trackingprotection.ui.enabled", true);
@ -306,7 +307,7 @@ user_pref("privacy.trackingprotection.ui.enabled", true);
   // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic
   // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict
 /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+)
- * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
+ * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/
   // user_pref("browser.safebrowsing.blockedURIs.enabled", false);
 /* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/
@ -319,7 +320,7 @@ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!");
 * [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ ***/
 user_pref("network.prefetch-next", false);
 /* 0602: disable DNS prefetching
- * [1] http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/
+ * [1] https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/
 * [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching ***/
 user_pref("network.dns.disablePrefetch", true);
 user_pref("network.dns.disablePrefetchFromHTTPS", true); // (hidden pref)
@ -334,7 +335,7 @@ user_pref("captivedetect.canonicalURL", "");
 user_pref("network.captive-portal-service.enabled", false); // (FF52+)
 /* 0605: disable link-mouseover opening connection to linked server
 * [1] http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests
- * [2] http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/
+ * [2] https://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/
 user_pref("network.http.speculative-parallel-limit", 0);
 /* 0606: disable pings (but enforce same host in case)
 * [1] http://kb.mozillazine.org/Browser.send_pings
@ -342,7 +343,7 @@ user_pref("network.http.speculative-parallel-limit", 0);
 user_pref("browser.send_pings", false);
 user_pref("browser.send_pings.require_same_host", true);
 /* 0607: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS]
- * [1] http://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
+ * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
 user_pref("network.protocol-handler.external.ms-windows-store", false);
 /* 0608: disable predictor / prefetching (FF48+) ***/
 user_pref("network.predictor.enable-prefetch", false);
@ -418,7 +419,7 @@ user_pref("browser.urlbar.suggest.openpage", false);
 user_pref("browser.urlbar.autoFill", false);
 user_pref("browser.urlbar.autoFill.typed", false);
 /* 0850e: disable location bar one-off searches (FF51+)
- * [1] http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
+ * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
 user_pref("browser.urlbar.oneOffSearches", false);
 /* 0860: disable search and form history
 * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history
@ -567,7 +568,7 @@ user_pref("alerts.showFavicons", false);
   // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
   // user_pref("extensions.e10sBlocksEnabling", false);
 /* 1102: control number of content rendering processes
- * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
+ * [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
   // user_pref("dom.ipc.processCount", 4);
 /* 1103: enable WebExtension add-on code to run in a separate process (webext-oop) (FF53+)
@ -575,7 +576,7 @@ user_pref("alerts.showFavicons", false);
   // user_pref("extensions.webextensions.remote", true);
 /* 1104: enforce separate content process for file://URLs (FF53+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
- * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
+ * [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
   // user_pref("browser.tabs.remote.separateFileUriProcess", true);
 /* 1105: enable console shim warnings for add-ons with the 'multiprocessCompatible' flag as false ***/
 user_pref("dom.ipc.shims.enabledWarnings", true);
@ -584,7 +585,7 @@ user_pref("dom.ipc.shims.enabledWarnings", true);
 /* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play
 * with them. The values are integers, but the code below deliberately contains a data mismatch
 * [1] https://wiki.mozilla.org/Sandbox
- * [2] http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/
+ * [2] https://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/
   // user_pref("security.sandbox.content.level", "donotuse");
   // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse");
   // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse");
@ -614,10 +615,13 @@ user_pref("ghacks_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
   // user_pref("security.ssl.require_safe_negotiation", true);
 /* 1202: control TLS versions with min and max
 * 1=min version of TLS 1.0, 2=min version of TLS 1.1, 3=min version of TLS 1.2 etc
- * [WARNING] Firefox and Chrome currently allow TLS 1.0 by default, so this is your call.
+ * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
 * [WARNING] If you get an "SSL_ERROR_NO_CYPHER_OVERLAP" error temporarily
 * set a lower value for 'security.tls.version.min' in about:config
 * [1] http://kb.mozillazine.org/Security.tls.version.*
- * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ ***/
+ * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
-   // user_pref("security.tls.version.min", 2);
+ * [2] archived: https://archive.is/hY2Mm ***/
 user_pref("security.tls.version.min", 3);
 user_pref("security.tls.version.fallback-limit", 3);
 user_pref("security.tls.version.max", 4); // 4 = allow up to and including TLS 1.3
 /* 1203: disable SSL session tracking (FF36+)
@ -632,7 +636,8 @@ user_pref("security.ssl.disable_session_identifiers", true); // (hidden pref)
 user_pref("security.ssl.errorReporting.automatic", false);
 user_pref("security.ssl.errorReporting.enabled", false);
 user_pref("security.ssl.errorReporting.url", "");
-/** OCSP (Online Certificate Status Protocol) ***/
+/** OCSP (Online Certificate Status Protocol)
    #Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/
 /* 1210: enable OCSP Stapling
 * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
 user_pref("security.ssl.enable_ocsp_stapling", true);
@ -645,10 +650,9 @@ user_pref("security.ssl.enable_ocsp_stapling", true);
 user_pref("security.OCSP.enabled", 1);
 /* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently
 * continues the connection. With OCSP revocation, Firefox terminates the connection instead.
- * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some
+ * [WARNING] Since FF44 the default is false. If set to true, this will cause some site breakage
 * site breakage. Some users have previously mentioned issues with youtube, microsoft etc
 * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
-   // user_pref("security.OCSP.require", true);
+user_pref("security.OCSP.require", true);
 /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
 /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
 * 0=disable detecting Family Safety mode and importing the root
@ -766,7 +770,8 @@ user_pref("layout.css.font-loading-api.enabled", false);
 * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/
 user_pref("font.blacklist.underline_offset", "");
 /* 1408: disable graphite which FF49 turned back on by default
- * In the past it had security issues - need citation ***/
+ * In the past it had security issues. Update: This continues to be the case, see [1]
 * [1] https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
 user_pref("gfx.font_rendering.graphite.enabled", false);
 /* 1409: limit system font exposure to a whitelist (FF52+) [SETUP]
 * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
@ -825,8 +830,12 @@ user_pref("network.http.referer.userControlPolicy", 3);
 * TBB (Tor Browser Bundle) which is specifically designed for the dark web
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1305144 ***/
 user_pref("network.http.referer.hideOnionSource", true);
-/* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy)
+/* 1610: ALL: disable the DNT HTTP header, which is essentially USELESS
- * [SETTING] Options>Privacy>Tracking>Request that sites not track you
+ * It is voluntary and most ad networks do not honor it. DNT is *NOT* how you stop being data mined.
 * Don't encourage a setting that gives any legitimacy to 3rd parties being in control of your privacy.
 * Sending a DNT header *highly likely* raises entropy, especially in standard windows.
 * [SETTING] Options>Privacy>Use Tracking Protecting>manage your Do Not Track settings
 * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (eg in default PB Mode)
 * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/
 user_pref("privacy.donottrackheader.enabled", false);
@ -863,7 +872,7 @@ user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0);
 /* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example)
 * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config
 * [NOTE] You can still over-ride individual sites eg youtube via site permissions
- * [1] http://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/
+ * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/
   // user_pref("plugin.state.flash", 0);
 /* 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect ***/
 user_pref("security.xpconnect.plugin.unrestricted", false);
@ -893,7 +902,7 @@ user_pref("media.gmp-manager.url", "data:text/plain,");
 /*** 2000: MEDIA / CAMERA / MIC ***/
 user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
 /* 2001: disable WebRTC (Web Real-Time Communication)
- * [1] https://www.privacytools.io/#webrtc ***/
+ * [1] https://privacytoolsio.github.io/privacytools.io/#webrtc ***/
 user_pref("media.peerconnection.enabled", false);
 user_pref("media.peerconnection.use_document_iceservers", false);
 user_pref("media.peerconnection.video.enabled", false);
@ -937,7 +946,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false);
 /* 2023: disable camera stuff ***/
 user_pref("camera.control.face_detection.enabled", false);
 /* 2024: enable/disable MSE (Media Source Extensions)
- * [1] http://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/
+ * [1] https://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/
 user_pref("media.mediasource.enabled", true);
 user_pref("media.mediasource.mp4.enabled", true);
 user_pref("media.mediasource.webm.audio.enabled", true);
@ -955,7 +964,7 @@ user_pref("gfx.offscreencanvas.enabled", false);
 * [WARNING] This may break video playback on various sites ***/
 user_pref("media.autoplay.enabled", false);
 /* 2031: disable audio auto-play in non-active tabs (FF51+)
- * [1] http://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
+ * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
 user_pref("media.block-autoplay-until-in-foreground", true);
 /*** 2200: UI MEDDLING
@ -1041,7 +1050,7 @@ user_pref("ghacks_user.js.parrot", "2400 syntax error: the parrot's kicked the b
 * [WARNING] This will break some sites functionality such as pasting into facebook, wordpress
 * this applies to onCut, onCopy, onPaste events - i.e you have to interact with
 * the website for it to look at the clipboard
- * [1] http://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/
+ * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/
 user_pref("dom.event.clipboardevents.enabled", false);
 /* 2403: disable clipboard commands (cut/copy) from "non-privileged" content (FF41+)
 * this disables document.execCommand("cut"/"copy") to protect your clipboard
@ -1117,7 +1126,7 @@ user_pref("ghacks_user.js.parrot", "2500 syntax error: the parrot's shuffled off
 /* 2501: disable gamepad API - USB device ID enumeration
 * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/
 user_pref("dom.gamepad.enabled", false);
-/* 2503: disable giving away network info
+/* 2503: disable giving away network info (FF31+)
 * eg bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
 * [1] https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API
 * [2] https://wicg.github.io/netinfo/
@ -1134,7 +1143,7 @@ user_pref("dom.vr.openvr.enabled", false); // (FF51+)
 * [1] https://wiki.mozilla.org/Media/getUserMedia
 * [2] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices ***/
 user_pref("media.navigator.enabled", false);
-/* 2506: disable video statistics - JS performance fingerprinting
+/* 2506: disable video statistics - JS performance fingerprinting (FF25+)
 * [1] https://trac.torproject.org/projects/tor/ticket/15757 ***/
 user_pref("media.video_stats.enabled", false);
 /* 2507: disable keyboard fingerprinting (FF38+) (physical keyboards)
@ -1302,8 +1311,8 @@ user_pref("general.useragent.compatMode.firefox", false);
 /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/
 user_pref("browser.uitour.enabled", false);
 user_pref("browser.uitour.url", "");
-/* 2629: disable remote JAR files being opened, regardless of content type
+/* 2629: disable remote JAR files being opened, regardless of content type (FF42+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1215235 ***/
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/
 user_pref("network.jar.block-remote-files", true);
 /* 2662: disable "open with" in download dialog (FF50+)
 * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
@ -1321,7 +1330,7 @@ user_pref("device.storage.enabled", false);
 /* 2665: remove webchannel whitelist ***/
 user_pref("webchannel.allowObject.urlWhitelist", "");
 /* 2666: disable HTTP Alternative Services
- * [1] http://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/
+ * [1] https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 ***/
 user_pref("network.http.altsvc.enabled", false);
 user_pref("network.http.altsvc.oe", false);
 /* 2667: disable various developer tools in browser context
@ -1331,7 +1340,7 @@ user_pref("devtools.chrome.enabled", false);
 /* 2668: lock down allowed extension directories
 * [WARNING] This will break add-ons that do not use the default XPI directories
 * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
- * [2] archived: http://archive.is/DYjAM ***/
+ * [1] archived: http://archive.is/DYjAM ***/
 user_pref("extensions.enabledScopes", 1); // (hidden pref)
 user_pref("extensions.autoDisableScopes", 15);
 /* 2669: remove paths when sending URLs to PAC scripts (FF51+)
@ -1394,71 +1403,95 @@ user_pref("security.csp.experimentalEnabled", true);
   // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref)
 /* 2697g: general.useragent.locale (related, see 0204) ***/
-/*** 2698: FIRST PARTY ISOLATION (FPI) ***/
+/*** 2698: FIRST PARTY ISOLATION (FPI)
-/* 2698a: enable first party isolation pref and OriginAttribute (FF51+)
+ ** isolate favicons (FF52+)
- * [WARNING] Breaks lots of cross-domain logins and site functionality until perfected
+   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803
 ** isolate OCSP cache (FF52+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562
 ** isolate Shared Workers (FF52+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726
 ** isolate SSL session cache (FF52+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283
 ** isolate media cache (FF53+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927
 ** isolate HSTS and HPKP (FF54+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644
 ** isolate HTTP Alternative Services (FF54+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690
 ** isolate SPDY/HTTP2 (FF55+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693
 ** isolate DNS cache (FF55+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893
 ** isolate blob: URI (FF55+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170
 ** isolate data://, about: URLs (FF55+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1300671
 ***/
 /* 2698a: enable First Party Isolation (FF51+)
 * [WARNING] May break cross-domain logins and site functionality until perfected
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 ***/
-/* 2698b: isolate favicons (FF52+)
+user_pref("privacy.firstparty.isolate", true);
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1277803 ***/
+/* 2698b: enforce FPI restriction for window.opener (FF54+)
-/* 2698c: isolate OCSP cache (FF52+)
+ * [NOTE] Setting this to false may reduce the breakage in 2698a
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 ***/
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/
-/* 2698d: isolate Shared Workers (FF52+)
+user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1268726 ***/
 /* 2698e: isolate SSL session cache (FF52+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1316283 ***/
 /* 2698f: isolate media cache (FF53+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1317927 ***/
 /* 2698g: isolate HSTS and HPKP (FF54+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 ***/
 /* 2698h: isolate HTTP Alternative Services (FF54+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 ***/
 /* 2698i: isolate SPDY/HTTP2 (FF55+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 ***/
 /* 2698j: isolate DNS cache (FF55+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337893 ***/
 /* 2698k: isolate blob: URI (FF55+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1344170 ***/
   // user_pref("privacy.firstparty.isolate", true);
   // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // (FF54+)
-/*** 2699: TOR UPLIFT: privacy.resistFingerprinting
+/*** 2699: privacy.resistFingerprinting
-     This preference will be used as a generic switch for a wide range of items.
+   This master switch will be used for a wide range of items,
-     This section will attempt to list all the ramifications and Mozilla tickets ***/
+   many of which will **override** existing prefs from FF55+
-/* 2699a: limit window.screen & CSS media queries providing large amounts of identifiable info.
+ ** limit window.screen & CSS media queries leaking identifiable info (FF41+)
- * POC: http://ip-check.info/?lang=en (screen, usable screen, and browser window will match)
+   [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match)
- * [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800
+   [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800
- * [NOTE] This will probably make your values pretty unique until you resize or snap the
+   [NOTE] This will probably make your values pretty unique until you resize or snap the
- * inner window width + height into standard/common resolutions (mine is at 1366x768)
+   inner window width + height into standard/common resolutions (such as 1366x768)
- * To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit
+   To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit
- * Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test
+   Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test
- * your window size, do some math, resize to allow for all the non inner window elements
+   your window size, do some math, resize to allow for all the non inner window elements
- * [TEST] http://browserspy.dk/screen.php
+   [TEST] http://browserspy.dk/screen.php
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986
 ** spoof screen orientation (FF50+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949
 ** hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963
 ** spoof timezone as UTC 0 (FF55+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890
 ** spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+)
   This spoof *shouldn't* affect core chrome/Firefox performance
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039
 ** reduce precision of time exposed by javascript (FF55+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238
 ** spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369303
 ** spoof Navigator API (see section 2697) (FF56+)
   The version number will be rounded to the "nearest" multiple of 10
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1333651
 ** disable device sensor API (see 2512) (FF56+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369319
 ** disable site specific zoom (see 2515) (FF56+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1369357
 ** disable gamepad API (see 2501) (FF56+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1337161
 ** spoof network information API as "unknown" (see 2503) (FF56+)
   [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1372072
 ***/
 /* 2699a: enable privacy.resistFingerprinting (FF41+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/
-/* 2699b: spoof screen orientation
+user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281949 ***/
+/* 2699b: set new window sizes to round to hundreds (FF55+) [SETUP]
 /* 2699c: hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1281963 ***/
 /* 2699d: set new window sizes to round to hundreds (FF55+) [SETUP]
 * [NOTE] If override values are too big, the code determines it for you
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882
 * [2] https://metrics.mozilla.com/firefox-hardware-report/ ***/
   // user_pref("privacy.window.maxInnerWidth", 1366);
   // user_pref("privacy.window.maxInnerHeight", 768);
 /* 2699e: spoof timezone as UTC 0 (FF55+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 ***/
 /* 2699f: spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+)
 * This spoof *shouldn't* affect core chrome/Firefox performance
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1360039 ***/
 /* 2699g: reduce precision of time exposed by javascript (FF55+)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 ***/
 user_pref("privacy.resistFingerprinting", true); // (hidden pref)
 /*** 2700: COOKIES & DOM STORAGE ***/
 user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
 /* 2701: disable cookies on all sites [SETUP]
 * You can set exceptions under site permissions or use an extension (eg Cookie Controller)
 * 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie
- * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites ***/
+ * [SETTING] Options>Privacy>History>Custom Settings>Accept cookies from sites
 * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache
 * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/
 user_pref("network.cookie.cookieBehavior", 2);
 /* 2702: set third-party cookies (if enabled, see above pref) to session-only
 * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
@ -1571,7 +1604,7 @@ user_pref("browser.backspace_action", 2);
 * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/
 user_pref("browser.link.open_newwindow", 3);
 /* 3009: enable APZ (Async Pan/Zoom) - requires e10s
- * [1] http://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/
+ * [1] https://www.ghacks.net/2015/07/28/scrolling-in-firefox-to-get-a-lot-better-thanks-to-apz/ ***/
   // user_pref("layers.async-pan-zoom.enabled", true);
 /* 3010: enable ctrl-tab previews ***/
 user_pref("browser.ctrlTab.previews", true);
Author	SHA1	Message	Date
Thorin-Oakenpants	132e0fa503	1202: aaaaaaand actually change the pref this time	2017-07-10 06:26:55 +12:00
Thorin-Oakenpants	c864c8ebb0	1202: TLS min raised to 1.2 #167	2017-07-10 06:22:52 +12:00
Thorin-Oakenpants	063b731054	nits	2017-07-10 05:52:44 +12:00
earthlng	d7c282c0fa	Merge pull request #168 from ghacksuserjs/earthlng-patch-1 update ghacks.net links to use https	2017-07-09 18:51:32 +02:00
earthlng	b24dd123d0	update ghacks.net links to use https	2017-07-09 18:49:39 +02:00
earthlng	8b0bc463c5	2001: link update www.privacytools.io redirects to https://privacytoolsio.github.io/privacytools.io/ and in the process drops the anchor info (#webrtc)	2017-07-09 17:58:05 +02:00
Thorin-Oakenpants	4d31983e06	0420: TP fixup default values	2017-07-09 22:58:57 +12:00
Thorin-Oakenpants	e018583082	2701: cookies & 3rd party info #159	2017-07-08 05:24:33 +12:00
Thorin-Oakenpants	6348826519	1212: turn on OCSP	2017-07-08 05:12:52 +12:00
Thorin-Oakenpants	b55a986d52	1210's: OCSP add reference	2017-07-07 00:09:54 +12:00
Thorin-Oakenpants	ba78702686	1610 DNT & 0420 TP clarify conflicts #163	2017-07-06 19:03:36 +12:00
Thorin-Oakenpants	32327e15c1	2699: spoof network info API	2017-07-01 03:05:45 +12:00
Thorin-Oakenpants	d1306aee26	2699: gamepad API	2017-06-30 03:10:39 +12:00
Thorin-Oakenpants	ac77e65d82	2699: site specific zoom	2017-06-30 03:09:19 +12:00
Thorin-Oakenpants	6b7032ccaf	2699: device sensor API	2017-06-29 04:48:56 +12:00
Thorin-Oakenpants	6ef86fbde6	0209 FF version fix, 2699a hidden pref info I removed the "(hidden pref)" info when we revamped 2699, as it will no longer be hidden. In hindsight, that info needs to stay (we haven't archived off end-of-life 54, and it's good information for backwards compatibility).	2017-06-22 05:37:47 +12:00
Thorin-Oakenpants	0176d8676c	2698: isolate data://, about:	2017-06-21 18:37:27 +12:00
Thorin-Oakenpants	da1b9054ad	2629: fix ref source	2017-06-21 18:31:00 +12:00
Thorin-Oakenpants	fba479944d	spacing nit	2017-06-21 17:17:15 +12:00
Thorin-Oakenpants	791b4114c6	2699: spoof Navigator API https://reviewboard.mozilla.org/r/147474/diff/4#index_header I would have thought rounding DOWN to the nearest multiple of 10 would be better. Imagine being on FF61 and claiming to be 70 = might cause site issues	2017-06-21 17:15:56 +12:00
Thorin-Oakenpants	8cdc6e766c	2699 revamp #143	2017-06-20 10:47:11 +12:00
Thorin-Oakenpants	319db71e82	nits	2017-06-20 03:56:15 +12:00
Thorin-Oakenpants	907e0aaa24	1408: graphite: update & add ref	2017-06-20 03:25:31 +12:00
Thorin-Oakenpants	5e0f37c925	2698 revamp #143 & FPI=>active	2017-06-20 03:05:51 +12:00
Thorin-Oakenpants	06018367a1	Merge pull request #146 from carmenbianca/line-endings Convert line endings to LF	2017-06-19 09:11:20 +12:00
Carmen Bianca Bakker	7b2d67976c	Convert line endings to LF Added .gitattributes file to prevent CRLF from being committed in the future. Fixes #145	2017-06-17 09:13:14 +02:00