68 final

0390: better reference
- EFF has pretty pictures and stuff and explains the issues (replaces wikipedia which people can still search for) - tor issue doesn't hold anything important (out it goes) - moz wiki page I'll leave in for the bugzilla links if someone wants to research how it's all meant to work
2025-09-04 19:08:30 +02:00 · 2019-08-31 14:51:08 +00:00 · 2019-08-28 16:33:06 +00:00 · 2019-08-21 13:01:12 +00:00 · 2019-08-21 04:08:40 +00:00 · 2019-08-19 04:54:30 +00:00
7 changed files with 177 additions and 71 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -13,3 +13,4 @@
 .gitattributes export-ignore
 *.yml export-ignore
 /wikipiki export-ignore
 /.github export-ignore
--- a/.github/ISSUE_TEMPLATE/tools.md
+++ b/.github/ISSUE_TEMPLATE/tools.md
@ -0,0 +1,18 @@
 ---
 name: Tools
 about: Report issues with the updaters, the troubleshooter, or any other tools.
 title: ''
 labels: ''
 assignees: ''
 ---
 <!-- 
 Please specify: 
  - the name of the file (i.e. updater.bat, updater.sh)
  - steps to reproduce the issue
  - actual result
  - expected result
 Blank out this field before typing, or start typing after the next line.
 -->
--- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md
+++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md
@ -0,0 +1,29 @@
 ---
 name: Troubleshooting help
 about: Ask for help to solve problems with user.js
 title: ''
 labels: ''
 assignees: ''
 ---
 Before you proceed...
  - Keep reading this. Seriously.
  - Note that we do not support forks (i.e. IceCat, Pale Moon, WaterFox, etc).
  - Make sure you searched for the `[Setup` tags in the `user.js`.
  - Search the GitHub repository. The information you need is most likely here already.
  - Check out our [troubleshooting](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting) wiki page, including steps to see if the problem is caused by the `user.js` or an extension.
 See also:
  - Extension breakage due to prefs [issue 391](https://github.com/ghacksuserjs/ghacks-user.js/issues/391)
  - Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/ghacksuserjs/ghacks-user.js/issues/350)
  - The extension CSP header modification game [issue 664](https://github.com/ghacksuserjs/ghacks-user.js/issues/664)
 If you still need help, help us help you by providing relevant information:
  - browser version
  - Steps to Reproduce (STR)
  - actual result
  - expected result
  - anything else you deem worth mentioning
 Clear all of this when you're ready to type.
--- a/.github/ISSUE_TEMPLATE/user-js.md
+++ b/.github/ISSUE_TEMPLATE/user-js.md
@ -0,0 +1,15 @@
 ---
 name: user.js
 about: Suggest changes to user.js
 title: ''
 labels: ''
 assignees: ''
 ---
 We value feedback in general, but we value feedback from informed users more. There is no need for you to be an expert to participate (most of us aren't), but we hope that you at least understand our decisions before questioning them. We discuss all changes openly, and we do not make changes lightly. So, if you don't understand why we decided to add/remove/change a certain pref, search the repo. The answer is most certainly here.
 If some change we made took you by surprise (in the wrong way), remember that keeping track of changes is your responsibility. Watch the repo, read the [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=✓&q=is%3Aissue+label%3Achangelog), compare [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases) as you update your copy of user.js, or use any other method you prefer.
 Clear all of this when you're ready to type.
--- a/scratchpad-scripts/ghacks-clear-[removed].js
+++ b/scratchpad-scripts/ghacks-clear-[removed].js
@ -1,7 +1,7 @@
 /***
 This will reset the preferences that have been removed completely from the ghacks user.js.
- Last updated: 05-May-2019
+ Last updated: 16-July-2019
 For instructions see:
 https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
@ -193,6 +193,17 @@
    'services.blocklist.plugins.collection',
    'services.blocklist.update_enabled',
    'urlclassifier.trackingTable',
    /* 68-beta */
    'dom.forms.datetime',
    'font.blacklist.underline_offset',
    'font.name.monospace.x-unicode',
    'font.name.monospace.x-western',
    'font.name.sans-serif.x-unicode',
    'font.name.sans-serif.x-western',
    'font.name.serif.x-unicode',
    'font.name.serif.x-western',
    'layout.css.font-loading-api.enabled',
    'toolkit.telemetry.cachedClientID',
    /* reset parrot: check your open about:config after running the script */
    '_user.js.parrot'
  ]
--- a/updater.bat
+++ b/updater.bat
@ -3,10 +3,10 @@ TITLE ghacks user.js updater
 REM ## ghacks-user.js updater for Windows
 REM ## author: @claustromaniac
-REM ## version: 4.6
+REM ## version: 4.10
 REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts
-SET v=4.7
+SET v=4.10
 VERIFY ON
 CD /D "%~dp0"
@ -22,6 +22,8 @@ IF /I "%~1"=="-multioverrides" (SET _multi=1)
 IF /I "%~1"=="-merge" (SET _merge=1)
 IF /I "%~1"=="-updatebatch" (SET _updateb=1)
 IF /I "%~1"=="-singlebackup" (SET _singlebackup=1)
 IF /I "%~1"=="-esr" (SET _esr=1)
 IF /I "%~1"=="-rfpalts" (SET _rfpalts=1)
 SHIFT
 GOTO parse
 :endparse
@ -131,6 +133,14 @@ CALL :message "Retrieving latest user.js file from github repository..."
 	PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')"
 ) >nul 2>&1
 IF EXIST user.js.new (
 	IF DEFINED _rfpalts (
 		CALL :message "Activating RFP Alternatives section..."
 		CALL :activate user.js.new "[SETUP-non-RFP]"
 	)
 	IF DEFINED _esr (
 		CALL :message "Activating ESR section..."
 		CALL :activate user.js.new ".x still uses all the following prefs"
 	)
 	IF DEFINED _multi (
 		FORFILES /P user.js-overrides /M *.js >nul 2>&1
 		IF NOT ERRORLEVEL 1 (
@ -196,7 +206,7 @@ IF NOT DEFINED _log (
 )
 EXIT /B
-REM ########### Message Function ###########
+::::::::::::::: Message :::::::::::::::
 :message
 SETLOCAL DisableDelayedExpansion
 IF NOT "2"=="%_log%" (ECHO:)
@ -205,7 +215,28 @@ IF NOT "2"=="%_log%" (ECHO:)
 ENDLOCAL
 GOTO :EOF
-REM ############ Merge function ############
+::::::::::::::: Activate Section :::::::::::::::
 :activate
 :: arg1 = file
 :: arg2 = line substring
 SETLOCAL DisableDelayedExpansion
 (
 	FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" "%~1"') DO (
 		SET "_temp=%%H"
 		SETLOCAL EnableDelayedExpansion
 		IF "!_temp:%~2=!"=="!_temp!" (
 			ENDLOCAL & ECHO:%%H
 		) ELSE (
 			ECHO://!_temp:~2!
 			ENDLOCAL
 		)
 	)
 )>updatertempfile
 MOVE /Y updatertempfile "%~1" >nul
 ENDLOCAL
 GOTO :EOF
 ::::::::::::::: Merge :::::::::::::::
 :merge
 SETLOCAL DisableDelayedExpansion
 FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /R /C:"^user_pref[ 	]*\([ 	]*[\"'].*[\"'][ 	]*,.*\)[ 	]*;" "%~1"') DO (SET "[%%G]=%%H")
@ -244,11 +275,13 @@ MOVE /Y updatertempfile "%~1" >nul
 ENDLOCAL
 GOTO :EOF
-REM ############### Help ##################
+::::::::::::::: Help :::::::::::::::
 :showhelp
-MODE 80,46
+MODE 80,54
 CLS
 CALL :message "Available arguments (case-insensitive):"
 CALL :message "  -esr"
 ECHO:     Activate ESR related preferences
 CALL :message "  -log"
 ECHO:     Write the console output to a logfile (user.js-update-log.txt)
 CALL :message "  -logP"
@ -272,7 +305,9 @@ ECHO:     Run without user input.
 CALL :message "  -singleBackup"
 ECHO:     Use a single backup file and overwrite it on new updates, instead of
 ECHO:     cumulative backups. This was the default behaviour before v4.3.
-CALL :message "  -updatebatch"
+CALL :message "  -rfpAlts"
 ECHO:     Activate RFP Alternatives section
 CALL :message "  -updateBatch"
 ECHO:     Update the script itself on execution, before the normal routine.
 CALL :message ""
 PAUSE
--- a/user.js
+++ b/user.js
@ -1,8 +1,8 @@
 /******
 * name: ghacks user.js
-* date: 28 May 2019
+* date: 31 August 2019
-* version 67-beta: Barbie Pants
+* version 68: Knock on Pants
-*   "I'm a Barbie pants in a Barbie world. Life in plastic, it's fantastic"
+*   "It's like thunder, lightning... the way you wear me is frightening"
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
 * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
@ -112,9 +112,7 @@ user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
 /* 0105b: disable Activity Stream Snippets
 * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
 * [1] https://abouthome-snippets-service.readthedocs.io/ ***/
 user_pref("browser.aboutHomeSnippets.updateUrl", "");
 user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "");
 user_pref("browser.newtabpage.activity-stream.disableSnippets", true);
 user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
 /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/
 user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
@ -202,11 +200,6 @@ user_pref("app.update.auto", false);
 * used when installing/updating an extension, and in daily background update checks: if false, it
 * hides the expanded text description (if it exists) when you "show more details about an addon" ***/
   // user_pref("extensions.getAddons.cache.enabled", false);
 /* 0307: disable auto updating of lightweight themes (LWT)
 * Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API
 * Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1]
 * [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ ***/
 user_pref("lightweightThemes.update.enabled", false);
 /* 0308: disable search update
 * [SETTING] General>Firefox Updates>Automatically update search engines ***/
 user_pref("browser.search.update", false);
@ -214,9 +207,13 @@ user_pref("browser.search.update", false);
 user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
 /* 0310: disable sending the URL of the website where a plugin crashed ***/
 user_pref("dom.ipc.plugins.reportCrashURL", false);
-/* 0320: disable about:addons' Get Add-ons panel (uses Google Analytics) ***/
+/* 0320: disable about:addons' Recommendations pane (uses Google Analytics) ***/
 user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF]
 user_pref("extensions.webservice.discoverURL", "");
 /* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/
 user_pref("extensions.getAddons.discovery.api_url", "");
 user_pref("extensions.htmlaboutaddons.discover.enabled", false);
 user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
 /* 0330: disable telemetry
 * the pref (.unified) affects the behaviour of the pref (.enabled)
 * IF unified=false then .enabled controls the telemetry module
@ -230,7 +227,6 @@ user_pref("toolkit.telemetry.unified", false);
 user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+
 user_pref("toolkit.telemetry.server", "data:,");
 user_pref("toolkit.telemetry.archive.enabled", false);
 user_pref("toolkit.telemetry.cachedClientID", "");
 user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
 user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+]
 user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+]
@ -271,9 +267,8 @@ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [FF58+
 * [2] https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ ***/
 user_pref("extensions.pocket.enabled", false);
 /* 0390: disable Captive Portal detection
- * [1] https://en.wikipedia.org/wiki/Captive_portal
+ * [1] https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
- * [2] https://wiki.mozilla.org/Necko/CaptivePortal
+ * [2] https://wiki.mozilla.org/Necko/CaptivePortal ***/
 * [3] https://trac.torproject.org/projects/tor/ticket/21790 ***/
 user_pref("captivedetect.canonicalURL", "");
 user_pref("network.captive-portal-service.enabled", false); // [FF52+]
 /* 0391: disable Network Connectivity checks [FF65+]
@ -481,7 +476,7 @@ user_pref("browser.sessionhistory.max_entries", 10);
 /* 0805: disable CSS querying page history - CSS history leak
 * [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's
 * only in 'certain circumstances', also see latest comments in [2]
- * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use)
+ * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX A on how to use)
 * [1] https://dbaron.org/mozilla/visited-privacy
 * [2] https://bugzilla.mozilla.org/147777
 * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/
@ -528,10 +523,6 @@ user_pref("browser.formfill.enable", false);
 * [NOTE] We also clear history and downloads on exiting Firefox (see 2803)
 * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/
   // user_pref("places.history.enabled", false);
 /* 0864: disable date/time picker
 * This can leak your locale if not en-US
 * [1] https://trac.torproject.org/projects/tor/ticket/21787 ***/
 user_pref("dom.forms.datetime", false);
 /* 0870: disable Windows jumplist [WINDOWS] ***/
 user_pref("browser.taskbar.lists.enabled", false);
 user_pref("browser.taskbar.lists.frequent.enabled", false);
@ -594,6 +585,7 @@ user_pref("browser.cache.disk.enable", false);
 * [1] http://kb.mozillazine.org/Browser.cache.disk_cache_ssl ***/
 user_pref("browser.cache.disk_cache_ssl", false);
 /* 1003: disable memory cache
 /* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes
 * [NOTE] Not recommended due to performance issues ***/
   // user_pref("browser.cache.memory.enable", false);
   // user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF]
@ -658,10 +650,7 @@ user_pref("security.ssl.require_safe_negotiation", true);
 /* 1202: control TLS versions with min and max
 * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
 * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
- * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1
+ * Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1 ***/
 * [1] http://kb.mozillazine.org/Security.tls.version.*
 * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
 * [2] archived: https://archive.is/hY2Mm ***/
   // user_pref("security.tls.version.min", 3);
   // user_pref("security.tls.version.max", 4);
 /* 1203: disable SSL session tracking [FF36+]
@ -784,19 +773,10 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+]
 /*** [SECTION 1400]: FONTS ***/
 user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
 /* 1401: disable websites choosing fonts (0=block, 1=allow)
- * [WARNING] Blocking fonts can *sometimes* reduce JS font enumeration, but not entropy.
+ * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector
- * There are also other methods to fingerprint fonts. Wait for RFP (4500) to cover this.
+ * [SETUP-WEB] Disabling fonts can uglify the web a fair bit.
 * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/
-   // user_pref("browser.display.use_document_fonts", 0);
+user_pref("browser.display.use_document_fonts", 0);
 /* 1402: set more legible default fonts
 * [NOTE] Example below for Windows/Western only
 * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Serif|Sans-serif|Monospace ***/
   // user_pref("font.name.serif.x-unicode", "Georgia");
   // user_pref("font.name.serif.x-western", "Georgia"); // default: Times New Roman
   // user_pref("font.name.sans-serif.x-unicode", "Arial");
   // user_pref("font.name.sans-serif.x-western", "Arial"); // default: Arial
   // user_pref("font.name.monospace.x-unicode", "Lucida Console");
   // user_pref("font.name.monospace.x-western", "Lucida Console"); // default: Courier New
 /* 1403: disable icon fonts (glyphs) and local fallback rendering
 * [1] https://bugzilla.mozilla.org/789788
 * [2] https://trac.torproject.org/projects/tor/ticket/8455 ***/
@ -807,13 +787,6 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
 user_pref("gfx.font_rendering.opentype_svg.enabled", false);
 /* 1405: disable WOFF2 (Web Open Font Format) [FF35+] ***/
   // user_pref("gfx.downloadable_fonts.woff2.enabled", false);
 /* 1406: disable CSS Font Loading API
 * [NOTE] Disabling fonts can uglify the web a fair bit. ***/
 user_pref("layout.css.font-loading-api.enabled", false);
 /* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART]
 * Any of these fonts on your system can be enumerated for fingerprinting.
 * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/
 user_pref("font.blacklist.underline_offset", "");
 /* 1408: disable graphite which FF49 turned back on by default
 * In the past it had security issues. Update: This continues to be the case, see [1]
 * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
@ -896,7 +869,6 @@ user_pref("privacy.userContext.enabled", true);
 user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true in FF61+]
 /* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME]
 * 0=no menu (default), 1=show when clicked, 2=show on long press
 * [NOTE] The menu does not contain a non-container tab option (use Ctrl+T to open non-container tab)
 * [1] https://bugzilla.mozilla.org/1328756 ***/
 user_pref("privacy.userContext.longPressBehavior", 2);
@ -927,6 +899,8 @@ user_pref("media.eme.enabled", false);
 /*** [SECTION 2000]: MEDIA / CAMERA / MIC ***/
 user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
 /* 2001: disable WebRTC (Web Real-Time Communication)
 * [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not
 * in your threat model, and you want Real-Time Communication, this is the pref for you
 * [1] https://www.privacytools.io/#webrtc ***/
 user_pref("media.peerconnection.enabled", false);
 /* 2002: limit WebRTC IP leaks if using WebRTC
@ -936,6 +910,8 @@ user_pref("media.peerconnection.enabled", false);
 user_pref("media.peerconnection.ice.default_address_only", true);
 user_pref("media.peerconnection.ice.no_host", true); // [FF51+]
 /* 2010: disable WebGL (Web Graphics Library)
 * [SETUP-WEB] When disabled, may break some websites. When enabled, provides high entropy,
 * especially with readPixels(). Some of the other entropy is lessened with RFP (see 4501)
 * [1] https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/
 * [2] https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern ***/
 user_pref("webgl.disabled", true);
@ -964,7 +940,9 @@ user_pref("media.autoplay.default", 1); // [DEFAULT: 1 in FF67+]
 user_pref("media.autoplay.enabled.user-gestures-needed", false);
 /* 2032: disable audio autoplay in non-active tabs [FF51+]
 * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
-user_pref("media.block-autoplay-until-in-foreground", true);
+user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true]
 /* 2033: disable autoplay for muted videos [FF63+] ***/
   // user_pref("media.autoplay.allow-muted", false);
 /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/
 user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!");
@ -997,7 +975,7 @@ user_pref("browser.link.open_newwindow.restriction", 0);
 * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/
 user_pref("dom.disable_open_during_load", true);
 /* 2212: limit events that can cause a popup [SETUP-WEB]
- * default is "change click dblclick mouseup pointerup notificationclick reset submit touchend contextmenu"
+ * default is "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend contextmenu"
 * [1] http://kb.mozillazine.org/Dom.popup_allowed_events ***/
 user_pref("dom.popup_allowed_events", "click dblclick");
@ -1060,11 +1038,15 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!
 * the website for it to look at the clipboard
 * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/
 user_pref("dom.event.clipboardevents.enabled", false);
-/* 2403: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+]
+/* 2403: disable middlemouse paste leaking clipboard content on Linux after autoscroll
 * Defense in depth if clipboard events are enabled (see 2402)
 * [1] https://bugzilla.mozilla.org/1528289 */
 user_pref("middlemouse.paste", false); // [DEFAULT: false on Windows]
 /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+]
 * this disables document.execCommand("cut"/"copy") to protect your clipboard
 * [1] https://bugzilla.mozilla.org/1170911 ***/
-user_pref("dom.allow_cut_copy", false); // [HIDDEN PREF]
+user_pref("dom.allow_cut_copy", false);
-/* 2404: disable "Confirm you want to leave" dialog on page close
+/* 2405: disable "Confirm you want to leave" dialog on page close
 * Does not prevent JS leaks of the page close event.
 * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload
 * [2] https://support.mozilla.org/questions/1043508 ***/
@ -1087,14 +1069,11 @@ user_pref("javascript.options.asmjs", false);
 /* 2422: disable WebAssembly [FF52+] [SETUP-PERF]
 * [1] https://developer.mozilla.org/docs/WebAssembly ***/
 user_pref("javascript.options.wasm", false);
-/* 2426: disable Intersection Observer API [FF53+]
+/* 2426: disable Intersection Observer API [FF55+]
 * Almost a year to complete, three versions late to stable (as default false),
 * number #1 cause of crashes in nightly numerous times, and is (primarily) an
 * ad network API for "ad viewability checks" down to a pixel level
 * [1] https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API
 * [2] https://w3c.github.io/IntersectionObserver/
 * [3] https://bugzilla.mozilla.org/1243846 ***/
-user_pref("dom.IntersectionObserver.enabled", false);
+   // user_pref("dom.IntersectionObserver.enabled", false);
 /* 2429: enable (limited but sufficient) window.opener protection [FF65+]
 * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
 user_pref("dom.targetBlankNoOpener.enabled", true);
@ -1248,9 +1227,6 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
 /* 2680: enable CSP (Content Security Policy)
 * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/
 user_pref("security.csp.enable", true); // [DEFAULT: true]
 /* 2682: enable CSP 1.1 experimental hash-source directive [FF29+]
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 ***/
 user_pref("security.csp.experimentalEnabled", true);
 /* 2684: enforce a security delay on some confirmation dialogs such as install, open/save
 * [1] http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
 * [2] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
@ -1473,11 +1449,13 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL
 ** 1407366 - enable inner window letterboxing (see 4504) (FF67+)
 ** 1540726 - return "light" with prefers-color-scheme (FF67+)
      [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme
 ** 1564422 - spoof audioContext outputLatency (FF70+)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting [FF41+]
 * This pref is the master switch for all other privacy.resist* prefs unless stated
- * [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage
+ * [SETUP-WEB] RFP can cause the odd website to break in strange ways, and has a few side affects,
 * but is largely robust nowadays. Give it a try. Your choice. Also see 4504 (letterboxing).
 * [1] https://bugzilla.mozilla.org/418986 ***/
 user_pref("privacy.resistFingerprinting", true);
 /* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME]
@ -1485,8 +1463,8 @@ user_pref("privacy.resistFingerprinting", true);
 * The override values are a starting point to round from if you want some control
 * [1] https://bugzilla.mozilla.org/1330882
 * [2] https://hardware.metrics.mozilla.com/ ***/
-   // user_pref("privacy.window.maxInnerWidth", 1600); // [HIDDEN PREF]
+   // user_pref("privacy.window.maxInnerWidth", 1000);
-   // user_pref("privacy.window.maxInnerHeight", 900); // [HIDDEN PREF]
+   // user_pref("privacy.window.maxInnerHeight", 1000);
 /* 4503: disable mozAddonManager Web API [FF57+]
 * [NOTE] As a side-effect in FF57-59 this allowed extensions to work on AMO. In FF60+ you also need
 * to sanitize or clear extensions.webextensions.restrictedDomains (see 2662) to keep that side-effect
@ -1496,7 +1474,8 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDE
 * Dynamically resizes the inner window (FF67; 200w x100h: FF68+; stepped ranges) by applying letterboxing,
 * using dimensions which waste the least content area, If you use the dimension pref, then it will only apply
 * those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
- * [NOTE] This does NOT require RFP (see 4501) **for now**
+ * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but you're
 * not taking anti-fingerprinting seriously and a little visual change upsets you, then feel free to flip this pref
 * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it
 * [1] https://bugzilla.mozilla.org/1407366 ***/
 user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
@ -1641,6 +1620,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
 /* APPEARANCE ***/
   // user_pref("browser.download.autohideButton", false); // [FF57+]
   // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+]
   // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent
 /* CONTENT BEHAVIOR ***/
   // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type"
   // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX]
@ -1652,6 +1632,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
   // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+]
   // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC]
   // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
   // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under]
 /* OTHER ***/
   // user_pref("browser.bookmarks.max_backups", 2);
   // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+]
@ -1773,6 +1754,22 @@ user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true]
   // [-] https://bugzilla.mozilla.org/1528953
   // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false);
 // * * * /
 // FF68
 // 0105b: disable Activity Stream Snippets
   // [-] https://bugzilla.mozilla.org/1540939
 user_pref("browser.aboutHomeSnippets.updateUrl", "");
 user_pref("browser.newtabpage.activity-stream.disableSnippets", true);
 // 0307: disable auto updating of lightweight themes (LWT)
   // Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API
   // Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1]
   // [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/
   // [-] (part3b) https://bugzilla.mozilla.org/1525762
 user_pref("lightweightThemes.update.enabled", false);
 // 2682: enable CSP 1.1 experimental hash-source directive [FF29+]
   // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975
   // [-] https://bugzilla.mozilla.org/1386214
 user_pref("security.csp.experimentalEnabled", true);
 // * * * /
 // ***/
 /* END: internal custom pref to test for syntax errors ***/
Author	SHA1	Message	Date
Thorin-Oakenpants	d26ea4f39e	68 final	2019-08-31 14:51:08 +00:00
Thorin-Oakenpants	a0f3da208f	0390: better reference - EFF has pretty pictures and stuff and explains the issues (replaces wikipedia which people can still search for) - tor issue doesn't hold anything important (out it goes) - moz wiki page I'll leave in for the bugzilla links if someone wants to research how it's all meant to work	2019-08-28 16:33:06 +00:00
Thorin-Oakenpants	5166811bd5	1003: closes #772	2019-08-21 13:01:12 +00:00
Thorin-Oakenpants	86bfdd1470	tweak: middlemouse.paste for Linux	2019-08-21 04:08:40 +00:00
Thorin-Oakenpants	90ef9e63eb	oophs I meant 68-beta	2019-08-19 04:54:30 +00:00
Thorin-Oakenpants	f2200fd442	68-alpha (for earthlng diffs)	2019-08-19 04:52:53 +00:00
Thorin-Oakenpants	aff595b6ea	1704: remove the obvious	2019-08-04 19:17:38 +00:00
Thorin-Oakenpants	6618bf5f76	media.autoplay.allow-muted, closes #756	2019-07-23 14:02:26 +00:00
Thorin-Oakenpants	9aa8e27ef4	68 deprecated	2019-07-17 10:09:39 +00:00
Thorin-Oakenpants	9c782fbf57	2032: add default	2019-07-15 17:07:35 +00:00
Thorin-Oakenpants	931462b30b	RFP stuff https://hg.mozilla.org/mozilla-central/rev/c96e81ba64f3#l1.14	2019-07-15 16:16:39 +00:00
Thorin-Oakenpants	217553b367	dom.forms.datetime https://bugzilla.mozilla.org/show_bug.cgi?id=1492587	2019-07-15 15:54:23 +00:00
Aeriem	469bbc1ab3	remove 0864 (#760 ) https://bugzilla.mozilla.org/show_bug.cgi?id=1492587	2019-07-16 03:49:14 +12:00
Thorin-Oakenpants	11dcc54b61	0321 tweak `url` and `discover` prefs stop the recommendations, the `enabled` pref hides the leftover recommended section and "Find more add-ons" button	2019-07-09 03:16:40 +00:00
claustromaniac	d40d7dbabd	0805 test info	2019-06-30 10:32:38 -03:00
Thorin-Oakenpants	b80c515e88	2010: WebGL setup tag #605	2019-06-29 02:52:41 +00:00
Thorin-Oakenpants	ed735f875c	2001: WebRTC setup tag #605	2019-06-29 02:44:37 +00:00
Thorin-Oakenpants	55b720faec	letterboxing, add setup tag see #728	2019-06-28 05:30:43 +00:00
Thorin-Oakenpants	31567c7938	0321: recommendations discovery in about:addons	2019-06-28 05:00:19 +00:00
Thorin-Oakenpants	8f939c91fe	0320: UI change : get add-ons->recommendations	2019-06-28 04:47:55 +00:00
Thorin-Oakenpants	27bd07d496	5000s: userChrome / userContent	2019-06-28 04:22:50 +00:00
Thorin-Oakenpants	42281a9e52	2212: popup events	2019-06-28 04:15:54 +00:00
Thorin-Oakenpants	8f40c97fd1	the return of the jedi https://bugzilla.mozilla.org/show_bug.cgi?id=1444133	2019-06-28 04:11:46 +00:00
Thorin-Oakenpants	9642452c48	Update troubleshooting-help.md (#749 )	2019-06-28 02:30:10 +12:00
Thorin-Oakenpants	8f1c3018ca	Update user-js.md (#750 )	2019-06-28 02:29:58 +12:00
claustromaniac	f85eb9d0c2	update issue templates	2019-06-26 23:09:01 -03:00
earthlng	408a992893	Update .gitattributes	2019-06-26 13:32:12 +00:00
Thorin-Oakenpants	23c884a5f8	prefs no longer hidden	2019-06-26 10:14:24 +00:00
Thorin-Oakenpants	51089fbad9	start 68-alpha	2019-06-26 10:12:48 +00:00
Thorin-Oakenpants	83b4ada670	67 archive	2019-06-26 09:05:08 +00:00
claustromaniac	7df6c676be	Update issue templates	2019-06-25 18:59:58 -03:00
Thorin-Oakenpants	e338186953	4500 fix alignment	2019-06-15 16:47:25 +00:00
Thorin-Oakenpants	fa61a7c25b	1202: cleanup I don't think we need a 4 yr old article to explain the concept of `.min` (or `.max`), it's pretty self explanatory (and SSL 3 is obsolete). Three lines of text culled, and one of the remaining http links eliminated as a bonus. Enjoy the saved bytes and mouse-scrolling.	2019-06-15 16:34:29 +00:00
claustromaniac	dafd0894e6	refactoring, mostly De-duplicates many lines because the -ESR and -RFPalts options require too much boilerplate garbage. The script was unreadable enough without repeating code. I don't think these changes deserve opening yet another PR, but please let me know if you disagree.	2019-06-12 18:30:08 -03:00
Thorin-Oakenpants	06cf53d63e	layout.css.font-loading-api.enabled #744 , #731	2019-06-12 13:35:05 +00:00
Thorin-Oakenpants	fc545b4d27	remove 1406 css font loading api #744 , #731	2019-06-12 13:33:58 +00:00
earthlng	3c5f58b812	Update updater.bat	2019-06-12 10:52:46 +00:00
claustromaniac	7d7f580bfc	add -RFPalts option (#745 )	2019-06-12 10:51:25 +00:00
Thorin-Oakenpants	ca5d6b3317	1402: inactive prefs for default fonts, #744	2019-06-11 15:50:08 +00:00
Thorin-Oakenpants	9e7f9de56f	remove 1402, see #744	2019-06-11 15:47:34 +00:00
Thorin-Oakenpants	8a204b5db0	font.blacklist.underline_offset, #744	2019-06-11 15:10:44 +00:00
Thorin-Oakenpants	690a93b71d	remove: 1407, see #744	2019-06-11 15:09:24 +00:00
claustromaniac	0da3835a49	updater.bat -ESR option (#742 )	2019-06-11 12:43:27 +00:00
Thorin-Oakenpants	a92c4086bb	2622: middlemouse.paste, closes #735	2019-06-10 00:38:20 +00:00
Thorin-Oakenpants	9b7771fe76	1401: document fonts => active, see #731 - https://github.com/ghacksuserjs/ghacks-user.js/issues/731#issuecomment-500255686 - reverting my change from last release	2019-06-10 00:06:15 +00:00
Thorin-Oakenpants	2265b73521	1406: css.font-loading-api=> inactive, closes #731	2019-06-09 23:56:40 +00:00
Thorin-Oakenpants	01aae1b346	2426: IntersectionObserver=> inactive, closes #737	2019-06-09 23:29:58 +00:00
Thorin-Oakenpants	c2dbdcd4ec	toolkit.telemetry.cachedClientID, #739	2019-06-07 17:51:49 +00:00
Thorin-Oakenpants	f53b996cfa	toolkit.telemetry.cachedClientID, closes #739 Read the linked issue	2019-06-07 17:49:42 +00:00