Update 'user.js'

user.js

@@ -49,7 +49,8 @@ user_pref("browser.startup.homepage", "about:blank");
 user_pref("browser.newtabpage.enabled", false);
 user_pref("browser.newtab.preload", false);
 // -------------------------------------
-// Disable Activity Stream telemetry ***/
+// Disable some Activity Stream items
+// Activity Stream is the default homepage/newtab based on metadata and browsing behavior
 user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
 user_pref("browser.newtabpage.activity-stream.telemetry", false);
 user_pref("browser.newtabpage.activity-stream.showSearch", false);
@@ -80,8 +81,8 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); //
 user_pref("browser.newtabpage.activity-stream.default.sites", "");
 // -------------------------------------
 // Start Firefox in PB (Private Browsing) mode
-//  https://wiki.mozilla.org/Private_Browsing
+// https://wiki.mozilla.org/Private_Browsing
-//  https://spreadprivacy.com/is-private-browsing-really-private/ ***/
+// https://spreadprivacy.com/is-private-browsing-really-private/ ***/
 // user_pref("browser.privatebrowsing.autostart", true);
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@@ -247,7 +248,6 @@ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAU
 // -------------------------------------
 // Disable Captive Portal detection
 // https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
-// https://wiki.mozilla.org/Necko/CaptivePortal ***/
 user_pref("captivedetect.canonicalURL", "");
 user_pref("network.captive-portal-service.enabled", false); // [FF52+]
 // -------------------------------------
@@ -409,8 +409,7 @@ user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");
 // >>>>>>>>>>>>>>>>>>>>>
 // Disable Normandy/Shield [FF60+]
 // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
-// https://wiki.mozilla.org/Firefox/Shield
+// https://mozilla.github.io/normandy/
-// https://github.com/mozilla/normandy ***/
 user_pref("app.normandy.enabled", false);
 user_pref("app.normandy.api_url", "");
 user_pref("app.normandy.shieldLearnMoreUrl", "");
@@ -821,14 +820,12 @@ user_pref("security.OCSP.require", false);
 // CERTS / HPKP (HTTP Public Key Pinning) ***/
 // >>>>>>>>>>>>>>>>>>>>>
 // Disable or limit SHA-1 certificates
-// 0=all SHA1 certs are allowed
+// 0 = allow all
-// 1=all SHA1 certs are blocked
+// 1 = block all
-// 2=deprecated option that now maps to 1
+// 3 = only allow locally-added roots (e.g. anti-virus) (default)
-// 3=only allowed for locally-added roots (e.g. anti-virus)
+// 4 = only allow locally-added roots or for certs in 2015 and earlier
-// 4=only allowed for locally-added roots or for certs in 2015 and earlier
+// [SETUP-CHROME] If you have problems, update your software: SHA-1 is obsolete
-// [SETUP-CHROME] When disabled, some man-in-the-middle devices, e.g. security scanners and
+// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
-// antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete
-// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/
 user_pref("security.pki.sha1_enforcement_level", 1);
 // -------------------------------------
 // Disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
@@ -1216,8 +1213,8 @@ user_pref("javascript.options.wasm", false);
 // https://bugzilla.mozilla.org/1313580 ***/
 user_pref("dom.battery.enabled", false);
 // -------------------------------------
-// Disable hardware acceleration to reduce graphics fingerprinting [SETUP-HARDEN]
+// Disable hardware acceleration [SETUP-HARDEN]
-// [WARNING] Affects text rendering (fonts will look different), impacts video performance,
+// WARNING] Affects rendering and performance
 // and parts of Quantum that utilize the GPU will also be affected as they are rolled out
 // [SETTING] General>Performance>Custom>Use hardware acceleration when available
 // https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/
@@ -1225,15 +1222,15 @@ user_pref("dom.battery.enabled", false);
 // user_pref("layers.acceleration.disabled", true);
 // -------------------------------------
 // Disable Media Capabilities API [FF63+]
-// [WARNING] This *may* affect media performance if disabled, no one is sure
+// [WARNING] The API state is fingerprintable and disabling may affect performance
 // https://github.com/WICG/media-capabilities
 // https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/
 // user_pref("media.media-capabilities.enabled", false);
 // -------------------------------------
 // Disable virtual reality devices
-// Optional protection depending on your connected devices
+// [WARNING] The API state is fingerprintable
 // https://developer.mozilla.org/docs/Web/API/WebVR_API ***/
-// user_pref("dom.vr.enabled", false);
+user_pref("dom.vr.enabled", false);
 // -------------------------------------
 // Set a default permission for Virtual Reality [FF73+]
 // 0=always ask (default), 1=allow, 2=block
@@ -1249,8 +1246,8 @@ user_pref("dom.battery.enabled", false);
 user_pref("webgl.disabled", true);
 user_pref("webgl.enable-webgl2", false);
 // -------------------------------------
-// Limit WebGL ***/
+// Limit WebGL
-user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+]
+// user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+]
 // -------------------------------------
 // Enforce no system colors
 // [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors
@@ -1334,7 +1331,6 @@ user_pref("permissions.manager.defaultsUrl", "");
 user_pref("webchannel.allowObject.urlWhitelist", "");
 // -------------------------------------
 // Use Punycode in Internationalized Domain Names to eliminate possible spoofing
-// Firefox has *some* protections, but it is better to be safe than sorry
 // [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded
 // [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
 // https://wiki.mozilla.org/IDN_Display_Algorithm
@@ -1819,7 +1815,7 @@ user_pref("security.mixed_content.block_object_subrequest", true);
 // -------------------------------------
 // Disable Flash plugin
 // 0=deactivated, 1=ask, 2=enabled
-// ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash
+// ESR52.x is the last branch to fully support NPAPI, FF52+ stable only supports Flash
 // [NOTE] You can still override individual sites via site permissions
 // https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed]
 user_pref("plugin.state.flash", 0); // [DEFAULT: 1]