Update 'user.js'

This commit is contained in:
Narsil 2021-08-19 10:01:45 +00:00
parent a17bf56c29
commit cd2a690268
1 changed files with 19 additions and 23 deletions

42
user.js
View File

@ -49,7 +49,8 @@ user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.newtabpage.enabled", false);
user_pref("browser.newtab.preload", false);
// -------------------------------------
// Disable Activity Stream telemetry ***/
// Disable some Activity Stream items
// Activity Stream is the default homepage/newtab based on metadata and browsing behavior
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.newtabpage.activity-stream.showSearch", false);
@ -80,8 +81,8 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); //
user_pref("browser.newtabpage.activity-stream.default.sites", "");
// -------------------------------------
// Start Firefox in PB (Private Browsing) mode
// https://wiki.mozilla.org/Private_Browsing
// https://spreadprivacy.com/is-private-browsing-really-private/ ***/
// https://wiki.mozilla.org/Private_Browsing
// https://spreadprivacy.com/is-private-browsing-really-private/ ***/
// user_pref("browser.privatebrowsing.autostart", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@ -247,7 +248,6 @@ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAU
// -------------------------------------
// Disable Captive Portal detection
// https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
// https://wiki.mozilla.org/Necko/CaptivePortal ***/
user_pref("captivedetect.canonicalURL", "");
user_pref("network.captive-portal-service.enabled", false); // [FF52+]
// -------------------------------------
@ -409,8 +409,7 @@ user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");
// >>>>>>>>>>>>>>>>>>>>>
// Disable Normandy/Shield [FF60+]
// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
// https://wiki.mozilla.org/Firefox/Shield
// https://github.com/mozilla/normandy ***/
// https://mozilla.github.io/normandy/
user_pref("app.normandy.enabled", false);
user_pref("app.normandy.api_url", "");
user_pref("app.normandy.shieldLearnMoreUrl", "");
@ -821,14 +820,12 @@ user_pref("security.OCSP.require", false);
// CERTS / HPKP (HTTP Public Key Pinning) ***/
// >>>>>>>>>>>>>>>>>>>>>
// Disable or limit SHA-1 certificates
// 0=all SHA1 certs are allowed
// 1=all SHA1 certs are blocked
// 2=deprecated option that now maps to 1
// 3=only allowed for locally-added roots (e.g. anti-virus)
// 4=only allowed for locally-added roots or for certs in 2015 and earlier
// [SETUP-CHROME] When disabled, some man-in-the-middle devices, e.g. security scanners and
// antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete
// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/
// 0 = allow all
// 1 = block all
// 3 = only allow locally-added roots (e.g. anti-virus) (default)
// 4 = only allow locally-added roots or for certs in 2015 and earlier
// [SETUP-CHROME] If you have problems, update your software: SHA-1 is obsolete
// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
user_pref("security.pki.sha1_enforcement_level", 1);
// -------------------------------------
// Disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
@ -1216,8 +1213,8 @@ user_pref("javascript.options.wasm", false);
// https://bugzilla.mozilla.org/1313580 ***/
user_pref("dom.battery.enabled", false);
// -------------------------------------
// Disable hardware acceleration to reduce graphics fingerprinting [SETUP-HARDEN]
// [WARNING] Affects text rendering (fonts will look different), impacts video performance,
// Disable hardware acceleration [SETUP-HARDEN]
// WARNING] Affects rendering and performance
// and parts of Quantum that utilize the GPU will also be affected as they are rolled out
// [SETTING] General>Performance>Custom>Use hardware acceleration when available
// https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/
@ -1225,15 +1222,15 @@ user_pref("dom.battery.enabled", false);
// user_pref("layers.acceleration.disabled", true);
// -------------------------------------
// Disable Media Capabilities API [FF63+]
// [WARNING] This *may* affect media performance if disabled, no one is sure
// [WARNING] The API state is fingerprintable and disabling may affect performance
// https://github.com/WICG/media-capabilities
// https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/
// user_pref("media.media-capabilities.enabled", false);
// -------------------------------------
// Disable virtual reality devices
// Optional protection depending on your connected devices
// [WARNING] The API state is fingerprintable
// https://developer.mozilla.org/docs/Web/API/WebVR_API ***/
// user_pref("dom.vr.enabled", false);
user_pref("dom.vr.enabled", false);
// -------------------------------------
// Set a default permission for Virtual Reality [FF73+]
// 0=always ask (default), 1=allow, 2=block
@ -1249,8 +1246,8 @@ user_pref("dom.battery.enabled", false);
user_pref("webgl.disabled", true);
user_pref("webgl.enable-webgl2", false);
// -------------------------------------
// Limit WebGL ***/
user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+]
// Limit WebGL
// user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+]
// -------------------------------------
// Enforce no system colors
// [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors
@ -1334,7 +1331,6 @@ user_pref("permissions.manager.defaultsUrl", "");
user_pref("webchannel.allowObject.urlWhitelist", "");
// -------------------------------------
// Use Punycode in Internationalized Domain Names to eliminate possible spoofing
// Firefox has *some* protections, but it is better to be safe than sorry
// [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded
// [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
// https://wiki.mozilla.org/IDN_Display_Algorithm
@ -1819,7 +1815,7 @@ user_pref("security.mixed_content.block_object_subrequest", true);
// -------------------------------------
// Disable Flash plugin
// 0=deactivated, 1=ask, 2=enabled
// ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash
// ESR52.x is the last branch to fully support NPAPI, FF52+ stable only supports Flash
// [NOTE] You can still override individual sites via site permissions
// https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
user_pref("plugin.state.flash", 0); // [DEFAULT: 1]