From 76a047145137abeb48a7bfe4d189511c4ed3b40a Mon Sep 17 00:00:00 2001 From: Narsil Date: Thu, 19 Aug 2021 10:43:08 +0000 Subject: [PATCH] Update 'user.js' --- user.js | 252 ++++++++++++++++++++++++++------------------------------ 1 file changed, 118 insertions(+), 134 deletions(-) diff --git a/user.js b/user.js index 01a50dc..f92a778 100644 --- a/user.js +++ b/user.js @@ -18,10 +18,7 @@ // STARTUP // >>>>>>>>>>>>>>>>>>>>> // Disable about:config warning -// FF71-72: chrome://global/content/config.xul -// FF73+: chrome://global/content/config.xhtml ***/ -user_pref("general.warnOnAboutConfig", false); // XHTML version -user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+] +user_pref("browser.aboutConfig.showWarning", false); // ------------------------------------- // Disable separate about:welcome page // https://bugzilla.mozilla.org/show_bug.cgi?id=1617783 @@ -89,7 +86,7 @@ user_pref("browser.newtabpage.activity-stream.default.sites", ""); // GEOLOCATION ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable Location-Aware Browsing -// [NOTE] Best left at default "true", fingerprintable, already behind a prompt +// [WARNING] The API state is fingerprintable. Permission is already behind a prompt // https://www.mozilla.org/firefox/geolocation/ ***/ user_pref("geo.enabled", false); user_pref("browser.search.geoip.url", ""); // [HIDDEN PREF] @@ -101,7 +98,7 @@ user_pref("browser.search.geoip.url", ""); // [HIDDEN PREF] // [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); // ------------------------------------- -// Use Mozilla geolocation service instead of Google when geolocation is enabled [FF74+] +// Use Mozilla geolocation service instead of Google if geolocation is granted [FF74+] // Optionally enable logging to the console (defaults to false) ***/ user_pref("geo.provider.network.url", ""); // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF] @@ -140,8 +137,8 @@ user_pref("privacy.spoof_english", 2); // Disable auto-CHECKING for extension and theme updates ***/ user_pref("extensions.update.enabled", false); // ------------------------------------- -// Disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+] -// [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed +// Disable auto-INSTALLING Firefox updates [NON-WINDOWS] +// [NOTE] You will still get prompts to update, and should do so in a timely manner // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/ user_pref("app.update.auto", false); user_pref("app.update.staging.enabled", false); @@ -408,7 +405,7 @@ user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // SYSTEM ADD-ONS / EXPERIMENTS // >>>>>>>>>>>>>>>>>>>>> // Disable Normandy/Shield [FF60+] -// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" +// Shield is a telemetry system that can push and test "recipes" // https://mozilla.github.io/normandy/ user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); @@ -490,7 +487,7 @@ user_pref("network.dns.disableIPv6", true); // [STATS] ~46% of sites (July 2021) // https://http2.github.io/faq/ // https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html -// https://http2.github.io/http2-spec/#rfc.section.10.8 +// https://datatracker.ietf.org/doc/html/rfc7540#section-10.8 // https://queue.acm.org/detail.cfm?id=2716278 // https://w3techs.com/technologies/details/ce-http2/all/all ***/ // user_pref("network.http.spdy.enabled", false); @@ -616,7 +613,7 @@ user_pref("browser.urlbar.autoFill", false); user_pref("browser.formfill.enable", false); // ------------------------------------- // Disable browsing and download history -// [NOTE] We also clear history and downloads on exiting Firefox +// [NOTE] We also clear history and downloads on exit // [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ user_pref("places.history.enabled", false); // ------------------------------------- @@ -650,7 +647,7 @@ user_pref("security.ask_for_password", 2); // ------------------------------------- // Set how often in minutes Firefox should ask for the primary password // in minutes, default is 30 ***/ -user_pref("security.password_lifetime", 5); +user_pref("security.password_lifetime", 5); // [DEFAULT: 30] // ------------------------------------- // Disable auto-filling username & password form fields // can leak in cross-site forms *and* be spoofed @@ -680,7 +677,7 @@ user_pref("network.http.windows-sso.enabled", false); // Disable disk cache // [SETUP-PERF] If you think disk cache may help (heavy tab user, high-res video), // or you use a hardened Temporary Containers, then feel free to override this -// [NOTE] We also clear cache on exiting Firefox ***/ +// [NOTE] We also clear cache on exit user_pref("browser.cache.disk.enable", false); // ------------------------------------- // Disable memory cache @@ -898,7 +895,8 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); // user_pref("dom.securecontext.whitelist_onions", true); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// CIPHERS [WARNING: do not meddle with your cipher suite] +// CIPHERS +// [WARNING: DO NOT USE // >>>>>>>>>>>>>>>>>>>>> // Disable 3DES (effective key size < 128 and no PFS) // https://en.wikipedia.org/wiki/3des#Security @@ -946,18 +944,6 @@ user_pref("security.insecure_connection_text.pbmode.enabled", true); // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // FONTS ***/ // >>>>>>>>>>>>>>>>>>>>> -// Disable websites choosing fonts (0=block, 1=allow) -// This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector -// [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis -// [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ -user_pref("browser.display.use_document_fonts", 0); -// ------------------------------------- -// Disable icon fonts (glyphs) and local fallback rendering -// https://bugzilla.mozilla.org/789788 -// https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ -// user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] -// user_pref("gfx.downloadable_fonts.fallback_delay", -1); -// ------------------------------------- // Disable rendering of SVG OpenType fonts // https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ user_pref("gfx.font_rendering.opentype_svg.enabled", false); @@ -968,11 +954,18 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); // https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ user_pref("gfx.font_rendering.graphite.enabled", false); // ------------------------------------- -// Limit system font exposure to a whitelist [FF52+] [RESTART] -// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed -// [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis -// https://bugzilla.mozilla.org/1121643 ***/ -// user_pref("font.system.whitelist", ""); // [HIDDEN PREF] +// Limit font visibility (Windows, Mac, some Linux) [FF79+] +// [NOTE] IN FF8)+ RFP ignores the pref and uses value 1 +// Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts, bundled fonts are auto-allowed +// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts +// https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ +// user_pref("layout.css.font-visibility.level", 1); +// ------------------------------------- +// Disable icon fonts (glyphs) and local fallback rendering +// https://bugzilla.mozilla.org/789788 +// https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/ +// user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] +// user_pref("gfx.downloadable_fonts.fallback_delay", -1); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // HEADERS / REFERERS @@ -1022,13 +1015,10 @@ user_pref("privacy.donottrackheader.enabled", false); // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // CONTAINERS // >>>>>>>>>>>>>>>>>>>>> -// Enable Container Tabs setting in preferences [FF50+] -// https://bugzilla.mozilla.org/1279029 ***/ -user_pref("privacy.userContext.ui.enabled", true); -// ------------------------------------- -// Enable Container Tabs [FF50+] -// [SETTING] General>Tabs>Enable Container Tabs ***/ +// Enable Container Tabs and it's UI setting [FF50+] +// [SETTING] General>Tabs>Enable Container Tabs user_pref("privacy.userContext.enabled", true); +user_pref("privacy.userContext.ui.enabled", true); // ------------------------------------- // Set behaviour on "+ Tab" button to display container menu on left click [FF74+] // [NOTE] The menu is always shown on long press and right click @@ -1175,10 +1165,7 @@ user_pref("dom.vibrator.enabled", false); // ------------------------------------- // Disable asm.js [FF22+] [SETUP-PERF] // http://asmjs.org/ -// https://www.mozilla.org/security/advisories/mfsa2015-29/ -// https://www.mozilla.org/security/advisories/mfsa2015-50/ -// https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375 -// https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400 +// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js // https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ user_pref("javascript.options.asmjs", false); // ------------------------------------- @@ -1186,7 +1173,7 @@ user_pref("javascript.options.asmjs", false); // [NOTE] In FF75+, when **both** Ion and JIT are disabled, **and** the new // hidden pref is enabled, then Ion can still be used by extensions (1599226) // [WARNING] Disabling Ion/JIT can cause some site issues and performance loss -// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ +// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Firefox+JIT user_pref("javascript.options.ion", false); user_pref("javascript.options.baselinejit", false); user_pref("javascript.options.native_regexp", false); @@ -1228,8 +1215,8 @@ user_pref("dom.battery.enabled", false); // user_pref("media.media-capabilities.enabled", false); // ------------------------------------- // Disable virtual reality devices -// [WARNING] The API state is fingerprintable -// https://developer.mozilla.org/docs/Web/API/WebVR_API ***/ +// [WARNING] The API state is fingerprintable. Permission is already behind a prompt +// https://developer.mozilla.org/docs/Web/API/WebVR_API user_pref("dom.vr.enabled", false); // ------------------------------------- // Set a default permission for Virtual Reality [FF73+] @@ -1464,12 +1451,12 @@ user_pref("network.cookie.lifetimePolicy", 2); // ------------------------------------- // Disable offline cache (appCache) // [NOTE] In FF90+ the storage capability has been removed. -// [WARNING] The API is easily fingerprinted, do not disable ***/ +// [WARNING] The API state is fingerprintable. Storage capability was removed in FF90+ // user_pref("browser.cache.offline.enable", false); // ------------------------------------- // Disable service worker cache and cache storage -// [NOTE] We clear service worker cache on exiting Firefox -// https://w3c.github.io/ServiceWorker/#privacy ***/ +// [NOTE] We clear service worker cache on exit +// https://w3c.github.io/ServiceWorker/#privacy // user_pref("dom.caches.enabled", false); // ------------------------------------- // Disable Storage API [FF51+] @@ -1618,86 +1605,14 @@ user_pref("browser.startup.blankWindow", false); user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// RFP ALTERNATIVES -// >>>>>>>>>>>>>>>>>>>>> -// Spoof number of CPU cores [FF48+] -// user_pref("dom.maxHardwareConcurrency", 2); -// ------------------------------------- -// Disable Resource Timing API -// user_pref("dom.enable_resource_timing", false); -// ------------------------------------- -// Disable Navigation Timing API -// user_pref("dom.enable_performance", false); -// ------------------------------------- -// Disable device sensor API -user_pref("device.sensors.enabled", false); -// ------------------------------------- -// Disable remembering site specific zoom -// user_pref("browser.zoom.siteSpecific", false); -// ------------------------------------- -// Disable gamepad API - USB device ID enumeration -// user_pref("dom.gamepad.enabled", false); -// ------------------------------------- -// Disable Network Information API [FF31+] -// user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] -// ------------------------------------- -// Disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API -// user_pref("media.webspeech.synth.enabled", false); -// ------------------------------------- -// Disable video statistics to mitigate JS performance fingerprinting [FF25+] -// user_pref("media.video_stats.enabled", false); -// ------------------------------------- -// Disable touch events -user_pref("dom.w3c_touch_events.enabled", 0); -// ------------------------------------- -// Disable media device enumeration [FF29+] -user_pref("media.navigator.enabled", false); -// ------------------------------------- -// Disable MediaDevices change detection [FF51+] -// user_pref("media.ondevicechange.enabled", false); -// ------------------------------------- -// Disable WebGL debug info being available to websites -// user_pref("webgl.enable-debug-renderer-info", false); -// ------------------------------------- -// Enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] -// 0=no-preference, 1=reduce -// user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] -// ------------------------------------- -// Disable exposure of system colors to CSS or canvas [FF44+] -// user_pref("ui.use_standins_for_native_colors", true); -// ------------------------------------- -// Enforce prefers-color-scheme as light [FF67+] -// 0=light, 1=dark : This overrides your OS value -// user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] -// ------------------------------------- -// Disable Web Audio API [FF51+] -user_pref("dom.webaudio.enabled", false); -// ------------------------------------- -// Limit font visibility (Windows, Mac, some Linux) [FF79+] -// Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed -// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts -// https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ -// user_pref("layout.css.font-visibility.level", 1); -// ------------------------------------- -// Navigator DOM object overrides -// [WARNING] NO NOT USE: these prefs are insufficient and leak -// user_pref("general.appname.override", ""); // [HIDDEN PREF] -// user_pref("general.appversion.override", ""); // [HIDDEN PREF] -user_pref("general.buildID.override", "20181001000000"); // [HIDDEN PREF] -// user_pref("general.oscpu.override", ""); // [HIDDEN PREF] -// user_pref("general.platform.override", ""); // [HIDDEN PREF] -user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // [HIDDEN PREF] -// -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// PERSONAL +// WELCOME & WHAT'S NEW NOTICES // >>>>>>>>>>>>>>>>>>>>> user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch user_pref("startup.homepage_welcome_url", ""); user_pref("startup.homepage_welcome_url.additional", ""); user_pref("startup.homepage_override_url", ""); // What's New page after updates -// // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// WARNINGS ***/ +// WARNINGS // >>>>>>>>>>>>>>>>>>>>> user_pref("browser.tabs.warnOnClose", false); user_pref("browser.tabs.warnOnCloseOtherTabs", false); @@ -1707,20 +1622,20 @@ user_pref("full-screen-api.warning.timeout", 0); user_pref("browser.warnOnQuit", false); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// APPEARANCE ***/ +// APPEARANCE // >>>>>>>>>>>>>>>>>>>>> // user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// CONTENT BEHAVIOR ***/ +// CONTENT BEHAVIOR // >>>>>>>>>>>>>>>>>>>>> user_pref("accessibility.typeaheadfind", false); // enable "Find As You Type" user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] user_pref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line & single-line // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// UX BEHAVIOR ***/ +// UX BEHAVIOR // >>>>>>>>>>>>>>>>>>>>> // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing // user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+] @@ -1732,16 +1647,16 @@ user_pref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// UX FEATURES: Disable and hide the icons and menus ***/ +// UX FEATURES: Disable and hide the icons and menus // >>>>>>>>>>>>>>>>>>>>> -user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF69+] +user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+] user_pref("messaging-system.rsexperimentloader.enabled", false); user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] user_pref("reader.parse-on-load.enabled", false); // Reader View // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// OTHER ***/ +// OTHER // >>>>>>>>>>>>>>>>>>>>> // user_pref("browser.bookmarks.max_backups", 2); user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] @@ -1751,12 +1666,81 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", // [SETTING] General>Browsing>Recommend features as you browse user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) -user_pref("xpinstall.signatures.devInfoURL", ""); -user_pref("webextensions.storage.sync.serverURL", ""); -user_pref("lightweightThemes.getMoreURL", ""); -user_pref("remote.enabled", false); -user_pref("javascript.options.shared_memory", false); -user_pref("default-browser-agent.enabled", false); +// ------------------------------------- +// Test user.js in about:config +user_pref("_config.applied", true); +// +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// DON'T BOTHER: NON-RFP +// >>>>>>>>>>>>>>>>>>>>> +// Spoof number of CPU cores [FF48+] ***/ +// user_pref("dom.maxHardwareConcurrency", 2); +// ------------------------------------- +// Disable Resource Timing API +// user_pref("dom.enable_resource_timing", false); +// ------------------------------------- +// Disable Navigation Timing API +// user_pref("dom.enable_performance", false); +// ------------------------------------- +// Disable device Sensor APIs +user_pref("device.sensors.enabled", false); +// ------------------------------------- +// Disable remembering site specific zoom +// user_pref("browser.zoom.siteSpecific", false); +// ------------------------------------- +// Disable gamepad API to prevent USB device ID enumeration +// user_pref("dom.gamepad.enabled", false); +// ------------------------------------- +// Disable Network Information API [FF31+] +user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] +// ------------------------------------- +// Disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API +// user_pref("media.webspeech.synth.enabled", false); +// ------------------------------------- +// Disable video statistics to mitigate JS performance fingerprinting [FF25+] +// user_pref("media.video_stats.enabled", false); +// ------------------------------------- +// Disable touch events: 0=disabled, 1=enabled, 2=autodetect [FENNEC BUG] +user_pref("dom.w3c_touch_events.enabled", 1); +// ------------------------------------- +// Disable media device enumeration [FF29+] +user_pref("media.navigator.enabled", false); +// ------------------------------------- +// Disable MediaDevices change detection [FF51+] +// user_pref("media.ondevicechange.enabled", false); +// ------------------------------------- +// Disable WebGL debug info being available to websites +// user_pref("webgl.enable-debug-renderer-info", false); +// ------------------------------------- +// Enforce prefers-reduced-motion as no-preference: 0=no-preference, 1=reduce [FF63+] [RESTART] +// user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] +// ------------------------------------- +// Disable exposure of system colors to CSS or canvas [FF44+] +// user_pref("ui.use_standins_for_native_colors", true); +// ------------------------------------- +// Enforce prefers-color-scheme as light: 0=light, 1=dark [FF67+] +// user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] +// ------------------------------------- +// Disable Web Audio API [FF51+] +user_pref("dom.webaudio.enabled", false); +// ------------------------------------- +// Disable websites choosing fonts (0=block, 1=allow) ***/ +// user_pref("browser.display.use_document_fonts", 0); +// ------------------------------------- +// Limit system font exposure to a whitelist [FF52+] [RESTART] +// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed +// [NOTE] In FF81+ the whitelist overrides RFP and font visibility +// https://bugzilla.mozilla.org/1121643 +// user_pref("font.system.whitelist", ""); // [HIDDEN PREF] +// ------------------------------------- +// Navigator DOM object overrides +// [WHY] These prefs are insufficient and leak +// user_pref("general.appname.override", ""); // [HIDDEN PREF] +// user_pref("general.appversion.override", ""); // [HIDDEN PREF] +user_pref("general.buildID.override", "20181001000000"); // [HIDDEN PREF] +// user_pref("general.oscpu.override", ""); // [HIDDEN PREF] +// user_pref("general.platform.override", ""); // [HIDDEN PREF] +user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // [HIDDEN PREF] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // DEPRECATED / REMOVED / LEGACY / RENAMED @@ -1779,7 +1763,7 @@ user_pref("browser.search.geoSpecificDefaults.url", ""); // ------------------------------------- // FF86 // Disable SSL Error Reporting -// https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html +// https://firefox-source-docs.mozilla.org/main/65.0/browser/base/sslerrorreport/preferences.html // https://bugzilla.mozilla.org/1681839 user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false);