Updated user.js from upstream.
This commit is contained in:
187
firefox/user.js
187
firefox/user.js
@ -1,13 +1,13 @@
|
||||
/******
|
||||
* name: ghacks user.js
|
||||
* date: 19 December 2019
|
||||
* version 72-alpha
|
||||
* date: 24 May 2020
|
||||
* version 77-alpha
|
||||
* authors: v52+ github | v51- www.ghacks.net
|
||||
* url: https://github.com/ghacksuserjs/ghacks-user.js
|
||||
* license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
|
||||
|
||||
* releases: These are end-of-stable-life-cycle legacy archives.
|
||||
*Always* use the master branch user.js for a current up-to-date version.
|
||||
*Always* use the master branch user.js for a current up-to-date version
|
||||
url: https://github.com/ghacksuserjs/ghacks-user.js/releases
|
||||
|
||||
* README:
|
||||
@ -83,10 +83,10 @@
|
||||
user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?");
|
||||
|
||||
/* 0000: disable about:config warning
|
||||
* The XUL version can still be accessed in FF71+ @ chrome://global/content/config.xul
|
||||
* and in FF73+ @ chrome://global/content/config.xhtml ***/
|
||||
user_pref("general.warnOnAboutConfig", false); // for the XUL version
|
||||
user_pref("browser.aboutConfig.showWarning", false); // for the new HTML version [FF71+]
|
||||
* FF71-72: chrome://global/content/config.xul
|
||||
* FF73+: chrome://global/content/config.xhtml ***/
|
||||
user_pref("general.warnOnAboutConfig", false); // XUL/XHTML version
|
||||
user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+]
|
||||
|
||||
/*** [SECTION 0100]: STARTUP ***/
|
||||
user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
|
||||
@ -150,20 +150,14 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease
|
||||
* [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location
|
||||
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/
|
||||
// user_pref("permissions.default.geo", 2);
|
||||
/* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled
|
||||
/* 0203: use Mozilla geolocation service instead of Google when geolocation is enabled [FF74+]
|
||||
* Optionally enable logging to the console (defaults to false) ***/
|
||||
user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
|
||||
// user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF]
|
||||
user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
|
||||
// user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF]
|
||||
/* 0204: disable using the OS's geolocation service ***/
|
||||
user_pref("geo.provider.ms-windows-location", false); // [WINDOWS]
|
||||
user_pref("geo.provider.use_corelocation", false); // [MAC]
|
||||
user_pref("geo.provider.use_gpsd", false); // [LINUX]
|
||||
/* 0205: disable GeoIP-based search results
|
||||
* [NOTE] May not be hidden if Firefox has changed your settings due to your locale
|
||||
* [1] https://trac.torproject.org/projects/tor/ticket/16254
|
||||
* [2] https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine ***/
|
||||
user_pref("browser.search.region", "US"); // [HIDDEN PREF]
|
||||
user_pref("browser.search.geoip.url", "");
|
||||
/* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US"
|
||||
* i.e. ignore all of Mozilla's various search engines in multiple locales ***/
|
||||
user_pref("browser.search.geoSpecificDefaults", false);
|
||||
@ -174,7 +168,9 @@ user_pref("browser.search.geoSpecificDefaults.url", "");
|
||||
* [TEST] https://addons.mozilla.org/about ***/
|
||||
user_pref("intl.accept_languages", "en-US, en");
|
||||
/* 0211: enforce US English locale regardless of the system locale
|
||||
* [1] https://bugzilla.mozilla.org/867501 ***/
|
||||
* [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages, see [2]
|
||||
* [1] https://bugzilla.mozilla.org/867501
|
||||
* [2] https://bugzilla.mozilla.org/1629630 ***/
|
||||
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
|
||||
/* 0212: enforce fallback text encoding to match en-US
|
||||
* When the content or server doesn't declare a charset the browser will
|
||||
@ -204,8 +200,8 @@ user_pref("app.update.auto", false);
|
||||
* [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/
|
||||
// user_pref("extensions.update.autoUpdateDefault", false);
|
||||
/* 0306: disable extension metadata
|
||||
* used when installing/updating an extension, and in daily background update checks: if false, it
|
||||
* hides the expanded text description (if it exists) when you "show more details about an addon" ***/
|
||||
* used when installing/updating an extension, and in daily background update checks:
|
||||
* when false, extension detail tabs will have no description ***/
|
||||
// user_pref("extensions.getAddons.cache.enabled", false);
|
||||
/* 0308: disable search engine updates (e.g. OpenSearch)
|
||||
* [NOTE] This does not affect Mozilla's built-in or Web Extension search engines
|
||||
@ -276,12 +272,10 @@ user_pref("network.connectivity-service.enabled", false);
|
||||
/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING (SB) ***/
|
||||
user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!");
|
||||
/** BLOCKLISTS ***/
|
||||
/* 0401: enforce Firefox blocklist, but sanitize blocklist url
|
||||
/* 0401: enforce Firefox blocklist
|
||||
* [NOTE] It includes updates for "revoked certificates"
|
||||
* [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
|
||||
* [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/
|
||||
* [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ ***/
|
||||
user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true]
|
||||
user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/");
|
||||
|
||||
/** SAFE BROWSING (SB)
|
||||
Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never
|
||||
@ -358,7 +352,7 @@ user_pref("browser.ping-centre.telemetry", false);
|
||||
/* 0517: disable Form Autofill
|
||||
* [NOTE] Stored data is NOT secure (uses a JSON file)
|
||||
* [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
|
||||
* [SETTING] Options>Privacy&Security>Forms and Autofill>Autofill addresses (FF73+)
|
||||
* [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses (FF74+)
|
||||
* [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill
|
||||
* [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/
|
||||
user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
|
||||
@ -396,7 +390,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost
|
||||
/* 0701: disable IPv6
|
||||
* IPv6 can be abused, especially regarding MAC addresses. They also do not play nice
|
||||
* with VPNs. That's even assuming your ISP and/or router and/or website can handle it.
|
||||
* Firefox telemetry (April 2019) shows only 5% of all connections are IPv6.
|
||||
* Firefox telemetry (April 2019) shows only 5% of all connections are IPv6
|
||||
* [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an
|
||||
* OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
|
||||
* then this won't make much difference. If you are masking your IP, then it can only help.
|
||||
@ -447,6 +441,11 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
|
||||
* [4] https://en.wikipedia.org/wiki/GIO_(software) ***/
|
||||
user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
|
||||
|
||||
/*** [SECTION 0709]: HOTFIX for FF77, FIXED in FF78 ***/
|
||||
/* 0709: disabling UNC can cause extension storage to fail
|
||||
* [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/923 ***/
|
||||
user_pref("network.file.disable_unc_paths", false); // [HIDDEN PREF]
|
||||
|
||||
/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
|
||||
Change items 0850 and above to suit for privacy vs convenience and functionality. Consider
|
||||
your environment (no unwanted eyeballs), your device (restricted access), your device's
|
||||
@ -512,9 +511,6 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
|
||||
/* 0850d: disable location bar autofill
|
||||
* [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
|
||||
// user_pref("browser.urlbar.autoFill", false);
|
||||
/* 0850e: disable location bar one-off searches [FF51+]
|
||||
* [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
|
||||
// user_pref("browser.urlbar.oneOffSearches", false);
|
||||
/* 0860: disable search and form history
|
||||
* [SETUP-WEB] Be aware thet autocomplete form data can be read by third parties, see [1] [2]
|
||||
* [NOTE] We also clear formdata on exit (see 2803)
|
||||
@ -596,6 +592,10 @@ user_pref("browser.cache.disk.enable", false);
|
||||
* [NOTE] This means any permission changes are session only
|
||||
* [1] https://bugzilla.mozilla.org/967812 ***/
|
||||
// user_pref("permissions.memory_only", true); // [HIDDEN PREF]
|
||||
/* 1007: disable media cache from writing to disk in Private Browsing
|
||||
* [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB */
|
||||
user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+]
|
||||
user_pref("media.memory_cache_max_size", 16384);
|
||||
|
||||
/** SESSIONS & SESSION RESTORE ***/
|
||||
/* 1020: exclude "Undo Closed Tabs" in Session Restore ***/
|
||||
@ -654,11 +654,13 @@ user_pref("security.ssl.require_safe_negotiation", true);
|
||||
/* 1202: control TLS versions with min and max
|
||||
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
|
||||
* [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
|
||||
* Firefox telemetry (April 2019) shows only 0.5% of TLS web traffic uses 1.0 or 1.1
|
||||
* Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1
|
||||
* [1] https://www.ssllabs.com/ssl-pulse/ ***/
|
||||
// user_pref("security.tls.version.min", 3);
|
||||
// user_pref("security.tls.version.max", 4);
|
||||
/* 1203: disable SSL session tracking [FF36+]
|
||||
/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */
|
||||
user_pref("security.tls.version.enable-deprecated", false);
|
||||
/* 1204: disable SSL session tracking [FF36+]
|
||||
* SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking
|
||||
* [SETUP-PERF] Relax this if you have FPI enabled (see 4000) *AND* you understand the
|
||||
* consequences. FPI isolates these, but it was designed with the Tor protocol in mind,
|
||||
@ -667,12 +669,12 @@ user_pref("security.ssl.require_safe_negotiation", true);
|
||||
* [2] https://bugzilla.mozilla.org/967977
|
||||
* [3] https://arxiv.org/abs/1810.07304 ***/
|
||||
user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
|
||||
/* 1204: disable SSL Error Reporting
|
||||
/* 1205: disable SSL Error Reporting
|
||||
* [1] https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html ***/
|
||||
user_pref("security.ssl.errorReporting.automatic", false);
|
||||
user_pref("security.ssl.errorReporting.enabled", false);
|
||||
user_pref("security.ssl.errorReporting.url", "");
|
||||
/* 1205: disable TLS1.3 0-RTT (round-trip time) [FF51+]
|
||||
/* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+]
|
||||
* [1] https://github.com/tlswg/tls13-spec/issues/1001
|
||||
* [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
|
||||
user_pref("security.tls.enable_0rtt_data", false);
|
||||
@ -736,6 +738,11 @@ user_pref("security.mixed_content.block_display_content", true);
|
||||
/* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+]
|
||||
* [1] https://bugzilla.mozilla.org/1190623 ***/
|
||||
user_pref("security.mixed_content.block_object_subrequest", true);
|
||||
/* 1244: enable https-only-mode [FF76+]
|
||||
* [NOTE] This is experimental
|
||||
* [1] https://bugzilla.mozilla.org/1613063 */
|
||||
// user_pref("dom.security.https_only_mode", true); // [FF76+]
|
||||
// user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+]
|
||||
|
||||
/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] ***/
|
||||
/* 1261: disable 3DES (effective key size < 128)
|
||||
@ -777,7 +784,7 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+]
|
||||
user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
|
||||
/* 1401: disable websites choosing fonts (0=block, 1=allow)
|
||||
* This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector
|
||||
* [SETUP-WEB] Disabling fonts can uglify the web a fair bit.
|
||||
* [SETUP-WEB] Can break some PDFs (missing text). Limiting to default fonts can "uglify" the web
|
||||
* [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/
|
||||
user_pref("browser.display.use_document_fonts", 0);
|
||||
/* 1403: disable icon fonts (glyphs) and local fallback rendering
|
||||
@ -867,10 +874,10 @@ user_pref("privacy.userContext.ui.enabled", true);
|
||||
/* 1702: enable Container Tabs [FF50+]
|
||||
* [SETTING] General>Tabs>Enable Container Tabs ***/
|
||||
user_pref("privacy.userContext.enabled", true);
|
||||
/* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME]
|
||||
* 0=no menu (default), 1=show when clicked, 2=show on long press
|
||||
* [1] https://bugzilla.mozilla.org/1328756 ***/
|
||||
user_pref("privacy.userContext.longPressBehavior", 2);
|
||||
/* 1703: set behaviour on "+ Tab" button to display container menu on left click [FF74+]
|
||||
* [NOTE] The menu is always shown on long press and right click
|
||||
* [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/
|
||||
// user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
|
||||
|
||||
/*** [SECTION 1800]: PLUGINS ***/
|
||||
user_pref("_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!");
|
||||
@ -918,7 +925,6 @@ user_pref("webgl.disabled", true);
|
||||
user_pref("webgl.enable-webgl2", false);
|
||||
/* 2012: limit WebGL ***/
|
||||
user_pref("webgl.min_capability_mode", true);
|
||||
user_pref("webgl.disable-extensions", true);
|
||||
user_pref("webgl.disable-fail-if-major-performance-caveat", true);
|
||||
/* 2022: disable screensharing ***/
|
||||
user_pref("media.getusermedia.screensharing.enabled", false);
|
||||
@ -1026,14 +1032,14 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!
|
||||
/* 2401: disable website control over browser right-click context menu
|
||||
* [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/
|
||||
// user_pref("dom.event.contextmenu.enabled", false);
|
||||
/* 2402: disable website access to clipboard events/content
|
||||
* [SETUP-WEB] This will break some sites functionality such as pasting into facebook, wordpress
|
||||
/* 2402: disable website access to clipboard events/content [SETUP-HARDEN]
|
||||
* [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress
|
||||
* This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website
|
||||
* [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one
|
||||
* is default false) then enabling this pref can leak clipboard content, see [2]
|
||||
* [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/
|
||||
* [2] https://bugzilla.mozilla.org/1528289 */
|
||||
user_pref("dom.event.clipboardevents.enabled", false);
|
||||
// user_pref("dom.event.clipboardevents.enabled", false);
|
||||
/* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+]
|
||||
* this disables document.execCommand("cut"/"copy") to protect your clipboard
|
||||
* [1] https://bugzilla.mozilla.org/1170911 ***/
|
||||
@ -1053,11 +1059,14 @@ user_pref("dom.vibrator.enabled", false);
|
||||
* [5] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400
|
||||
* [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/
|
||||
user_pref("javascript.options.asmjs", false);
|
||||
/* 2421: disable Ion and baseline JIT to help harden JS against exploits
|
||||
* [WARNING] If false, causes the odd site issue and there is also a performance loss
|
||||
/* 2421: disable Ion and baseline JIT to harden against JS exploits [SETUP-HARDEN]
|
||||
* [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new
|
||||
* hidden pref is enabled, then Ion can still be used by extensions (1599226)
|
||||
* [WARNING] Disabling Ion/JIT can cause some site issues and performance loss
|
||||
* [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/
|
||||
// user_pref("javascript.options.ion", false);
|
||||
// user_pref("javascript.options.baselinejit", false);
|
||||
// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
|
||||
/* 2422: disable WebAssembly [FF52+] [SETUP-PERF]
|
||||
* [NOTE] In FF71+ this no longer affects extensions (1576254)
|
||||
* [1] https://developer.mozilla.org/docs/WebAssembly ***/
|
||||
@ -1080,10 +1089,6 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m
|
||||
* [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. see [1]
|
||||
* [1] https://bugzilla.mozilla.org/1313580 ***/
|
||||
// user_pref("dom.battery.enabled", false);
|
||||
/* 2504: disable virtual reality devices
|
||||
* Optional protection depending on your connected devices
|
||||
* [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/
|
||||
// user_pref("dom.vr.enabled", false);
|
||||
/* 2505: disable media device enumeration [FF29+]
|
||||
* [NOTE] media.peerconnection.enabled should also be set to false (see 2001)
|
||||
* [1] https://wiki.mozilla.org/Media/getUserMedia
|
||||
@ -1104,6 +1109,15 @@ user_pref("dom.webaudio.enabled", false);
|
||||
* [1] https://github.com/WICG/media-capabilities
|
||||
* [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/
|
||||
// user_pref("media.media-capabilities.enabled", false);
|
||||
/* 2520: disable virtual reality devices
|
||||
* Optional protection depending on your connected devices
|
||||
* [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/
|
||||
// user_pref("dom.vr.enabled", false);
|
||||
/* 2521: set a default permission for Virtual Reality (see 2520) [FF73+]
|
||||
* 0=always ask (default), 1=allow, 2=block
|
||||
* [SETTING] to add site exceptions: Page Info>Permissions>Access Virtual Reality Devices
|
||||
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/
|
||||
// user_pref("permissions.default.xr", 0);
|
||||
|
||||
/*** [SECTION 2600]: MISCELLANEOUS ***/
|
||||
user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
|
||||
@ -1120,10 +1134,6 @@ user_pref("browser.helperApps.deleteTempFileOnExit", true);
|
||||
/* 2604: disable page thumbnail collection
|
||||
* look in profile/thumbnails directory - you may want to clean that out ***/
|
||||
user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
|
||||
/* 2605: block web content in file processes [FF55+]
|
||||
* [SETUP-WEB] You may want to disable this for corporate or developer environments
|
||||
* [1] https://bugzilla.mozilla.org/1343184 ***/
|
||||
user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
|
||||
/* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
|
||||
user_pref("browser.uitour.enabled", false);
|
||||
user_pref("browser.uitour.url", "");
|
||||
@ -1133,7 +1143,7 @@ user_pref("browser.uitour.url", "");
|
||||
user_pref("devtools.chrome.enabled", false);
|
||||
/* 2608: disable remote debugging
|
||||
* [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/
|
||||
user_pref("devtools.debugger.remote-enabled", false);
|
||||
user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
|
||||
/* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN]
|
||||
* [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc
|
||||
* [1] https://bugzilla.mozilla.org/1173199 ***/
|
||||
@ -1182,6 +1192,15 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false]
|
||||
/* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS]
|
||||
* [1] https://www.ghacks.net/2016/03/25/block-firefox-chrome-windows-store/ ***/
|
||||
user_pref("network.protocol-handler.external.ms-windows-store", false);
|
||||
/* 2622: enforce no system colors; they can be fingerprinted
|
||||
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
|
||||
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
|
||||
/* 2623: disable permissions delegation [FF73+]
|
||||
* Currently applies to cross-origin geolocation, camera, mic and screen-sharing
|
||||
* permissions, and fullscreen requests. Disabling delegation means any prompts
|
||||
* for these will show/use their correct 3rd party origin
|
||||
* [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion */
|
||||
user_pref("permissions.delegation.enabled", false);
|
||||
|
||||
/** DOWNLOADS ***/
|
||||
/* 2650: discourage downloading to desktop
|
||||
@ -1211,7 +1230,7 @@ user_pref("browser.download.hide_plugins_without_extensions", false);
|
||||
* [1] archived: https://archive.is/DYjAM ***/
|
||||
user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF]
|
||||
user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
|
||||
/* 2662: disable webextension restrictions on certain mozilla domains (also see 4503) [FF60+]
|
||||
/* 2662: disable webextension restrictions on certain mozilla domains (you also need 4503) [FF60+]
|
||||
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
|
||||
// user_pref("extensions.webextensions.restrictedDomains", "");
|
||||
|
||||
@ -1245,7 +1264,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
|
||||
* [NOTE] You can set exceptions under site permissions or use an extension
|
||||
* [NOTE] Enforcing category to custom ensures ETP related prefs are always honored
|
||||
* [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies ***/
|
||||
user_pref("network.cookie.cookieBehavior", 1);
|
||||
user_pref("network.cookie.cookieBehavior", 3);
|
||||
user_pref("browser.contentblocking.category", "custom");
|
||||
/* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only
|
||||
and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only
|
||||
@ -1392,12 +1411,13 @@ user_pref("privacy.firstparty.isolate", true);
|
||||
This spoof *shouldn't* affect core chrome/Firefox performance
|
||||
** 1217238 - reduce precision of time exposed by javascript (FF55+)
|
||||
** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+)
|
||||
** 1333651 & 1383495 & 1396468 - spoof Navigator API (see section 4700) (FF56+)
|
||||
FF56: The version number will be rounded down to the nearest multiple of 10
|
||||
FF57: The version number will match current ESR (1393283, 1418672, 1418162, 1511763)
|
||||
FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage) (1404608)
|
||||
FF66: The OS in HTTP Headers will be reduced to Windows or Android (1509829)
|
||||
FF68: Reported OS versions updated to Windows 10, OS 10.14, and Adnroid 8.1 (1511434)
|
||||
** 1333651 & 1383495 & 1396468 - spoof User Agent & Navigator API (see section 4700) (FF56+)
|
||||
FF56: Version: rounded down to the nearest multiple of 10
|
||||
FF57: Version: match current ESR (1393283, 1418672, 1418162, 1511763)
|
||||
FF59: OS: Windows, OSX, Android, or Linux (to reduce breakage) (1404608)
|
||||
FF66: OS: HTTP Headers reduced to Windows or Android (1509829)
|
||||
FF68: OS: updated to Windows 10, OS 10.14, and Android 8.1 (1511434)
|
||||
FF78: OS: updated to OS 10.15 and Android 9.0 (1635011)
|
||||
** 1369319 - disable device sensor API (see 4604) (FF56+)
|
||||
** 1369357 - disable site specific zoom (see 4605) (FF56+)
|
||||
** 1337161 - hide gamepads from content (see 4606) (FF56+)
|
||||
@ -1411,7 +1431,7 @@ user_pref("privacy.firstparty.isolate", true);
|
||||
** 1354633 - limit MediaError.message to a whitelist (FF57+)
|
||||
** 1382533 - enable fingerprinting resistance for Presentation API (FF57+)
|
||||
This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
|
||||
** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+)
|
||||
** 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction (FF58+)
|
||||
FF59: Added to site permissions panel (1413780) Only prompt when triggered by user input (1376865)
|
||||
** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+)
|
||||
Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if
|
||||
@ -1424,15 +1444,17 @@ user_pref("privacy.firstparty.isolate", true);
|
||||
FF60: Fix keydown/keyup events (1438795)
|
||||
** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+)
|
||||
** 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+)
|
||||
** 1479239 - return "no-preference" with prefers-reduced-motion (FF63+)
|
||||
** 1479239 - return "no-preference" with prefers-reduced-motion (see 4617) (FF63+)
|
||||
** 1363508 - spoof/suppress Pointer Events (see 4614) (FF64+)
|
||||
FF65: pointerEvent.pointerid (1492766)
|
||||
** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+)
|
||||
** 1407366 - enable inner window letterboxing (see 4504) (FF67+)
|
||||
** 1540726 - return "light" with prefers-color-scheme (see 4616) (FF67+)
|
||||
** 1494034 - return "light" with prefers-color-scheme (see 4616) (FF67+)
|
||||
[1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme
|
||||
** 1564422 - spoof audioContext outputLatency (FF70+)
|
||||
** 1595823 - spoof audioContext sampleRate (FF72+)
|
||||
** 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+)
|
||||
** 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+)
|
||||
***/
|
||||
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
|
||||
/* 4501: enable privacy.resistFingerprinting [FF41+]
|
||||
@ -1562,6 +1584,9 @@ user_pref("ui.use_standins_for_native_colors", true);
|
||||
// 4616: enforce prefers-color-scheme as light [FF67+]
|
||||
// 0=light, 1=dark : This overrides your OS value
|
||||
user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
|
||||
// 4617: enforce prefers-reduced-motion as no-preference [FF63+]
|
||||
// 0=no-preference, 1=reduce
|
||||
user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF]
|
||||
// * * * /
|
||||
// ***/
|
||||
|
||||
@ -1637,8 +1662,8 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
|
||||
// user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
|
||||
|
||||
/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED
|
||||
Documentation denoted as [-]. Items deprecated prior to FF68 have been archived at [1], which
|
||||
also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets
|
||||
Documentation denoted as [-]. Items deprecated in FF68 or earlier have been archived at [1],
|
||||
which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets
|
||||
[1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123
|
||||
***/
|
||||
user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!");
|
||||
@ -1684,6 +1709,38 @@ user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+]
|
||||
// [-] https://bugzilla.mozilla.org/1488583
|
||||
user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true]
|
||||
// * * * /
|
||||
// FF74
|
||||
// 0203: use Mozilla geolocation service instead of Google when geolocation is enabled
|
||||
// Optionally enable logging to the console (defaults to false)
|
||||
// [-] https://bugzilla.mozilla.org/1613627
|
||||
user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
|
||||
// user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF]
|
||||
// 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME]
|
||||
// 0=no menu (default), 1=show when clicked, 2=show on long press
|
||||
// [1] https://bugzilla.mozilla.org/1328756
|
||||
// [-] https://bugzilla.mozilla.org/1606265
|
||||
user_pref("privacy.userContext.longPressBehavior", 2);
|
||||
// 2012: limit WebGL
|
||||
// [-] https://bugzilla.mozilla.org/1477756
|
||||
user_pref("webgl.disable-extensions", true);
|
||||
// * * * /
|
||||
// FF76
|
||||
// 0401: sanitize blocklist url
|
||||
// [2] https://trac.torproject.org/projects/tor/ticket/16931
|
||||
// [-] https://bugzilla.mozilla.org/1618188
|
||||
user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/");
|
||||
// * * * /
|
||||
// FF77
|
||||
// 0850e: disable location bar one-off searches [FF51+]
|
||||
// [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/
|
||||
// [-] https://bugzilla.mozilla.org/1628926
|
||||
// user_pref("browser.urlbar.oneOffSearches", false);
|
||||
// 2605: block web content in file processes [FF55+]
|
||||
// [SETUP-WEB] You may want to disable this for corporate or developer environments
|
||||
// [1] https://bugzilla.mozilla.org/1343184
|
||||
// [-] https://bugzilla.mozilla.org/1603007
|
||||
user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
|
||||
// * * * /
|
||||
// ***/
|
||||
|
||||
/* END: internal custom pref to test for syntax errors ***/
|
||||
|
||||
Reference in New Issue
Block a user