Update 'user.js'

This commit is contained in:
Narsil 2021-08-19 22:23:00 +00:00
parent 76a0471451
commit a409696eee
1 changed files with 32 additions and 59 deletions

91
user.js
View File

@ -85,21 +85,8 @@ user_pref("browser.newtabpage.activity-stream.default.sites", "");
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// GEOLOCATION ***/
// >>>>>>>>>>>>>>>>>>>>>
// Disable Location-Aware Browsing
// [WARNING] The API state is fingerprintable. Permission is already behind a prompt
// https://www.mozilla.org/firefox/geolocation/ ***/
user_pref("geo.enabled", false);
user_pref("browser.search.geoip.url", ""); // [HIDDEN PREF]
// -------------------------------------
// Set a default permission for Location [FF58+]
// 0=always ask (default), 1=allow, 2=block
// [NOTE] Best left at default "always ask", fingerprintable via Permissions API
// [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Your Location
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/
// user_pref("permissions.default.geo", 2);
// -------------------------------------
// Use Mozilla geolocation service instead of Google if geolocation is granted [FF74+]
// Optionally enable logging to the console (defaults to false) ***/
// Use Mozilla geolocation service instead of Google if permission is granted [FF74+]
// Optionally enable logging to the console (defaults to false)
user_pref("geo.provider.network.url", "");
// user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF]
// -------------------------------------
@ -116,10 +103,7 @@ user_pref("browser.region.update.enabled", false); // [[FF79+]
// Set search region
// May not be hidden if Firefox has changed your settings due to your region ***/
user_pref("browser.search.region", "US"); // [HIDDEN PREF]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// LANGUAGE / LOCALE ***/
// >>>>>>>>>>>>>>>>>>>>>
// -------------------------------------
// Set preferred language for displaying web pages
// https://addons.mozilla.org/about ***/
user_pref("intl.accept_languages", "en-US, en");
@ -987,10 +971,10 @@ user_pref("network.http.referer.XOriginPolicy", 2);
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
// -------------------------------------
// Disable spoofing a referer
// [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF
// (Cross-Site Request Forgery) protections that some sites may rely on ***/
// user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
// Enforce no spoofing of referer
// Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery)
// protections that some sites may rely on
user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
// -------------------------------------
// Set the default Referrer Policy [FF59+]
// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
@ -1049,13 +1033,6 @@ user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.getusermedia.browser.enabled", false);
user_pref("media.getusermedia.audiocapture.enabled", false);
// -------------------------------------
// Set a default permission for Camera/Microphone [FF58+]
// 0=always ask (default), 1=allow, 2=block
// [SETTING] to add site exceptions: Ctrl+I>Permissions>Use the Camera/Microphone
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/
user_pref("permissions.default.camera", 2);
user_pref("permissions.default.microphone", 2);
// -------------------------------------
// Disable GMP (Gecko Media Plugins)
// https://wiki.mozilla.org/GeckoMediaPlugins
// user_pref("media.gmp-provider.enabled", false);
@ -1116,13 +1093,6 @@ user_pref("dom.push.enabled", false);
user_pref("dom.push.connection.enabled", false);
user_pref("dom.push.serverURL", "");
user_pref("dom.push.userAgentID", "");
// -------------------------------------
// Set a default permission for Notifications [FF58+]
// 0=always ask (default), 1=allow, 2=block
// [NOTE] Best left at default "always ask", fingerprintable via Permissions API
// [SETTING] to add site exceptions: Ctrl+I>Permissions>Receive Notifications
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/
// user_pref("permissions.default.desktop-notification", 2);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/
@ -1214,17 +1184,6 @@ user_pref("dom.battery.enabled", false);
// https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/
// user_pref("media.media-capabilities.enabled", false);
// -------------------------------------
// Disable virtual reality devices
// [WARNING] The API state is fingerprintable. Permission is already behind a prompt
// https://developer.mozilla.org/docs/Web/API/WebVR_API
user_pref("dom.vr.enabled", false);
// -------------------------------------
// Set a default permission for Virtual Reality [FF73+]
// 0=always ask (default), 1=allow, 2=block
// [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/
// user_pref("permissions.default.xr", 2);
// -------------------------------------
// Disable WebGL (Web Graphics Library)
// [SETUP-WEB] When disabled, may break some websites. When enabled, provides high entropy,
// especially with readPixels(). Some of the other entropy is lessened with RFP
@ -1358,12 +1317,6 @@ user_pref("privacy.window.name.update.enabled", true);
// Disable bypassing 3rd party extension install prompts [FF82+]
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
user_pref("extensions.postDownloadThirdPartyPrompt", false);
// -------------------------------------
// Disable Fullscreen API (requires user interaction)
// [NOTE] You can still toggle fullscreen with F11
// [WARNING] This is fingerprintable and will break embedded video/game FS controls, e.g. youtube
// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
// user_pref("full-screen-api.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DOWNLOADS ***/
@ -1449,11 +1402,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
// [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/
user_pref("network.cookie.lifetimePolicy", 2);
// -------------------------------------
// Disable offline cache (appCache)
// [NOTE] In FF90+ the storage capability has been removed.
// [WARNING] The API state is fingerprintable. Storage capability was removed in FF90+
// user_pref("browser.cache.offline.enable", false);
// -------------------------------------
// Disable service worker cache and cache storage
// [NOTE] We clear service worker cache on exit
// https://w3c.github.io/ServiceWorker/#privacy
@ -1671,6 +1619,31 @@ user_pref("network.manage-offline-status", false); // see bugzilla 620472
user_pref("_config.applied", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DON'T BOTHER
// >>>>>>>>>>>>>>>>>>>>>
// Disable APIs
// Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality
// [WHY] The API state is easily fingerprintable. Geo and VR are behind prompts
// appCache storage capability was removed in FF90. Full screen requires user interaction,
user_pref("geo.enabled", false);
// user_pref("full-screen-api.enabled", false);
// user_pref("browser.cache.offline.enable", false);
user_pref("dom.vr.enabled", false);
// -------------------------------------
// Set default permissions
// Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
// 0=always ask (default), 1=allow, 2=block
// [WHY] These are fingerprintable via Permissions API, except VR. Just add site
// exceptions as block for frequently visited annoying sites: i.e not global
// [SETTING] to add site exceptions: Ctrl+I>Permissions>
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings
user_pref("permissions.default.geo", 2);
user_pref("permissions.default.camera", 2);
user_pref("permissions.default.microphone", 2);
user_pref("permissions.default.desktop-notification", 2);
user_pref("permissions.default.xr", 0); // Virtual Reality
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DON'T BOTHER: NON-RFP
// >>>>>>>>>>>>>>>>>>>>>
// Spoof number of CPU cores [FF48+] ***/