Narsil
/
desktop_user.js
3
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update 'user.js'

This commit is contained in:
Narsil 2021-08-19 09:53:33 +00:00
parent a10f2d466f
commit a17bf56c29
1 changed files with 54 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
user.js
View File

@ -421,7 +421,7 @@ user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
user_pref("extensions.systemAddon.update.url", ""); // [FF44+]
// -------------------------------------
// Disable PingCentre telemetry (used in several System Add-ons) [FF57+]
// Currently blocked by ''datareporting.healthreport.uploadEnabled''
// Defense-in-depth
user_pref("browser.ping-centre.telemetry", false);
// -------------------------------------
// Disable Screenshots
@ -1039,30 +1039,7 @@ user_pref("privacy.userContext.enabled", true);
// user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// PLUGINS ***/
// >>>>>>>>>>>>>>>>>>>>>
// Disable GMP (Gecko Media Plugins)
// https://wiki.mozilla.org/GeckoMediaPlugins ***/
user_pref("media.gmp-provider.enabled", false);
// -------------------------------------
// Disable downloading OpenH264 codec at the first start of Firefox
user_pref("media.gmp-gmpopenh264.enabled", false);
// -------------------------------------
// Disable widevine CDM (Content Decryption Module)
// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
user_pref("media.gmp-widevinecdm.enabled", false);
user_pref("media.gmp-manager.url", "");
user_pref("media.gmp-manager.url.override", "");
// -------------------------------------
// Disable all DRM content (EME: Encryption Media Extension)
// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
// [SETTING] General>DRM Content>Play DRM-controlled content
// [TEST] https://bitmovin.com/demos/drm
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
user_pref("media.eme.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// MEDIA / CAMERA / MIC ***/
// PLUGINS / MEDIA / WEBRTC
// >>>>>>>>>>>>>>>>>>>>>
// Disable WebRTC (Web Real-Time Communication)
// [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not
@ -1092,8 +1069,21 @@ user_pref("media.getusermedia.audiocapture.enabled", false);
user_pref("permissions.default.camera", 2);
user_pref("permissions.default.microphone", 2);
// -------------------------------------
// Disable GMP (Gecko Media Plugins)
// https://wiki.mozilla.org/GeckoMediaPlugins
// user_pref("media.gmp-provider.enabled", false);
// Disable widevine CDM (Content Decryption Module)
// [NOTE] This is covered by the EME master switch
// user_pref("media.gmp-widevinecdm.enabled", false);
// Disable all DRM content (EME: Encryption Media Extension)
// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
// [SETTING] General>DRM Content>Play DRM-controlled content
// [TEST] https://bitmovin.com/demos/drm
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
user_pref("media.eme.enabled", false);
// -------------------------------------
// Disable autoplay of HTML5 media [FF63+]
// 0=Allow all, 1=Block non-muted media (default in FF67+), 2=Prompt (removed in FF66), 5=Block all (FF69+)
// 0=Allow all, 1=Block non-muted media (default), 5=Block all
// [NOTE] You can set exceptions under site permissions
// [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites ***/
// user_pref("media.autoplay.default", 5);
@ -1108,33 +1098,6 @@ user_pref("media.autoplay.blocking_policy", 2);
// user_pref("image.avif.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// WINDOW MEDDLING & LEAKS / POPUPS ***/
// >>>>>>>>>>>>>>>>>>>>>
// Prevent scripts from moving and resizing open windows ***/
user_pref("dom.disable_window_move_resize", true);
// -------------------------------------
// Open links targeting new windows in a new tab instead
// This stops malicious window sizes and some screen resolution leaks
// You can still right-click a link and open in a new window
// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/
user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab
user_pref("browser.link.open_newwindow.restriction", 0);
// -------------------------------------
// Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
// [NOTE] You can still manually toggle the browser's fullscreen state (F11),
// but this pref will disable embedded video/game fullscreen controls, e.g. youtube
// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen ***/
// user_pref("full-screen-api.enabled", false);
// -------------------------------------
// Block popup windows
// [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/
user_pref("dom.disable_open_during_load", true);
// -------------------------------------
// Limit events that can cause a popup [SETUP-WEB]
user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// WEB WORKERS
// >>>>>>>>>>>>>>>>>>>>>
// Disable service workers [FF32, FF44-compat]
@ -1199,6 +1162,17 @@ user_pref("dom.allow_cut_copy", false);
// https://developer.mozilla.org/docs/Web/Events/beforeunload
user_pref("dom.disable_beforeunload", true);
// -------------------------------------
// Prevent scripts from moving and resizing open windows
user_pref("dom.disable_window_move_resize", true);
// Block popup windows
// [SETTING] Privacy & Security>Permissions>Block pop-up windows
user_pref("dom.disable_open_during_load", true);
// Limit events that can cause a popup [SETUP-WEB]
user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
// Enable (limited but sufficient) window.opener protection [FF65+]
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
// -------------------------------------
// Disable shaking the screen ***/
user_pref("dom.vibrator.enabled", false);
// -------------------------------------
@ -1230,10 +1204,6 @@ user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN
// https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
// https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
user_pref("javascript.options.wasm", false);
// -------------------------------------
// Enable (limited but sufficient) window.opener protection [FF65+]
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// HARDWARE FINGERPRINTING ***/
@ -1242,7 +1212,7 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
// Initially a Linux issue (high precision readout) that was fixed.
// However, it is still another metric for fingerprinting, used to raise entropy.
// e.g. do you have a battery or not, current charging status, charge level, times remaining etc
// [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code
// FF52+ Battery Status API is only available in chrome/privileged code
// https://bugzilla.mozilla.org/1313580 ***/
user_pref("dom.battery.enabled", false);
// -------------------------------------
@ -1281,6 +1251,23 @@ user_pref("webgl.enable-webgl2", false);
// -------------------------------------
// Limit WebGL ***/
user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+]
// -------------------------------------
// Enforce no system colors
// [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
// Open links targeting new windows in a new tab instead
// Stops malicious window sizes and some screen resolution leaks.
// You can still right-click a link and open in a new window
// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab
user_pref("browser.link.open_newwindow.restriction", 0);
// Enforce non-native widget theme
// Security: removes/reduces system API calls, e.g. win32k API
// Fingerprinting: provides a uniform look and feel across platforms
// https://bugzilla.mozilla.org/1381938
// https://bugzilla.mozilla.org/1411425
user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// MISCELLANEOUS ***/
@ -1372,10 +1359,6 @@ user_pref("pdfjs.enableScripting", false); // [FF86+]
// Disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/
user_pref("network.protocol-handler.external.ms-windows-store", false);
// -------------------------------------
// Enforce no system colors; they can be fingerprinted
// [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
// -------------------------------------
// Disable permissions delegation [FF73+]
// Currently applies to cross-origin geolocation, camera, mic and screen-sharing
// permissions, and fullscreen requests. Disabling delegation means any prompts
@ -1393,12 +1376,11 @@ user_pref("privacy.window.name.update.enabled", true);
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
user_pref("extensions.postDownloadThirdPartyPrompt", false);
// -------------------------------------
// Enforce non-native widget theme
// * Security: removes/reduces system API calls, e.g. win32k API
// * Fingerprinting: provides a uniform look and feel across platforms
// * https://bugzilla.mozilla.org/1381938
// * https://bugzilla.mozilla.org/1411425 ***/
user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+]
// Disable Fullscreen API (requires user interaction)
// [NOTE] You can still toggle fullscreen with F11
// [WARNING] This is fingerprintable and will break embedded video/game FS controls, e.g. youtube
// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
// user_pref("full-screen-api.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DOWNLOADS ***/
@ -1484,10 +1466,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
// [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/
user_pref("network.cookie.lifetimePolicy", 2);
// -------------------------------------
// Disable DOM (Document Object Model) Storage
// [WARNING] This will break a LOT of sites and extensions!
// user_pref("dom.storage.enabled", false);
// -------------------------------------
// Disable offline cache (appCache)
// [NOTE] In FF90+ the storage capability has been removed.
// [WARNING] The API is easily fingerprinted, do not disable ***/
@ -1512,7 +1490,7 @@ user_pref("network.cookie.lifetimePolicy", 2);
// user_pref("dom.storage_access.enabled", false);
// -------------------------------------
// Enable Local Storage Next Generation (LSNG) [FF65+] ***/
user_pref("dom.storage.next_gen", true);
user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// SHUTDOWN
@ -1523,7 +1501,8 @@ user_pref("privacy.sanitize.sanitizeOnShutdown", true);
// -------------------------------------
// Set what items to clear on shutdown [SETUP-CHROME]
// [NOTE] If "history" is true, downloads will also be cleared
// [NOTE] Active Logins does not refer to logins via cookies, but rather HTTP Basic Authentication
// [NOTE] Active Logins: does not refer to logins via cookies, but rather HTTP Basic Authentication
// [NOTE] Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings ***/
// https://en.wikipedia.org/wiki/Basic_access_authentication
user_pref("privacy.clearOnShutdown.cache", true);
@ -1596,7 +1575,7 @@ user_pref("privacy.partition.network_state", true);
// RFP (RESIST FINGERPRINTING)
// >>>>>>>>>>>>>>>>>>>>>
// Enable privacy.resistFingerprinting [FF41+]
// [SETUP-WEB] RFP can some cause website breakage: mainly canvas, use a site exception via the urlbar
// [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar
// RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
user_pref("privacy.resistFingerprinting", true);
// -------------------------------------