From 8863c77b89105bc3523fcbca8f394ef5b7dee137 Mon Sep 17 00:00:00 2001 From: Narsil Date: Sat, 12 Dec 2020 07:03:32 -0500 Subject: [PATCH] Update 'user.js' --- user.js | 130 +++++++++++++++++++++++++++----------------------------- 1 file changed, 63 insertions(+), 67 deletions(-) diff --git a/user.js b/user.js index 5ac4430..88c70df 100644 --- a/user.js +++ b/user.js @@ -79,7 +79,7 @@ user_pref("browser.newtabpage.activity-stream.default.sites", ""); // https://wiki.mozilla.org/Private_Browsing // https://spreadprivacy.com/is-private-browsing-really-private/ ***/ // user_pref("browser.privatebrowsing.autostart", true); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // GEOLOCATION ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable Location-Aware Browsing @@ -112,7 +112,7 @@ user_pref("browser.region.update.enabled", false); // [[FF79+] // Set search region // May not be hidden if Firefox has changed your settings due to your region ***/ user_pref("browser.search.region", "US"); // [HIDDEN PREF] -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // LANGUAGE / LOCALE ***/ // >>>>>>>>>>>>>>>>>>>>> // Set preferred language for displaying web pages @@ -123,7 +123,7 @@ user_pref("intl.accept_languages", "en-US, en"); // [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages // https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // QUIET FOX // >>>>>>>>>>>>>>>>>>>>> // Disable auto-CHECKING for extension and theme updates ***/ @@ -292,7 +292,7 @@ user_pref("app.support.baseURL", ""); // Disable report browser errors to Mozilla // https://bugzilla.mozilla.org/show_bug.cgi?id=1426482 user_pref("browser.chrome.errorReporter.infoURL", ""); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // SAFE BROWSING (SB) // >>>>>>>>>>>>>>>>>>>>> // Disable SB (Safe Browsing) @@ -343,7 +343,7 @@ user_pref("browser.safebrowsing.provider.google4.advisoryURL", ""); user_pref("browser.safebrowsing.blockedURIs.enabled", false); user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // SYSTEM ADD-ONS / EXPERIMENTS // >>>>>>>>>>>>>>>>>>>>> // Disable Normandy/Shield [FF60+] @@ -381,7 +381,7 @@ user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] // Disable Web Compatibility Reporter [FF56+] // Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/ user_pref("extensions.webcompat-reporter.enabled", false); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable link prefetching @@ -405,7 +405,7 @@ user_pref("network.http.speculative-parallel-limit", 0); // https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ user_pref("browser.send_pings", false); // [DEFAULT: false] user_pref("browser.send_pings.require_same_host", true); // defense-in-depth -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable IPv6 @@ -476,13 +476,8 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] // See for details: https://support.mozilla.org/en-US/kb/firefox-dns-over-https user_pref("network.trr.mode", 0); user_pref("network.trr.uri", ""); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS -// Change items to suit for privacy vs convenience and functionality. Consider -// your environment (no unwanted eyeballs), your device (restricted access), your device's -// unattended state (locked, encrypted, forensic hardened). -// [NOTE] The urlbar is also commonly referred to as the location bar and address bar -// #Required reading [#] https://xkcd.com/538/ // >>>>>>>>>>>>>>>>>>>>> // Disable location bar using search // Don't leak URL typos to a search engine, give an error message instead. @@ -563,7 +558,7 @@ user_pref("browser.taskbar.lists.tasks.enabled", false); // ------------------------------------- // Disable Windows taskbar preview [WINDOWS] ***/ user_pref("browser.taskbar.previews.enable", false); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // PASSWORDS ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable saving passwords and password alerts. @@ -602,7 +597,7 @@ user_pref("signon.formlessCapture.enabled", false); // 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs // 2=allow sub-resources to open HTTP authentication credentials dialogs (default) user_pref("network.auth.subresource-http-auth-allow", 1); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // CACHE ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable disk cache @@ -626,7 +621,7 @@ user_pref("browser.cache.disk.enable", false); // [SETUP-WEB] ESR78: playback might break on subsequent loading ***/ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] user_pref("media.memory_cache_max_size", 65536); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // SESSIONS & SESSION RESTORE ***/ // >>>>>>>>>>>>>>>>>>>>> // Exclude "Undo Closed Tabs" in Session Restore ***/ @@ -653,7 +648,7 @@ user_pref("browser.sessionstore.interval", 30000); // Disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] // https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // FAVICONS ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable favicons in shortcuts @@ -671,7 +666,7 @@ user_pref("browser.chrome.site_icons", false); // ------------------------------------- // Disable favicons in web notifications ***/ user_pref("alerts.showFavicons", false); // [DEFAULT: false] -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ // >>>>>>>>>>>>>>>>>>>>> // Require safe negotiation @@ -715,7 +710,7 @@ user_pref("security.ssl.errorReporting.url", ""); // https://github.com/tlswg/tls13-spec/issues/1001 // https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/ user_pref("security.tls.enable_0rtt_data", false); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // OCSP (Online Certificate Status Protocol) // >>>>>>>>>>>>>>>>>>>>> // Enable OCSP Stapling @@ -738,7 +733,7 @@ user_pref("security.OCSP.enabled", 0); // https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ // https://www.imperialviolet.org/2014/04/19/revchecking.html ***/ user_pref("security.OCSP.require", false); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // CERTS / HPKP (HTTP Public Key Pinning) ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable or limit SHA-1 certificates @@ -771,7 +766,7 @@ user_pref("security.family_safety.mode", 0); // by inspecting ALL your web traffic, then leave at current default=1 // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ user_pref("security.cert_pinning.enforcement_level", 2); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // MIXED CONTENT ***/ // >>>>>>>>>>>>>>>>>>>>> // Enforce no insecure active content on https pages @@ -804,7 +799,7 @@ user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] // This is done to avoid waiting for a timeout which takes 90 seconds // https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/ user_pref("dom.security.https_only_mode_send_http_background_request", false); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // CIPHERS [WARNING: do not meddle with your cipher suite] // >>>>>>>>>>>>>>>>>>>>> // Disable 3DES (effective key size < 128 and no PFS) @@ -820,7 +815,7 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // UI (User Interface) ***/ // >>>>>>>>>>>>>>>>>>>>> // Display warning on the padlock for "broken security" @@ -845,7 +840,7 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true); // Display "insecure" icon and "Not Secure" text on HTTP sites ***/ // user_pref("security.insecure_connection_icon.enabled", true); // [FF59+] [DEFAULT: true] user_pref("security.insecure_connection_text.enabled", true); // [FF60+] -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // FONTS ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable websites choosing fonts (0=block, 1=allow) @@ -875,32 +870,32 @@ user_pref("gfx.font_rendering.graphite.enabled", false); // [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis // https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // HEADERS / REFERERS // >>>>>>>>>>>>>>>>>>>>> -// ALL: control when images/links send a referer +// Control when images/links send a referer // 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ // user_pref("network.http.sendRefererHeader", 2); // [DEFAULT: 2] // ------------------------------------- -// ALL: control the amount of information to send +// Control the amount of information to send // 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.trimmingPolicy", 2); // [DEFAULT: 0] // ------------------------------------- -// CROSS ORIGIN: control when to send a referer +// Control when to send a referer // 0=always (default), 1=only if base domains match, 2=only if hosts match // [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud ***/ user_pref("network.http.referer.XOriginPolicy", 2); // ------------------------------------- -// CROSS ORIGIN: control the amount of information to send [FF52+] +// Control the amount of information to send [FF52+] // 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); // [DEFAULT: 0] // ------------------------------------- -// ALL: disable spoofing a referer +// Disable spoofing a referer // [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF // (Cross-Site Request Forgery) protections that some sites may rely on ***/ // user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] // ------------------------------------- -// ALL: set the default Referrer Policy [FF59+] +// Set the default Referrer Policy [FF59+] // 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade // [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy // https://www.w3.org/TR/referrer-policy/ @@ -909,17 +904,17 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); // [DEFAULT: 0] // user_pref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3] // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] // ------------------------------------- -// TOR: hide (not spoof) referrer when leaving a .onion domain [FF54+] +// Hide (not spoof) referrer when leaving a .onion domain [FF54+] // [NOTE] Firefox cannot access .onion sites by default. We recommend you use // the Tor Browser which is specifically designed for hidden services // https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); // ------------------------------------- -// ALL: enable the DNT (Do Not Track) HTTP header +// Enable the DNT (Do Not Track) HTTP header // [NOTE] DNT is enforced with Enhanced Tracking Protection regardless of this pref // [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/ user_pref("privacy.donottrackheader.enabled", false); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // CONTAINERS // >>>>>>>>>>>>>>>>>>>>> // Enable Container Tabs setting in preferences [FF50+] @@ -934,7 +929,7 @@ user_pref("privacy.userContext.enabled", true); // [NOTE] The menu is always shown on long press and right click // [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/ // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // PLUGINS ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable Flash plugin @@ -959,7 +954,7 @@ user_pref("media.gmp-manager.url.override", ""); // [SETTING] General>DRM Content>Play DRM-controlled content // https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // MEDIA / CAMERA / MIC ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable WebRTC (Web Real-Time Communication) @@ -1017,7 +1012,7 @@ user_pref("permissions.default.microphone", 2); // [NOTE] If you have trouble with some video sites, then add an exception // https://support.mozilla.org/questions/1293231 ***/ user_pref("media.autoplay.blocking_policy", 2); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // WINDOW MEDDLING & LEAKS / POPUPS ***/ // >>>>>>>>>>>>>>>>>>>>> // Prevent scripts from moving and resizing open windows ***/ @@ -1044,7 +1039,7 @@ user_pref("dom.disable_open_during_load", true); // Limit events that can cause a popup [SETUP-WEB] // default is "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend contextmenu" ***/ user_pref("dom.popup_allowed_events", "click dblclick"); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // WEB WORKERS // >>>>>>>>>>>>>>>>>>>>> // Disable service workers [FF32, FF44-compat] @@ -1084,7 +1079,7 @@ user_pref("dom.push.userAgentID", ""); // [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications // [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ // user_pref("permissions.default.desktop-notification", 2); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable website control over browser right-click context menu @@ -1144,7 +1139,7 @@ user_pref("javascript.options.wasm", false); // Enable (limited but sufficient) window.opener protection [FF65+] // Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+] -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // HARDWARE FINGERPRINTING ***/ // >>>>>>>>>>>>>>>>>>>>> // Disable Battery Status API @@ -1189,7 +1184,7 @@ user_pref("dom.webaudio.enabled", false); // [SETTING] to add site exceptions: Page Info>Permissions>Access Virtual Reality Devices // [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/ // user_pref("permissions.default.xr", 0); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // MISCELLANEOUS ***/ // >>>>>>>>>>>>>>>>>>>>> // Prevent accessibility services from accessing your browser [RESTART] @@ -1201,7 +1196,7 @@ user_pref("accessibility.force_disabled", 1); // https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ user_pref("beacon.enabled", false); // ------------------------------------- -// Rremove temp files opened with an external application +// Remove temp files opened with an external application // https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); // ------------------------------------- @@ -1289,11 +1284,12 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] // for these will show/use their correct 3rd party origin // https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion */ user_pref("permissions.delegation.enabled", false); +// ------------------------------------- // Enable "window.name" protection [FF82+] // If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original // string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/ user_pref("privacy.window.name.update.enabled", true); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // DOWNLOADS ***/ // >>>>>>>>>>>>>>>>>>>>> // Discourage downloading to desktop @@ -1312,13 +1308,13 @@ user_pref("browser.download.manager.addToRecentDocs", false); // Disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ user_pref("browser.download.hide_plugins_without_extensions", false); // ------------------------------------- -// 2654: disable "open with" in download dialog [FF50+] [SETUP-HARDEN] +// Disable "open with" in download dialog [FF50+] [SETUP-HARDEN] // This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) // in such a way that it is forbidden to run external applications. // [WARNING] This may interfere with some users' workflow or methods // https://bugzilla.mozilla.org/1281959 ***/ // user_pref("browser.download.forbid_open_with", true); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // EXTENSIONS ***/ // >>>>>>>>>>>>>>>>>>>>> // Lock down allowed extension directories @@ -1332,7 +1328,7 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] // Disable webextension restrictions on certain mozilla domains [FF60+] // https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ // user_pref("extensions.webextensions.restrictedDomains", ""); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // SECURITY ***/ // >>>>>>>>>>>>>>>>>>>>> // Enforce CSP (Content Security Policy) @@ -1343,7 +1339,7 @@ user_pref("security.csp.enable", true); // [DEFAULT: true] // Enforce a security delay on some confirmation dialogs such as install, open/save // https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 700); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // PERSISTENT STORAGE // >>>>>>>>>>>>>>>>>>>>> // Disable 3rd-party cookies and site-data [SETUP-WEB] @@ -1398,7 +1394,7 @@ user_pref("browser.cache.offline.storage.enable", false); // [FF71+] [DEFAULT: f // ------------------------------------- // Enable Local Storage Next Generation (LSNG) [FF65+] ***/ user_pref("dom.storage.next_gen", true); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // SHUTDOWN // >>>>>>>>>>>>>>>>>>>>> // Enable Firefox to clear items on shutdown @@ -1449,7 +1445,7 @@ user_pref("privacy.cpd.siteSettings", false); // Site Preferences // [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a // blank value if they are used, but they do work as advertised ***/ user_pref("privacy.sanitize.timeSpan", 0); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // FPI (FIRST PARTY ISOLATION) // >>>>>>>>>>>>>>>>>>>>> // Enable First Party Isolation [FF51+] @@ -1467,6 +1463,7 @@ user_pref("privacy.firstparty.isolate", true); // https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] // user_pref("privacy.firstparty.isolate.block_post_message", true); +// ------------------------------------- // Enable scheme with FPI [FF78+] // [NOTE] Experimental: existing data and site permissions are incompatible // and some site exceptions may not work e.g. HTTPS-only mode ***/ @@ -1475,7 +1472,7 @@ user_pref("privacy.firstparty.isolate", true); // Enable site partitioning (FF78+) // https://bugzilla.mozilla.org/1590107 [META] */ user_pref("privacy.partition.network_state", true); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // RFP (RESIST FINGERPRINTING) // >>>>>>>>>>>>>>>>>>>>> // Enable privacy.resistFingerprinting [FF41+] @@ -1516,7 +1513,7 @@ user_pref("browser.startup.blankWindow", false); // Disable chrome animations [FF77+] [RESTART] // [NOTE] pref added in FF63, but applied to chrome in FF77. RFP spoofs this for web content ***/ user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // RFP ALTERNATIVES // >>>>>>>>>>>>>>>>>>>>> // Spoof (or limit?) number of CPU cores [FF48+] @@ -1536,9 +1533,9 @@ user_pref("dom.enable_performance", false); // ------------------------------------- // Disable device sensor API // Optional protection depending on your device -// [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758 -// [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ -// [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751 +// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758 +// https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ +// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751 user_pref("device.sensors.enabled", false); // ------------------------------------- // Disable site specific zoom @@ -1612,7 +1609,7 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] // [NOTE] Bundled fonts are auto-allowed // https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc user_pref("layout.css.font-visibility.level", 1); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // RFP ALTERNATIVES (NAVIGATOR / USER AGENT SPOOFING) // >>>>>>>>>>>>>>>>>>>>> // Navigator DOM object overrides @@ -1623,14 +1620,14 @@ user_pref("layout.css.font-visibility.level", 1); // user_pref("general.oscpu.override", ""); // [HIDDEN PREF] // user_pref("general.platform.override", ""); // [HIDDEN PREF] // user_pref("general.useragent.override", ""); // [HIDDEN PREF] -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // PERSONAL // >>>>>>>>>>>>>>>>>>>>> user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch user_pref("startup.homepage_welcome_url", ""); user_pref("startup.homepage_welcome_url.additional", ""); user_pref("startup.homepage_override_url", ""); // What's New page after updates -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // WARNINGS ***/ // >>>>>>>>>>>>>>>>>>>>> user_pref("browser.tabs.warnOnClose", false); @@ -1639,18 +1636,18 @@ user_pref("browser.tabs.warnOnOpen", false); user_pref("full-screen-api.warning.delay", 0); user_pref("full-screen-api.warning.timeout", 0); user_pref("browser.warnOnQuit", false); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // APPEARANCE ***/ // >>>>>>>>>>>>>>>>>>>>> // user_pref("browser.download.autohideButton", false); // [FF57+] // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // CONTENT BEHAVIOR ***/ // >>>>>>>>>>>>>>>>>>>>> user_pref("accessibility.typeaheadfind", false); // enable "Find As You Type" user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] user_pref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line & single-line -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // UX BEHAVIOR ***/ // >>>>>>>>>>>>>>>>>>>>> // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing @@ -1660,7 +1657,7 @@ user_pref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux] // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under] -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // UX FEATURES: Disable and hide the icons and menus ***/ // >>>>>>>>>>>>>>>>>>>>> user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF69+] @@ -1668,7 +1665,7 @@ user_pref("messaging-system.rsexperimentloader.enabled", false); user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] user_pref("reader.parse-on-load.enabled", false); // Reader View -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // OTHER ***/ // >>>>>>>>>>>>>>>>>>>>> // user_pref("browser.bookmarks.max_backups", 2); @@ -1679,24 +1676,23 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", // [SETTING] General>Browsing>Recommend features as you browse user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // DEPRECATED / REMOVED / LEGACY / RENAMED // >>>>>>>>>>>>>>>>>>>>> -// ESR78.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them // FF79 -// 0212: enforce fallback text encoding to match en-US +// Enforce fallback text encoding to match en-US // When the content or server doesn't declare a charset the browser will // fallback to the "Current locale" based on your application language // [TEST] https://hsivonen.com/test/moz/check-charset.htm // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 // https://bugzilla.mozilla.org/1603712 user_pref("intl.charset.fallback.override", "windows-1252"); +// ------------------------------------- // FF82 // Disable geographically specific results/search engines e.g. "browser.search.*.US" // i.e. ignore all of Mozilla's various search engines in multiple locales // https://bugzilla.mozilla.org/1619926 user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); -// >>>>>>>>>>>>>>>>>>>>> +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // \ No newline at end of file