Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-09-01 17:38:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Git:v82.0-beta
Branches Tags
Git:master Git:Thorin-Oakenpants-patch-1
Git:140.0 Git:135.0 Git:133.0 Git:128.0 Git:126.1 Git:126.0 Git:122.0 Git:119.0 Git:118.0 Git:117.0 Git:115.1 Git:115.0 Git:112.0 Git:111.0 Git:110.0 Git:v110.0 Git:109.0 Git:108.0 Git:107.0 Git:106.0 Git:105.0 Git:104.0 Git:103.0 Git:102.1 Git:102.0 Git:101.0 Git:100.0 Git:99.0 Git:98.0 Git:97.0 Git:96.0 Git:95.0 Git:94.1 Git:94.0 Git:91.1 Git:93.0 Git:92.0 Git:91.0 Git:90.0 Git:89.0 Git:88.0 Git:87.0 Git:86.0 Git:85.0 Git:84.0 Git:83.0 Git:82.0 Git:v82.0-beta Git:81.0 Git:v81.0-beta Git:80.0 Git:v80.0-beta Git:79.0 Git:v79.0-beta Git:78.0 Git:v78.0-beta Git:77.0 Git:v77.0-beta Git:76.0 Git:v76.0-beta Git:75.0 Git:v75.0-beta Git:74.0 Git:v74.0-beta Git:73.0 Git:v73.0-beta Git:72.0 Git:v72.0-beta Git:71.0 Git:v71.0-beta Git:70.0 Git:v70.0-beta Git:69.0 Git:v69.0-beta Git:68.0 Git:v68.0-beta Git:67.0 Git:v67.0-beta Git:66.0 Git:v66.0-beta Git:65.0 Git:v65.0-beta Git:64.0 Git:v64.0-beta Git:63.0 Git:v63.0-beta Git:62.0 Git:v62.0-beta Git:61.0 Git:v61.0-beta Git:60.0 Git:v60.0-beta Git:59.0 Git:v59.0-alpha Git:58.0 Git:v58.0-alpha Git:57.0 Git:v57.0-alpha Git:56.0 Git:v56.0-alpha Git:55.0 Git:v55.0-alpha Git:54.0 Git:v54.0-alpha-rev1 Git:v54.0-alpha Git:53.0 Git:v53.0-alpha Git:52.0 Git:v52.0-alpha Git:51.0
...
compare: Git:86.0
Branches Tags
Git:Thorin-Oakenpants-patch-1 Git:master
Git:140.0 Git:135.0 Git:133.0 Git:128.0 Git:126.1 Git:126.0 Git:122.0 Git:119.0 Git:118.0 Git:117.0 Git:115.1 Git:115.0 Git:112.0 Git:111.0 Git:110.0 Git:v110.0 Git:109.0 Git:108.0 Git:107.0 Git:106.0 Git:105.0 Git:104.0 Git:103.0 Git:102.1 Git:102.0 Git:101.0 Git:100.0 Git:99.0 Git:98.0 Git:97.0 Git:96.0 Git:95.0 Git:94.1 Git:94.0 Git:91.1 Git:93.0 Git:92.0 Git:91.0 Git:90.0 Git:89.0 Git:88.0 Git:87.0 Git:86.0 Git:85.0 Git:84.0 Git:83.0 Git:82.0 Git:v82.0-beta Git:81.0 Git:v81.0-beta Git:80.0 Git:v80.0-beta Git:79.0 Git:v79.0-beta Git:78.0 Git:v78.0-beta Git:77.0 Git:v77.0-beta Git:76.0 Git:v76.0-beta Git:75.0 Git:v75.0-beta Git:74.0 Git:v74.0-beta Git:73.0 Git:v73.0-beta Git:72.0 Git:v72.0-beta Git:71.0 Git:v71.0-beta Git:70.0 Git:v70.0-beta Git:69.0 Git:v69.0-beta Git:68.0 Git:v68.0-beta Git:67.0 Git:v67.0-beta Git:66.0 Git:v66.0-beta Git:65.0 Git:v65.0-beta Git:64.0 Git:v64.0-beta Git:63.0 Git:v63.0-beta Git:62.0 Git:v62.0-beta Git:61.0 Git:v61.0-beta Git:60.0 Git:v60.0-beta Git:59.0 Git:v59.0-alpha Git:58.0 Git:v58.0-alpha Git:57.0 Git:v57.0-alpha Git:56.0 Git:v56.0-alpha Git:55.0 Git:v55.0-alpha Git:54.0 Git:v54.0-alpha-rev1 Git:v54.0-alpha Git:53.0 Git:v53.0-alpha Git:52.0 Git:v52.0-alpha Git:51.0

62 Commits
v82.0-beta ... 86.0

Author SHA1 Message Date
Thorin-Oakenpants
5f9bb59b95 86 final 2021-02-28 20:49:57 +00:00
Thorin-Oakenpants
7163efdd1e 1825: inactive: it is redundant, fixes #1107 2021-02-28 15:57:27 +00:00
Thorin-Oakenpants
65fb24ff1b layout.css.visited_links_enabled 
added back to the user.js in 612cfbf313
 2021-02-27 21:20:00 +00:00
Thorin-Oakenpants
612cfbf313 0805: re-add visited links 
It can still be used to mitigate social engineering attacks (e.g. using visibility and user clicks), and advanced/targeted scripts
 2021-02-27 21:18:17 +00:00
Thorin-Oakenpants
4596d721e6 2012: make webgl.min_capability_mode inactive 
- This is too minimal to be of any use, breaks too much (e.g. zoom video)
- Tor browser stopped flipping this (I *think*) about 5 years ago: it certainly hasn't been used in ESR60+ based TB builds, I checked
- we already disable webgl, so making this inactive removes yet another pref users need to flip/troubleshoot
- I will leave it in the user js for a few releases so prefsCleaner will pick it up
 2021-02-26 11:39:52 +00:00
Thorin-Oakenpants
911206eed5 5000s: disable ctrl-q quit shortcut FF87+ 
https://bugzilla.mozilla.org/show_bug.cgi?id=52821 .. 21 years, old enough to drink and vote
 2021-02-25 01:22:08 +00:00
Thorin-Oakenpants
cb5cdca99d update adding site exceptions 
- https://bugzilla.mozilla.org/show_bug.cgi?id=1692553
- also HoM is not Page Info
 2021-02-24 22:10:29 +00:00
Thorin-Oakenpants
e54ae46537 1204: ssl session ids inactive, closes #1110 2021-02-24 15:11:59 +00:00
Thorin-Oakenpants
7c978d4e70 0708: FTP default FF88+ 
https://bugzilla.mozilla.org/show_bug.cgi?id=1691890
 2021-02-22 20:05:25 +00:00
Thorin-Oakenpants
d905b4387d deprecated: put FF86 items in the right place 2021-02-21 20:52:20 +00:00
Thorin-Oakenpants
c31c825a74 2212: popup events, fixes DDG 
https://bugzilla.mozilla.org/show_bug.cgi?id=1686045
 2021-02-18 15:50:37 +00:00
Thorin-Oakenpants
6505a9fefd FF86 deprecated 2021-02-18 15:30:58 +00:00
Thorin-Oakenpants
de74f812ee 2012: webgl default FF86+ 2021-02-18 15:00:06 +00:00
Thorin-Oakenpants
82bb3f987d 2604, closes #1111 2021-02-08 07:20:06 +00:00
Thorin-Oakenpants
a35a616de7 highlight 1603 (cross origin referer), fixes 1108 
especially since we recently hardened it: also added it to the few things highlighted in the wiki
 2021-02-04 07:19:28 +00:00
Thorin-Oakenpants
ecf99bf9e7 0603: add default value 
AFAICT:  false 48-51: true 52-55.0.1/ESR52.1: false ever since
 2021-02-03 16:45:34 +00:00
Thorin-Oakenpants
cfaf354fe3 oophs, better start 86-alpha 2021-02-02 04:09:50 +00:00
Thorin-Oakenpants
0b51e98d91 media.gmp-widevinecdm.visible, see #1107 2021-02-01 17:25:00 +00:00
Thorin-Oakenpants
fa51251235 remove widevine vis pref, see #1107 
- It is controlled in both runtime and via user.js by the state of `media.eme.enabled`. Also, who cares about the vis of a ui option
- note, there is no need to add this to the removed scratchpad list
 2021-02-01 17:17:16 +00:00
Thorin-Oakenpants
21fcd0bd35 update xul/xhtml config info 
- the XUL version is also pre FF71
- the XHTML version was removed in FF87+
 2021-02-01 05:14:46 +00:00
Thorin-Oakenpants
96d558dd0c add window.name test 2021-01-31 07:28:05 +00:00
Thorin-Oakenpants
b6e8dcab81 fixup spelling mistake 2021-01-30 00:28:28 +00:00
Thorin-Oakenpants
fa78c53114 v85 2021-01-28 03:13:36 +00:00
Thorin-Oakenpants
2f6b14ab6e 1201: add error code, fixes #1094 2021-01-26 19:58:57 +00:00
Thorin-Oakenpants
2dd455ef83 network.http.redirection-limit, fixes #1100 2021-01-26 19:39:33 +00:00
Thorin-Oakenpants
306610da8e remove 2614, see #1100 2021-01-26 19:37:54 +00:00
earthlng
59ac1727f7 v4.14 - check for TLS1.2 (#1097) 2021-01-22 12:15:12 +00:00
Thorin-Oakenpants
c974b3252d move [STATS] from 1270 to 1201, #1094 2021-01-22 12:10:15 +00:00
Thorin-Oakenpants
480933484f 2624: windows.name default FF86+ 
https://bugzilla.mozilla.org/1685089
 2021-01-21 11:17:16 +00:00
earthlng
0cbd8a13a3 Update updater.bat 2021-01-19 17:17:03 +00:00
earthlng
ae6c76fe54 v4.13 - fix TLS issue with PowerShell 2021-01-19 17:07:39 +00:00
Thorin-Oakenpants
1f098f2eaf start 85-alpha, also fix #1090 2021-01-17 23:04:37 +00:00
earthlng
11977e7017 v2.4 - add strlen check for prefs.js 
cmd.exe has a command line length limit of 8192 characters. Abort if prefs.js contains strings that would get dropped while recreating the new prefs.js.
 2021-01-17 15:27:50 +00:00
Thorin-Oakenpants
27dd6aa62d 84 final 2021-01-05 13:13:52 +00:00
earthlng
c570e4fdbd Update troubleshooter.js 2020-12-30 15:12:07 +00:00
earthlng
da58f84fa6 Update troubleshooter.js 2020-12-30 15:06:49 +00:00
Thorin-Oakenpants
755a45505f snippets providers 
`browser.newtabpage.activity-stream.asrouter.providers.snippets`

These (which landed in FF64 with snippets above) are not in the user.js, so why bother with the snippet one
- `browser.newtabpage.activity-stream.asrouter.providers.cfr`
- `browser.newtabpage.activity-stream.asrouter.providers.onboarding`

also these aren't in the user.js
- `browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa`
- `browser.newtabpage.activity-stream.asrouter.providers.message-groups`
- `browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments`
- `browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel`

There are no privacy concerns here. At the end of the day, what Firefox connects to and sends is E2EE and only used locally in non-web content: and you have other prefs and a UI to disable them from being displayed
 2020-12-30 10:25:26 +00:00
Thorin-Oakenpants
9d74cb9526 remove useless snippet pref 2020-12-30 10:17:35 +00:00
Thorin-Oakenpants
8c9d0bbe72 harden cross-domain referers, closes #1077 2020-12-27 05:01:33 +00:00
Thorin-Oakenpants
0152b38b8b add override recipes link to readme steps 2020-12-25 16:06:32 +00:00
Thorin-Oakenpants
e6cf90146a add override recipes 2020-12-25 15:55:01 +00:00
earthlng
63d1258f2e updater.sh v2.9 
rollout the latest changes
 2020-12-25 14:03:40 +00:00
ray851107
46bab27f94 updater.sh: support custom script names (#1075) 
thanks @ray851107
 2020-12-25 14:02:35 +00:00
Thorin-Oakenpants
2cfbba1472 search-to-tab: FF85+ 2020-12-19 07:23:13 +00:00
earthlng
c980bda695 Update troubleshooter.js 
oops
 2020-12-16 14:43:46 +00:00
earthlng
feaa1c3e99 prefs update 
`browser.storageManager.enabled` -- removed in FF61 (1428306)
`security.csp.experimentalEnabled` -- removed in FF68 (1386214)
`gfx.downloadable_fonts.woff2.enabled` -- removed in FF69 (1556991)
`plugin.sessionPermissionNow.intervalInMinutes` -- removed in FF70 (1581664)
`plugin.defaultXpi.state` -- removed in FF72 (1596090)
`geo.wifi.uri` -- renamed to `geo.provider.network.url` in FF74 (1613627)
`browser.tabs.remote.allowLinkedWebInFileUriProcess` -- removed in FF77 (1603007)
 2020-12-16 14:40:42 +00:00
Thorin-Oakenpants
aa1c2145bb layout.css.visited_links_enabled 2020-12-09 09:30:21 +00:00
Thorin-Oakenpants
335ee84540 remove layout.css.visited_links_enabled, #933 
This no longer has any affect since FF77+: see https://bugzilla.mozilla.org/1632765
 2020-12-09 09:26:50 +00:00
Thorin-Oakenpants
5c37d50f4e tidy 
- remove useless `see` word for reference links
- fixup 0701
   - "do not play nice" is not measurable
   - don't reference to self as a source: people can just search "VPN leak Ipv6" or something
 2020-12-07 19:34:14 +00:00
Thorin-Oakenpants
77abf35761 tidy 
- shrink and remove outdated info from section 0300 header
- combine some bugzillas
- drop some references
   - 1647829 for HTTPS-Only mode
   - hardware metrics: not going to implicitly encourage users to use this pref or tell them what sizes to use
- update [STATS]
   - also remove TLS [STATS].. stats on TLS 1.0 and 1.1 are irrelevant: the default is now TLS 1.2+
- single CRLite reference for all blog articles
- save 588 bytes so all you bastards can theoretically load Firefox just that tiny bit faster
 2020-12-06 21:09:07 +00:00
Thorin-Oakenpants
fa85c9da5b fixup double word 2020-11-23 10:46:30 +00:00
Thorin-Oakenpants
cf53982086 1244: CRLite, closes #1065 2020-11-22 18:15:25 +00:00
Thorin-Oakenpants
91cbc1e09a HTTPS-Only mode, closes #1047 2020-11-22 17:59:44 +00:00
Thorin-Oakenpants
a7e4268d8b 2730 appCache, closes #1055 2020-11-22 17:25:33 +00:00
Thorin-Oakenpants
699eacf1fd add FPI scheme, closes #1066 (#1067) 2020-11-22 17:21:31 +00:00
Thorin-Oakenpants
0189438e46 start 84-alpha 2020-11-22 17:11:31 +00:00
Thorin-Oakenpants
94712f59a3 83 final 2020-11-22 17:05:34 +00:00
Thorin-Oakenpants
ef93a754ce warnings always come after notes 2020-11-21 01:49:19 +00:00
earthlng
c6ddda1aa3 Update troubleshooter.js 
- add `privacy.window.name.update.enabled`
- remove `media.autoplay.enabled` (removed in FF63)
- remove `dom.indexedDB.enabled` (removed in FF72)
 2020-11-17 19:17:59 +00:00
Thorin-Oakenpants
ccbca41e2d start 83 alpha, fixup 1244 setting info 
`browser.preferences.exposeHTTPSOnly` is now default true
 2020-11-13 01:03:29 +00:00
Thorin-Oakenpants
5b0d173078 82 final 2020-11-13 00:55:45 +00:00
Thorin-Oakenpants
d6186819f4 domIntersectionObserver 
it was removed after 81-beta was released
 2020-11-11 18:42:29 +00:00
7 changed files with 197 additions and 146 deletions
Expand all files Collapse all files

1
.github/ISSUE_TEMPLATE/troubleshooting-help.md vendored
View File

@ -15,6 +15,7 @@ Before you proceed...
- Note: We do not support forks - Note: We do not support forks
See also: See also:
- Override Recipes [issue 1080](https://github.com/arkenfox/user.js/issues/1080)
- Extension breakage due to prefs [issue 391](https://github.com/arkenfox/user.js/issues/391) - Extension breakage due to prefs [issue 391](https://github.com/arkenfox/user.js/issues/391)
- Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/arkenfox/user.js/issues/350) - Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/arkenfox/user.js/issues/350)

20
prefsCleaner.bat
View File

@ -3,7 +3,7 @@ TITLE prefs.js cleaner
REM ### prefs.js cleaner for Windows REM ### prefs.js cleaner for Windows
REM ## author: @claustromaniac REM ## author: @claustromaniac
REM ## version: 2.3 REM ## version: 2.4
CD /D "%~dp0" CD /D "%~dp0"
@ -13,7 +13,7 @@ ECHO:
ECHO ######################################## ECHO ########################################
ECHO #### prefs.js cleaner for Windows #### ECHO #### prefs.js cleaner for Windows ####
ECHO #### by claustromaniac #### ECHO #### by claustromaniac ####
ECHO #### v2.3 #### ECHO #### v2.4 ####
ECHO ######################################## ECHO ########################################
ECHO: ECHO:
CALL :message "This script should be run from your Firefox profile directory." CALL :message "This script should be run from your Firefox profile directory."
@ -28,6 +28,7 @@ IF ERRORLEVEL 3 (EXIT /B)
IF ERRORLEVEL 2 (GOTO :showhelp) IF ERRORLEVEL 2 (GOTO :showhelp)
IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30)
IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30)
CALL :strlenCheck
CALL :FFcheck CALL :FFcheck
CALL :message "Backing up prefs.js..." CALL :message "Backing up prefs.js..."
SET "_time=%time: =0%" SET "_time=%time: =0%"
@ -50,6 +51,21 @@ ECHO:
ECHO: %~1 ECHO: %~1
ECHO: ECHO:
GOTO :EOF GOTO :EOF
REM ### string length Check Function ####
:strlenCheck
SET /a cnt=0
setlocal ENABLEDELAYEDEXPANSION
FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO (
ECHO:%%H >nul
SET /a cnt += 1
IF /I "%%G" NEQ "!cnt!" (
ECHO:
CALL :message "ERROR: line !cnt! in prefs.js is too long."
(CALL :abort "Aborting ..." 30)
)
)
endlocal
GOTO :EOF
REM ####### Firefox Check Function ###### REM ####### Firefox Check Function ######
:FFcheck :FFcheck
TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL

11
scratchpad-scripts/arkenfox-clear-removed.js
View File

@ -1,7 +1,7 @@
/*** /***
This will reset the preferences that have been removed completely from the arkenfox user.js. This will reset the preferences that have been removed completely from the arkenfox user.js.
Last updated: 02-Nov-2020 Last updated: 27-Feb-2021
For instructions see: For instructions see:
https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
@ -223,13 +223,18 @@
'browser.search.region', 'browser.search.region',
/* 79-beta */ /* 79-beta */
'browser.urlbar.usepreloadedtopurls.enabled', 'browser.urlbar.usepreloadedtopurls.enabled',
/* 80 */
'dom.IntersectionObserver.enabled',
/* 82-beta */ /* 82-beta */
'dom.IntersectionObserver.enabled',
'extensions.screenshots.upload-disabled', 'extensions.screenshots.upload-disabled',
'privacy.partition.network_state', 'privacy.partition.network_state',
'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_128_sha',
'security.ssl3.dhe_rsa_aes_256_sha', 'security.ssl3.dhe_rsa_aes_256_sha',
/* 84-beta */
'browser.newtabpage.activity-stream.asrouter.providers.snippets',
/* 85-beta */
'network.http.redirection-limit',
/* 86-beta */
'media.gmp-widevinecdm.visible',
/* reset parrot: check your open about:config after running the script */ /* reset parrot: check your open about:config after running the script */
'_user.js.parrot' '_user.js.parrot'
] ]

33
scratchpad-scripts/troubleshooter.js
View File

@ -1,5 +1,5 @@
/*** arkenfox user.js troubleshooter.js v1.6.2 ***/ /*** arkenfox user.js troubleshooter.js v1.6.3 ***/
(function() { (function() {
@ -17,9 +17,7 @@
/* Storage + Cache */ /* Storage + Cache */
'browser.cache.offline.enable', 'browser.cache.offline.enable',
'dom.indexedDB.enabled',
'dom.storage.enabled', 'dom.storage.enabled',
'browser.storageManager.enabled',
'dom.storageManager.enabled', 'dom.storageManager.enabled',
/* Workers, Web + Push Notifications */ /* Workers, Web + Push Notifications */
@ -34,7 +32,6 @@
/* Fonts */ /* Fonts */
'browser.display.use_document_fonts', 'browser.display.use_document_fonts',
'font.blacklist.underline_offset', 'font.blacklist.underline_offset',
'gfx.downloadable_fonts.woff2.enabled',
'gfx.font_rendering.graphite.enabled', 'gfx.font_rendering.graphite.enabled',
'gfx.font_rendering.opentype_svg.enabled', 'gfx.font_rendering.opentype_svg.enabled',
'layout.css.font-loading-api.enabled', 'layout.css.font-loading-api.enabled',
@ -47,12 +44,10 @@
'dom.IntersectionObserver.enabled', 'dom.IntersectionObserver.enabled',
'dom.popup_allowed_events', 'dom.popup_allowed_events',
'full-screen-api.enabled', 'full-screen-api.enabled',
'geo.wifi.uri',
'intl.accept_languages', 'intl.accept_languages',
'javascript.options.asmjs', 'javascript.options.asmjs',
'javascript.options.wasm', 'javascript.options.wasm',
'permissions.default.shortcuts', 'permissions.default.shortcuts',
'security.csp.experimentalEnabled',
/* Hardware */ /* Hardware */
'dom.vr.enabled', 'dom.vr.enabled',
@ -60,7 +55,6 @@
/* Audio + Video */ /* Audio + Video */
'dom.webaudio.enabled', 'dom.webaudio.enabled',
'media.autoplay.enabled',
'media.autoplay.default', // FF63+ 'media.autoplay.default', // FF63+
'media.autoplay.blocking_policy', // FF78+ 'media.autoplay.blocking_policy', // FF78+
@ -89,13 +83,11 @@
/* Plugins + Flash */ /* Plugins + Flash */
'plugin.default.state', 'plugin.default.state',
'plugin.defaultXpi.state',
'plugin.sessionPermissionNow.intervalInMinutes',
'plugin.state.flash', 'plugin.state.flash',
/* unlikely to cause problems */ /* unlikely to cause problems */
'browser.tabs.remote.allowLinkedWebInFileUriProcess',
'dom.popup_maximum', 'dom.popup_maximum',
'geo.provider.network.url',
'layout.css.visited_links_enabled', 'layout.css.visited_links_enabled',
'mathml.disabled', 'mathml.disabled',
'network.auth.subresource-http-auth-allow', 'network.auth.subresource-http-auth-allow',
@ -103,6 +95,7 @@
'network.protocol-handler.external.ms-windows-store', 'network.protocol-handler.external.ms-windows-store',
'privacy.trackingprotection.enabled', 'privacy.trackingprotection.enabled',
'security.data_uri.block_toplevel_data_uri_navigations', 'security.data_uri.block_toplevel_data_uri_navigations',
'privacy.window.name.update.enabled', // FF82+
'last.one.without.comma' 'last.one.without.comma'
] ]
@ -168,8 +161,8 @@
reapply(aALL); reapply(aALL);
myreset(aTmp.slice(0, _h(aTmp))); myreset(aTmp.slice(0, _h(aTmp)));
while (aTmp.length) { while (aTmp.length) {
alert("NOW TEST AGAIN !"); alert('NOW TEST AGAIN !');
if (confirm("if the problem still exists click OK, otherwise click cancel.")) { if (confirm('if the problem still exists click OK, otherwise click Cancel.')) {
aTmp = aTmp.slice(_h(aTmp)); aTmp = aTmp.slice(_h(aTmp));
} else { } else {
aTmp = aTmp.slice(0, _h(aTmp)); aTmp = aTmp.slice(0, _h(aTmp));
@ -183,16 +176,16 @@
if (aDbg.length == 1) return alert("narrowed it down to:\n\n"+aDbg[0].name+"\n"); if (aDbg.length == 1) return alert("narrowed it down to:\n\n"+aDbg[0].name+"\n");
if (aDbg.length == aALL.length) { if (aDbg.length == aALL.length) {
let msg = "Failed to narrow it down beyond the initial "+aALL.length+" prefs. The problem is most likely caused by at least 2 prefs!\n\n"; const msg = "Failed to narrow it down beyond the initial "+aALL.length+" prefs. The problem is most likely caused by at least 2 prefs!\n\n" +
msg += "Either those prefs are too far apart in the list or there are exactly 2 culprits and they just happen to be at the wrong place.\n\n"; "Either those prefs are too far apart in the list or there are exactly 2 culprits and they just happen to be at the wrong place.\n\n" +
msg += "In case it's the latter, the script can add a dummy pref and you can try again - Try again?"; "In case it's the latter, the script can add a dummy pref and you can try again - Try again?";
if (confirm(msg)) return _main([...aALL, oFILLER]); if (confirm(msg)) return _main([...aALL, oFILLER]);
} else if (aDbg.length > 10 && confirm("Narrowed it down to "+aDbg.length+" prefs. Try narrowing it down further?")) { } else if (aDbg.length > 10 && confirm("Narrowed it down to "+aDbg.length+" prefs. Try narrowing it down further?")) {
return _main(aDbg.reverse()); return _main(aDbg.reverse());
} }
alert("Narrowed it down to "+ aDbg.length.toString() +" prefs, check the console ..."); alert("Narrowed it down to "+ aDbg.length.toString() +" prefs, check the console ...");
console.log("The problem is caused by 2 or more of these prefs:"); console.log('The problem is caused by 2 or more of these prefs:');
for (const oPref of aDbg) console.log(oPref.name); for (const oPref of aDbg) console.log(oPref.name);
} }
@ -202,13 +195,17 @@
const aBAK = getMyList(aPREFS); const aBAK = getMyList(aPREFS);
//console.log(aBAK.length, "user-set prefs from our list detected and their values stored."); //console.log(aBAK.length, "user-set prefs from our list detected and their values stored.");
const sMsg = "all detected prefs reset.\n\n" +
"!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\n" +
"IF the problem still exists, this script can't help you - click Cancel to re-apply your values and exit.\n\n" +
"Click OK if your problem is fixed.";
focus(); focus();
myreset(aBAK); myreset(aBAK);
if (!confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) { if (!confirm(sMsg)) {
reapply(aBAK); reapply(aBAK);
return; return;
} }
_main(aBAK); _main(aBAK);
})(); })();

28
updater.bat
View File

@ -3,10 +3,10 @@ TITLE arkenfox user.js updater
REM ## arkenfox user.js updater for Windows REM ## arkenfox user.js updater for Windows
REM ## author: @claustromaniac REM ## author: @claustromaniac
REM ## version: 4.12 REM ## version: 4.14
REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts
SET v=4.12 SET v=4.14
VERIFY ON VERIFY ON
CD /D "%~dp0" CD /D "%~dp0"
@ -28,6 +28,15 @@ SHIFT
GOTO parse GOTO parse
:endparse :endparse
FOR /F %%i IN ('PowerShell -Command "[Enum]::GetNames([Net.SecurityProtocolType]) -contains 'Tls12'"') DO (
IF "%%i" == "False" (
CALL :message "Your PowerShell version doesn't support TLS1.2 ^!"
ECHO: Instructions to update PowerShell are on the arkenfox wiki
PAUSE
EXIT
)
)
IF DEFINED _updateb ( IF DEFINED _updateb (
REM The normal flow here goes from phase 1 to phase 2 and then phase 3. REM The normal flow here goes from phase 1 to phase 2 and then phase 3.
IF NOT "!_myname:~0,9!"=="[updated]" ( IF NOT "!_myname:~0,9!"=="[updated]" (
@ -51,9 +60,7 @@ IF DEFINED _updateb (
CALL :message "Updating script..." CALL :message "Updating script..."
REM Uncomment the next line and comment out the PowerShell call for testing. REM Uncomment the next line and comment out the PowerShell call for testing.
REM COPY /B /Y "!_myname!.bat" "[updated]!_myname!.bat" >nul REM COPY /B /Y "!_myname!.bat" "[updated]!_myname!.bat" >nul
( CALL :psdownload https://raw.githubusercontent.com/arkenfox/user.js/master/updater.bat "[updated]!_myname!.bat"
PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/arkenfox/user.js/master/updater.bat', '[updated]!_myname!.bat')"
) >nul 2>&1
IF EXIST "[updated]!_myname!.bat" ( IF EXIST "[updated]!_myname!.bat" (
START /min CMD /C "[updated]!_myname!.bat" !_myparams! START /min CMD /C "[updated]!_myname!.bat" !_myparams!
) ELSE ( ) ELSE (
@ -132,9 +139,7 @@ IF DEFINED _log (
) )
IF EXIST user.js.new (DEL /F "user.js.new") IF EXIST user.js.new (DEL /F "user.js.new")
CALL :message "Retrieving latest user.js file from github repository..." CALL :message "Retrieving latest user.js file from github repository..."
( CALL :psdownload https://raw.githubusercontent.com/arkenfox/user.js/master/user.js "user.js.new"
PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/arkenfox/user.js/master/user.js', 'user.js.new')"
) >nul 2>&1
IF EXIST user.js.new ( IF EXIST user.js.new (
IF DEFINED _rfpalts ( IF DEFINED _rfpalts (
CALL :message "Activating RFP Alternatives section..." CALL :message "Activating RFP Alternatives section..."
@ -218,6 +223,13 @@ IF NOT "2"=="%_log%" (ECHO:)
ENDLOCAL ENDLOCAL
GOTO :EOF GOTO :EOF
::::::::::::::: Download :::::::::::::::
:psdownload
(
PowerShell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object Net.WebClient).DownloadFile('%~1', '%~2')"
) >nul 2>&1
GOTO :EOF
::::::::::::::: Activate Section ::::::::::::::: ::::::::::::::: Activate Section :::::::::::::::
:activate :activate
:: arg1 = file :: arg1 = file

16
updater.sh
View File

@ -2,7 +2,7 @@
## arkenfox user.js updater for macOS and Linux ## arkenfox user.js updater for macOS and Linux
## version: 2.8 ## version: 2.9
## Author: Pat Johnson (@overdodactyl) ## Author: Pat Johnson (@overdodactyl)
## Additional contributors: @earthlng, @ema-pe, @claustromaniac ## Additional contributors: @earthlng, @ema-pe, @claustromaniac
@ -10,9 +10,9 @@
readonly CURRDIR=$(pwd) readonly CURRDIR=$(pwd)
sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)
[ -z "$sfp" ] && sfp=${BASH_SOURCE[0]} [ -z "$SCRIPT_FILE" ] && SCRIPT_FILE=${BASH_SOURCE[0]}
readonly SCRIPT_DIR=$(dirname "${sfp}") readonly SCRIPT_DIR=$(dirname "${SCRIPT_FILE}")
######################### #########################
@ -198,7 +198,7 @@ update_updater () {
declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')" declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')"
[ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed
if [[ $(get_updater_version "${SCRIPT_DIR}/updater.sh") < $(get_updater_version "${tmpfile}") ]]; then if [[ $(get_updater_version "$SCRIPT_FILE") < $(get_updater_version "${tmpfile}") ]]; then
if [ $UPDATE = 'check' ]; then if [ $UPDATE = 'check' ]; then
echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}"
read -p "" -n 1 -r read -p "" -n 1 -r
@ -208,9 +208,9 @@ update_updater () {
else else
return 0 # No update available return 0 # No update available
fi fi
mv "${tmpfile}" "${SCRIPT_DIR}/updater.sh" mv "${tmpfile}" "$SCRIPT_FILE"
chmod u+x "${SCRIPT_DIR}/updater.sh" chmod u+x "$SCRIPT_FILE"
"${SCRIPT_DIR}/updater.sh" "$@" -d "$SCRIPT_FILE" "$@" -d
exit 0 exit 0
} }

234
user.js
View File

@ -1,7 +1,7 @@
/****** /******
* name: arkenfox user.js * name: arkenfox user.js
* date: 11 Nov 2020 * date: 28 Feb 2021
* version 82-beta * version 86
* url: https://github.com/arkenfox/user.js * url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@ -18,6 +18,7 @@
* Some site breakage and unintended consequences will happen. Everyone's experience will differ * Some site breakage and unintended consequences will happen. Everyone's experience will differ
e.g. some user data is erased on close (section 2800), change this to suit your needs e.g. some user data is erased on close (section 2800), change this to suit your needs
* While not 100% definitive, search for "[SETUP" tags * While not 100% definitive, search for "[SETUP" tags
e.g. third party images/videos not loading on some sites? check 1603
* Take the wiki link in step 2 and read the Troubleshooting entry * Take the wiki link in step 2 and read the Troubleshooting entry
5. Some tag info 5. Some tag info
[SETUP-SECURITY] it's one item, read it [SETUP-SECURITY] it's one item, read it
@ -25,6 +26,7 @@
[SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related) [SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related)
[SETUP-PERF] may impact performance [SETUP-PERF] may impact performance
[WARNING] used sparingly, heed them [WARNING] used sparingly, heed them
6. Override Recipes: https://github.com/arkenfox/user.js/issues/1080
* RELEASES: https://github.com/arkenfox/user.js/releases * RELEASES: https://github.com/arkenfox/user.js/releases
@ -34,6 +36,7 @@
- re-enable section 4600 if you don't use RFP - re-enable section 4600 if you don't use RFP
ESR78 ESR78
- If you are not using arkenfox v78... (not a definitive list) - If you are not using arkenfox v78... (not a definitive list)
- 1244: HTTPS-Only mode is enabled
- 1401: document fonts is inactive as it is now covered by RFP in FF80+ - 1401: document fonts is inactive as it is now covered by RFP in FF80+
- 4600: some prefs may apply even if you use RFP (currently none apply as of FF84) - 4600: some prefs may apply even if you use RFP (currently none apply as of FF84)
- 9999: switch the appropriate deprecated section(s) back on - 9999: switch the appropriate deprecated section(s) back on
@ -80,8 +83,8 @@
user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?"); user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?");
/* 0000: disable about:config warning /* 0000: disable about:config warning
* FF71-72: chrome://global/content/config.xul * FF72 or lower: chrome://global/content/config.xul
* FF73+: chrome://global/content/config.xhtml ***/ * FF73-86: chrome://global/content/config.xhtml ***/
user_pref("general.warnOnAboutConfig", false); // XUL/XHTML version user_pref("general.warnOnAboutConfig", false); // XUL/XHTML version
user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+] user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+]
@ -114,7 +117,6 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false);
* Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
* [1] https://abouthome-snippets-service.readthedocs.io/ ***/ * [1] https://abouthome-snippets-service.readthedocs.io/ ***/
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{}");
/* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
@ -147,7 +149,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease
/* 0202: set a default permission for Location (see 0201) [FF58+] /* 0202: set a default permission for Location (see 0201) [FF58+]
* 0=always ask (default), 1=allow, 2=block * 0=always ask (default), 1=allow, 2=block
* [NOTE] Best left at default "always ask", fingerprintable via Permissions API * [NOTE] Best left at default "always ask", fingerprintable via Permissions API
* [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Your Location
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/
// user_pref("permissions.default.geo", 2); // user_pref("permissions.default.geo", 2);
/* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled [FF74+] /* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled [FF74+]
@ -171,19 +173,17 @@ user_pref("browser.region.update.enabled", false); // [[FF79+]
* [TEST] https://addons.mozilla.org/about ***/ * [TEST] https://addons.mozilla.org/about ***/
user_pref("intl.accept_languages", "en-US, en"); user_pref("intl.accept_languages", "en-US, en");
/* 0211: enforce US English locale regardless of the system locale /* 0211: enforce US English locale regardless of the system locale
* [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages, see [2] * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
* [1] https://bugzilla.mozilla.org/867501 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
* [2] https://bugzilla.mozilla.org/1629630 ***/
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
/*** [SECTION 0300]: QUIET FOX /*** [SECTION 0300]: QUIET FOX
Starting in user.js v67, we only disable the auto-INSTALL of Firefox. You still get prompts We only disable the auto-INSTALL of Firefox (app) updates. You still get prompts to update,
to update, in one click. We have NEVER disabled auto-CHECKING, and highly discourage that. and it only takes one click. We highly discourage disabling auto-CHECKING for updates.
Previously we also disabled auto-INSTALLING of extensions (302b).
There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or monetized Legitimate reasons to disable auto-INSTALLS include hijacked/monetized extensions, time
extensions, time constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is still important
still important to do updates for security reasons, please do so manually if you make changes. to do updates for security reasons, please do so manually if you make changes.
***/ ***/
user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!");
/* 0301b: disable auto-CHECKING for extension and theme updates ***/ /* 0301b: disable auto-CHECKING for extension and theme updates ***/
@ -216,11 +216,11 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
* IF unified=true then .enabled ONLY controls whether to record extended data * IF unified=true then .enabled ONLY controls whether to record extended data
* so make sure to have both set as false * so make sure to have both set as false
* [NOTE] FF58+ 'toolkit.telemetry.enabled' is now LOCKED to reflect prerelease * [NOTE] FF58+ 'toolkit.telemetry.enabled' is now LOCKED to reflect prerelease
* or release builds (true and false respectively), see [2] * or release builds (true and false respectively) [2]
* [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html
* [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/
user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+ user_pref("toolkit.telemetry.enabled", false); // see [NOTE]
user_pref("toolkit.telemetry.server", "data:,"); user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+] user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
@ -303,7 +303,7 @@ user_pref("browser.safebrowsing.downloads.remote.url", "");
* [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/ * [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/
// user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
// user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
/* 0419: disable 'ignore this warning' on SB warnings /* 0419: disable 'ignore this warning' on SB warnings [FF45+]
* If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB
* [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [TEST] see github wiki APPENDIX A: Test Sites: Section 5
* [1] https://bugzilla.mozilla.org/1226490 ***/ * [1] https://bugzilla.mozilla.org/1226490 ***/
@ -365,7 +365,7 @@ user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true]
/* 0603: disable predictor / prefetching ***/ /* 0603: disable predictor / prefetching ***/
user_pref("network.predictor.enabled", false); user_pref("network.predictor.enabled", false);
user_pref("network.predictor.enable-prefetch", false); // [FF48+] user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
/* 0605: disable link-mouseover opening connection to linked server /* 0605: disable link-mouseover opening connection to linked server
* [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/
user_pref("network.http.speculative-parallel-limit", 0); user_pref("network.http.speculative-parallel-limit", 0);
@ -377,16 +377,15 @@ user_pref("browser.send_pings.require_same_host", true); // defense-in-depth
/*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/
user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!");
/* 0701: disable IPv6 /* 0701: disable IPv6
* IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs. That's even
* even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 * assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
* [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6 * [STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6
* [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an
* OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
* then this won't make much difference. If you are masking your IP, then it can only help. * then this won't make much difference. If you are masking your IP, then it can only help.
* [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
* [TEST] https://ipleak.org/ * [TEST] https://ipleak.org/
* [1] https://github.com/arkenfox/user.js/issues/437#issuecomment-403740626 * [1] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/
* [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/
user_pref("network.dns.disableIPv6", true); user_pref("network.dns.disableIPv6", true);
/* 0702: disable HTTP2 /* 0702: disable HTTP2
* HTTP2 raises concerns with "multiplexing" and "server push", does nothing to * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to
@ -416,7 +415,7 @@ user_pref("network.http.altsvc.oe", false);
* [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/ * [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/
user_pref("network.proxy.socks_remote_dns", true); user_pref("network.proxy.socks_remote_dns", true);
/* 0708: disable FTP [FF60+] ***/ /* 0708: disable FTP [FF60+] ***/
// user_pref("network.ftp.enabled", false); // user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+]
/* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] /* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+]
* [SETUP-CHROME] Can break extensions for profiles on network shares * [SETUP-CHROME] Can break extensions for profiles on network shares
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/
@ -458,13 +457,16 @@ user_pref("browser.fixup.alternate.enabled", false);
/* 0803: display all parts of the url in the location bar ***/ /* 0803: display all parts of the url in the location bar ***/
user_pref("browser.urlbar.trimURLs", false); user_pref("browser.urlbar.trimURLs", false);
/* 0805: disable coloring of visited links - CSS history leak /* 0805: disable coloring of visited links - CSS history leak
* [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
* only in 'certain circumstances', also see latest comments in [2] * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
* [TEST] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) * attacks. Don't forget clearing history on close (2803). However, social engineering [2#limits][4][5]
* [1] https://dbaron.org/mozilla/visited-privacy * and advanced targeted timing attacks could still produce usable results
* [2] https://bugzilla.mozilla.org/147777 * [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
* [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ * [2] https://dbaron.org/mozilla/visited-privacy
user_pref("layout.css.visited_links_enabled", false); * [3] https://bugzilla.mozilla.org/1632765
* [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use)
* [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/
// user_pref("layout.css.visited_links_enabled", false);
/* 0807: disable live search suggestions /* 0807: disable live search suggestions
/* [NOTE] Both must be true for the location bar to work /* [NOTE] Both must be true for the location bar to work
* [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine
@ -485,6 +487,10 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
// user_pref("browser.urlbar.suggest.bookmark", false); // user_pref("browser.urlbar.suggest.bookmark", false);
// user_pref("browser.urlbar.suggest.openpage", false); // user_pref("browser.urlbar.suggest.openpage", false);
// user_pref("browser.urlbar.suggest.topsites", false); // [FF78+] // user_pref("browser.urlbar.suggest.topsites", false); // [FF78+]
/* 0850b: disable tab-to-search [FF85+]
* Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
// user_pref("browser.urlbar.suggest.engines", false);
/* 0850c: disable location bar dropdown /* 0850c: disable location bar dropdown
* This value controls the total number of entries to appear in the location bar dropdown * This value controls the total number of entries to appear in the location bar dropdown
* [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always
@ -497,7 +503,7 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
* [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
// user_pref("browser.urlbar.autoFill", false); // user_pref("browser.urlbar.autoFill", false);
/* 0860: disable search and form history /* 0860: disable search and form history
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties, see [1] [2] * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [NOTE] We also clear formdata on exit (see 2803) * [NOTE] We also clear formdata on exit (see 2803)
* [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
@ -594,7 +600,7 @@ user_pref("browser.sessionstore.privacy_level", 2);
/* 1022: disable resuming session from crash ***/ /* 1022: disable resuming session from crash ***/
// user_pref("browser.sessionstore.resume_from_crash", false); // user_pref("browser.sessionstore.resume_from_crash", false);
/* 1023: set the minimum interval between session save operations /* 1023: set the minimum interval between session save operations
* Increasing this can help on older machines and some websites, as well as reducing writes, see [1] * Increasing this can help on older machines and some websites, as well as reducing writes [1]
* Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc * Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc
* [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature: * [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature:
* i.e. the longer the interval the more chance a quick tab open/close won't be captured. * i.e. the longer the interval the more chance a quick tab open/close won't be captured.
@ -630,18 +636,19 @@ user_pref("browser.shell.shortcutFavicons", false);
user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
/* 1201: require safe negotiation /* 1201: require safe negotiation
* Blocks connections to servers that don't support RFC 5746 [2] as they're potentially * Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 [2]
* vulnerable to a MiTM attack [3]. A server *without* RFC 5746 can be safe from the attack * as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be
* if it disables renegotiations but the problem is that the browser can't know that. * safe from the attack if it disables renegotiations but the problem is that the browser can't
* Setting this pref to true is the only way for the browser to ensure there will be * know that. Setting this pref to true is the only way for the browser to ensure there will be
* no unsafe renegotiations on the channel between the browser and the server. * no unsafe renegotiations on the channel between the browser and the server.
* [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation * [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://tools.ietf.org/html/rfc5746 * [2] https://tools.ietf.org/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 ***/ * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
* [4] https://www.ssllabs.com/ssl-pulse/ ***/
user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.require_safe_negotiation", true);
/* 1202: control TLS versions with min and max /* 1202: control TLS versions with min and max
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
* [STATS] Firefox telemetry (June 2020) shows only 0.16% of SSL handshakes use 1.0 or 1.1
* [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
* [1] https://www.ssllabs.com/ssl-pulse/ ***/ * [1] https://www.ssllabs.com/ssl-pulse/ ***/
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
@ -649,19 +656,15 @@ user_pref("security.ssl.require_safe_negotiation", true);
/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */ /* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */
user_pref("security.tls.version.enable-deprecated", false); user_pref("security.tls.version.enable-deprecated", false);
/* 1204: disable SSL session tracking [FF36+] /* 1204: disable SSL session tracking [FF36+]
* SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking * SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks)
* [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the * [NOTE] These are not used in PB mode. In normal windows they are isolated when using FPI (4001)
* consequences. FPI isolates these, but it was designed with the Tor protocol in mind, * and/or containers. In FF85+ they are isolated by default (privacy.partition.network_state)
* and the Tor Browser has extra protection, including enhanced sanitizing per Identity. * [WARNING] There are perf and passive fingerprinting costs, for little to no gain. Preventing
* tracking via this method does not address IPs, nor handle any sanitizing of current identifiers
* [1] https://tools.ietf.org/html/rfc5077 * [1] https://tools.ietf.org/html/rfc5077
* [2] https://bugzilla.mozilla.org/967977 * [2] https://bugzilla.mozilla.org/967977
* [3] https://arxiv.org/abs/1810.07304 ***/ * [3] https://arxiv.org/abs/1810.07304 ***/
user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
/* 1205: disable SSL Error Reporting
* [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/
user_pref("security.ssl.errorReporting.automatic", false);
user_pref("security.ssl.errorReporting.enabled", false);
user_pref("security.ssl.errorReporting.url", "");
/* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+] /* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+]
* [1] https://github.com/tlswg/tls13-spec/issues/1001 * [1] https://github.com/tlswg/tls13-spec/issues/1001
* [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
@ -716,6 +719,12 @@ user_pref("security.family_safety.mode", 0);
* by inspecting ALL your web traffic, then leave at current default=1 * by inspecting ALL your web traffic, then leave at current default=1
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/
user_pref("security.cert_pinning.enforcement_level", 2); user_pref("security.cert_pinning.enforcement_level", 2);
/* 1224: enforce CRLite [FF73+]
* In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985
* [2] https://blog.mozilla.org/security/tag/crlite/ ***/
user_pref("security.remote_settings.crlite_filters.enabled", true);
user_pref("security.pki.crlite_mode", 2);
/** MIXED CONTENT ***/ /** MIXED CONTENT ***/
/* 1240: enforce no insecure active content on https pages /* 1240: enforce no insecure active content on https pages
@ -728,14 +737,21 @@ user_pref("security.mixed_content.block_display_content", true);
user_pref("security.mixed_content.block_object_subrequest", true); user_pref("security.mixed_content.block_object_subrequest", true);
/* 1244: enable HTTPS-Only mode [FF76+] /* 1244: enable HTTPS-Only mode [FF76+]
* When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored
* [WARNING] This is experimental [1] and you can't set exceptions if FPI is enabled [2] (fixed in FF83) * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On/Off/Off temporarily
* [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+) * [SETTING] Privacy & Security>HTTPS-Only Mode
* [SETTING] Privacy & Security>HTTPS-Only Mode (FF80+ with browser.preferences.exposeHTTPSOnly = true) * [TEST] http://example.com [upgrade]
* [1] https://bugzilla.mozilla.org/1613063 [META] * [TEST] http://neverssl.org/ [no upgrade]
* [2] https://bugzilla.mozilla.org/1647829 ***/ * [1] https://bugzilla.mozilla.org/1613063 [META] ***/
// user_pref("dom.security.https_only_mode", true); // [FF76+] user_pref("dom.security.https_only_mode", true); // [FF76+]
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
// user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
// user_pref("dom.security.https_only_mode.upgrade_local", true);
/* 1246: disable HTTP background requests [FF82+]
* When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox
* sends HTTP requests in order to check if the server supports HTTPS or not.
* This is done to avoid waiting for a timeout which takes 90 seconds
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
user_pref("dom.security.https_only_mode_send_http_background_request", false);
/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro]
* These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1]) * These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1])
@ -760,10 +776,8 @@ user_pref("security.mixed_content.block_object_subrequest", true);
/** UI (User Interface) ***/ /** UI (User Interface) ***/
/* 1270: display warning on the padlock for "broken security" (if 1201 is false) /* 1270: display warning on the padlock for "broken security" (if 1201 is false)
* Bug: warning padlock not indicated for subresources on a secure page! [2] * Bug: warning padlock not indicated for subresources on a secure page! [2]
* [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation [3]
* [1] https://wiki.mozilla.org/Security:Renegotiation * [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://bugzilla.mozilla.org/1353705 * [2] https://bugzilla.mozilla.org/1353705 ***/
* [3] https://www.ssllabs.com/ssl-pulse/ ***/
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
/* 1271: control "Add Security Exception" dialog on SSL warnings /* 1271: control "Add Security Exception" dialog on SSL warnings
* 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
@ -794,24 +808,21 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
* [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.opentype_svg.enabled", false);
/* 1408: disable graphite /* 1408: disable graphite
* Graphite has had many critical security issues in the past, see [1] * Graphite has had many critical security issues in the past [1]
* [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
* [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/
user_pref("gfx.font_rendering.graphite.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false);
/* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART]
* If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed
* [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618)
* [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4618) * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4618)
* [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618)
* [1] https://bugzilla.mozilla.org/1121643 ***/ * [1] https://bugzilla.mozilla.org/1121643 ***/
// user_pref("font.system.whitelist", ""); // [HIDDEN PREF] // user_pref("font.system.whitelist", ""); // [HIDDEN PREF]
/*** [SECTION 1600]: HEADERS / REFERERS /*** [SECTION 1600]: HEADERS / REFERERS
Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone
--- ---
harden it a bit: set XOriginPolicy (1603) to 1 (as per the settings below) Expect some breakage: Use an extension if you need precise control
harden it a bit more: set XOriginPolicy (1603) to 2 (and optionally 1604 to 1 or 2), expect breakage
---
If you want any REAL control over referers and breakage, then use an extension
--- ---
full URI: https://example.com:8888/foo/bar.html?id=1234 full URI: https://example.com:8888/foo/bar.html?id=1234
scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port+path: https://example.com:8888/foo/bar.html
@ -822,17 +833,17 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
/* 1601: ALL: control when images/links send a referer /* 1601: ALL: control when images/links send a referer
* 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/
// user_pref("network.http.sendRefererHeader", 2); // [DEFAULT: 2] // user_pref("network.http.sendRefererHeader", 2);
/* 1602: ALL: control the amount of information to send /* 1602: ALL: control the amount of information to send
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
// user_pref("network.http.referer.trimmingPolicy", 0); // [DEFAULT: 0] // user_pref("network.http.referer.trimmingPolicy", 0);
/* 1603: CROSS ORIGIN: control when to send a referer /* 1603: CROSS ORIGIN: control when to send a referer
* 0=always (default), 1=only if base domains match, 2=only if hosts match * 0=always (default), 1=only if base domains match, 2=only if hosts match
* [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud ***/ * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud ***/
user_pref("network.http.referer.XOriginPolicy", 1); user_pref("network.http.referer.XOriginPolicy", 2);
/* 1604: CROSS ORIGIN: control the amount of information to send [FF52+] /* 1604: CROSS ORIGIN: control the amount of information to send [FF52+]
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
user_pref("network.http.referer.XOriginTrimmingPolicy", 0); // [DEFAULT: 0] user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
/* 1605: ALL: disable spoofing a referer /* 1605: ALL: disable spoofing a referer
* [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF * [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF
* (Cross-Site Request Forgery) protections that some sites may rely on ***/ * (Cross-Site Request Forgery) protections that some sites may rely on ***/
@ -886,11 +897,10 @@ user_pref("plugin.state.flash", 0);
* [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
// user_pref("media.gmp-provider.enabled", false); // user_pref("media.gmp-provider.enabled", false);
/* 1825: disable widevine CDM (Content Decryption Module) /* 1825: disable widevine CDM (Content Decryption Module)
* [SETUP-WEB] if you *need* CDM, e.g. Netflix, Amazon Prime, Hulu, whatever ***/ * [NOTE] This is covered by the EME master switch (1830) **/
user_pref("media.gmp-widevinecdm.visible", false); // user_pref("media.gmp-widevinecdm.enabled", false);
user_pref("media.gmp-widevinecdm.enabled", false);
/* 1830: disable all DRM content (EME: Encryption Media Extension) /* 1830: disable all DRM content (EME: Encryption Media Extension)
* [SETUP-WEB] if you *need* EME, e.g. Netflix, Amazon Prime, Hulu, whatever * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
* [SETTING] General>DRM Content>Play DRM-controlled content * [SETTING] General>DRM Content>Play DRM-controlled content
* [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
user_pref("media.eme.enabled", false); user_pref("media.eme.enabled", false);
@ -903,7 +913,7 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
* [1] https://www.privacytools.io/#webrtc ***/ * [1] https://www.privacytools.io/#webrtc ***/
user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.enabled", false);
/* 2002: limit WebRTC IP leaks if using WebRTC /* 2002: limit WebRTC IP leaks if using WebRTC
* In FF70+ these settings match Mode 4 (Mode 3 in older versions), see [3] * In FF70+ these settings match Mode 4 (Mode 3 in older versions) [3]
* [TEST] https://browserleaks.com/webrtc * [TEST] https://browserleaks.com/webrtc
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy
@ -919,15 +929,15 @@ user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70
user_pref("webgl.disabled", true); user_pref("webgl.disabled", true);
user_pref("webgl.enable-webgl2", false); user_pref("webgl.enable-webgl2", false);
/* 2012: limit WebGL ***/ /* 2012: limit WebGL ***/
user_pref("webgl.min_capability_mode", true); // user_pref("webgl.min_capability_mode", true);
user_pref("webgl.disable-fail-if-major-performance-caveat", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+]
/* 2022: disable screensharing ***/ /* 2022: disable screensharing ***/
user_pref("media.getusermedia.screensharing.enabled", false); user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.browser.enabled", false);
user_pref("media.getusermedia.audiocapture.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false);
/* 2024: set a default permission for Camera/Microphone [FF58+] /* 2024: set a default permission for Camera/Microphone [FF58+]
* 0=always ask (default), 1=allow, 2=block * 0=always ask (default), 1=allow, 2=block
* [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone * [SETTING] to add site exceptions: Ctrl+I>Permissions>Use the Camera/Microphone
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/
// user_pref("permissions.default.camera", 2); // user_pref("permissions.default.camera", 2);
// user_pref("permissions.default.microphone", 2); // user_pref("permissions.default.microphone", 2);
@ -963,8 +973,8 @@ user_pref("browser.link.open_newwindow.restriction", 0);
* [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/
user_pref("dom.disable_open_during_load", true); user_pref("dom.disable_open_during_load", true);
/* 2212: limit events that can cause a popup [SETUP-WEB] /* 2212: limit events that can cause a popup [SETUP-WEB]
* default is "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend contextmenu" ***/ * default FF86+: "change click dblclick auxclick mousedown mouseup pointerdown pointerup notificationclick reset submit touchend contextmenu ***/
user_pref("dom.popup_allowed_events", "click dblclick"); user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
/*** [SECTION 2300]: WEB WORKERS /*** [SECTION 2300]: WEB WORKERS
A worker is a JS "background task" running in a global context, i.e. it is different from A worker is a JS "background task" running in a global context, i.e. it is different from
@ -1009,7 +1019,7 @@ user_pref("dom.push.enabled", false);
/* 2306: set a default permission for Notifications (both 2304 and 2305) [FF58+] /* 2306: set a default permission for Notifications (both 2304 and 2305) [FF58+]
* 0=always ask (default), 1=allow, 2=block * 0=always ask (default), 1=allow, 2=block
* [NOTE] Best left at default "always ask", fingerprintable via Permissions API * [NOTE] Best left at default "always ask", fingerprintable via Permissions API
* [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications * [SETTING] to add site exceptions: Ctrl+I>Permissions>Receive Notifications
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/
// user_pref("permissions.default.desktop-notification", 2); // user_pref("permissions.default.desktop-notification", 2);
@ -1022,7 +1032,7 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!
* [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress * [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress
* This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website
* [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one * [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one
* is default false) then enabling this pref can leak clipboard content, see [1] * is default false) then enabling this pref can leak clipboard content [1]
* [1] https://bugzilla.mozilla.org/1528289 */ * [1] https://bugzilla.mozilla.org/1528289 */
// user_pref("dom.event.clipboardevents.enabled", false); // user_pref("dom.event.clipboardevents.enabled", false);
/* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+]
@ -1071,7 +1081,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m
* Initially a Linux issue (high precision readout) that was fixed. * Initially a Linux issue (high precision readout) that was fixed.
* However, it is still another metric for fingerprinting, used to raise entropy. * However, it is still another metric for fingerprinting, used to raise entropy.
* e.g. do you have a battery or not, current charging status, charge level, times remaining etc * e.g. do you have a battery or not, current charging status, charge level, times remaining etc
* [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code, see [1] * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code [1]
* [1] https://bugzilla.mozilla.org/1313580 ***/ * [1] https://bugzilla.mozilla.org/1313580 ***/
// user_pref("dom.battery.enabled", false); // user_pref("dom.battery.enabled", false);
/* 2505: disable media device enumeration [FF29+] /* 2505: disable media device enumeration [FF29+]
@ -1100,7 +1110,7 @@ user_pref("dom.webaudio.enabled", false);
// user_pref("dom.vr.enabled", false); // user_pref("dom.vr.enabled", false);
/* 2521: set a default permission for Virtual Reality (see 2520) [FF73+] /* 2521: set a default permission for Virtual Reality (see 2520) [FF73+]
* 0=always ask (default), 1=allow, 2=block * 0=always ask (default), 1=allow, 2=block
* [SETTING] to add site exceptions: Page Info>Permissions>Access Virtual Reality Devices * [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/
// user_pref("permissions.default.xr", 0); // user_pref("permissions.default.xr", 0);
@ -1116,8 +1126,7 @@ user_pref("beacon.enabled", false);
/* 2603: remove temp files opened with an external application /* 2603: remove temp files opened with an external application
* [1] https://bugzilla.mozilla.org/302433 ***/ * [1] https://bugzilla.mozilla.org/302433 ***/
user_pref("browser.helperApps.deleteTempFileOnExit", true); user_pref("browser.helperApps.deleteTempFileOnExit", true);
/* 2604: disable page thumbnail collection /* 2604: disable page thumbnail collection ***/
* look in profile/thumbnails directory - you may want to clean that out ***/
user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
/* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.enabled", false);
@ -1140,13 +1149,9 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
/* 2611: disable middle mouse click opening links from clipboard /* 2611: disable middle mouse click opening links from clipboard
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/
user_pref("middlemouse.contentLoadURL", false); user_pref("middlemouse.contentLoadURL", false);
/* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
* [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins)
* To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/
user_pref("network.http.redirection-limit", 10);
/* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+]
* 0 (default) or 1=allow, 2=block * 0 (default) or 1=allow, 2=block
* [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ * [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts ***/
// user_pref("permissions.default.shortcuts", 2); // user_pref("permissions.default.shortcuts", 2);
/* 2616: remove special permissions for certain mozilla domains [FF35+] /* 2616: remove special permissions for certain mozilla domains [FF35+]
* [1] resource://app/defaults/permissions ***/ * [1] resource://app/defaults/permissions ***/
@ -1186,8 +1191,12 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
user_pref("permissions.delegation.enabled", false); user_pref("permissions.delegation.enabled", false);
/* 2624: enable "window.name" protection [FF82+] /* 2624: enable "window.name" protection [FF82+]
* If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original
* string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/ * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks
user_pref("privacy.window.name.update.enabled", true); * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/
user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+]
/* 2625: disable bypassing 3rd party extension install prompts [FF82+]
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
user_pref("extensions.postDownloadThirdPartyPrompt", false);
/** DOWNLOADS ***/ /** DOWNLOADS ***/
/* 2650: discourage downloading to desktop /* 2650: discourage downloading to desktop
@ -1200,8 +1209,6 @@ user_pref("privacy.window.name.update.enabled", true);
user_pref("browser.download.useDownloadDir", false); user_pref("browser.download.useDownloadDir", false);
/* 2652: disable adding downloads to the system's "recent documents" list ***/ /* 2652: disable adding downloads to the system's "recent documents" list ***/
user_pref("browser.download.manager.addToRecentDocs", false); user_pref("browser.download.manager.addToRecentDocs", false);
/* 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/
user_pref("browser.download.hide_plugins_without_extensions", false);
/* 2654: disable "open with" in download dialog [FF50+] [SETUP-HARDEN] /* 2654: disable "open with" in download dialog [FF50+] [SETUP-HARDEN]
* This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
* in such a way that it is forbidden to run external applications. * in such a way that it is forbidden to run external applications.
@ -1268,8 +1275,10 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
* [WARNING] This will break a LOT of sites' functionality AND extensions! * [WARNING] This will break a LOT of sites' functionality AND extensions!
* You are better off using an extension for more granular control ***/ * You are better off using an extension for more granular control ***/
// user_pref("dom.storage.enabled", false); // user_pref("dom.storage.enabled", false);
/* 2730: disable offline cache ***/ /* 2730: enforce no offline cache storage (appCache)
user_pref("browser.cache.offline.enable", false); * The API is easily fingerprinted, use the "storage" pref instead ***/
// user_pref("browser.cache.offline.enable", false);
user_pref("browser.cache.offline.storage.enable", false); // [FF71+] [DEFAULT: false FF84+]
/* 2740: disable service worker cache and cache storage /* 2740: disable service worker cache and cache storage
* [NOTE] We clear service worker cache on exiting Firefox (see 2803) * [NOTE] We clear service worker cache on exiting Firefox (see 2803)
* [1] https://w3c.github.io/ServiceWorker/#privacy ***/ * [1] https://w3c.github.io/ServiceWorker/#privacy ***/
@ -1364,19 +1373,22 @@ user_pref("privacy.sanitize.timeSpan", 0);
user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
/* 4001: enable First Party Isolation [FF51+] /* 4001: enable First Party Isolation [FF51+]
* [SETUP-WEB] May break cross-domain logins and site functionality until perfected * [SETUP-WEB] May break cross-domain logins and site functionality until perfected
* [1] https://bugzilla.mozilla.org/1260931 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/
* [2] https://bugzilla.mozilla.org/1299996 [META] ***/
user_pref("privacy.firstparty.isolate", true); user_pref("privacy.firstparty.isolate", true);
/* 4002: enforce FPI restriction for window.opener [FF54+] /* 4002: enforce FPI restriction for window.opener [FF54+]
* [NOTE] Setting this to false may reduce the breakage in 4001 * [NOTE] Setting this to false may reduce the breakage in 4001
* FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But
* to reduce breakage it ignores the 1st-party domain (FPD) originAttribute, see [2],[3] * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute [2][3]
* The 2nd pref removes that limitation and will only allow communication if FPDs also match. * The 2nd pref removes that limitation and will only allow communication if FPDs also match.
* [1] https://bugzilla.mozilla.org/1319773#c22 * [1] https://bugzilla.mozilla.org/1319773#c22
* [2] https://bugzilla.mozilla.org/1492607 * [2] https://bugzilla.mozilla.org/1492607
* [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/
// user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
// user_pref("privacy.firstparty.isolate.block_post_message", true); // user_pref("privacy.firstparty.isolate.block_post_message", true);
/* 4003: enable scheme with FPI [FF78+]
* [NOTE] Experimental: existing data and site permissions are incompatible
* and some site exceptions may not work e.g. HTTPS-only mode (see 1244) ***/
// user_pref("privacy.firstparty.isolate.use_site", true);
/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
RFP covers a wide range of ongoing fingerprinting solutions. RFP covers a wide range of ongoing fingerprinting solutions.
@ -1452,8 +1464,7 @@ user_pref("privacy.resistFingerprinting", true);
/* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] /* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME]
* Width will round down to multiples of 200s and height to 100s, to fit your screen. * Width will round down to multiples of 200s and height to 100s, to fit your screen.
* The override values are a starting point to round from if you want some control * The override values are a starting point to round from if you want some control
* [1] https://bugzilla.mozilla.org/1330882 * [1] https://bugzilla.mozilla.org/1330882 ***/
* [2] https://hardware.metrics.mozilla.com/ ***/
// user_pref("privacy.window.maxInnerWidth", 1000); // user_pref("privacy.window.maxInnerWidth", 1000);
// user_pref("privacy.window.maxInnerHeight", 1000); // user_pref("privacy.window.maxInnerHeight", 1000);
/* 4503: disable mozAddonManager Web API [FF57+] /* 4503: disable mozAddonManager Web API [FF57+]
@ -1461,7 +1472,7 @@ user_pref("privacy.resistFingerprinting", true);
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF]
/* 4504: enable RFP letterboxing [FF67+] /* 4504: enable RFP letterboxing [FF67+]
* Dynamically resizes the inner window by applying margins in stepped ranges, see [2] * Dynamically resizes the inner window by applying margins in stepped ranges [2]
* If you use the dimension pref, then it will only apply those resolutions. The format is * If you use the dimension pref, then it will only apply those resolutions. The format is
* "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
* [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but
@ -1570,8 +1581,8 @@ user_pref("ui.use_standins_for_native_colors", true);
// 0=light, 1=dark : This overrides your OS value // 0=light, 1=dark : This overrides your OS value
user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
// FF80+ // FF80+
// 4618: limit font visbility (non-ANDROID) [FF79+] // 4618: limit font visibility (non-ANDROID) [FF79+]
// Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts, see [1] // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1]
// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
// [NOTE] Bundled fonts are auto-allowed // [NOTE] Bundled fonts are auto-allowed
// [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
@ -1619,6 +1630,7 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
// user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line
/* UX BEHAVIOR ***/ /* UX BEHAVIOR ***/
// user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing
// user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+]
// user_pref("browser.tabs.closeWindowWithLastTab", false); // user_pref("browser.tabs.closeWindowWithLastTab", false);
// user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+]
// user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+] // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+]
@ -1655,14 +1667,22 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!");
// [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
// [-] https://bugzilla.mozilla.org/1603712 // [-] https://bugzilla.mozilla.org/1603712
user_pref("intl.charset.fallback.override", "windows-1252"); user_pref("intl.charset.fallback.override", "windows-1252");
// * * * /
// FF82 // FF82
// 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" // 0206: disable geographically specific results/search engines e.g. "browser.search.*.US"
// i.e. ignore all of Mozilla's various search engines in multiple locales // i.e. ignore all of Mozilla's various search engines in multiple locales
// [-] https://bugzilla.mozilla.org/1619926 // [-] https://bugzilla.mozilla.org/1619926
user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults", false);
user_pref("browser.search.geoSpecificDefaults.url", ""); user_pref("browser.search.geoSpecificDefaults.url", "");
// * * * / // FF86
// 1205: disable SSL Error Reporting
// [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html
// [-] https://bugzilla.mozilla.org/1681839
user_pref("security.ssl.errorReporting.automatic", false);
user_pref("security.ssl.errorReporting.enabled", false);
user_pref("security.ssl.errorReporting.url", "");
// 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin
// [-] https://bugzilla.mozilla.org/1581678
user_pref("browser.download.hide_plugins_without_extensions", false);
// ***/ // ***/
/* END: internal custom pref to test for syntax errors ***/ /* END: internal custom pref to test for syntax errors ***/