diff --git a/user.js b/user.js index c903a45..ef1ddd4 100644 --- a/user.js +++ b/user.js @@ -93,7 +93,7 @@ user_pref("browser.search.geoip.url", ""); // [HIDDEN PREF] // Set a default permission for Location [FF58+] // 0=always ask (default), 1=allow, 2=block // [NOTE] Best left at default "always ask", fingerprintable via Permissions API -// [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location +// [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Your Location // [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/ // user_pref("permissions.default.geo", 2); // ------------------------------------- @@ -739,10 +739,11 @@ user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.tls.version.enable-deprecated", false); // ------------------------------------- // Disable SSL session tracking [FF36+] -// SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking -// [SETUP-PERF] Relax this if you have FPI enabled *AND* you understand the -// consequences. FPI isolates these, but it was designed with the Tor protocol in mind, -// and the Tor Browser has extra protection, including enhanced sanitizing per Identity. +// SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks) +// These are not used in PB mode. In normal windows they are isolated when using FPI +// and/or containers. In FF85+ they are isolated by default (privacy.partition.network_state) +// [WARNING] There are perf and passive fingerprinting costs, for little to no gain. Preventing +// tracking via this method does not address IPs, nor handle any sanitizing of current identifiers // https://tools.ietf.org/html/rfc5077 // https://bugzilla.mozilla.org/967977 // https://arxiv.org/abs/1810.07304 ***/ @@ -827,7 +828,7 @@ user_pref("security.mixed_content.block_object_subrequest", true); // ------------------------------------- // Enable HTTPS-Only mode [FF76+] // When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored -// [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily +// [SETTING] to add site exceptions: Ctrl+I>HTTPS-Only mode>On/Off/Off temporarily // [SETTING] Privacy & Security>HTTPS-Only Mode // [TEST] http://example.com [upgrade] // [TEST] http://neverssl.org/ [no upgrade] @@ -1050,7 +1051,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false); // ------------------------------------- // Set a default permission for Camera/Microphone [FF58+] // 0=always ask (default), 1=allow, 2=block -// [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone +// [SETTING] to add site exceptions: Ctrl+I>Permissions>Use the Camera/Microphone // [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/ user_pref("permissions.default.camera", 2); user_pref("permissions.default.microphone", 2); @@ -1135,7 +1136,7 @@ user_pref("dom.push.userAgentID", ""); // Set a default permission for Notifications [FF58+] // 0=always ask (default), 1=allow, 2=block // [NOTE] Best left at default "always ask", fingerprintable via Permissions API -// [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications +// [SETTING] to add site exceptions: Ctrl+I>Permissions>Receive Notifications // [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/ // user_pref("permissions.default.desktop-notification", 2); // @@ -1242,7 +1243,7 @@ user_pref("dom.webaudio.enabled", false); // ------------------------------------- // Set a default permission for Virtual Reality [FF73+] // 0=always ask (default), 1=allow, 2=block -// [SETTING] to add site exceptions: Page Info>Permissions>Access Virtual Reality Devices +// [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices // [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/ // user_pref("permissions.default.xr", 0); // @@ -1295,7 +1296,7 @@ user_pref("middlemouse.contentLoadURL", false); // ------------------------------------- // Disable websites overriding Firefox's keyboard shortcuts [FF58+] // 0 (default) or 1=allow, 2=block -// [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ +// [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts ***/ // user_pref("permissions.default.shortcuts", 2); // ------------------------------------- // Remove special permissions for certain mozilla domains [FF35+] @@ -1724,6 +1725,7 @@ user_pref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line // UX BEHAVIOR ***/ // >>>>>>>>>>>>>>>>>>>>> // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing +// user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+] // user_pref("browser.tabs.closeWindowWithLastTab", false); // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+]