Update 'user.js'

This commit is contained in:
Narsil 2021-08-19 09:53:33 +00:00
parent a10f2d466f
commit a17bf56c29
1 changed files with 54 additions and 75 deletions

129
user.js
View File

@ -421,7 +421,7 @@ user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
user_pref("extensions.systemAddon.update.url", ""); // [FF44+] user_pref("extensions.systemAddon.update.url", ""); // [FF44+]
// ------------------------------------- // -------------------------------------
// Disable PingCentre telemetry (used in several System Add-ons) [FF57+] // Disable PingCentre telemetry (used in several System Add-ons) [FF57+]
// Currently blocked by ''datareporting.healthreport.uploadEnabled'' // Defense-in-depth
user_pref("browser.ping-centre.telemetry", false); user_pref("browser.ping-centre.telemetry", false);
// ------------------------------------- // -------------------------------------
// Disable Screenshots // Disable Screenshots
@ -1039,30 +1039,7 @@ user_pref("privacy.userContext.enabled", true);
// user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// PLUGINS ***/ // PLUGINS / MEDIA / WEBRTC
// >>>>>>>>>>>>>>>>>>>>>
// Disable GMP (Gecko Media Plugins)
// https://wiki.mozilla.org/GeckoMediaPlugins ***/
user_pref("media.gmp-provider.enabled", false);
// -------------------------------------
// Disable downloading OpenH264 codec at the first start of Firefox
user_pref("media.gmp-gmpopenh264.enabled", false);
// -------------------------------------
// Disable widevine CDM (Content Decryption Module)
// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
user_pref("media.gmp-widevinecdm.enabled", false);
user_pref("media.gmp-manager.url", "");
user_pref("media.gmp-manager.url.override", "");
// -------------------------------------
// Disable all DRM content (EME: Encryption Media Extension)
// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
// [SETTING] General>DRM Content>Play DRM-controlled content
// [TEST] https://bitmovin.com/demos/drm
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
user_pref("media.eme.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// MEDIA / CAMERA / MIC ***/
// >>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>
// Disable WebRTC (Web Real-Time Communication) // Disable WebRTC (Web Real-Time Communication)
// [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not // [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not
@ -1092,8 +1069,21 @@ user_pref("media.getusermedia.audiocapture.enabled", false);
user_pref("permissions.default.camera", 2); user_pref("permissions.default.camera", 2);
user_pref("permissions.default.microphone", 2); user_pref("permissions.default.microphone", 2);
// ------------------------------------- // -------------------------------------
// Disable GMP (Gecko Media Plugins)
// https://wiki.mozilla.org/GeckoMediaPlugins
// user_pref("media.gmp-provider.enabled", false);
// Disable widevine CDM (Content Decryption Module)
// [NOTE] This is covered by the EME master switch
// user_pref("media.gmp-widevinecdm.enabled", false);
// Disable all DRM content (EME: Encryption Media Extension)
// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
// [SETTING] General>DRM Content>Play DRM-controlled content
// [TEST] https://bitmovin.com/demos/drm
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
user_pref("media.eme.enabled", false);
// -------------------------------------
// Disable autoplay of HTML5 media [FF63+] // Disable autoplay of HTML5 media [FF63+]
// 0=Allow all, 1=Block non-muted media (default in FF67+), 2=Prompt (removed in FF66), 5=Block all (FF69+) // 0=Allow all, 1=Block non-muted media (default), 5=Block all
// [NOTE] You can set exceptions under site permissions // [NOTE] You can set exceptions under site permissions
// [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites ***/ // [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites ***/
// user_pref("media.autoplay.default", 5); // user_pref("media.autoplay.default", 5);
@ -1108,33 +1098,6 @@ user_pref("media.autoplay.blocking_policy", 2);
// user_pref("image.avif.enabled", false); // user_pref("image.avif.enabled", false);
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// WINDOW MEDDLING & LEAKS / POPUPS ***/
// >>>>>>>>>>>>>>>>>>>>>
// Prevent scripts from moving and resizing open windows ***/
user_pref("dom.disable_window_move_resize", true);
// -------------------------------------
// Open links targeting new windows in a new tab instead
// This stops malicious window sizes and some screen resolution leaks
// You can still right-click a link and open in a new window
// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/
user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab
user_pref("browser.link.open_newwindow.restriction", 0);
// -------------------------------------
// Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
// [NOTE] You can still manually toggle the browser's fullscreen state (F11),
// but this pref will disable embedded video/game fullscreen controls, e.g. youtube
// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen ***/
// user_pref("full-screen-api.enabled", false);
// -------------------------------------
// Block popup windows
// [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/
user_pref("dom.disable_open_during_load", true);
// -------------------------------------
// Limit events that can cause a popup [SETUP-WEB]
user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// WEB WORKERS // WEB WORKERS
// >>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>
// Disable service workers [FF32, FF44-compat] // Disable service workers [FF32, FF44-compat]
@ -1199,6 +1162,17 @@ user_pref("dom.allow_cut_copy", false);
// https://developer.mozilla.org/docs/Web/Events/beforeunload // https://developer.mozilla.org/docs/Web/Events/beforeunload
user_pref("dom.disable_beforeunload", true); user_pref("dom.disable_beforeunload", true);
// ------------------------------------- // -------------------------------------
// Prevent scripts from moving and resizing open windows
user_pref("dom.disable_window_move_resize", true);
// Block popup windows
// [SETTING] Privacy & Security>Permissions>Block pop-up windows
user_pref("dom.disable_open_during_load", true);
// Limit events that can cause a popup [SETUP-WEB]
user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
// Enable (limited but sufficient) window.opener protection [FF65+]
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
// -------------------------------------
// Disable shaking the screen ***/ // Disable shaking the screen ***/
user_pref("dom.vibrator.enabled", false); user_pref("dom.vibrator.enabled", false);
// ------------------------------------- // -------------------------------------
@ -1230,10 +1204,6 @@ user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN
// https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly // https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
// https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ // https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
user_pref("javascript.options.wasm", false); user_pref("javascript.options.wasm", false);
// -------------------------------------
// Enable (limited but sufficient) window.opener protection [FF65+]
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// HARDWARE FINGERPRINTING ***/ // HARDWARE FINGERPRINTING ***/
@ -1242,7 +1212,7 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
// Initially a Linux issue (high precision readout) that was fixed. // Initially a Linux issue (high precision readout) that was fixed.
// However, it is still another metric for fingerprinting, used to raise entropy. // However, it is still another metric for fingerprinting, used to raise entropy.
// e.g. do you have a battery or not, current charging status, charge level, times remaining etc // e.g. do you have a battery or not, current charging status, charge level, times remaining etc
// [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code // FF52+ Battery Status API is only available in chrome/privileged code
// https://bugzilla.mozilla.org/1313580 ***/ // https://bugzilla.mozilla.org/1313580 ***/
user_pref("dom.battery.enabled", false); user_pref("dom.battery.enabled", false);
// ------------------------------------- // -------------------------------------
@ -1281,6 +1251,23 @@ user_pref("webgl.enable-webgl2", false);
// ------------------------------------- // -------------------------------------
// Limit WebGL ***/ // Limit WebGL ***/
user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+]
// -------------------------------------
// Enforce no system colors
// [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
// Open links targeting new windows in a new tab instead
// Stops malicious window sizes and some screen resolution leaks.
// You can still right-click a link and open in a new window
// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab
user_pref("browser.link.open_newwindow.restriction", 0);
// Enforce non-native widget theme
// Security: removes/reduces system API calls, e.g. win32k API
// Fingerprinting: provides a uniform look and feel across platforms
// https://bugzilla.mozilla.org/1381938
// https://bugzilla.mozilla.org/1411425
user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// MISCELLANEOUS ***/ // MISCELLANEOUS ***/
@ -1372,10 +1359,6 @@ user_pref("pdfjs.enableScripting", false); // [FF86+]
// Disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/ // Disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/
user_pref("network.protocol-handler.external.ms-windows-store", false); user_pref("network.protocol-handler.external.ms-windows-store", false);
// ------------------------------------- // -------------------------------------
// Enforce no system colors; they can be fingerprinted
// [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
// -------------------------------------
// Disable permissions delegation [FF73+] // Disable permissions delegation [FF73+]
// Currently applies to cross-origin geolocation, camera, mic and screen-sharing // Currently applies to cross-origin geolocation, camera, mic and screen-sharing
// permissions, and fullscreen requests. Disabling delegation means any prompts // permissions, and fullscreen requests. Disabling delegation means any prompts
@ -1393,12 +1376,11 @@ user_pref("privacy.window.name.update.enabled", true);
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ // https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
user_pref("extensions.postDownloadThirdPartyPrompt", false); user_pref("extensions.postDownloadThirdPartyPrompt", false);
// ------------------------------------- // -------------------------------------
// Enforce non-native widget theme // Disable Fullscreen API (requires user interaction)
// * Security: removes/reduces system API calls, e.g. win32k API // [NOTE] You can still toggle fullscreen with F11
// * Fingerprinting: provides a uniform look and feel across platforms // [WARNING] This is fingerprintable and will break embedded video/game FS controls, e.g. youtube
// * https://bugzilla.mozilla.org/1381938 // [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
// * https://bugzilla.mozilla.org/1411425 ***/ // user_pref("full-screen-api.enabled", false);
user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DOWNLOADS ***/ // DOWNLOADS ***/
@ -1484,10 +1466,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
// [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/ // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/
user_pref("network.cookie.lifetimePolicy", 2); user_pref("network.cookie.lifetimePolicy", 2);
// ------------------------------------- // -------------------------------------
// Disable DOM (Document Object Model) Storage
// [WARNING] This will break a LOT of sites and extensions!
// user_pref("dom.storage.enabled", false);
// -------------------------------------
// Disable offline cache (appCache) // Disable offline cache (appCache)
// [NOTE] In FF90+ the storage capability has been removed. // [NOTE] In FF90+ the storage capability has been removed.
// [WARNING] The API is easily fingerprinted, do not disable ***/ // [WARNING] The API is easily fingerprinted, do not disable ***/
@ -1512,7 +1490,7 @@ user_pref("network.cookie.lifetimePolicy", 2);
// user_pref("dom.storage_access.enabled", false); // user_pref("dom.storage_access.enabled", false);
// ------------------------------------- // -------------------------------------
// Enable Local Storage Next Generation (LSNG) [FF65+] ***/ // Enable Local Storage Next Generation (LSNG) [FF65+] ***/
user_pref("dom.storage.next_gen", true); user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// SHUTDOWN // SHUTDOWN
@ -1523,7 +1501,8 @@ user_pref("privacy.sanitize.sanitizeOnShutdown", true);
// ------------------------------------- // -------------------------------------
// Set what items to clear on shutdown [SETUP-CHROME] // Set what items to clear on shutdown [SETUP-CHROME]
// [NOTE] If "history" is true, downloads will also be cleared // [NOTE] If "history" is true, downloads will also be cleared
// [NOTE] Active Logins does not refer to logins via cookies, but rather HTTP Basic Authentication // [NOTE] Active Logins: does not refer to logins via cookies, but rather HTTP Basic Authentication
// [NOTE] Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings ***/ // [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings ***/
// https://en.wikipedia.org/wiki/Basic_access_authentication // https://en.wikipedia.org/wiki/Basic_access_authentication
user_pref("privacy.clearOnShutdown.cache", true); user_pref("privacy.clearOnShutdown.cache", true);
@ -1596,7 +1575,7 @@ user_pref("privacy.partition.network_state", true);
// RFP (RESIST FINGERPRINTING) // RFP (RESIST FINGERPRINTING)
// >>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>
// Enable privacy.resistFingerprinting [FF41+] // Enable privacy.resistFingerprinting [FF41+]
// [SETUP-WEB] RFP can some cause website breakage: mainly canvas, use a site exception via the urlbar // [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar
// RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme // RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
user_pref("privacy.resistFingerprinting", true); user_pref("privacy.resistFingerprinting", true);
// ------------------------------------- // -------------------------------------