67 archive

I don't think we need a 4 yr old article to explain the concept of `.min` (or `.max`), it's pretty self explanatory (and SSL 3 is obsolete). Three lines of text culled, and one of the remaining http links eliminated as a bonus. Enjoy the saved bytes and mouse-scrolling.

.github/ISSUE_TEMPLATE/tools.md

@@ -0,0 +1,17 @@
+---
+name: Tools
+about: Report issues with the updaters, troubleshooter, or any other tools.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!-- 
+Make sure to specify: 
+  - the name of the file (i.e. updater.bat, updater.sh)
+  - the OS where you used the tool (if applicable)
+  - steps to reproduce the issue
+  - expected result
+  - actual result
+-->

.github/ISSUE_TEMPLATE/troubleshooting-help.md

@@ -0,0 +1,35 @@
+---
+name: Troubleshooting help
+about: Ask for help troubleshooting issues with user.js
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!--
+Before you ask for help...
+  - Keep reading this. Seriously.
+  - Note that we do not support forks (i.e. IceCat, Pale Moon, WaterFox, etc).
+  - Make sure you searched for the setup tags in user.js.
+  - Search the GitHub repository. The information you need is most likely here already.
+  - See if you get the same problem in a new Firefox profile without user.js.
+  - See if you get the same problem without extensions/add-ons.
+  - Check out our wiki page on troubleshooting.
+    https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting
+
+See also:
+  - Extension breakage due to prefs
+    https://github.com/ghacksuserjs/ghacks-user.js/issues/391
+  - Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts
+    https://github.com/ghacksuserjs/ghacks-user.js/issues/350
+  - The extension CSP header modification game
+    https://github.com/ghacksuserjs/ghacks-user.js/issues/664
+	
+If you still need help, help us help you by providing relevant information:
+  - browser version
+  - Steps to Reproduce (STR)
+  - actual result
+  - expected result
+  - anything else you deem worth mentioning
+-->

.github/ISSUE_TEMPLATE/user-js.md

@@ -0,0 +1,13 @@
+---
+name: User.js
+about: Suggest changes to user.js
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!--
+We value feedback in general, but we value feedback from informed users more. There is no need for you to be an expert to participate (most of us aren't), but we hope that you at least understand our decisions before questioning them. We discuss all changes openly, and we do not make changes lightly. So, if you don't understand why we decided to add/remove/change a certain pref, search the repo. The answer is most certainly here.
+If some change we made took you by surprise (in the wrong way), remember that keeping track of changes is your responsibility. Watch the repo, read the changelogs, compare revisions as you update your copy of user.js, or use any other method you prefer.
+-->

scratchpad-scripts/ghacks-clear-[removed].js

@@ -1,7 +1,7 @@
 /***
  This will reset the preferences that have been removed completely from the ghacks user.js.
 
- Last updated: 05-May-2019
+ Last updated: 12-June-2019
 
  For instructions see:
  https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
@@ -193,6 +193,16 @@
     'services.blocklist.plugins.collection',
     'services.blocklist.update_enabled',
     'urlclassifier.trackingTable',
+    /* 68-beta */
+    'font.blacklist.underline_offset',
+    'font.name.monospace.x-unicode',
+    'font.name.monospace.x-western',
+    'font.name.sans-serif.x-unicode',
+    'font.name.sans-serif.x-western',
+    'font.name.serif.x-unicode',
+    'font.name.serif.x-western',
+    'layout.css.font-loading-api.enabled',
+    'toolkit.telemetry.cachedClientID',
     /* reset parrot: check your open about:config after running the script */
     '_user.js.parrot'
   ]

updater.bat

@@ -3,10 +3,10 @@ TITLE ghacks user.js updater
 
 REM ## ghacks-user.js updater for Windows
 REM ## author: @claustromaniac
-REM ## version: 4.6
+REM ## version: 4.10
 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts
 
-SET v=4.7
+SET v=4.10
 
 VERIFY ON
 CD /D "%~dp0"
@@ -22,6 +22,8 @@ IF /I "%~1"=="-multioverrides" (SET _multi=1)
 IF /I "%~1"=="-merge" (SET _merge=1)
 IF /I "%~1"=="-updatebatch" (SET _updateb=1)
 IF /I "%~1"=="-singlebackup" (SET _singlebackup=1)
+IF /I "%~1"=="-esr" (SET _esr=1)
+IF /I "%~1"=="-rfpalts" (SET _rfpalts=1)
 SHIFT
 GOTO parse
 :endparse
@@ -82,7 +84,7 @@ ECHO:
 ECHO:                ########################################
 ECHO:                ####  user.js Updater for Windows   ####
 ECHO:                ####       by claustromaniac        ####
-ECHO:                ####             v!v!               ####
+ECHO:                ####             v!v!              ####
 ECHO:                ########################################
 ECHO:
 SET /A "_line=0"
@@ -131,6 +133,14 @@ CALL :message "Retrieving latest user.js file from github repository..."
 	PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')"
 ) >nul 2>&1
 IF EXIST user.js.new (
+	IF DEFINED _rfpalts (
+		CALL :message "Activating RFP Alternatives section..."
+		CALL :activate user.js.new "[SETUP-non-RFP]"
+	)
+	IF DEFINED _esr (
+		CALL :message "Activating ESR section..."
+		CALL :activate user.js.new ".x still uses all the following prefs"
+	)
 	IF DEFINED _multi (
 		FORFILES /P user.js-overrides /M *.js >nul 2>&1
 		IF NOT ERRORLEVEL 1 (
@@ -196,7 +206,7 @@ IF NOT DEFINED _log (
 )
 EXIT /B
 
-REM ########### Message Function ###########
+::::::::::::::: Message :::::::::::::::
 :message
 SETLOCAL DisableDelayedExpansion
 IF NOT "2"=="%_log%" (ECHO:)
@@ -205,7 +215,28 @@ IF NOT "2"=="%_log%" (ECHO:)
 ENDLOCAL
 GOTO :EOF
 
-REM ############ Merge function ############
+::::::::::::::: Activate Section :::::::::::::::
+:activate
+:: arg1 = file
+:: arg2 = line substring
+SETLOCAL DisableDelayedExpansion
+(
+	FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" "%~1"') DO (
+		SET "_temp=%%H"
+		SETLOCAL EnableDelayedExpansion
+		IF "!_temp:%~2=!"=="!_temp!" (
+			ENDLOCAL & ECHO:%%H
+		) ELSE (
+			ECHO://!_temp:~2!
+			ENDLOCAL
+		)
+	)
+)>updatertempfile
+MOVE /Y updatertempfile "%~1" >nul
+ENDLOCAL
+GOTO :EOF
+
+::::::::::::::: Merge :::::::::::::::
 :merge
 SETLOCAL DisableDelayedExpansion
 FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ 	]*\([ 	]*[\"'].*[\"'][ 	]*,.*\)[ 	]*;" "%~1"') DO (SET "[%%G]=%%H")
@@ -244,11 +275,13 @@ MOVE /Y updatertempfile "%~1" >nul
 ENDLOCAL
 GOTO :EOF
 
-REM ############### Help ##################
+::::::::::::::: Help :::::::::::::::
 :showhelp
-MODE 80,46
+MODE 80,54
 CLS
 CALL :message "Available arguments (case-insensitive):"
+CALL :message "  -esr"
+ECHO:     Activate ESR related preferences
 CALL :message "  -log"
 ECHO:     Write the console output to a logfile (user.js-update-log.txt)
 CALL :message "  -logP"
@@ -272,7 +305,9 @@ ECHO:     Run without user input.
 CALL :message "  -singleBackup"
 ECHO:     Use a single backup file and overwrite it on new updates, instead of
 ECHO:     cumulative backups. This was the default behaviour before v4.3.
-CALL :message "  -updatebatch"
+CALL :message "  -rfpAlts"
+ECHO:     Activate RFP Alternatives section
+CALL :message "  -updateBatch"
 ECHO:     Update the script itself on execution, before the normal routine.
 CALL :message ""
 PAUSE

user.js

@@ -1,7 +1,7 @@
 /******
 * name: ghacks user.js
-* date: 28 May 2019
-* version 67-beta: Barbie Pants
+* date: 26 June 2019
+* version 67: Barbie Pants
 *   "I'm a Barbie pants in a Barbie world. Life in plastic, it's fantastic"
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
@@ -230,7 +230,6 @@ user_pref("toolkit.telemetry.unified", false);
 user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+
 user_pref("toolkit.telemetry.server", "data:,");
 user_pref("toolkit.telemetry.archive.enabled", false);
-user_pref("toolkit.telemetry.cachedClientID", "");
 user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
 user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+]
 user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+]
@@ -658,10 +657,7 @@ user_pref("security.ssl.require_safe_negotiation", true);
 /* 1202: control TLS versions with min and max
  * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
  * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
- * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1
- * [1] http://kb.mozillazine.org/Security.tls.version.*
- * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
- * [2] archived: https://archive.is/hY2Mm ***/
+ * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 ***/
    // user_pref("security.tls.version.min", 3);
    // user_pref("security.tls.version.max", 4);
 /* 1203: disable SSL session tracking [FF36+]
@@ -784,19 +780,10 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+]
 /*** [SECTION 1400]: FONTS ***/
 user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
 /* 1401: disable websites choosing fonts (0=block, 1=allow)
- * [WARNING] Blocking fonts can *sometimes* reduce JS font enumeration, but not entropy.
- * There are also other methods to fingerprint fonts. Wait for RFP (4500) to cover this.
+ * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector
+ * [SETUP-WEB] Disabling fonts can uglify the web a fair bit.
  * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/
-   // user_pref("browser.display.use_document_fonts", 0);
-/* 1402: set more legible default fonts
- * [NOTE] Example below for Windows/Western only
- * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace ***/
-   // user_pref("font.name.serif.x-unicode", "Georgia");
-   // user_pref("font.name.serif.x-western", "Georgia"); // default: Times New Roman
-   // user_pref("font.name.sans-serif.x-unicode", "Arial");
-   // user_pref("font.name.sans-serif.x-western", "Arial"); // default: Arial
-   // user_pref("font.name.monospace.x-unicode", "Lucida Console");
-   // user_pref("font.name.monospace.x-western", "Lucida Console"); // default: Courier New
+user_pref("browser.display.use_document_fonts", 0);
 /* 1403: disable icon fonts (glyphs) and local fallback rendering
  * [1] https://bugzilla.mozilla.org/789788
  * [2] https://trac.torproject.org/projects/tor/ticket/8455 ***/
@@ -807,13 +794,6 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
 user_pref("gfx.font_rendering.opentype_svg.enabled", false);
 /* 1405: disable WOFF2 (Web Open Font Format) [FF35+] ***/
    // user_pref("gfx.downloadable_fonts.woff2.enabled", false);
-/* 1406: disable CSS Font Loading API
- * [NOTE] Disabling fonts can uglify the web a fair bit. ***/
-user_pref("layout.css.font-loading-api.enabled", false);
-/* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART]
- * Any of these fonts on your system can be enumerated for fingerprinting.
- * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/
-user_pref("font.blacklist.underline_offset", "");
 /* 1408: disable graphite which FF49 turned back on by default
  * In the past it had security issues. Update: This continues to be the case, see [1]
  * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
@@ -1087,14 +1067,11 @@ user_pref("javascript.options.asmjs", false);
 /* 2422: disable WebAssembly [FF52+] [SETUP-PERF]
  * [1] https://developer.mozilla.org/docs/WebAssembly ***/
 user_pref("javascript.options.wasm", false);
-/* 2426: disable Intersection Observer API [FF53+]
- * Almost a year to complete, three versions late to stable (as default false),
- * number #1 cause of crashes in nightly numerous times, and is (primarily) an
- * ad network API for "ad viewability checks" down to a pixel level
+/* 2426: disable Intersection Observer API [FF55+]
  * [1] https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API
  * [2] https://w3c.github.io/IntersectionObserver/
  * [3] https://bugzilla.mozilla.org/1243846 ***/
-user_pref("dom.IntersectionObserver.enabled", false);
+   // user_pref("dom.IntersectionObserver.enabled", false);
 /* 2429: enable (limited but sufficient) window.opener protection [FF65+]
  * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
 user_pref("dom.targetBlankNoOpener.enabled", true);
@@ -1212,6 +1189,9 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false]
 /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS]
  * [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
 user_pref("network.protocol-handler.external.ms-windows-store", false);
+/* 2622: disable middlemouse paste leaking on Linux
+ * [1] https://bugzilla.mozilla.org/1528289 */
+user_pref("middlemouse.paste", false); // [DEFAULT: false on Windows]
 
 /** DOWNLOADS ***/
 /* 2650: discourage downloading to desktop
@@ -1472,7 +1452,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL
  ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+)
  ** 1407366 - enable inner window letterboxing (see 4504) (FF67+)
  ** 1540726 - return "light" with prefers-color-scheme (FF67+)
-        [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme
+      [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting [FF41+]