77-beta

remove extra line from last commit, save one byte
RFP alts: prefers-reduced-motion
2025-09-01 01:18:30 +02:00 · 2020-06-12 17:39:28 +00:00 · 2020-06-05 03:10:09 +00:00 · 2020-06-05 03:08:16 +00:00 · 2020-06-02 20:48:41 +00:00 · 2020-06-01 15:27:38 +00:00
2 changed files with 43 additions and 27 deletions
--- a/updater.sh
+++ b/updater.sh
@ -2,7 +2,7 @@

 ## ghacks-user.js updater for macOS and Linux

-## version: 2.5
+## version: 2.6
 ## Author: Pat Johnson (@overdodactyl)
 ## Additional contributors: @earthlng, @ema-pe, @claustromaniac

@ -313,8 +313,10 @@ update_userjs () {

  # apply overrides
  if [ "$SKIPOVERRIDE" = false ]; then
-    while IFS=',' read -ra FILE; do
-      add_override "$FILE"
+    while IFS=',' read -ra FILES; do
+      for FILE in "${FILES[@]}"; do
+        add_override "$FILE"
+      done
    done <<< "$OVERRIDE"
  fi

--- a/user.js
+++ b/user.js
@ -1,7 +1,7 @@
 /******
 * name: ghacks user.js
-* date: 7 May 2020
-* version 76-beta
+* date: 12 Jun 2020
+* version 77-beta
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
 * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
@ -441,6 +441,11 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
 * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/
 user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]

+/*** [SECTION 0709]: HOTFIX for FF77, FIXED in FF78 ***/
+/* 0709: disabling UNC can cause extension storage to fail
+ * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/923 ***/
+user_pref("network.file.disable_unc_paths", false); // [HIDDEN PREF]
+
 /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
     Change items 0850 and above to suit for privacy vs convenience and functionality. Consider
     your environment (no unwanted eyeballs), your device (restricted access), your device's
@ -506,9 +511,6 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
 /* 0850d: disable location bar autofill
 * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
   // user_pref("browser.urlbar.autoFill", false);
-/* 0850e: disable location bar one-off searches [FF51+]
- * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
-   // user_pref("browser.urlbar.oneOffSearches", false);
 /* 0860: disable search and form history
 * [SETUP-WEB] Be aware thet autocomplete form data can be read by third parties, see [1] [2]
 * [NOTE] We also clear formdata on exit (see 2803)
@ -739,7 +741,8 @@ user_pref("security.mixed_content.block_object_subrequest", true);
 /* 1244: enable https-only-mode [FF76+]
 * [NOTE] This is experimental
 * [1] https://bugzilla.mozilla.org/1613063 */
-   // user_pref("dom.security.https_only_mode", true);
+   // user_pref("dom.security.https_only_mode", true); // [FF76+]
+   // user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+]

 /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] ***/
 /* 1261: disable 3DES (effective key size < 128)
@ -752,8 +755,8 @@ user_pref("security.mixed_content.block_object_subrequest", true);
   // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
 /* 1263: disable DHE (Diffie-Hellman Key Exchange)
 * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/
-   // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
-   // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
+   // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false FF79+]
+   // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false FF79+]
 /* 1264: disable the remaining non-modern cipher suites as of FF52 ***/
   // user_pref("security.ssl3.rsa_aes_128_sha", false);
   // user_pref("security.ssl3.rsa_aes_256_sha", false);
@ -1131,10 +1134,6 @@ user_pref("browser.helperApps.deleteTempFileOnExit", true);
 /* 2604: disable page thumbnail collection
 * look in profile/thumbnails directory - you may want to clean that out ***/
 user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
-/* 2605: block web content in file processes [FF55+]
- * [SETUP-WEB] You may want to disable this for corporate or developer environments
- * [1] https://bugzilla.mozilla.org/1343184 ***/
-user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DEFAULT: false FF76+]
 /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
 user_pref("browser.uitour.enabled", false);
 user_pref("browser.uitour.url", "");
@ -1144,7 +1143,7 @@ user_pref("browser.uitour.url", "");
 user_pref("devtools.chrome.enabled", false);
 /* 2608: disable remote debugging
 * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/
-user_pref("devtools.debugger.remote-enabled", false);
+user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
 /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN]
 * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc
 * [1] https://bugzilla.mozilla.org/1173199 ***/
@ -1412,13 +1411,13 @@ user_pref("privacy.firstparty.isolate", true);
      This spoof *shouldn't* affect core chrome/Firefox performance
 ** 1217238 - reduce precision of time exposed by javascript (FF55+)
 ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+)
- ** 1333651 & 1383495 & 1396468 - spoof Navigator API (see section 4700) (FF56+)
-      FF56: The version number will be rounded down to the nearest multiple of 10
-      FF57: The version number will match current ESR (1393283, 1418672, 1418162, 1511763)
-      FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608)
-      FF66: The OS in HTTP Headers will be reduced to Windows or Android (1509829)
-      FF68: Reported OS versions updated to Windows 10, OS 10.14, and Android 8.1 (1511434)
-      FF78: Reported OS versions updated to OS 10.15 and Android 9.0 (1635011)
+ ** 1333651 & 1383495 & 1396468 - spoof User Agent & Navigator API (see section 4700) (FF56+)
+      FF56: Version: rounded down to the nearest multiple of 10
+      FF57: Version: match current ESR (1393283, 1418672, 1418162, 1511763)
+      FF59: OS: Windows, OSX, Android, or Linux (to reduce breakage) (1404608)
+      FF66: OS: HTTP Headers reduced to Windows or Android (1509829)
+      FF68: OS: updated to Windows 10, OS 10.14, and Android 8.1 (1511434)
+      FF78: OS: updated to OS 10.15 and Android 9.0 (1635011)
 ** 1369319 - disable device sensor API (see 4604) (FF56+)
 ** 1369357 - disable site specific zoom (see 4605) (FF56+)
 ** 1337161 - hide gamepads from content (see 4606) (FF56+)
@ -1432,7 +1431,7 @@ user_pref("privacy.firstparty.isolate", true);
 ** 1354633 - limit MediaError.message to a whitelist (FF57+)
 ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+)
      This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
- **  967895 - enable site permission prompt before allowing canvas data extraction (FF58+)
+ **  967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction (FF58+)
      FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865)
 ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+)
      Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if
@ -1445,7 +1444,7 @@ user_pref("privacy.firstparty.isolate", true);
      FF60: Fix keydown/keyup events (1438795)
 ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+)
 ** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+)
- ** 1479239 - return "no-preference" with prefers-reduced-motion (FF63+)
+ ** 1479239 - return "no-preference" with prefers-reduced-motion (see 4617) (FF63+)
 ** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+)
      FF65: pointerEvent.pointerid (1492766)
 ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+)
@ -1455,6 +1454,7 @@ user_pref("privacy.firstparty.isolate", true);
 ** 1564422 - spoof audioContext outputLatency (FF70+)
 ** 1595823 - spoof audioContext sampleRate (FF72+)
 ** 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+)
+ ** 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting [FF41+]
@ -1584,6 +1584,9 @@ user_pref("ui.use_standins_for_native_colors", true);
 // 4616: enforce prefers-color-scheme as light [FF67+]
   // 0=light, 1=dark : This overrides your OS value
 user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
+// 4617: enforce prefers-reduced-motion as no-preference [FF63+]
+   // 0=no-preference, 1=reduce
+user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF]
 // * * * /
 // ***/

@ -1592,8 +1595,8 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
     to use RFP (4500) or an extension, in which case they become POINTLESS.
     (a) Many of the components that make up your UA can be derived by other means.
         And when those values differ, you provide more bits and raise entropy.
-         Examples of leaks include navigator objects, date locale/formats, iframes,
-         headers, tcp/ip attributes, feature detection, and **many** more.
+         Examples of leaks include workers, navigator objects, date locale/formats,
+         iframes, headers, tcp/ip attributes, feature detection, and **many** more.
     ALL values below intentionally left blank - use RFP, or get a vetted, tested
         extension and mimic RFP values to *lower* entropy, or randomize to *raise* it
 ***/
@ -1727,6 +1730,17 @@ user_pref("webgl.disable-extensions", true);
   // [-] https://bugzilla.mozilla.org/1618188
 user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/");
 // * * * /
+// FF77
+// 0850e: disable location bar one-off searches [FF51+]
+   // [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/
+   // [-] https://bugzilla.mozilla.org/1628926
+   // user_pref("browser.urlbar.oneOffSearches", false);
+// 2605: block web content in file processes [FF55+]
+   // [SETUP-WEB] You may want to disable this for corporate or developer environments
+   // [1] https://bugzilla.mozilla.org/1343184
+   // [-] https://bugzilla.mozilla.org/1603007
+user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
+// * * * /
 // ***/

 /* END: internal custom pref to test for syntax errors ***/
Author	SHA1	Message	Date
Thorin-Oakenpants	9d78e050ee	77-beta	2020-06-12 17:39:28 +00:00
Thorin-Oakenpants	b07cf1f03d	remove extra line from last commit, save one byte	2020-06-05 03:10:09 +00:00
Thorin-Oakenpants	683ef63b37	RFP alts: prefers-reduced-motion	2020-06-05 03:08:16 +00:00
Thorin-Oakenpants	05580f5e99	0709 hotfix, #923 , #951	2020-06-02 20:48:41 +00:00
Thorin-Oakenpants	ecc62554e5	2608: remote debugging: default value, closes #950	2020-06-01 15:27:38 +00:00
Thorin-Oakenpants	f6e6de8444	77 deprecated	2020-05-29 12:41:59 +00:00
Thorin-Oakenpants	f69d92e6dd	1244: https upgrade local	2020-05-29 12:23:17 +00:00
Matt Loberg	3edc48da56	fix updater.sh when dealing with multiple overrides (#947 ) thanks @mloberg !	2020-05-26 11:54:55 +00:00
Thorin-Oakenpants	868882ae33	start 77-alpha	2020-05-24 18:11:55 +00:00
Thorin-Oakenpants	ff9bf76e52	76 final, save some bytes in RFP section	2020-05-24 18:09:46 +00:00
Thorin-Oakenpants	4bc5b89cfe	4500: RFP changes 78+ re canvas	2020-05-15 23:18:11 +00:00