diff --git a/user.js b/user.js index bcea519..fd4751d 100644 --- a/user.js +++ b/user.js @@ -542,6 +542,18 @@ user_pref("browser.fixup.alternate.enabled", false); // Display all parts of the url in the location bar ***/ user_pref("browser.urlbar.trimURLs", false); // ------------------------------------- +// Disable coloring of visited links - CSS history leak +// Bulk rapid history sniffing was mitigated in 2010. Slower and more expensive +// redraw timing attacks were largely mitigated in FF77+. Using RFP further hampers timing +// attacks. Don't forget clearing history on close. However, social engineering +// and advanced targeted timing attacks could still produce usable results +// https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector +// https://dbaron.org/mozilla/visited-privacy +// https://bugzilla.mozilla.org/1632765 +// https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) +// https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/ +user_pref("layout.css.visited_links_enabled", false); +// ------------------------------------- // Disable live search suggestions // [NOTE] Both must be true for the location bar to work // [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine @@ -1007,13 +1019,13 @@ user_pref("media.gmp-provider.enabled", false); user_pref("media.gmp-gmpopenh264.enabled", false); // ------------------------------------- // Disable widevine CDM (Content Decryption Module) -// [SETUP-WEB] if you *need* CDM, e.g. Netflix, Amazon Prime, Hulu, whatever ***/ +// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV user_pref("media.gmp-widevinecdm.enabled", false); user_pref("media.gmp-manager.url", ""); user_pref("media.gmp-manager.url.override", ""); // ------------------------------------- // Disable all DRM content (EME: Encryption Media Extension) -// [SETUP-WEB] if you *need* EME, e.g. Netflix, Amazon Prime, Hulu, whatever +// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV // [SETTING] General>DRM Content>Play DRM-controlled content // https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false);