mobile_user.js/user.js

2795 lines
168 KiB
JavaScript
Raw Normal View History

//
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
/**********************************************************************************
* user.js | Fennec F-Droid *
* *
* https://git.nixnet.xyz/quindecim/fennec_user.js *
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
*********************************************************************************/
//
// Author : quindecim : https://git.nixnet.xyz/quindecim
// https://git.lelux.fi/quindecim | MIRROR
// https://git.lushka.al/quindecim | MIRROR
//
//
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Based on : gHacks : https://github.com/ghacksuserjs/ghacks-user.js
// Librefox : https://github.com/intika/Librefox
// pyllyukko : https://github.com/pyllyukko/user.js
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js
// CHEF-KOCH : https://github.com/CHEF-KOCH/FFCK/tree/master/user.js
//
// License : https://git.nixnet.xyz/quindecim/fennec_user.js/src/branch/master/LICENSE.txt
//
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Startup
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable default browser check
user_pref("browser.shell.checkDefaultBrowser", false); // [DESKTOP]
// -------------------------------------
// Pref : Set NEWTAB page
// true=Activity Stream, false=blank page
user_pref("browser.newtabpage.enabled", false); // [DESKTOP]
user_pref("browser.newtab.url", "about:blank"); // [DESKTOP]
// -------------------------------------
// Pref : Disable Extension Recommendations (CFR: "Contextual Feature Recommender"
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// https://support.mozilla.org/en-US/kb/extension-recommendations
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Activity Stream Top Stories, Pocket-based and/or sponsored content
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [DESKTOP]
// -------------------------------------
// Pref : Set Homepage
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("browser.startup.homepage", "about:blank"); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream Snippets
// Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
// https://abouthome-snippets-service.readthedocs.io/
user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream telemetry
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.telemetry", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.telemetry.ut.events", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Activity Stream feeds
user_pref("browser.newtabpage.activity-stream.feeds.aboutpreferences", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.favicon", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.messagecenterfeed", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.migration", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.newtabinit", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.places", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.prefs", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.sections", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.systemtick", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.topsites", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream (others)
user_pref("browser.newtabpage.activity-stream.messageCenterExperimentEnabled", false);
user_pref("browser.newtabpage.activity-stream.showSearch", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.config", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.rec.impressions", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.spoc.impressions", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.endpointSpocsClear", "");
user_pref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable new tab tile ads & preload
// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox
// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
user_pref("browser.newtab.preload", false); // [DESKTOP]
user_pref("browser.newtabpage.directory.ping", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.asrouter.messageProviders", ""); // [DESKTOP]
// -------------------------------------
// Pref : Don't reveal build ID
// Value taken from Tor Browser
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
user_pref("browser.startup.homepage_override.mstone", "ignore");
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Quiet Fox
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable app from auto-update
user_pref("app.update.auto", false); // [DESKTOP]
user_pref("app.update.autodownload", "never"); // [TEST] // [FENNEC]
user_pref("app.update.channel", "");
user_pref("app.update.url", ""); // [DESKTOP]
user_pref("app.update.url.details", ""); // [DESKTOP]
user_pref("app.update.url.manual", ""); // [DESKTOP]
user_pref("app.update.url.android", ""); // [FENNEC]
user_pref("app.update.staging.enabled", false); // [DESKTOP]
user_pref("app.update.log.file", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable sync
user_pref("sync.enabled", false); // [DEPRECATED] // [DESKTOP]
user_pref("services.sync.enabled", false);
// -------------------------------------
// Pref : Disable other sync settings (by prevention)
user_pref("services.sync.maxResyncs", 0); // [DESKTOP]
user_pref("services.sync.telemetry.maxPayloadCount", 0); // [DESKTOP]
user_pref("services.sync.addons.ignoreUserEnabledChanges", true); // [DESKTOP]
user_pref("services.sync.engine.addons", false); // [DESKTOP]
user_pref("services.sync.engine.addresses", false); // [DESKTOP]
user_pref("services.sync.engine.bookmarks", false); // [DESKTOP]
user_pref("services.sync.engine.bookmarks.buffer", false); // [DESKTOP]
user_pref("services.sync.engine.creditcards", false); // [DESKTOP]
user_pref("services.sync.engine.creditcards.available", false); // [DESKTOP]
user_pref("services.sync.engine.history", false); // [DESKTOP]
user_pref("services.sync.engine.passwords", false); // [DESKTOP]
user_pref("services.sync.engine.prefs", false); // [DESKTOP]
user_pref("services.sync.engine.tabs", false); // [DESKTOP]
user_pref("services.sync.log.appender.file.logOnError", false); // [DESKTOP]
user_pref("services.sync.log.appender.file.logOnSuccess", false); // [DESKTOP]
user_pref("services.sync.log.cryptoDebug", false); // [DESKTOP]
user_pref("services.sync.sendVersionInfo", false); // [DESKTOP]
user_pref("services.sync.syncedTabs.showRemoteIcons", true); // [DESKTOP]
user_pref("services.sync.prefs.sync.accessibility.blockautorefresh", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.accessibility.browsewithcaret", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.accessibility.typeaheadfind", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.contentblocking.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.download.useDownloadDir", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.formfill.enable", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.link.open_newwindow", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.pinned", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.offline-apps.notify", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.search.update", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.startup.homepage", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.startup.page", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.contentblocking.category", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.contentblocking.introCount", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.section.highlights", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.section.topstories", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.snippets", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.topsites", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.showSearch", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.topSitesRows", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.taskbar.previews.enable", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.dom.disable_open_during_load", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.dom.disable_window_flip", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.dom.disable_window_move_resize", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.extensions.personas.current", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.extensions.update.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.intl.accept_languages", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.layout.spellcheckDefault", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.permissions.default.image", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.resistFingerprinting", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.annotate.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.annotate.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.media.autoplay.default", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.security.OCSP.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.security.OCSP.require", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.security.default_personal_cert", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.security.tls.version.max", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.security.tls.version.min", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.spellchecker.dictionary", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.xpinstall.whitelist.required", false); // [DESKTOP]
user_pref("services.sync.declinedEngines", ""); // [DESKTOP]
user_pref("services.sync.jpake.serverURL", ""); // [DEPRECATED] // [DESKTOP]
user_pref("services.sync.migrated", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.safebrowsing.passwords.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); // [DESKTOP]
user_pref("services.sync.engine.addresses.available", false); // [DESKTOP]
user_pref("services.sync.addons.trustedSourceHostnames", ""); // [DESKTOP]
user_pref("services.sync.engine.tabs.filteredUrls", ""); // [DESKTOP]
user_pref("services.sync.log.appender.console", ""); // [DESKTOP]
user_pref("services.sync.log.appender.dump", ""); // [DESKTOP]
user_pref("services.sync.log.appender.file.level", ""); // [DESKTOP]
user_pref("services.sync.log.logger", ""); // [DESKTOP]
user_pref("services.sync.log.logger.engine", ""); // [DESKTOP]
user_pref("services.sync.prefs.sync.media.eme.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.signon.rememberSignons", false); // [DESKTOP]
user_pref("services.sync.serverURL", ""); // [DESKTOP]
user_pref("services.sync.fxa.privacyURL", ""); // [DESKTOP]
user_pref("services.sync.fxa.termsURL", ""); // [DESKTOP]
user_pref("services.sync.lastversion", ""); // [DESKTOP]
user_pref("sync.serverURL", ""); // [DEPRECATED] // [DESKTOP]
user_pref("sync.jpake.serverURL", ""); // [DEPRECATED] // [DESKTOP]
user_pref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); // [DESKTOP]
user_pref("services.sync.prefs.dangerously_allow_arbitrary", false); // [DESKTOP]
user_pref("services.sync.prefs.sync.app.shield.optoutstudies.enabled", false);
user_pref("services.sync.prefs.sync.browser.discovery.enabled", false);
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored", false);
user_pref("services.sync.prefs.sync.browser.search.widget.inNavBar", false);
user_pref("services.sync.prefs.sync.extensions.activeThemeID", false);
// -------------------------------------
// Pref : Never check updates for search engines
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
user_pref("browser.search.update", false);
user_pref("browser.search.update.log", false);
2019-05-10 20:50:17 +00:00
// user_pref("browser.search.update.interval", 0);
// -------------------------------------
// Pref : Tell the search service that we don't really expose the "current engine"
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
user_pref("browser.search.noCurrentEngine", true); // [DEFAULT: true] // [FENNEC]
// -------------------------------------
// Pref : Disable sending Flash Player crash reports
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
// -------------------------------------
// Pref : Disable sending the URL of the website where a plugin crashed
user_pref("dom.ipc.plugins.reportCrashURL", false);
// -------------------------------------
// Pref : Disable Telemetry
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// https://wiki.mozilla.org/Platform/Features/Telemetry
// https://wiki.mozilla.org/Privacy/Reviews/Telemetry
// https://wiki.mozilla.org/Telemetry
// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry
// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715
// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry
// https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html#id1
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.debugSlowSql", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.server_owner", "");
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.unifiedIsOptIn", false); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("toolkit.telemetry.archive.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.cachedClientID", ""); // [DESKTOP]
user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.updatePing.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.bhrPing.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.hybridContent.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.previousBuildID", ""); // [DESKTOP]
user_pref("toolkit.telemetry.prompted", 2); // [DESKTOP]
user_pref("toolkit.telemetry.rejected", true); // [DESKTOP]
user_pref("security.identitypopup.recordEventTelemetry", false);
user_pref("security.certerrors.recordEventTelemetry", false); // [DESKTOP]
user_pref("privacy.trackingprotection.origin_telemetry.enabled", false);
user_pref("telemetry.origin_telemetry_test_mode.enabled", false);
user_pref("toolkit.telemetry.ecosystemtelemetry.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Telemetry Coverage
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
user_pref("toolkit.coverage.enabled", false); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] // [DESKTOP]
user_pref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] // [DESKTOP]
user_pref("toolkit.coverage.endpoint.base", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable collection/sending of the health report (healthreport.sqlite*)
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("datareporting.healthreport.uploadEnabled", false); // [DESKTOP]
user_pref("datareporting.healthreport.service.enabled", false); // [DESKTOP]
user_pref("datareporting.healthreport.infoURL", ""); // [DESKTOP]
user_pref("datareporting.policy.dataSubmissionEnabled", false);
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("datareporting.policy.currentPolicyVersion", 0);
user_pref("datareporting.policy.currentPolicyAcceptedVersion", 0);
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0);
user_pref("datareporting.policy.dataSubmissionPolicyBypassNotification", false);
user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "");
user_pref("datareporting.policy.firstRunURL", "");
user_pref("datareporting.policy.minimumPolicyVersion", 0);
user_pref("datareporting.policy.minimumPolicyVersion.channel-beta", 0);
// -------------------------------------
// Pref : Disable personalized Extension Recommendations in about:addons and AMO
// [NOTE] This pref has no effect when Health Reports are disabled
// https://support.mozilla.org/kb/personalized-extension-recommendations
user_pref("browser.discovery.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable Crash Reports
user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.email", ""); // [DESKTOP]
user_pref("browser.tabs.crashReporting.emailMe", false); // [DESKTOP]
user_pref("browser.tabs.crashReporting.includeURL", false); // [DESKTOP]
user_pref("browser.tabs.crashReporting.requestEmail", false); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("browser.tabs.crashReporting.sendReport", false); // [DESKTOP]
user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [DESKTOP]
user_pref("toolkit.crashreporter.infoURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable automatic captive portal detection
// https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
// https://wiki.mozilla.org/Necko/CaptivePortal
user_pref("captivedetect.canonicalURL", "");
user_pref("network.captive-portal-service.enabled", false);
user_pref("network.captive-portal-service.backoffFactor", "");
2019-05-10 20:50:17 +00:00
// user_pref("network.captive-portal-service.maxInterval", 0);
// user_pref("network.captive-portal-service.minInterval", 0);
// -------------------------------------
// Pref : Disable Network Connectivity checks
// https://bugzilla.mozilla.org/1460537
user_pref("network.connectivity-service.enabled", false); // [DEFAULT: true]
user_pref("network.connectivity-service.IPv4.url", "");
user_pref("network.connectivity-service.IPv6.url", "");
user_pref("network.connectivity-service.DNSv4.domain", "");
user_pref("network.connectivity-service.DNSv6.domain", "");
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Disable auto updating of lightweight themes (LWT)
// Not to be confused with themes, which use the Theme API
// Mozilla plan to convert existing LWTs and remove LWT support in the future
// https://blog.mozilla.org/addons/2018/09/20/future-themes-here/
user_pref("lightweightThemes.persisted.headerURL", false);
user_pref("lightweightThemes.persistedThemeID", ""); // [FENNEC]
// user_pref("lightweightThemes.selectedThemeID", ""); // [BUG - FF doesen't save theme selected by user]
user_pref("lightweightThemes.getMoreURL", ""); // [DESKTOP]
user_pref("lightweightThemes.persisted.footerURL", false); // [DESKTOP]
user_pref("lightweightThemes.recommendedThemes", ""); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Studies and SHIELD
// [NOTE] This pref has no effect when Health Reports are disabled
user_pref("app.shield.optoutstudies.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable backlogged Crash Reports
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable about:addons Recommendations pane (uses Google Analytics)
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] // [DESKTOP]
user_pref("extensions.webservice.discoverURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable recommendations in about:addons Extensions and Themes panes
// https://www.ghacks.net/2019/05/15/enable-new-firefox-recommended-extensions-suggestions-in-firefox-68-nightly/
user_pref("extensions.htmlaboutaddons.discover.enabled", false); // [DESKTOP]
user_pref("extensions.htmlaboutaddons.inline-options.enabled", false);
user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
user_pref("extensions.getAddons.discovery.api_url", ""); // [DESKTOP]
user_pref("extensions.recommendations.privacyPolicyUrl", "");
user_pref("extensions.recommendations.themeRecommendationUrl", "");
// -------------------------------------
// Pref : Disable report extension option in about:addons
user_pref("extensions.htmlaboutaddons.enabled", false);
user_pref("extensions.abuseReport.enabled", false);
user_pref("extensions.abuseReport.url", "");
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Disable Firefox Hello metrics collection
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
user_pref("loop.logDomains", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable contentblocking reportBreakage
user_pref("browser.contentblocking.reportBreakage.enabled", false); // [DESKTOP]
user_pref("browser.contentblocking.reportBreakage.url", ""); // [DESKTOP]
user_pref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable send content blocking log to about:protections
// https://bugzilla.mozilla.org/show_bug.cgi?id=1549832
user_pref("browser.contentblocking.database.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Onboarding tour disable because of included telemetry
// [NOTE] This setting is just in case it comeback
user_pref("browser.onboarding.notification.finished", true); // [DESKTOP] // [DEPRECATED]
user_pref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // [DESKTOP] // [DEPRECATED]
user_pref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // [DESKTOP] // [DEPRECATED]
user_pref("devtools.onboarding.telemetry.logged", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable check default browser on first run
user_pref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable GCLI (Graphical Command Line Interface)
// https://wiki.mozilla.org/DevTools/Features/GCLI
user_pref("devtools.gcli.imgurUploadURL", ""); // [DESKTOP]
user_pref("devtools.gcli.jquerySrc", ""); // [DESKTOP]
user_pref("devtools.gcli.underscoreSrc", ""); // [DESKTOP]
user_pref("devtools.gcli.lodashSrc", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox screenshot extension
// https://support.mozilla.org/en-US/kb/firefox-screenshots
user_pref("extensions.screenshots.disabled", true); // [DESKTOP]
user_pref("extensions.screenshots.upload-disabled", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable spellchecker functionality by default
// 0=none, 1-multi-line, 2=multi-line & single-line
// http://kb.mozillazine.org/Layout.spellcheckDefault
// https://support.mozilla.org/en-US/kb/how-do-i-use-firefox-spell-checker
user_pref("layout.spellcheckDefault", 0); // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox internal page warnings
user_pref("network.warnOnAboutNetworking", false);
user_pref("general.warnOnAboutConfig", false);
user_pref("browser.aboutConfig.showWarning", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable recent Highlights in the Library
user_pref("browser.library.activity-stream.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable warnings about close/open multiple tabs
user_pref("browser.tabs.warnOnClose", false); // [DESKTOP]
user_pref("browser.tabs.warnOnCloseOtherTabs", false); // [DESKTOP]
user_pref("browser.tabs.warnOnOpen", false); // [DESKTOP]
user_pref("browser.warnOnQuit", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable warnings by entering full screen mode
user_pref("full-screen-api.warning.delay", 0);
user_pref("full-screen-api.warning.timeout", 0);
// -------------------------------------
// Pref : Disable WebVTT logging and test events
// https://developer.mozilla.org/en-US/docs/Web/API/WebVTT_API
// https://git.sny.no/gecko/commit/?id=5701a142f2a5e89b1b716e0edec0f18d5e513678
user_pref("media.webvtt.debug.logging", false);
user_pref("media.webvtt.testing.events", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : IJWY To Shut Up
// I Just Want You To Shut Up : Closing all non necessary communication to mozilla.org etc.
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Block unwanted connections
user_pref("app.feedback.baseURL", "");
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
user_pref("app.feedbackURL", ""); // [FENNEC]
user_pref("app.channelURL", ""); // [FENNEC]
user_pref("app.creditsURL", ""); // [FENNEC]
user_pref("app.faqURL", ""); // [FENNEC]
user_pref("app.privacyURL", ""); // [FENNEC]
user_pref("app.releaseNotesURL", "");
user_pref("app.support.baseURL", "");
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
user_pref("app.supportURL", ""); // [FENNEC]
user_pref("app.vendorURL", ""); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("media.decoder-doctor.new-issue-endpoint", "");
user_pref("network.trr.confirmationNS", "");
user_pref("services.settings.default_signer", ""); // [DESKTOP]
user_pref("services.settings.server", ""); // [DESKTOP]
user_pref("accessibility.support.url", ""); // [DESKTOP]
user_pref("browser.dictionaries.download.url", ""); // [DESKTOP]
user_pref("browser.geolocation.warning.infoURL", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // [DESKTOP]
user_pref("browser.search.searchEnginesURL", ""); // [DESKTOP]
user_pref("extensions.getAddons.themes.browseURL", ""); // [DESKTOP]
user_pref("security.content.signature.root_hash", "");
user_pref("identity.mobilepromo.android", ""); // [DESKTOP]
user_pref("identity.mobilepromo.ios", ""); // [DESKTOP]
user_pref("toolkit.datacollection.infoURL", ""); // [DESKTOP]
user_pref("dom.keyboardevent.keypress.hack.dispatch_non_printable_keys", "");
user_pref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode", "");
user_pref("startup.homepage_welcome_url", ""); // [DESKTOP]
user_pref("startup.homepage_welcome_url.additional", ""); // [DESKTOP]
user_pref("startup.homepage_override_url", ""); // [DESKTOP]
user_pref("browser.search.param.yahoo-fr", ""); // [DESKTOP]
// -------------------------------------
// Pref : Devtools cleanup
user_pref("devtools.devices.url", "");
user_pref("devtools.devedition.promo.url", ""); // [DESKTOP]
user_pref("devtools.performance.recording.ui-base-url", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable website protocol handlers
user_pref("gecko.handlerService.schemes.irc.0.name", ""); // [DESKTOP]
user_pref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); // [DESKTOP]
user_pref("gecko.handlerService.schemes.ircs.0.name", ""); // [DESKTOP]
user_pref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); // [DESKTOP]
user_pref("gecko.handlerService.schemes.mailto.0.name", ""); // [DESKTOP]
user_pref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); // [DESKTOP]
user_pref("gecko.handlerService.schemes.mailto.1.name", ""); // [DESKTOP]
user_pref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); // [DESKTOP]
user_pref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable browser translate integration
// https://www.ghacks.net/2018/09/09/mozilla-working-on-google-translate-integration-in-firefox/
user_pref("browser.translation.engine", ""); // [DESKTOP]
user_pref("browser.translation.detectLanguage", false); // [DESKTOP]
user_pref("browser.translation.neverForLanguages", ""); // [DESKTOP]
user_pref("browser.translation.ui.show", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable useragent updates and site specific overrides
user_pref("general.useragent.updates.enabled", false); // [FENNEC]
user_pref("general.useragent.site_specific_overrides", false); // [DESKTOP]
user_pref("general.useragent.updates.url", ""); // [FENNEC]
// -------------------------------------
// Pref : Decrease vendor useragent info leakage to Mozilla
// https://github.com/pyllyukko/user.js/issues/299
user_pref("general.useragent.vendor", ""); // [DESKTOP]
user_pref("general.useragent.vendorComment", ""); // [DESKTOP]
user_pref("general.useragent.vendorSub", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable mailnews
user_pref("mailnews.messageid_browser.url", ""); // [DESKTOP]
user_pref("mailnews.mx_service_url", ""); // [DESKTOP]
// -------------------------------------
// Pref : Remove pinned sites from searchbar
user_pref("browser.newtabpage.activity-stream.default.sites", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Miscellaneous
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Test user.js in about:config
2019-07-29 06:34:37 +00:00
user_pref("_config.applied", true);
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Updates addons automatically
// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
user_pref("extensions.update.enabled", true);
user_pref("extensions.autoupdate.enabled", true);
// -------------------------------------
// Pref : Decrease system information leakage to Mozilla extensions update servers
user_pref("extensions.update.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"); // [URL SANITIZED]
user_pref("extensions.update.background.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"); // [URL SANITIZED]
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Decrease system information leakage to Mozilla addons update servers
user_pref("extensions.getAddons.browseAddons", "https://addons.mozilla.org/en-US/firefox/collections/4757633/mob/?page=1&collection_sort=-popularity"); // [URL SANITIZED] // [FENNEC]
user_pref("extensions.getAddons.get.url", "https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=en-US"); // [URL SANITIZED]
user_pref("extensions.getAddons.link.url", "https://addons.mozilla.org/en-US/firefox/"); // [URL SANITIZED]
user_pref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/en-US/android/search?q=%TERMS%&platform=%OS%&appver=%VERSION%"); // [URL SANITIZED]
user_pref("extensions.getAddons.compatOverides.url", "https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=en-US"); // [URL SANITIZED]
2019-05-10 20:50:17 +00:00
// -------------------------------------
// Pref : Disable Web Compatibility Reporter
// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
user_pref("extensions.webcompat-reporter.enabled", false);
user_pref("extensions.webcompat-reporter.newIssueEndpoint", "");
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Don't let XPIProvider install distribution add-ons
user_pref("extensions.installDistroAddons", false); // [DEFAULT: false] // [FENNEC]
// -------------------------------------
// Pref : Disable legacy extensions
user_pref("extensions.legacy.enabled", false);
// -------------------------------------
// Pref : Provide haptic feedback on longPress selection events
user_pref("layout.accessiblecaret.hapticfeedback", false); // [DEFAULT: true]
// -------------------------------------
// Pref :
user_pref("dom.registerProtocolHandler.insecure.enabled", false);
// -------------------------------------
// Pref : Disable Firefox Accounts and Sync
user_pref("identity.fxaccounts.enabled", false); // [DESKTOP]
user_pref("identity.fxaccounts.auth.uri", "");
user_pref("identity.fxaccounts.remote.oauth.uri", "");
user_pref("identity.fxaccounts.remote.profile.uri", "");
2019-05-10 20:50:17 +00:00
user_pref("identity.sync.tokenserver.uri", "");
user_pref("identity.fxaccounts.remote.root", ""); // [DESKTOP]
user_pref("identity.fxaccounts.pairing.enabled", false); // [DESKTOP]
user_pref("identity.fxaccounts.remote.pairing.uri", ""); // [DESKTOP]
user_pref("identity.fxaccounts.toolbar.accessed", false); // [DESKTOP]
user_pref("identity.fxaccounts.toolbar.enabled", false); // [DESKTOP]
user_pref("identity.fxaccounts.migrateToDevEdition", false); // [DESKTOP]
user_pref("identity.fxaccounts.contextParam", ""); // [DESKTOP]
user_pref("identity.fxaccounts.commands.enabled", false); // [DESKTOP]
user_pref("identity.fxaccounts.autoconfig.uri", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable snippets
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
user_pref("browser.snippets.enabled", false); // [FENNEC]
user_pref("browser.snippets.firstrunHomepage.enabled", false); // [FENNEC]
user_pref("browser.snippets.statsUrl", ""); // [FENNEC]
user_pref("browser.snippets.updateUrl", ""); // [FENNEC]
user_pref("browser.snippets.syncPromo.enabled", false); // [FENNEC]
2019-05-10 20:50:17 +00:00
// user_pref("browser.snippets.updateInterval", 0); // [FENNEC]
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Disable Webextensions sync
user_pref("webextensions.storage.sync.enabled", false); // [DESKTOP]
user_pref("webextensions.storage.sync.serverURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Force Punycode for Internationalized Domain Names
// http://kb.mozillazine.org/Network.IDN_show_punycode
// https://www.xudongz.com/blog/2017/idn-phishing/
// https://wiki.mozilla.org/IDN_Display_Algorithm
// https://en.wikipedia.org/wiki/IDN_homograph_attack
// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
user_pref("network.IDN_show_punycode", true);
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Disable page thumbnail collection
// Look in profile/thumbnails directory, you may want to clean that out
user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
// -------------------------------------
// Pref : Do not automatically send selection to clipboard on Linux and some UNIX-like platforms
// http://kb.mozillazine.org/Clipboard.autocopy
user_pref("clipboard.autocopy", false);
// -------------------------------------
// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics)
// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
user_pref("beacon.enabled", false);
// -------------------------------------
// Pref : Disable speech recognition
// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
// https://wiki.mozilla.org/HTML5_Speech_API
user_pref("media.webspeech.recognition.enable", false); // [DEFAULT: true]
user_pref("media.webspeech.recognition.force_enable", false); // [DEFAULT: false]
user_pref("media.webspeech.test.enable", false); // [DEFAULT: false]
user_pref("media.webspeech.test.fake_fsm_events", false); // [DEFAULT: false]
user_pref("media.webspeech.test.fake_recognition_service", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Don't use Mozilla-provided location-specific search engines
user_pref("browser.search.geoSpecificDefaults", false);
// -------------------------------------
// Pref : Don't monitor OS online/offline connection state
// https://trac.torproject.org/projects/tor/ticket/18945
2019-05-10 20:50:17 +00:00
user_pref("network.manage-offline-status", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Set File URI Origin Policy
// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
user_pref("security.fileuri.strict_origin_policy", true);
// -------------------------------------
// Pref : Disable SVG in OpenType fonts
// https://wiki.mozilla.org/SVGOpenTypeFonts
// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
user_pref("gfx.font_rendering.opentype_svg.enabled", false);
// -------------------------------------
// Pref : Ensure you have a security delay when installing add-ons (milliseconds)
// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
user_pref("security.dialog_enable_delay", 700);
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Disable WebIDE to prevent remote debugging and ADB extension download
// https://developer.mozilla.org/docs/Tools/WebIDE
// https://trac.torproject.org/projects/tor/ticket/16222
user_pref("devtools.debugger.remote-enabled", false);
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("devtools.webide.enabled", false); // [DESKTOP]
user_pref("devtools.webide.autoinstallADBExtension", false); // [DESKTOP]
user_pref("devtools.remote.adb.extensionURL", ""); // [DESKTOP]
user_pref("devtools.remote.adb.extensionID", ""); // [DESKTOP]
user_pref("devtools.webide.adaptersAddonURL", ""); // [DESKTOP]
user_pref("devtools.webide.templatesURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Force local debugging
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
user_pref("devtools.debugger.force-local", true);
// -------------------------------------
// Pref : Prevent accessibility services from accessing your browser
// https://support.mozilla.org/kb/accessibility-services
user_pref("accessibility.force_disabled", 1);
// -------------------------------------
// Pref : Remove temp files opened with an external application
// https://bugzilla.mozilla.org/302433
user_pref("browser.helperApps.deleteTempFileOnExit", true);
// -------------------------------------
// Pref : Disable various developer tools in browser context
// https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676
user_pref("devtools.chrome.enabled", false);
// -------------------------------------
// Pref : Disable MathML (Mathematical Markup Language)
// [TEST] http://browserspy.dk/mathml.php
// https://bugzilla.mozilla.org/1173199
user_pref("mathml.disabled", true);
// -------------------------------------
// Pref : Disable middle mouse click paste leaking on Linux
// https://bugzilla.mozilla.org/1528289
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Useless on Android
user_pref("middlemouse.paste", false);
// -------------------------------------
// Pref : Disable middle mouse click opening links from clipboard
// https://trac.torproject.org/projects/tor/ticket/10089
// http://kb.mozillazine.org/Middlemouse.contentLoadURL
user_pref("middlemouse.contentLoadURL", false);
// -------------------------------------
// Pref : Limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
// [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins). To control HTML Meta tag and JS redirects, use an extension.
user_pref("network.http.redirection-limit", 15); // [DEFAULT: 20]
// -------------------------------------
// Pref : Remove webchannel whitelist
user_pref("webchannel.allowObject.urlWhitelist", "");
// -------------------------------------
// Pref : Disable exposure of system colors to CSS or canvas
// [NOTE] May cause black on black for elements with undefined colors
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
// user_pref("ui.use_native_colors", true);
// Pref : Discourage downloading to desktop (0=desktop 1=downloads 2=last used)
user_pref("browser.download.folderList", 2);
// -------------------------------------
// Pref : Enforce user interaction for security by always asking the user where to download
// [FENNEC] Fix for images not downloading
user_pref("browser.download.useDownloadDir", true);
// -------------------------------------
// Pref : Disable adding downloads to the system's "recent documents" list
user_pref("browser.download.manager.addToRecentDocs", false);
// -------------------------------------
// Pref : Disable "open with" in download dialog
// This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) in such a way that it is forbidden to run external applications.
// [NOTE] This may interfere with some users' workflow or methods
// https://bugzilla.mozilla.org/1281959
user_pref("browser.download.forbid_open_with", true);
// -------------------------------------
// Pref : Lock down allowed extension directories
// This will break extensions, language packs, themes and any other XPI files which are installed outside of profile directories
// https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
// archived: https://archive.is/DYjAM
user_pref("extensions.enabledScopes", 5); // [DEFAULT: 1] // [HIDDEN PREF]
user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
// -------------------------------------
// Pref : Enable warning when websites try to install add-ons
user_pref("xpinstall.whitelist.required", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable CSP (Content Security Policy)
// https://developer.mozilla.org/docs/Web/HTTP/CSP
user_pref("security.csp.enable", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Block top level window data: URIs
// https://bugzilla.mozilla.org/1331351
// https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
// https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/
user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT: true]
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Enable only whitelisted URL protocol handlers
// http://kb.mozillazine.org/Network.protocol-handler.external-default
// http://kb.mozillazine.org/Network.protocol-handler.warn-external-default
// http://kb.mozillazine.org/Network.protocol-handler.expose.%28protocol%29
// https://news.ycombinator.com/item?id=13047883
// https://bugzilla.mozilla.org/show_bug.cgi?id=167475
// https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005
// [NOTE] Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... clients when clicking on links with these protocols
// If you want to enable a protocol, set network.protocol-handler.expose.(protocol) to true and network.protocol-handler.external.(protocol) to:
// * true, if the protocol should be handled by an external application
// * false, if the protocol should be handled internally by Firefox
user_pref("network.protocol-handler.warn-external-default", true);
user_pref("network.protocol-handler.external.javascript", false);
user_pref("network.protocol-handler.external.data", false);
user_pref("network.protocol-handler.external.about", false); // [DESKTOP]
user_pref("network.protocol-handler.external.blob", false); // [DESKTOP]
user_pref("network.protocol-handler.external.chrome", false); // [DESKTOP]
user_pref("network.protocol-handler.external.file", false); // [DESKTOP]
user_pref("network.protocol-handler.external.ftp", false); // [DESKTOP]
user_pref("network.protocol-handler.external.http", false); // [DESKTOP]
user_pref("network.protocol-handler.external.https", false); // [DESKTOP]
user_pref("network.protocol-handler.external.moz-extension", false); // [DESKTOP]
user_pref("network.protocol-handler.external.ms-windows-store", false); // [DESKTOP]
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
user_pref("network.protocol-handler.expose-all", false);
user_pref("network.protocol-handler.expose.http", true);
user_pref("network.protocol-handler.expose.https", true);
user_pref("network.protocol-handler.expose.javascript", true);
user_pref("network.protocol-handler.expose.moz-extension", true);
user_pref("network.protocol-handler.expose.ftp", true);
user_pref("network.protocol-handler.expose.file", true);
user_pref("network.protocol-handler.expose.about", true);
user_pref("network.protocol-handler.expose.chrome", true);
user_pref("network.protocol-handler.expose.blob", true);
user_pref("network.protocol-handler.expose.data", true);
2019-05-10 20:50:17 +00:00
// -------------------------------------
// Pref : Don't allow meta-refresh when backgrounded
user_pref("browser.meta_refresh_when_inactive.disabled", true);
// -------------------------------------
// Pref : Optimize images memory usage
user_pref("image.downscale-during-decode.enabled", true);
// -------------------------------------
// Pref : Disable firstrun showup
user_pref("browser.firstrun.show.uidiscovery", false); // [DEFAULT: true]
user_pref("browser.firstrun.show.localepicker", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable sending console to logcat on release builds.
user_pref("consoleservice.logcat", false); // [FENNEC]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Pocket
// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
// https://github.com/pyllyukko/user.js/issues/143
user_pref("browser.pocket.enabled", false); // [DESKTOP]
user_pref("extensions.pocket.enabled", false); // [DESKTOP]
user_pref("extensions.pocket.api", ""); // [DESKTOP]
user_pref("extensions.pocket.oAuthConsumerKey", ""); // [DESKTOP]
user_pref("extensions.pocket.site", ""); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Lock web content in file processes
// https://bugzilla.mozilla.org/1343184
user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Displaying Javascript in History URLs
// http://kb.mozillazine.org/Browser.urlbar.filter.javascript
user_pref("browser.urlbar.filter.javascript", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox's built-in PDF reader
// This setting controls if the option "Display in Firefox" is available in the setting below and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With")
// PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most)
// Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly.
// It doesn't break "state separation" of browser content (by not sharing with OS, independent apps).
// It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk.
// CONS: You may prefer a different pdf reader for security reasons
// CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare)
user_pref("pdfjs.disabled", true); // [DEFAULT: false] // [DESKTOP]
user_pref("pdfjs.enabledCache.state", false); // [DESKTOP]
user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable exposure of system colors to CSS or canvas
// [NOTE] See second listed bug: may cause black on black for elements with undefined colors
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
user_pref("ui.use_standins_for_native_colors", true); // [DESKTOP]
// -------------------------------------
// Pref : Close tab with double click action
user_pref("browser.tabs.closeTabByDblclick", true); // [DESKTOP]
// -------------------------------------
// Pref : Remove special permissions for certain mozilla domains
// resource://app/defaults/permissions
user_pref("permissions.manager.defaultsUrl", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable in-content SVG rendering
// Disabling SVG support breaks many UI elements on many sites incl. youtube player controls
// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893
// https://github.com/iSECPartners/publications/raw/master/reports/Tor%20Browser%20Bundle/Tor%20Browser%20Bundle%20-%20iSEC%20Deliverable%201.3.pdf#16
// user_pref("svg.disabled", true);
// -------------------------------------
// Pref : Enable FF Process Priority Manager
// https://bugzilla.mozilla.org/show_bug.cgi?id=1548364
user_pref("dom.ipc.processPriorityManager.enabled", true); // [DESKTOP] // [TEST]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Web Workers
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable service workers
// Service workers essentially act as proxy servers that sit between web apps, and the browser and network, are event driven, and can control the web page/site it is associated with, intercepting and modifying navigation and resource requests, and caching resources.
// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode.
// [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access.
user_pref("dom.serviceWorkers.enabled", false);
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Disable push service
// The upstream autopush endpoint must have the Google API key corresponding to the App's sender ID; we bake this assumption directly into the URL.
user_pref("dom.push.enabled", false);
user_pref("dom.push.serverURL", "");
// -------------------------------------
// Pref : Disable web notifications
// https://developer.mozilla.org/docs/Web/API/Notifications_API
2019-05-10 20:50:17 +00:00
user_pref("notification.feature.enabled", false); // [FENNEC]
user_pref("dom.webnotifications.enabled", false);
user_pref("dom.webnotifications.serviceworker.enabled", false);
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Prevent tooltips from showing up
user_pref("browser.chrome.toolbar_tips", false);
// -------------------------------------
// Pref : Disable push notifications
// Web apps can receive messages pushed to them from a server, whether or not the web app is in the foreground, or even currently loaded
// https://developer.mozilla.org/docs/Web/API/Push_API
user_pref("dom.push.alwaysConnect", false);
user_pref("dom.push.debug", false);
user_pref("dom.push.connection.enabled", false);
user_pref("dom.push.userAgentID", "");
user_pref("dom.push.udp.wakeupEnabled", false); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable hiding mime types not associated with a plugin
user_pref("browser.download.hide_plugins_without_extensions", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : DOM (Document Object Model) & Javascript
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable right-click menu manipulation via JavaScript
user_pref("dom.event.contextmenu.enabled", false);
// -------------------------------------
// Pref : Disable website access to clipboard events/content
// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...)
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
user_pref("dom.event.clipboardevents.enabled", false);
// -------------------------------------
// Pref : Disable "Confirm you want to leave" dialog on page close
// Does not prevent JS leaks of the page close event.
// https://developer.mozilla.org/docs/Web/Events/beforeunload
// https://support.mozilla.org/questions/1043508
user_pref("dom.disable_beforeunload", true);
// -------------------------------------
// Pref : Disable shaking the screen (Vibrator API)
user_pref("dom.vibrator.enabled", false);
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Disable clipboard commands (cut/copy) from "non-privileged" content
// This disable document.execCommand("cut"/"copy") to protect your clipboard
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// https://bugzilla.mozilla.org/1170911
// user_pref("dom.allow_cut_copy", false);
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Disable asm.js
// http://asmjs.org/
// https://www.mozilla.org/security/advisories/mfsa2015-29/
// https://www.mozilla.org/security/advisories/mfsa2015-50/
// https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375
// https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400
// https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
user_pref("javascript.options.asmjs", false);
// -------------------------------------
// Pref : Disable Ion, baseline JIT and RegExp to help harden JS against exploits
// If false, causes the odd site issue and there is also a performance loss
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
// https://trac.torproject.org/projects/tor/ticket/26019
user_pref("javascript.options.ion", false); // [DESKTOP - BUG] Navigation issues
// user_pref("javascript.options.baselinejit", false); // [BUG] Addons issues
user_pref("javascript.options.native_regexp", false);
// -------------------------------------
// Pref : Disable WebAssembly
// https://webassembly.org/
// https://developer.mozilla.org/docs/WebAssembly
// https://en.wikipedia.org/wiki/WebAssembly
// https://trac.torproject.org/projects/tor/ticket/21549
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
user_pref("javascript.options.wasm", false);
// -------------------------------------
// Pref : Disable Intersection Observer API
// Almost a year to complete, three versions late to stable (as default false), number #1 cause of crashes in nightly numerous times, and is (primarily) an ad network API for "ad viewability checks" down to a pixel level
// https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API
// https://w3c.github.io/IntersectionObserver/
// https://bugzilla.mozilla.org/1243846
user_pref("dom.IntersectionObserver.enabled", false);
// -------------------------------------
// Pref : Disable Shared Memory (Spectre mitigation)
// https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
// https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
user_pref("javascript.options.shared_memory", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Enable (limited but sufficient) window.opener protection
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Don't reveal build ID
// Value taken from Tor Browser
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
user_pref("general.buildID.override", "20100101");
user_pref("browser.startup.homepage_override.buildID", "20190307050101");
user_pref("media.gmp-manager.buildID", "20190307050101"); // [DESKTOP]
user_pref("extensions.lastAppBuildId", "20190307050101");
user_pref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable raw TCP socket support (mozTCPSocket)
// https://trac.torproject.org/projects/tor/ticket/18863
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
user_pref("dom.mozTCPSocket.enabled", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Media / Camera / Mic
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server. (May leak IP when using proxy/VPN)
user_pref("media.peerconnection.enabled", false);
// -------------------------------------
// Pref : Limit WebRTC IP leaks if using WebRTC
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416
// https://wiki.mozilla.org/Media/WebRTC/Privacy
user_pref("media.peerconnection.ice.default_address_only", true);
user_pref("media.peerconnection.ice.no_host", true);
user_pref("media.peerconnection.use_document_iceservers", false);
user_pref("media.peerconnection.identity.enabled", false);
user_pref("media.peerconnection.turn.disable", true);
user_pref("media.peerconnection.ice.tcp", false);
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("media.peerconnection.video.enabled", false);
2019-05-10 20:50:17 +00:00
// user_pref("media.peerconnection.identity.timeout", 0);
// -------------------------------------
// Pref : Disable WebGL I/II
// [WARNING] WebGL introduce high fingerprinting... (webgl is direct hardware js)
user_pref("webgl.disabled", true);
user_pref("webgl.enable-webgl2", false);
user_pref("webgl.min_capability_mode", true);
user_pref("pdfjs.enableWebGL", false);
user_pref("webgl.disable-extensions", true); // [DEFAULT: false]
user_pref("webgl.disable-wgl", true); // [DEFAULT: false]
user_pref("webgl.disable-fail-if-major-performance-caveat", true);
user_pref("webgl.can-lose-context-in-foreground", false); // [DEFAULT: true]
user_pref("webgl.force-enabled", false);
user_pref("webgl.vendor-string-override", " ");
user_pref("webgl.renderer-string-override", " ");
user_pref("webgl.all-angle-options", false);
user_pref("webgl.allow-immediate-queries", false);
user_pref("webgl.default-antialias", false);
user_pref("webgl.enable-surface-texture", false);
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Disable screensharing and audiocapture
user_pref("media.getusermedia.screensharing.enabled", false); // [DESKTOP]
user_pref("media.getusermedia.browser.enabled", false);
user_pref("media.getusermedia.audiocapture.enabled", false);
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Disable camera support
user_pref("device.camera.enabled", false); // [DEFAULT: true] // [FENNEC]
user_pref("media.realtime_decoder.enabled", false); // [DEFAULT: true] // [FENNEC]
// -------------------------------------
// Pref : Disable canvas capture stream
// https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream
user_pref("canvas.capturestream.enabled", false);
// -------------------------------------
// Pref : Disable camera image capture
// https://trac.torproject.org/projects/tor/ticket/16339
user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable offscreen canvas
// https://developer.mozilla.org/docs/Web/API/OffscreenCanvas
user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable autoplay of HTML5 media
// 0=Allow Audio and Video, 1=Block Audio, 5=Block Audio and Video
// [NOTE] You can set exceptions under site permissions
user_pref("media.autoplay.default", 5);
user_pref("media.autoplay.allow-muted", false);
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("media.autoplay.block-event.enabled", true); // [DEFAULT: false]
user_pref("media.autoplay.block-webaudio", true); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable autoplay of HTML5 media if you interacted with the site
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("media.autoplay.enabled.user-gestures-needed", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable autoplay of HTML5 media in non-active tabs
// https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Location Bar / Search Bar / Suggestions / History / Forms
// >>>>>>>>>>>>>>>>>>>>
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Do not submit invalid URIs entered in the address bar to the default search engine
// http://kb.mozillazine.org/Keyword.enabled
user_pref("keyword.enabled", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar
// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
user_pref("browser.fixup.alternate.enabled", false);
// -------------------------------------
// Pref : Don't trim HTTP off of URLs in the address bar
// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
user_pref("browser.urlbar.trimURLs", false);
// -------------------------------------
// Pref : Limit history leaks via enumeration (PER TAB: back/forward)
// This is a PER TAB session history. You still have a full history stored under all history
// Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
user_pref("browser.sessionhistory.max_entries", 20); // [DEFAULT: 50]
// -------------------------------------
// Pref : Disable CSS querying page history - CSS history leak
// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances'
// [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use)
// https://dbaron.org/mozilla/visited-privacy
// https://bugzilla.mozilla.org/147777
// https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
user_pref("layout.css.visited_links_enabled", false);
// -------------------------------------
// Pref : Disable search suggestions in the search bar
// http://kb.mozillazine.org/Browser.search.suggest.enabled
user_pref("browser.search.suggest.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable "Show search suggestions in location bar results"
user_pref("browser.urlbar.suggest.searches", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable information entered in web page forms and the search bar
// [NOTE] You can clear formdata on exiting Firefox
user_pref("browser.formfill.enable", false);
// -------------------------------------
// Pref : Disable date/time picker
// [WARNING] This can leak your locale if not en-US
// https://trac.torproject.org/projects/tor/ticket/21787
// https://bugzilla.mozilla.org/show_bug.cgi?id=1287503
// user_pref("dom.forms.datetime", false);
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Windows jumplist
user_pref("browser.taskbar.lists.enabled", false); // [WINDOWS] // [DESKTOP]
user_pref("browser.taskbar.lists.frequent.enabled", false); // [WINDOWS] // [DESKTOP]
user_pref("browser.taskbar.lists.recent.enabled", false); // [WINDOWS] // [DESKTOP]
user_pref("browser.taskbar.lists.tasks.enabled", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable Windows taskbar preview
user_pref("browser.taskbar.previews.enable", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable UITour backend so there is no chance that a remote page can use it
user_pref("browser.uitour.enabled", false); // [DESKTOP]
user_pref("browser.uitour.url", ""); // [DESKTOP]
user_pref("browser.uitour.themeOrigin", ""); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable location bar making speculative connections
// https://bugzilla.mozilla.org/1348275
user_pref("browser.urlbar.speculativeConnect.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable location bar suggesting "preloaded" top websites
// https://bugzilla.mozilla.org/1211726
user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox Tips / Search suggestions
user_pref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // [DESKTOP]
user_pref("browser.urlbar.searchSuggestionsChoice", false); // [DESKTOP]
user_pref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // [DESKTOP]
// -------------------------------------
// Pref : Disable history/bookmarks/opened pages suggestions dropdown from URL bar
// [NOTE] This does not cause privacy/leaking issue
user_pref("browser.urlbar.suggest.history", false); // [DESKTOP]
user_pref("browser.urlbar.suggest.bookmark", false); // [DESKTOP]
user_pref("browser.urlbar.suggest.openpage", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable browsing and download history
// user_pref("places.history.enabled", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Security
// >>>>>>>>>>>>>>>>>>>>
// Pref : Blocking GD Parking Scam Site
2019-05-10 20:50:17 +00:00
user_pref("network.dns.localDomains", "");
// -------------------------------------
// Pref : Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla)
// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
user_pref("network.stricttransportsecurity.preloadlist", true);
// -------------------------------------
// Pref : Disable insecure TLS version fallback
// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
user_pref("security.tls.version.fallback-limit", 3);
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Enable OCSP Must-Staple support
// https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/
// https://www.entrust.com/ocsp-must-staple/
// https://github.com/schomery/privacy-settings/issues/40
// [NOTE] Firefox falls back on plain OCSP when must-staple is not configured on the host certificate
user_pref("security.ssl.enable_ocsp_must_staple", true);
2019-05-10 20:50:17 +00:00
// -------------------------------------
// Pref : Control remote debugging
user_pref("devtools.remote.usb.enabled", false); // [DEFAULT: false]
user_pref("devtools.remote.wifi.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable dump function
// True if you always want dump() to work
// On Android, you also need to do the following for the output to show up in logcat:
// $ adb shell stop
// $ adb shell setprop log.redirect-stdio true
// $ adb shell start
user_pref("browser.dom.window.dump.enabled", false); // [DEFAULT: true]
user_pref("devtools.console.stdout.chrome", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable number linkification
user_pref("browser.ui.linkify.phone", false); // [DEFAULT: false] // [FENNEC]
// -------------------------------------
// Pref : Controls which bits of private data to clear.
user_pref("privacy.item.cache", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.cookies", true); // [DEFAULT: true]
user_pref("privacy.item.offlineApps", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.history", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.searchHistory", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.formdata", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.downloads", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.passwords", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.sessions", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.geolocation", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.siteSettings", true); // [DEFAULT: true] // [FENNEC]
user_pref("privacy.item.syncAccount", true); // [DEFAULT: true] // [FENNEC]
// -------------------------------------
// Pref : Disable tab hiding API by default
user_pref("extensions.webextensions.tabhide.enabled", false); // [DEFAULT: true] // [DESKTOP]
// -------------------------------------
// Pref : WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server. (May leak IP when using proxy/VPN)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1091016
user_pref("network.websocket.enabled", false); // [HIDDEN PREF] // [DEPRECATED] // [DESKTOP]
// -------------------------------------
// Pref : Block new requests asking to access your hardware components
// This will prevent any websites not listed in a specific list from requesting permission to access your components
user_pref("permissions.default.geo", 2); // [DESKTOP]
user_pref("permissions.default.camera", 2); // [DESKTOP]
user_pref("permissions.default.microphone", 2); // [DESKTOP]
user_pref("permissions.default.desktop-notification", 2); // [DESKTOP]
// -------------------------------------
// Pref : Disable the Enterprise Roots preference
// https://support.mozilla.org/en-US/kb/how-disable-enterprise-roots-preference
user_pref("security.enterprise_roots.enabled", false);
user_pref("security.certerrors.mitm.auto_enable_enterprise_roots", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable access to navigator.mediaDevices features on HTTP web pages
// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/mediaDevices
user_pref("media.devices.insecure.enabled", false);
// -------------------------------------
// Pref : Disable FF Remote Agent
// https://dxr.mozilla.org/mozilla-central/source/remote/README
// https://dxr.mozilla.org/mozilla-central/source/remote/doc/Prefs.md
user_pref("remote.enabled", false); // [DESKTOP]
user_pref("remote.force-local", true); // [DESKTOP]
user_pref("remote.log.level", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable security bypass buttons
// Prevent the user from bypassing security in certain cases.
// "security.certerror.hideAddException" prevents adding an exception when an invalid certificate is shown.
// "browser.safebrowsing.allowOverride" prevents selecting "ignore the risk" and visiting a harmful site anyway.
user_pref("browser.safebrowsing.allowOverride", false); // [DESKTOP]
user_pref("security.certerror.hideAddException", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable safe mode
// In case of a crash, we don't want to prompt for a safe-mode browser that has extensions disabled.
// https://support.mozilla.org/en-US/questions/951221#answer-410562
user_pref("toolkit.startup.max_resumed_crashes", -1); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Block Implicit Outbound
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable prefetching of <link rel="next"> URLs
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it.
// http://kb.mozillazine.org/Network.prefetch-next
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
user_pref("network.prefetch-next", false);
// -------------------------------------
// Pref : Disable DNS prefetching
// http://kb.mozillazine.org/Network.dns.disablePrefetch
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
user_pref("network.dns.disablePrefetch", true);
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF]
// -------------------------------------
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
// http://kb.mozillazine.org/Browser.send_pings
user_pref("browser.send_pings", false);
// -------------------------------------
// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
// http://kb.mozillazine.org/Browser.send_pings.require_same_host
user_pref("browser.send_pings.require_same_host", true);
// -------------------------------------
2019-05-10 20:50:17 +00:00
// Pref : Disable speculative pre-connections
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
user_pref("network.http.speculative-parallel-limit", 0);
// -------------------------------------
// Pref : Disable predictor / prefetching
// Network predicator load pages before they are opened with mose hover for example
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enable-prefetch", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable IPv6
// If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
user_pref("network.dns.disableIPv6", true);
// -------------------------------------
// Pref : Disable HTTP2 (which was based on SPDY which is now deprecated)
// HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance privacy, and in fact opens up a number of server-side fingerprinting opportunities.
// [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
// https://http2.github.io/faq/
// https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html
// https://queue.acm.org/detail.cfm?id=2716278
// https://github.com/ghacksuserjs/ghacks-user.js/issues/107
// user_pref("network.http.spdy.enabled", false);
// user_pref("network.http.spdy.enabled.deps", false);
// user_pref("network.http.spdy.enabled.http2", false);
// user_pref("network.http.spdy.websockets", false);
// -------------------------------------
// Pref : Enforce the proxy server to do any DNS lookups when using SOCKS
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request
// http://kb.mozillazine.org/Network.proxy.socks_remote_dns
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
user_pref("network.proxy.socks_remote_dns", true);
// -------------------------------------
// Pref : Remove paths when sending URLs to PAC scripts
// https://bugzilla.mozilla.org/1255474
user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable (or setup) DNS-over-HTTPS (DoH)
// TRR = Trusted Recursive Resolver
// .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
// [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
// [BUG] This seem to disable socks_remote_dns ?! need to check with wireshark
// If true, just settings urls to null should be enough to disable without impacting socks_remote_dns.
// https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
// https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
user_pref("network.trr.mode", 0);
user_pref("network.trr.bootstrapAddress", "");
user_pref("network.trr.uri", "");
user_pref("network.trr.resolvers", "[]");
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Enable Subresource Integrity
// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
// https://wiki.mozilla.org/Security/Subresource_Integrity
user_pref("security.sri.enable", true); // [DEFAULT: true]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable using UNC (Uniform Naming Convention) paths
// https://trac.torproject.org/projects/tor/ticket/26424
user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Disable HTTP Alternative Services
// https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881
// https://www.mnot.net/blog/2016/03/09/alt-svc
user_pref("network.http.altsvc.enabled", false); // [DESKTOP]
user_pref("network.http.altsvc.oe", false); // [DESKTOP]
// -------------------------------------
// Pref : Disallow NTLMv1
// https://bugzilla.mozilla.org/show_bug.cgi?id=828183
user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
// It is still allowed through HTTPS. uncomment the following to disable it completely.
// user_pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack)
// [SETUP-WEB] <2% of secure sites do NOT support the newer "secure" renegotiation
// https://wiki.mozilla.org/Security:Renegotiation
// https://www.ssllabs.com/ssl-pulse/
user_pref("security.ssl.require_safe_negotiation", true);
// -------------------------------------
// Pref : Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
// http://kb.mozillazine.org/Security.tls.version.*
// https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
// archived: https://archive.is/hY2Mm
user_pref("security.tls.version.min", 3);
user_pref("security.tls.version.max", 4);
// -------------------------------------
// Pref : Disable SSL Error Reporting
// https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html
user_pref("security.ssl.errorReporting.enabled", false);
user_pref("security.ssl.errorReporting.automatic", false);
user_pref("security.ssl.errorReporting.url", "");
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Disable SSL session tracking
// SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking
// https://tools.ietf.org/html/rfc5077
// https://bugzilla.mozilla.org/967977
// https://arxiv.org/abs/1810.07304
user_pref("security.ssl.disable_session_identifiers", true); // [DEFAULT: true] // [HIDDEN PREF]
// -------------------------------------
// Pref : Disable TLS1.3 0-RTT (round-trip time)
// https://github.com/tlswg/tls13-spec/issues/1001
// https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/
user_pref("security.tls.enable_0rtt_data", false);
// -------------------------------------
// Pref : Require a valid OCSP response for OCSP enabled certificates
// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA
// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses
// [NOTE] `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable
// [NOTE] `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal)
user_pref("security.OCSP.require", true);
// -------------------------------------
// Pref : Enable OSCP (Online Certificate Status Protocol)
// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
// https://www.imperialviolet.org/2014/04/19/revchecking.html
// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/
// https://wiki.mozilla.org/CA:RevocationPlan
// https://wiki.mozilla.org/CA:ImprovingRevocation
// https://wiki.mozilla.org/CA:OCSP-HardFail
// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html
// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html
// [NOTE] OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host
// [NOTE] OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder
// [NOTE] OCSP adds latency (performance)
// [NOTE] Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10)
user_pref("security.OCSP.enabled", 0);
// -------------------------------------
// Pref : Enable OCSP Stapling support
// Stapling have the site itself proof that his certificate is good through the CA so apparently nothing is leaked in this case.
// https://en.wikipedia.org/wiki/OCSP_stapling
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
user_pref("security.ssl.enable_ocsp_stapling", true);
// -------------------------------------
// Pref : Disallow SHA-1
// 0=all SHA1 certs are allowed
// 1=all SHA1 certs are blocked
// 2=deprecated option that now maps to 1
// 3=only allowed for locally-added roots (e.g. anti-virus)
// 4=only allowed for locally-added roots or for certs in 2015 and earlier
// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
// https://shattered.io/
user_pref("security.pki.sha1_enforcement_level", 1);
// -------------------------------------
// Pref : Disable Windows 8.1's Microsoft Family Safety cert
// 0=disable detecting Family Safety mode and importing the root
// 1=only attempt to detect Family Safety mode (don't import the root)
// 2=detect Family Safety mode and import the root
// https://trac.torproject.org/projects/tor/ticket/21686
user_pref("security.family_safety.mode", 0);
// -------------------------------------
// Pref : Enfore Public Key Pinning
// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
// 2= strict (pinning is always enforced)
user_pref("security.cert_pinning.enforcement_level", 2);
// -------------------------------------
// Pref : Disable insecure active content on https pages
// https://trac.torproject.org/projects/tor/ticket/21323
user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable insecure passive content (such as images) on https pages
user_pref("security.mixed_content.upgrade_display_content", true);
user_pref("security.mixed_content.block_display_content", true);
// -------------------------------------
// Pref : Block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks
// https://bugzilla.mozilla.org/1190623
user_pref("security.mixed_content.block_object_subrequest", true);
// -------------------------------------
// Pref : Disable 3DES (effective key size < 128)
// https://en.wikipedia.org/wiki/3des#Security
// http://en.citizendium.org/wiki/Meet-in-the-middle_attack
// https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
user_pref("security.ssl3.rsa_des_ede3_sha", false);
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("security.ssl3.dhe_dss_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.rsa_fips_des_ede3_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable 40/56/128-bit ciphers
user_pref("security.ssl3.rsa_rc4_40_md5", false); // 40-bit // [DESKTOP]
user_pref("security.ssl3.rsa_rc2_40_md5", false); // 40-bit // [DESKTOP]
user_pref("security.ssl3.rsa_1024_rc4_56_sha", false); // 56-bit // [DESKTOP]
user_pref("security.ssl3.rsa_camellia_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // 128-bit
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // 128-bit
user_pref("security.ssl3.ecdh_rsa_aes_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_camellia_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // 128-bit // [DESKTOP]
// -------------------------------------
// Pref : Disable 256 bits ciphers without PFS
user_pref("security.ssl3.rsa_camellia_256_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable SEED cipher
// https://en.wikipedia.org/wiki/SEED
user_pref("security.ssl3.rsa_seed_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable null ciphers
user_pref("security.ssl3.rsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.rsa_null_md5", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_ecdsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_rsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_null_sha", false); // [DESKTOP]
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Enable GCM ciphers (TLSv1.2 only)
// https://en.wikipedia.org/wiki/Galois/Counter_Mode
user_pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable ciphers with ECDHE and key size > 128bits
user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable ChaCha20 and Poly1305
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
// https://tools.ietf.org/html/rfc7905
// https://bugzilla.mozilla.org/show_bug.cgi?id=917571
// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860
// https://cr.yp.to/chacha.html
user_pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
user_pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
// -------------------------------------
// Pref : Fallbacks due compatibility reasons
user_pref("security.ssl3.rsa_aes_128_sha", true);
user_pref("security.ssl3.rsa_aes_256_sha", true);
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Disable ciphers with DSA (max 1024 bits)
user_pref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_dss_aes_256_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_dss_camellia_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_dss_camellia_256_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable ciphers susceptible to the logjam attack
// https://weakdh.org/
user_pref("security.ssl3.dhe_rsa_camellia_256_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable ciphers with ECDH (non-ephemeral)
user_pref("security.ssl3.ecdh_rsa_aes_256_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable RC4
// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
// https://rc4.io/
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
user_pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_rsa_rc4_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.rsa_rc4_128_md5", false); // [DESKTOP]
user_pref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
// -------------------------------------
// Pref : Control "Add Security Exception" dialog on SSL warnings
// 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
// http://kb.mozillazine.org/Browser.ssl_override_behavior
// https://github.com/pyllyukko/user.js/issues/210
user_pref("browser.ssl_override_behavior", 1);
// -------------------------------------
// Pref : Display advanced information on Insecure Connection warning pages (only works when it's possible to add an exception), i.e. it doesn't work for HSTS discrepancies
// https://subdomain.preloaded-hsts.badssl.com/
// [TEST] https://expired.badssl.com/
user_pref("browser.xul.error_pages.expert_bad_cert", true);
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Disable GIO as a potential proxy bypass vector
// Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far.
// https://bugzilla.mozilla.org/1433507
// https://trac.torproject.org/23044
// https://en.wikipedia.org/wiki/GVfs
// https://en.wikipedia.org/wiki/GIO_(software)
user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : User Settings
// >>>>>>>>>>>>>>>>>>>>
// Pref : Set long press behaviour on "+ Tab" button to display container menu
// 0=disabled long press, 1=when clicked, the menu is shown
// 2=the menu is shown after X milliseconds
// [NOTE] The menu does not contain a non-container tab option
// https://bugzilla.mozilla.org/1328756
user_pref("privacy.userContext.longPressBehavior", 2);
// -------------------------------------
// Pref : Enable Container Tabs setting in preferences
// https://bugzilla.mozilla.org/1279029
user_pref("privacy.userContext.ui.enabled", true);
// -------------------------------------
// Pref : Enable Container Tabs
user_pref("privacy.userContext.enabled", true);
// -------------------------------------
// Pref : Enable a private container for thumbnail loads
user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable First Party Isolation
// [SETUP-WEB] May break cross-domain logins and site functionality until perfected
// https://bugzilla.mozilla.org/1260931
// Enabled via addons
user_pref("privacy.firstparty.isolate", true);
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Passwords
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable about:logins (Firefox Lockwise)
// https://lockwise.firefox.com/
// https://support.mozilla.org/en-US/kb/firefox-lockwise-managing-account-data
user_pref("signon.management.page.enabled", false); // [DESKTOP]
user_pref("signon.management.page.faqURL", ""); // [DESKTOP]
user_pref("signon.management.page.feedbackURL", ""); // [DESKTOP]
// Pref : Disable autofilling saved passwords on HTTP pages and show warning
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119
user_pref("signon.autofillForms.http", false);
user_pref("security.insecure_field_warning.contextual.enabled", true);
// -------------------------------------
// Pref : Disable password manager
// [NOTE] This does not clear any passwords already saved
user_pref("signon.rememberSignons", false);
user_pref("signon.rememberSignons.visibilityToggle", false);
user_pref("signon.schemeUpgrades", false);
user_pref("signon.showAutoCompleteFooter", false);
user_pref("signon.autologin.proxy", false);
user_pref("signon.privateBrowsingCapture.enabled", false);
2019-05-10 20:50:17 +00:00
user_pref("signon.debug", false);
// -------------------------------------
// Pref : Disable Firefox import password from signons.sqlite file
// https://support.mozilla.org/en-US/questions/1020818
user_pref("signon.importedFromSqlite", false);
user_pref("signon.recipes.path", "");
// -------------------------------------
// Pref : Set how often Firefox should ask for the master password
// 0=the first time (default), 1=every time it's needed, 2=every n minutes
user_pref("security.ask_for_password", 2);
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Set how often in minutes Firefox should ask for the master password
user_pref("security.password_lifetime", 1); // [DEFAULT: 30]
// -------------------------------------
// Pref : Disable auto-filling username & password form fields
// Can leak in cross-site forms AND be spoofed.
// [NOTE] Password will still be auto-filled after a user name is manually entered
// http://kb.mozillazine.org/Signon.autofillForms
user_pref("signon.autofillForms", false);
user_pref("signon.autofillForms.autocompleteOff", true);
// -------------------------------------
// Pref : Disable websites autocomplete
// Don't let sites dictate use of saved logins and passwords.
user_pref("signon.storeWhenAutocompleteOff", false);
// -------------------------------------
// Pref : Disable formless login capture
// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
user_pref("signon.formlessCapture.enabled", false);
// -------------------------------------
// Pref : Limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources
// Hardens against potential credentials phishing
// 0=don't allow sub-resources to open HTTP authentication credentials dialogs
// 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
// 2=allow sub-resources to open HTTP authentication credentials dialogs (default)
// https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/
user_pref("network.auth.subresource-http-auth-allow", 1);
// -------------------------------------
// Pref : Prevent cross-origin images from triggering an HTTP-Authentication prompt
// https://bugzilla.mozilla.org/1357835
user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // [DEPRECATED] // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox built-in password generator
// https://wiki.mozilla.org/Toolkit:Password_Manager/Password_Generation
// [NOTE] Best still create passwords with random characters and numbers in sequence by yourself
user_pref("signon.generation.available", false);
user_pref("signon.generation.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Window Meddling & Leaks / Popups
// >>>>>>>>>>>>>>>>>>>>
// Pref : Prevent websites from disabling new window features
// http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features
user_pref("dom.disable_window_open_feature.close", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.menubar", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.minimizable", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.personalbar", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true]
user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true]
user_pref("dom.disable_window_open_feature.titlebar", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.toolbar", true); // [DEFAULT: false]
// -------------------------------------
// Pref : Prevent scripts from moving and resizing open windows
user_pref("dom.disable_window_move_resize", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Open links targeting new windows in a new tab instead
// This stops malicious window sizes and some screen resolution leaks.
// You can still right-click a link and open in a new window.
// [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
// https://trac.torproject.org/projects/tor/ticket/9881
user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
user_pref("browser.link.open_newwindow.restriction", 0); // [DEFAULT: 0]
// -------------------------------------
// Pref : Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
// [NOTE] You can still manually toggle the browser's fullscreen state, but this pref will disable embedded video fullscreen controls, e.g. youtube
// [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen
// user_pref("full-screen-api.enabled", false);
// -------------------------------------
// Pref : Block popup windows
user_pref("dom.disable_open_during_load", true); // [DEFAULT: true]
2019-05-10 20:50:17 +00:00
user_pref("privacy.popups.showBrowserMessage", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Set max popups from a single non-click event
// [NOTE] Non-click events should never spawn a popup?
// http://kb.mozillazine.org/Dom.popup_maximum
user_pref("dom.popup_maximum", 0); // [DEFAULT: 20]
// -------------------------------------
// Pref : Limit events that can cause a popup
// http://kb.mozillazine.org/Dom.popup_allowed_events
user_pref("dom.popup_allowed_events", "click dblclick"); // [DEFAULT: "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend"]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Cache / Session (Re)Store / Favicons
// >>>>>>>>>>>>>>>>>>>>
// [INTRO] ETAG and other cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk and memory cache. ETAGs can also be neutralized by modifying response headers. Another solution is to use a hardened configuration with Temporary Containers. Alternatively, you can *LIMIT* exposure by clearing cache on close. Or on a regular basis manually or with an extension.
// https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags
// https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/
// https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache
// https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor
// https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21
// -------------------------------------
// Pref : Disable disk cache
user_pref("browser.cache.disk.enable", false);
user_pref("browser.cache.disk.smart_size.enabled", false);
user_pref("browser.cache.disk.smart_size.first_run", false);
// -------------------------------------
// Pref : Disable disk cache for SSL pages
// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
user_pref("browser.cache.disk_cache_ssl", false);
// -------------------------------------
// Pref : Disable memory cache
// [NOTE] Not recommended due to performance issues
// user_pref("browser.cache.memory.enable", false);
// user_pref("browser.cache.memory.capacity", 0);
// -------------------------------------
// Pref : Disable fastback cache
// To improve performance when pressing back/forward Firefox stores visited pages so they don't have to be re-parsed. This is not the same as memory cache.
// 0=none, -1=auto (that's minus 1).
// [WARNING] Not recommended unless you know what you're doing
// http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers
// user_pref("browser.sessionhistory.max_total_viewers", 0);
// -------------------------------------
// Pref : Exclude "Undo Closed Tabs" in Session Restore
user_pref("browser.sessionstore.max_tabs_undo", 0);
// -------------------------------------
// Pref : Disable storing extra session data
// Extra session data contains contents of forms, scrollbar positions, cookies and POST data
// Define on which sites to save extra session data:
// 0=everywhere, 1=unencrypted sites, 2=nowhere
user_pref("browser.sessionstore.privacy_level", 2);
// -------------------------------------
// Pref : Disable resuming session from crash
// user_pref("browser.sessionstore.resume_from_crash", false);
// -------------------------------------
// Pref : Set the minimum interval between session save operations
// Increasing this can help on older machines and some websites, as well as reducing writes. Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc.
// This can also affect entries in the "Recently Closed Tabs" feature: i.e. the longer the interval the more chance a quick tab open/close won't be captured.
// This longer interval *may* affect history but we cannot replicate any history not recorded
// https://bugzilla.mozilla.org/1304389
// user_pref("browser.sessionstore.interval", 30000);
// -------------------------------------
// Pref : Disable favicons in web notifications
user_pref("alerts.showFavicons", false);
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Delete Search and Form History
user_pref("browser.formfill.expire_days", 0);
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable favicons in shortcuts
// URL shortcuts use a cached randomly named .ico file which is stored in your profile/shortcutCache directory. The .ico remains after the shortcut is deleted.
// false=shortcuts use a generic Firefox icon
user_pref("browser.shell.shortcutFavicons", false); // [DESKTOP]
// -------------------------------------
// Pref : Display "insecure" icon and "Not Secure" text on HTTP sites
user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP]
user_pref("security.insecure_connection_text.enabled", true); // [DESKTOP]
user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [DESKTOP]
user_pref("security.insecure_connection_text.pbmode.enabled", true); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Enable insecure password warnings (login forms in non-HTTPS pages)
// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119
// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156
user_pref("security.insecure_password.ui.enabled", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable automatic Firefox start and session restore after reboot
// https://bugzilla.mozilla.org/603903
user_pref("toolkit.winRegisterApplicationRestart", false); // [WINDOWS] // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Geolocation
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable geolocation
user_pref("geo.enabled", false);
// -------------------------------------
// Pref : Disable GeoIP lookup on your address to set default search engine region
// https://trac.torproject.org/projects/tor/ticket/16254
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
user_pref("browser.search.region", "US");
user_pref("browser.search.geoip.url", "");
user_pref("browser.search.geoSpecificDefaults.url", "");
user_pref("browser.snippets.geoUrl", "");
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Set Accept-Language HTTP header
user_pref("intl.accept_languages", "en-US, en");
// -------------------------------------
// Pref : Use APP locale over OS locale in regional preferences
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789
user_pref("intl.regional_prefs.use_os_locales", false);
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Enforce US English locale regardless of the system locale
// https://bugzilla.mozilla.org/867501
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable using the OS's geolocation service
user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP]
user_pref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP]
user_pref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP]
user_pref("geo.wifi.uri", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable logging geolocation to the console
user_pref("geo.wifi.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Fonts
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable websites choosing fonts (0=block, 1=allow)
// This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector.
// [NOTE] Disabling fonts can uglify the web a fair bit.
// https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
user_pref("browser.display.use_document_fonts", 0);
// -------------------------------------
// Pref : Set more legible default fonts
user_pref("font.name.serif.x-unicode", "Georgia");
user_pref("font.name.serif.x-western", "Georgia"); // [DEFAULT: Times New Roman]
user_pref("font.name.sans-serif.x-unicode", "Arial");
user_pref("font.name.sans-serif.x-western", "Arial"); // [DEFAULT: Arial]
user_pref("font.name.monospace.x-unicode", "Lucida Console");
user_pref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courier New]
// -------------------------------------
// Pref : Disable icon fonts (glyphs) and local fallback rendering
// [NOTE] You can do this with uBlock Origin
// https://bugzilla.mozilla.org/789788
// https://trac.torproject.org/projects/tor/ticket/8455
// https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// user_pref("gfx.downloadable_fonts.enabled", false);
2019-05-10 20:50:17 +00:00
// user_pref("gfx.downloadable_fonts.fallback_delay", 0);
// -------------------------------------
// Pref : Disable CSS Font Loading API
// [NOTE] Disabling fonts can uglify the web a fair bit.
user_pref("layout.css.font-loading-api.enabled", false);
// -------------------------------------
// Pref : Disable special underline handling for a few fonts which you will probably never use
// http://kb.mozillazine.org/Font.blacklist.underline_offset
// https://github.com/ghacksuserjs/ghacks-user.js/issues/744
// user_pref("font.blacklist.underline_offset", "");
// -------------------------------------
// Pref : Disable graphite which turned back on by default
// https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
user_pref("gfx.font_rendering.graphite.enabled", false);
// -------------------------------------
// Pref : Limit system font exposure to a whitelist [RESTART]
// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. Eventually privacy.resistFingerprinting will cover this.
// https://bugzilla.mozilla.org/1121643
// user_pref("font.system.whitelist", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Plugins
// >>>>>>>>>>>>>>>>>>>>
2019-05-10 20:50:17 +00:00
// Pref : Disable plugins
user_pref("plugin.disable", true); // [DEFAULT: true] // [FENNEC]
user_pref("dom.ipc.plugins.enabled", false); // [DEFAULT: false] // [FENNEC]
user_pref("plugins.crash.supportUrl", ""); // [DESKTOP]
2019-05-10 20:50:17 +00:00
// -------------------------------------
// Pref : Set default plugin state (i.e. new plugins on discovery) to never activate
// 0=disabled, 1=ask to activate, 2=active - you can override individual plugins
user_pref("plugin.default.state", 0);
user_pref("plugin.defaultXpi.state", 0);
// -------------------------------------
// Pref : Disable scanning for plugins
user_pref("plugin.scan.plid.all", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable all GMP (Gecko Media Plugins)
user_pref("media.gmp-provider.enabled", false);
user_pref("media.gmp-manager.certs.1.issuerName", "");
user_pref("media.gmp-manager.certs.1.commonName", "");
user_pref("media.gmp-manager.certs.2.issuerName", "");
user_pref("media.gmp-manager.certs.2.commonName", "");
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("media.gmp-manager.url", "");
user_pref("media.gmp-manager.url.override", "");
user_pref("media.gmp-manager.updateEnabled", false); // [DESKTOP]
user_pref("media.gmp.trial-create.enabled", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable all DRM content (EME: Encryption Media Extension)
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
user_pref("media.eme.enabled", false);
// -------------------------------------
// Pref : Disable the OpenH264 Video Codec by Cisco to "Never Activate".
// This is the bundled codec used for video chat in WebRTC.
user_pref("media.gmp-gmpopenh264.enabled", false);
user_pref("media.gmp-gmpopenh264.autoupdate", false); // [DESKTOP]
user_pref("media.gmp-gmpopenh264.visible", false);
// -------------------------------------
// Pref : Disable widevine CDM (Content Decryption Module)
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("media.gmp-widevinecdm.enabled", false); // [DESKTOP]
user_pref("media.gmp-widevinecdm.visible", false); // [DESKTOP]
user_pref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true] // [FENNEC]
user_pref("media.gmp-widevinecdm.autoupdate", false); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Flash plugin
// 0=deactivated, 1=ask, 2=enabled
// [NOTE] You can still override individual sites via site permissions
// https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/
user_pref("plugin.state.flash", 0); // [DESKTOP]
// -------------------------------------
// Pref : Disable Gnome Shell Integration NPAPI plugin
user_pref("plugin.state.libgnome-shell-browser-plugin",0); // [DESKTOP]
// -------------------------------------
// Pref : Enable Auto Notification of Outdated Plugins
// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review
// https://hg.mozilla.org/mozilla-central/rev/304560
user_pref("plugins.update.notifyUser", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable Shumway (Mozilla Flash renderer)
// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway
user_pref("shumway.disabled", true); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Blocklists / Safe Browsing / Tracking Protection
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable add-on and certificate blocklists (OneCRL) from Mozilla
// https://wiki.mozilla.org/Security/Tracking_protection
// https://wiki.mozilla.org/Services/TrackingProtection/Shavar_Server_-_Testing
// https://wiki.mozilla.org/Security/Safe_Browsing
// https://wiki.mozilla.org/Blocklisting
// https://blocked.cdn.mozilla.net/
// http://kb.mozillazine.org/Extensions.blocklist.enabled
// http://kb.mozillazine.org/Extensions.blocklist.url
// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
user_pref("services.blocklist.update_enabled", false); // [DESKTOP]
user_pref("services.blocklist.plugins.signer", "");
user_pref("services.blocklist.plugins.collection", "");
user_pref("services.blocklist.pinning.signer", "");
user_pref("services.blocklist.pinning.enabled", false);
user_pref("services.blocklist.pinning.collection", "");
user_pref("services.blocklist.pinning.bucket", ""); // [DESKTOP]
user_pref("services.blocklist.onecrl.signer", "");
user_pref("services.blocklist.onecrl.collection", "");
user_pref("services.blocklist.gfx.signer", "");
user_pref("services.blocklist.gfx.collection", "");
user_pref("services.blocklist.bucket", "");
user_pref("services.blocklist.addons.signer", ""); // [DESKTOP]
user_pref("services.blocklist.addons.collection", "");
// user_pref("extensions.blocklist.level", 2); // [DEFAULT: 2]
user_pref("extensions.blocklist.lastModified", ""); // [DESKTOP]
user_pref("extensions.blocklist.itemURL", "");
user_pref("extensions.blocklist.enabled", false);
user_pref("extensions.blocklist.detailsURL", "");
user_pref("services.settings.security.onecrl.bucket", "");
user_pref("services.settings.security.onecrl.collection", "");
user_pref("services.settings.security.onecrl.signer", "");
user_pref("urlclassifier.blockedTable", "");
user_pref("urlclassifier.disallow_completions", "");
user_pref("urlclassifier.downloadAllowTable", "");
user_pref("urlclassifier.downloadBlockTable", "");
user_pref("urlclassifier.flashAllowExceptTable", "");
user_pref("urlclassifier.flashAllowTable", "");
user_pref("urlclassifier.flashExceptTable", "");
user_pref("urlclassifier.flashSubDocExceptTable", "");
user_pref("urlclassifier.flashSubDocTable", "");
user_pref("urlclassifier.flashTable", "");
user_pref("urlclassifier.malwareTable", "");
user_pref("urlclassifier.passwordAllowTable", "");
user_pref("urlclassifier.phishTable", "");
user_pref("urlclassifier.trackingAnnotationSkipURLs", ""); // [DESKTOP]
user_pref("urlclassifier.trackingAnnotationTable", ""); // [DESKTOP]
user_pref("urlclassifier.trackingAnnotationWhitelistTable", "");
user_pref("urlclassifier.trackingTable", "");
user_pref("urlclassifier.trackingWhitelistTable", "");
// -------------------------------------
// Pref : Decrease system information leakage to Mozilla blocklist update servers
// https://trac.torproject.org/projects/tor/ticket/16931
// https://www.reddit.com/r/firefox/comments/9v5lue/firefox_tip_sanitize_firefox_blocklist_url_so_it/
user_pref("extensions.blocklist.url", ""); // [URL SANITIZED: https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/]
// -------------------------------------
// Pref : Opt-out of add-on metadata updates
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false)
// -------------------------------------
// Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents)
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("browser.safebrowsing.enabled", false); // [DESKTOP]
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.debug", false);
2019-05-10 20:50:17 +00:00
user_pref("browser.safebrowsing.downloads.enabled", false); // [DEFAULT: false]
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
user_pref("browser.safebrowsing.id", "");
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.passwords.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.provider.google.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google.pver", "");
user_pref("browser.safebrowsing.provider.google.advisoryName", "");
user_pref("browser.safebrowsing.provider.google.gethashURL", "");
user_pref("browser.safebrowsing.provider.google.lastupdatetime", ""); // [DESKTOP]
user_pref("browser.safebrowsing.provider.google.lists", "");
user_pref("browser.safebrowsing.provider.google.nextupdatetime", ""); // [DESKTOP]
user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.provider.google.updateURL", "");
user_pref("browser.safebrowsing.provider.google4.advisoryName", "");
user_pref("browser.safebrowsing.provider.google4.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref("browser.safebrowsing.provider.google4.lastupdatetime", ""); // [DESKTOP]
user_pref("browser.safebrowsing.provider.google4.lists", "");
user_pref("browser.safebrowsing.provider.google4.nextupdatetime", ""); // [DESKTOP]
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.provider.google4.reportURL", "");
user_pref("browser.safebrowsing.provider.google4.updateURL", "");
user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
user_pref("browser.safebrowsing.provider.google4.pver", "");
user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
user_pref("browser.safebrowsing.provider.mozilla.lastupdatetime", ""); // [DESKTOP]
user_pref("browser.safebrowsing.provider.mozilla.lists", "");
user_pref("browser.safebrowsing.provider.mozilla.lists.base", "");
user_pref("browser.safebrowsing.provider.mozilla.lists.content", "");
user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "");
user_pref("browser.safebrowsing.provider.mozilla.pver", "");
user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");
user_pref("browser.safebrowsing.reportPhishURL", "");
2019-05-10 20:50:17 +00:00
// user_pref("browser.safebrowsing.downloads.remote.timeout_ms", 0);
// -------------------------------------
// Pref : Disable passive Tracking Protection
// Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list.
// [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows
// This is included for people who want to completely disable Tracking Protection.
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814
user_pref("privacy.trackingprotection.annotate_channels", false);
user_pref("privacy.trackingprotection.lower_network_priority", false);
// -------------------------------------
// Pref : Disable passive Tracking Protection in all windows
user_pref("privacy.trackingprotection.enabled", false);
user_pref("privacy.trackingprotection.pbmode.enabled", false);
user_pref("privacy.trackingprotection.introURL", ""); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable cryptomining trackingprotection
// [NOTE] uBlock is far superior and you can customize the lists as you wish
// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
// https://github.com/AdroitAdorKhan/EnergizedProtection
// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
// https://github.com/hoshsadiq/adblock-nocoin-list
user_pref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); // [DESKTOP]
user_pref("privacy.trackingprotection.cryptomining.annotate.enabled", false);
user_pref("privacy.trackingprotection.cryptomining.enabled", false);
user_pref("urlclassifier.features.cryptomining.blacklistTables", "");
user_pref("urlclassifier.features.cryptomining.whitelistTables", "");
// -------------------------------------
// Pref : Disable fingerprinting trackingprotection
// [NOTE] uBlock is far superior and you can customize the lists as you wish
// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
// https://github.com/AdroitAdorKhan/EnergizedProtection
// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
user_pref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); // [DESKTOP]
user_pref("privacy.trackingprotection.fingerprinting.annotate.enabled", false);
user_pref("privacy.trackingprotection.fingerprinting.enabled", false);
user_pref("urlclassifier.features.fingerprinting.blacklistTables", "");
user_pref("urlclassifier.features.fingerprinting.whitelistTables", "");
// -------------------------------------
// Pref : Disable social trackingprotection
// [NOTE] uBlock is far superior and you can customize the lists as you wish
// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
// https://github.com/AdroitAdorKhan/EnergizedProtection
// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
user_pref("privacy.trackingprotection.socialtracking.annotate.enabled", false);
user_pref("privacy.trackingprotection.socialtracking.enabled", false);
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Disable PingCentre telemetry (used in several System Add-ons)
// Currently blocked by 'datareporting.healthreport.uploadEnabled'
user_pref("browser.ping-centre.telemetry", false); // [DESKTOP]
user_pref("browser.ping-centre.production.endpoint", ""); // [DESKTOP]
user_pref("browser.ping-centre.staging.endpoint", ""); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : System add-ons / Experiments
// >>>>>>>>>>>>>>>>>>>>
2019-07-29 06:34:37 +00:00
// Pref : Sanitize System Add-on updates URL
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
// https://github.com/pyllyukko/user.js/issues/419
// https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.jsm#1248-1257
// [NOTE] Disabling system add-on updates prevents Mozilla from "hotfixing" your browser to patch critical problems (one possible use case from the documentation)
2019-07-29 06:34:37 +00:00
// user_pref("extensions.systemAddon.update.enabled", false); // [DESKTOP]
user_pref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Normandy/Shield
// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
// https://wiki.mozilla.org/Firefox/Shield
// https://github.com/mozilla/normandy
user_pref("app.normandy.enabled", false); // [DESKTOP]
user_pref("app.normandy.api_url", ""); // [DESKTOP]
user_pref("app.normandy.first_run", false); // [DESKTOP]
user_pref("app.normandy.shieldLearnMoreUrl", ""); // [DESKTOP]
user_pref("app.normandy.user_id", ""); // [DESKTOP]
user_pref("features.normandy-remote-settings.enabled", false); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable Form Autofill
// [NOTE] Stored data is NOT secure (uses a JSON file)
// [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
// https://wiki.mozilla.org/Firefox/Features/Form_Autofill
// https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/
user_pref("extensions.formautofill.addresses.enabled", false); // [DESKTOP]
user_pref("extensions.formautofill.available", "off"); // [DESKTOP]
user_pref("extensions.formautofill.creditCards.enabled", false); // [DESKTOP]
user_pref("extensions.formautofill.heuristics.enabled", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Persistent Storage
// >>>>>>>>>>>>>>>>>>>>
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Delete cookies and site data on close
// 0=keep until they expire (default), 2=keep until you close Firefox
// [NOTE] Use "Cookie AutoDelete" extension to manage your cookies
// https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
// user_pref("network.cookie.lifetimePolicy", 2);
// -------------------------------------
// Pref : Disable 3rd-party cookies and site-data
// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers
// [NOTE] Value 4 is tied to the Tracking Protection lists
// [NOTE] Can breaks payment gateways
user_pref("network.cookie.cookieBehavior", 1);
// -------------------------------------
// Pref : Set third-party cookies (i.e ALL) (if enabled) to session-only and set third-party non-secure (i.e HTTP) cookies to session-only
// [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
// http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly
user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true);
// -------------------------------------
// Pref : Disable HTTP sites setting cookies with the "secure" directive
// https://developer.mozilla.org/Firefox/Releases/52#HTTP
user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable support for same-site cookies
// https://bugzilla.mozilla.org/795346
// https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
// https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
user_pref("network.cookie.same-site.enabled", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable DOM (Document Object Model) Storage
// [WARNING] This will break a LOT of sites' functionality AND extensions!
// You are better off using an extension for more granular control
// user_pref("dom.storage.enabled", false);
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Disable IndexedDB
// https://developer.mozilla.org/en-US/docs/IndexedDB
// https://en.wikipedia.org/wiki/Indexed_Database_API
// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review
// http://forums.mozillazine.org/viewtopic.php?p=13842047
// https://github.com/pyllyukko/user.js/issues/8
// https://github.com/ghacksuserjs/ghacks-user.js/issues/80#issuecomment-294178018
// https://superuser.com/questions/1250944/how-can-this-website-reidentify-me-even-after-deleting-all-of-my-browsers-histo
// [NOTE] IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), and breaks almost every webpage so is left enabled
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// user_pref("dom.indexedDB.enabled", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Do not download URLs for the offline cache
// http://kb.mozillazine.org/Browser.cache.offline.enable
user_pref("browser.cache.offline.enable", false);
user_pref("browser.cache.offline.capacity", 0);
// -------------------------------------
// Pref : Disable offline cache on insecure sites
// https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/
user_pref("browser.cache.offline.insecure.enable", false);
// -------------------------------------
// Pref : Display a notification bar when websites offer data for offline use
// http://kb.mozillazine.org/Browser.offline-apps.notify
2019-05-10 20:50:17 +00:00
user_pref("browser.offline-apps.notify", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable service workers cache and cache storage
// https://w3c.github.io/ServiceWorker/#privacy
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// user_pref("dom.caches.enabled", false);
// -------------------------------------
// Pref : Disable Storage API
// The API gives sites the ability to find out how much space they can use, how much they are already using, and even control whether or not they need to be alerted before the user agent disposes of site data in order to make room for other things.
// https://developer.mozilla.org/docs/Web/API/StorageManager
// https://developer.mozilla.org/docs/Web/API/Storage_API
// https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/
user_pref("dom.storageManager.enabled", false);
// -------------------------------------
// Pref : Disable Storage Access API
// https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
user_pref("dom.storage_access.enabled", false);
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Enforce websites to ask to store data for offline use
// https://support.mozilla.org/questions/1098540
// https://bugzilla.mozilla.org/959985
user_pref("offline-apps.allow_by_default", false); // [DEFAULT: true]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable download history
user_pref("browser.download.manager.retention", 0); // [DESKTOP]
// -------------------------------------
// Pref : Enable Firefox to clear items on shutdown
user_pref("privacy.sanitize.sanitizeOnShutdown", true); // [DESKTOP]
// -------------------------------------
// Pref : Set what items to clear when Firefox closes
// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically
// [NOTE] Installing user.js will remove your browsing history, caches and local storage.
// [NOTE] Installing user.js **will remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27)
// [NOTE] Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945
// [NOTE] If 'history' is true, downloads will also be cleared regardless of the value
user_pref("privacy.clearOnShutdown.cache", true); // [DESKTOP]
user_pref("privacy.clearOnShutdown.cookies", false); // [DESKTOP]
user_pref("privacy.clearOnShutdown.downloads", true); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("privacy.clearOnShutdown.formdata", true); // [DESKTOP]
user_pref("privacy.clearOnShutdown.history", true); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
user_pref("privacy.clearOnShutdown.offlineApps", true); // [DESKTOP]
user_pref("privacy.clearOnShutdown.sessions", true); // [DESKTOP]
user_pref("privacy.clearOnShutdown.siteSettings", false); // [DESKTOP]
// user_pref("privacy.clearOnShutdown.openWindows", true); // [DESKTOP]
// -------------------------------------
// Pref : Reset default 'Time range to clear' for 'Clear Recent History'
// Firefox remembers your last choice. This will reset the value when you start Firefox.
// 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today, 5=last five minutes, 6=last twenty-four hours
// [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a blank value if they are used, but they do work as advertised
user_pref("privacy.sanitize.timeSpan", 0); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Headers / Referers
// >>>>>>>>>>>>>>>>>>>>
// Pref : Control when images/links send a referer
// 0=never, 1=send only when links are clicked, 2=for links and images (default)
user_pref("network.http.sendRefererHeader", 2);
// -------------------------------------
// Pref : Control the amount of information to send
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
user_pref("network.http.referer.trimmingPolicy", 2);
// -------------------------------------
// Pref : Control when to send a referer
// 0=always (default), 1=only if base domains match, 2=only if hosts match
user_pref("network.http.referer.XOriginPolicy", 2);
// -------------------------------------
// Pref : Control the amount of information to send
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
// -------------------------------------
// Pref : Send a referer header with the target URI as the source
// https://bugzilla.mozilla.org/show_bug.cgi?id=822869
// https://github.com/pyllyukko/user.js/issues/227
// https://github.com/pyllyukko/user.js/issues/94
// [NOTE] Spoofing referers breaks functionality on websites relying on authentic referer headers
// [NOTE] Spoofing referers breaks visualisation of 3rd-party sites on the Lightbeam addon
// [NOTE] Spoofing referers disable CSRF protection on some login pages not implementing origin-header/cookie+token based CSRF protection
user_pref("network.http.referer.spoofSource", true); // [DEFAULT: false]
// -------------------------------------
// Pref : Set the default Referrer Policy
// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
// [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
// https://www.w3.org/TR/referrer-policy/
// https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy
// https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/
user_pref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3]
user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
user_pref("network.http.referer.defaultPolicy.trackers", 3); // [DEFAULT: 3]
user_pref("network.http.referer.defaultPolicy.trackers.pbmode", 2); // [DEFAULT: 2]
// -------------------------------------
// Pref : Hide (not spoof) referrer when leaving a .onion domain
// [NOTE] Firefox cannot access .onion sites by default. We recommend you use the Tor Browser which is specifically designed for hidden services
// https://bugzilla.mozilla.org/1305144
user_pref("network.http.referer.hideOnionSource", true); // [DEFAULT: false]
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Reject .onion hostnames before passing the to DNS
// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
user_pref("network.dns.blockDotOnion", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable the DNT (Do Not Track) HTTP header
user_pref("privacy.donottrackheader.enabled", false); // [DEFAULT: true]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
// https://bugzilla.mozilla.org/show_bug.cgi?id=1333933
user_pref("privacy.resistFingerprinting", true); // [DEFAULT: false]
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Disable mozAddonManager Web API
// [NOTE] As a side-effect allowed extensions to work on AMO. You also need to sanitize or clear extensions.webextensions.restrictedDomains to keep that side-effect
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988
user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Enable RFP letterboxing
// Dynamically resizes the inner window by applying letterboxing, using dimensions which waste the least content area, If you use the dimension pref, then it will only apply those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
// [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it
// https://bugzilla.mozilla.org/1407366
// user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Disable WebRTC, getUserMedia, screen sharing, audio capture, video capture
// https://wiki.mozilla.org/Media/getUserMedia
// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/
// https://developer.mozilla.org/en-US/docs/Web/API/Navigator
user_pref("media.navigator.enabled", false);
user_pref("media.navigator.video.enabled", false);
// -------------------------------------
// Pref : Spoof CPU Core
// [NOTE] *may* affect core performance, will affect content.
// Default settings seems to be the best
// https://bugzilla.mozilla.org/1008453
// https://trac.torproject.org/projects/tor/ticket/21675
// https://trac.torproject.org/projects/tor/ticket/22127
// https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
// user_pref("dom.maxHardwareConcurrency", 2);
// -------------------------------------
// Pref : Disable resource timing API
// https://www.w3.org/TR/resource-timing/#privacy-security
user_pref("dom.enable_resource_timing", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable DOM timing API
// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
// https://www.w3.org/TR/navigation-timing/#privacy
user_pref("dom.enable_performance", false); // [DEFAULT: true]
user_pref("dom.enable_performance_navigation_timing", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable sensor API
// https://trac.torproject.org/projects/tor/ticket/15758
// https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751
user_pref("device.sensors.enabled", false); // [DEFAULT: true]
user_pref("device.sensors.ambientLight.enabled", false); // [DEFAULT: false]
user_pref("device.sensors.motion.enabled", false); // [DEFAULT: true]
user_pref("device.sensors.orientation.enabled", false); // [DEFAULT: true]
user_pref("device.sensors.proximity.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable gamepad API - USB device ID enumeration
// Optional protection depending on your connected devices
// https://trac.torproject.org/projects/tor/ticket/13023
user_pref("dom.gamepad.enabled", false); // [DEFAULT: true]
user_pref("dom.gamepad.extensions.enabled", false); // [DEFAULT: true]
user_pref("dom.gamepad.haptic_feedback.enabled", false); // [DEFAULT: false]
user_pref("dom.gamepad.test.enabled", false); // [DEFAULT: true]
user_pref("dom.gamepad.extensions.lightindicator", false); // [DEFAULT: false]
user_pref("dom.gamepad.extensions.multitouch", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable giving away network info
// e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
// https://developer.mozilla.org/docs/Web/API/Network_Information_API
// https://wicg.github.io/netinfo/
// https://bugzilla.mozilla.org/960426
user_pref("dom.netinfo.enabled", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API
// https://developer.mozilla.org/docs/Web/API/Web_Speech_API
// https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
// https://wiki.mozilla.org/HTML5_Speech_API
2019-05-10 20:50:17 +00:00
user_pref("media.webspeech.synth.enabled", false); // [DEFAULT: true]
user_pref("media.webspeech.synth_force_global_queue", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable video statistics - JS performance fingerprinting
// https://trac.torproject.org/projects/tor/ticket/15757
// https://bugzilla.mozilla.org/654550
user_pref("media.video_stats.enabled", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Force touch events enabled by default
// Fingerprinting attack vector - leaks screen res & actual screen coordinates.
// 0=disabled, 1=enabled, 2=autodetect
// This pref is set to 2 by default, which results in the Touch API being exposed only when touch hardware is present. So we should either set it to "1" (enable) or "0" (disable) to ensure that JS code can't fingerprint the user's hardware.
// https://developer.mozilla.org/docs/Web/API/Touch_events
// https://trac.torproject.org/projects/tor/ticket/10286
user_pref("dom.w3c_touch_events.enabled", 1); // [DEFAULT: 2] // [FENNEC - BUG] ff disabled, disallow copy/paste any text
// -------------------------------------
// Pref : Disable MediaDevices change detection
// https://developer.mozilla.org/docs/Web/Events/devicechange
// https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange
user_pref("media.ondevicechange.enabled", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable WebGL debug info being available to websites
// https://bugzilla.mozilla.org/1171228
// https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info
user_pref("webgl.enable-debug-renderer-info", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable PointerEvents
// https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent
user_pref("dom.w3c_pointer_events.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable Battery Status API
// Initially a Linux issue (high precision readout) that was fixed.
// However, it is still another metric for fingerprinting, used to raise entropy.
// e.g. do you have a battery or not, current charging status, charge level, times remaining etc
// https://bugzilla.mozilla.org/1313580
user_pref("dom.battery.enabled", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable virtual reality devices APIs
// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API
user_pref("dom.vr.enabled", false); // [DEFAULT: true]
user_pref("dom.vr.autoactivate.enabled", false);
user_pref("dom.vr.oculus.enabled", false);
user_pref("dom.vr.oculus.invisible.enabled", false);
user_pref("dom.vr.openvr.action_input", false);
user_pref("dom.vr.openvr.enabled", false);
user_pref("dom.vr.osvr.enabled", false);
user_pref("dom.vr.poseprediction.enabled", false);
user_pref("dom.vr.puppet.enabled", false);
user_pref("dom.vr.require-gesture", true);
user_pref("gfx.vr.osvr.clientKitLibPath", "");
user_pref("gfx.vr.osvr.clientLibPath", "");
user_pref("gfx.vr.osvr.commonLibPath", "");
user_pref("gfx.vr.osvr.utilLibPath", "");
user_pref("dom.vr.process.enabled", false);
// -------------------------------------
// Pref : Disable hardware acceleration to reduce graphics fingerprinting
// [WARNING] Affects text rendering (fonts will look different), impacts video performance, and parts of Quantum that utilize the GPU will also be affected as they are rolled out
// https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration
// user_pref("gfx.direct2d.disabled", true); // [DESKTOP] // [WINDOWS]
// user_pref("layers.acceleration.disabled", true); // [DEFAULT: false]
// user_pref("layers.acceleration.force-enabled", false); // [FENNEC - BUG] Force close during startup
// -------------------------------------
// Pref : Disable Web Audio API
// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
user_pref("dom.webaudio.enabled", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable Media Capabilities API
// [SETUP-PERF] This *may* affect media performance if disabled, no one is sure
// https://github.com/WICG/media-capabilities
// https://wicg.github.io/media-capabilities/#security-privacy-considerations
// user_pref("media.media-capabilities.enabled", false); // [DEFAULT: true]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable showing about:blank as soon as possible during startup
// true=no longer masks the RFP chrome resizing activity
// https://bugzilla.mozilla.org/1448423
user_pref("browser.startup.blankWindow", false); // [DESKTOP]
// -------------------------------------
/// Pref : Disable network API
// https://developer.mozilla.org/en-US/docs/Web/API/Connection/onchange
// https://www.torproject.org/projects/torbrowser/design/#fingerprinting-defenses
user_pref("dom.network.enabled", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : UI (User Interface)
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable third-party cookie UI
// user_pref("browser.contentblocking.rejecttrackers.ui.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable tracking protection UI list editing under url bar popup
// user_pref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable tracking protection UI list editing under preferences
// user_pref("browser.contentblocking.trackingprotection.ui.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable auto hide download button
// user_pref("browser.download.autohideButton", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable browser animation
// https://bugzilla.mozilla.org/show_bug.cgi?id=1352069
// user_pref("toolkit.cosmeticAnimations.enabled", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Personal
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable "Always enable zoom" feature by default
2019-05-10 20:50:17 +00:00
// When true, zooming will be enabled on all sites, even ones that declare user-scalable=no
user_pref("browser.ui.zoom.force-user-scalable", true); // [DEFAULT: false]
// -------------------------------------
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// Pref : Disable inline autocomplete in URL bar
// http://kb.mozillazine.org/Inline_autocomplete
user_pref("browser.urlbar.autoFill", false); // [DESKTOP]
user_pref("browser.urlbar.autoFill.typed", false); // [DESKTOP]
// -------------------------------------
Update user.js ✅ Fully synced with gHacks and pyllukko user.js ✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko ✅ Reordered some prefs and fixed some text descriptions ✅ Enabled only whitelisted URL protocol handlers ✅ Enabled CSP 1.1 script-nonce directive support ✅ Enabled OCSP Must-Staple support ✅ Enabled Subresource Integrity by default ✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers ✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons ✅ Enforce US English locale regardless of the system locale (hidden pref) ✅ Enforced websites to ask to store data for offline use ⛔️ Disabled SSDP (Simple Service Discovery Protocol) ⛔️ Disable auto updating of lightweight themes [FENNEC] ⛔️ Romeved some unused prefs ⛔️ Disabled page thumbnail collection ⛔️ Disabled automatic send selection to clipboard (autocopy) ⛔️Disabled middle mouse click paste (useless on android) ⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content ⛔️ Disabled WebAssembly ⛔️ Disabled DNS prefetching from HTTPS too ⛔️ Disable SSL session tracking by default ⛔️ Disabled GIO as a potential proxy bypass vector ⛔️ Disabled one more GeoIP lookup on your address (hidden pref) ⛔️ Rejected .onion hostnames before passing the to DNS ℹ️ Set to "2" bookmarks backups in case of system crash ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless) ℹ️ Set how often in minutes Firefox should ask for the master password = 1 ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
// Pref : Set bookmarks backups
// To compensate for the case of bookmarks being lost due to a system crash.
// http://kb.mozillazine.org/Browser.bookmarks.max_backups
2019-05-10 20:50:17 +00:00
user_pref("browser.bookmarks.max_backups", 0); // [DEFAULT: 5]
// -------------------------------------
// Pref : Set home provider syncing only on wifi
// 0=sync always, 1=sync only when on wifi
user_pref("home.sync.updateMode", 1); // [DEFAULT: 0] // [FENNEC]
// user_pref("home.sync.checkIntervalSecs", 3600); // [FENNEC]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Middle-click mouse enabling auto-scrolling
user_pref("general.autoScroll", true); // [DESKTOP]
Update user.js ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
// -------------------------------------
// Pref : Disable buttons
user_pref("pref.general.disable_button.default_browser", true); // [DESKTOP]
user_pref("pref.privacy.disable_button.view_passwords", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable Reader mode
// user_pref("reader.parse-on-load.enabled", false);
// -------------------------------------
// Pref : Disable dark theme on forms
user_pref("widget.content.gtk-theme-override", "Adwaita"); // [DESKTOP]
// -------------------------------------
// Pref: Disable "Ctrl+Tab cycles through tabs in recently used order"
// https://bugzilla.mozilla.org/1473595
user_pref("browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP]
// -------------------------------------
// Pref : Display long lines in view-source page
user_pref("view_source.wrap_long_lines", true);
// -------------------------------------
// Pref : Enable one-click select all URL bar
user_pref("browser.urlbar.clickSelectsAll", true);
// -------------------------------------
// Pref : Enable double click selects a string segment in URL bar
user_pref("browser.urlbar.doubleClickSelectsAll", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Deprecated / Removed / Legacy / Renamed
// >>>>>>>>>>>>>>>>>>>>
// ESR60.x still uses all the following prefs
// -------------------------------------
// FF52+
// -------------------------------------
// Pref : Disable telephony API
// https://wiki.mozilla.org/WebAPI/Security/WebTelephony
user_pref("dom.telephony.enabled", false);
// -------------------------------------
// Pref : Disable Adobe Primetime
user_pref("media.gmp-eme-adobe.enabled", false);
user_pref("media.gmp-eme-adobe.visible", false);
// -------------------------------------
// FF53+
// -------------------------------------
// Pref : Disable RC4
// https://bugzilla.mozilla.org/show_bug.cgi?id=1130670
// https://hg.mozilla.org/mozilla-central/rev/1f7832017dbb
user_pref("security.tls.unrestricted_rc4_fallback", false);
// -------------------------------------
// FF54+
// -------------------------------------
// Pref : Disable Archive API
// https://bugzilla.mozilla.org/show_bug.cgi?id=1342361
// https://hg.mozilla.org/mozilla-central/rev/fe12200aa33a
user_pref("dom.archivereader.enabled", false);
// -------------------------------------
// FF55+
// -------------------------------------
// Pref : Disable Heartbeat (Mozilla user rating telemetry)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1361578
// https://hg.mozilla.org/mozilla-central/rev/5a8f2dcbeac0
user_pref("browser.selfsupport.enabled", false);
user_pref("browser.selfsupport.url", "");
// -------------------------------------
// FF57+
// -------------------------------------
// Pref : Disable SSDP (Simple Service Discovery Protocol)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1393582
// https://hg.mozilla.org/mozilla-central/rev/bf7793529f82
user_pref("browser.casting.enabled", false);
// -------------------------------------
// Pref : Disable WebIDE to prevent remote debugging and ADB extension download
// https://bugzilla.mozilla.org/show_bug.cgi?id=1393497
// https://hg.mozilla.org/mozilla-central/rev/9815926c3bc1
user_pref("devtools.webide.autoinstallFxdtAdapters", false);
// -------------------------------------
// Pref : Disable social integration with FF
// https://bugzilla.mozilla.org/show_bug.cgi?id=1406193
// https://hg.mozilla.org/mozilla-central/rev/125a67a1750f
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.whitelist", "");
// -------------------------------------
// FF58+
// -------------------------------------
// Pref : Disable backlogged Crash Reports
// https://bugzilla.mozilla.org/show_bug.cgi?id=1424373
// https://hg.mozilla.org/releases/mozilla-esr52/rev/292a2d5bcb1f4a07e875b0b60a925f31992e898f
// https://hg.mozilla.org/releases/mozilla-esr52/rev/19ea736e7e3d20555ee6633b9d7803c1225979e1
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false);
// -------------------------------------
// FF59+
// -------------------------------------
// Pref : Devtools cleanup
// https://bugzilla.mozilla.org/show_bug.cgi?id=1416703
// https://hg.mozilla.org/mozilla-central/rev/cf62d0c0ce5a
user_pref("devtools.telemetry.supported_performance_marks", "");
// -------------------------------------
// Pref : Disable face detection
// https://bugzilla.mozilla.org/show_bug.cgi?id=1416703
// https://hg.mozilla.org/integration/mozilla-inbound/rev/27b171e4cd2d1d51e95df1bfb6fc567500b6284d
user_pref("camera.control.face_detection.enabled", false);
// -------------------------------------
// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1374574
// https://hg.mozilla.org/mozilla-central/rev/07ca590ac669
// https://hg.mozilla.org/mozilla-central/rev/ff75ef015293
// https://hg.mozilla.org/mozilla-central/rev/5a8a3d887e19
user_pref("dom.flyweb.enabled", false);
// -------------------------------------
// Pref : Disable Scripting of Plugins by JavaScript
// https://bugzilla.mozilla.org/show_bug.cgi?id=1416703
// https://hg.mozilla.org/mozilla-central/rev/eb9c29a3067d
user_pref("security.xpconnect.plugin.unrestricted", false);
// -------------------------------------
// FF60+
// -------------------------------------
// Pref : Disable Activity Stream
// https://bugzilla.mozilla.org/show_bug.cgi?id=1433324
// https://hg.mozilla.org/mozilla-central/rev/f3069763fab6
// https://hg.mozilla.org/mozilla-central/rev/088e727e5cf7
user_pref("browser.newtabpage.activity-stream.enabled", false);
// -------------------------------------
// Pref : Disable new tab tile ads & preload
// https://bugzilla.mozilla.org/show_bug.cgi?id=1433324
// https://bugzilla.mozilla.org/show_bug.cgi?id=1433133
// https://bugzilla.mozilla.org/show_bug.cgi?id=1370930
// https://hg.mozilla.org/mozilla-central/rev/ad6392e366d4
user_pref("browser.newtabpage.activity-stream.aboutHome.enabled", false);
user_pref("browser.newtabpage.directory.source", "data:text/plain,{}");
user_pref("browser.newtabpage.enhanced", false);
// -------------------------------------
// Pref : Disable Studies and SHIELD
// https://bugzilla.mozilla.org/show_bug.cgi?id=1436113
// https://hg.mozilla.org/mozilla-central/rev/94f5c92fc711
user_pref("extensions.shield-recipe-client.enabled", false);
user_pref("extensions.shield-recipe-client.api_url", "");
// -------------------------------------
// Pref : Disable Firefox Accounts and Sync
// https://bugzilla.mozilla.org/show_bug.cgi?id=1427674
// https://hg.mozilla.org/mozilla-central/rev/b014201f939f
user_pref("identity.fxaccounts.remote.webchannel.uri", "https://0.0.0.0"); // [FENNEC - BUG] If left blank, it causes faded "Settings" on some devices
// -------------------------------------
// FF61+
// -------------------------------------
// Pref : Disable Experiments
// https://bugzilla.mozilla.org/show_bug.cgi?id=1450801
// https://hg.mozilla.org/mozilla-central/rev/b81ac6c5c207
// https://hg.mozilla.org/mozilla-central/rev/9e68f15bcb09
// https://bugzilla.mozilla.org/show_bug.cgi?id=1420908
// https://hg.mozilla.org/mozilla-central/rev/98389f291fe6
// https://hg.mozilla.org/mozilla-central/rev/8a77da7f1488
user_pref("experiments.enabled", false);
user_pref("experiments.manifest.uri", "");
user_pref("experiments.supported", false);
user_pref("experiments.activeExperiment", false);
// -------------------------------------
// Pref : Disable remote JAR files being opened, regardless of content type
// https://bugzilla.mozilla.org/show_bug.cgi?id=1427726
// https://hg.mozilla.org/integration/autoland/rev/a9185d7a30d8
user_pref("network.jar.block-remote-files", true);
// -------------------------------------
// Pref : Disable JAR from opening Unsafe File Types
// https://bugzilla.mozilla.org/show_bug.cgi?id=1427726
// https://hg.mozilla.org/integration/autoland/rev/064ca3f3d42b
user_pref("network.jar.open-unsafe-types", false);
// -------------------------------------
// Pref : Disable Activity Stream (others)
user_pref("browser.newtabpage.activity-stream.showTopSites", false);
// -------------------------------------
// Pref : Block unwanted connections
user_pref("toolkit.telemetry.infoURL", "");
// -------------------------------------
// FF62+
// -------------------------------------
// Pref : Disable Java plugin
// 0=deactivated, 1=ask, 2=enabled
// https://bugzilla.mozilla.org/1461243
user_pref("plugin.state.java", 0);
// -------------------------------------
// FF63+
// -------------------------------------
// Pref : DisableGeoIP-based search results
// [NOTE] May not be hidden if Firefox has changed your settings due to your locale
// https://bugzilla.mozilla.org/1462015
// https://hg.mozilla.org/mozilla-central/rev/0866ebeda09d
user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF]
// -------------------------------------
// Pref : Disable app from auto-update
user_pref("app.update.enabled", false);
// -------------------------------------
// Pref : Disable "Savant" Shield study
// https://bugzilla.mozilla.org/1457226
user_pref("shield.savant.enabled", false);
// -------------------------------------
// Pref : Disable favicons in tabs and new bookmarks
// Merged into "browser.chrome.site_icons"
// https://bugzilla.mozilla.org/1453751
user_pref("browser.chrome.favicons", false);
// -------------------------------------
// Pref : Disable autoplay of HTML5 media
// Replaced by "media.autoplay.default"
// https://bugzilla.mozilla.org/1470082
user_pref("media.autoplay.enabled", false);
// -------------------------------------
// Pref: Set cookie lifetime in days
// https://bugzilla.mozilla.org/1457170
// user_pref("network.cookie.lifetime.days", 90); // [DEFAULT: 90]
// -------------------------------------
// Pref: Enable "Ctrl+Tab cycles through tabs in recently used order"
// Rreplaced by "browser.ctrlTab.recentlyUsedOrder"
// https://bugzilla.mozilla.org/1473595
user_pref("browser.ctrlTab.previews", true);
// -------------------------------------
// Pref : Disable In-Browser Feed Handling
// https://bugzilla.mozilla.org/show_bug.cgi?id=1477670
// https://hg.mozilla.org/mozilla-central/rev/5b714ea69f17
// https://hg.mozilla.org/mozilla-central/rev/04ce1d287d58
// https://hg.mozilla.org/mozilla-central/rev/3abafc9e0915
// https://hg.mozilla.org/mozilla-central/rev/452156f0fc6d
user_pref("browser.contentHandlers.types.0.title", "");
user_pref("browser.contentHandlers.types.0.type", "");
user_pref("browser.contentHandlers.types.0.uri", "");
user_pref("browser.contentHandlers.types.1.title", "");
user_pref("browser.contentHandlers.types.1.type", "");
user_pref("browser.contentHandlers.types.1.uri", "");
user_pref("browser.contentHandlers.types.2.title", "");
user_pref("browser.contentHandlers.types.2.type", "");
user_pref("browser.contentHandlers.types.2.uri", "");
user_pref("browser.contentHandlers.types.3.title", "");
user_pref("browser.contentHandlers.types.3.type", "");
user_pref("browser.contentHandlers.types.3.uri", "");
// -------------------------------------
// Pref : Disable Activity Stream (others)
user_pref("browser.newtabpage.activity-stream.feeds.theme", false);
user_pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
// -------------------------------------
// FF64+
// -------------------------------------
// Pref : Disable Onboarding
// [NOTE] This setting is just in case it comeback
// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time
// about:home or about:newtab is opened, the onboarding overlay is injected into that page
// [NOTE] Onboarding uses Google Analytics, and leaks resource://URIs
// https://wiki.mozilla.org/Firefox/Onboarding
// https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf
// https://bugzilla.mozilla.org/863246#c154
user_pref("browser.onboarding.enabled", false);
user_pref("browser.onboarding.notification.tour-ids-queue", "");
// -------------------------------------
// Pref : Disable WebIDE to prevent remote debugging and ADB extension download
// https://developer.mozilla.org/docs/Tools/WebIDE
// https://trac.torproject.org/projects/tor/ticket/16222
user_pref("devtools.webide.autoinstallADBHelper", false);
user_pref("devtools.webide.adbAddonURL", "");
// -------------------------------------
// Pref : Disable CSP violation events
// https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent
// https://bugzilla.mozilla.org/1488165
user_pref("security.csp.enable_violation_events", false);
// -------------------------------------
// FF65+
// -------------------------------------
// Pref : Disable location bar autocomplete and suggestion types
// https://bugzilla.mozilla.org/1502392
user_pref("browser.urlbar.autocomplete.enabled", false);
// -------------------------------------
// Pref : When "browser.fixup.alternate.enabled" is enabled, strip password from 'user:password@...' URLs
// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851
user_pref("browser.fixup.hide_user_pass", true);
// -------------------------------------
// FF66+
// -------------------------------------
// Pref : Disable Browser Error Reporter
// https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection
// https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html
user_pref("browser.chrome.errorReporter.enabled", false);
user_pref("browser.chrome.errorReporter.submitUrl", "");
user_pref("browser.chrome.errorReporter.infoURL", "");
// -------------------------------------
// Pref : Disable Mozilla permission to silently opt you into tests
// https://bugzilla.mozilla.org/1415625
user_pref("network.allow-experiments", false);
// -------------------------------------
// FF67+
// -------------------------------------
// Pref : Enforce DOMHighResTimeStamp API
// [WARNING] Required for normalization of timestamps and any timer resolution mitigations
user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable Extension Recommendations (CFR: "Contextual Feature Recommender"
// https://support.mozilla.org/en-US/kb/extension-recommendations
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false);
// -------------------------------------
// FF68+
// -------------------------------------
// Pref : Disable Activity Stream Snippets
// Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
// https://abouthome-snippets-service.readthedocs.io/
user_pref("browser.aboutHomeSnippets.updateUrl", "");
user_pref("browser.newtabpage.activity-stream.disableSnippets", true);
// -------------------------------------
// Pref : Disable auto updating of lightweight themes (LWT)
// https://blog.mozilla.org/addons/2018/09/20/future-themes-here/
// https://bugzilla.mozilla.org/1525762
user_pref("lightweightThemes.update.enabled", false);
// -------------------------------------
// Pref : Enable CSP 1.1 experimental hash-source directive
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975
// https://bugzilla.mozilla.org/1386214
user_pref("security.csp.experimentalEnabled", true);
// -------------------------------------
// ESR68.x still uses all the following prefs
// -------------------------------------
// FF69+
// -------------------------------------
// Pref : Disable app from auto-update
// https://bugzilla.mozilla.org/show_bug.cgi?id=1515484
// https://hg.mozilla.org/mozilla-central/rev/62e0ef6e50dd
user_pref("app.update.silent", false);
// -------------------------------------
// Pref : Disable prerendering newtab
// https://bugzilla.mozilla.org/show_bug.cgi?id=1555448
// https://hg.mozilla.org/mozilla-central/rev/e2f99cd199eb
user_pref("browser.newtabpage.activity-stream.prerender", false);
// -------------------------------------
// Pref : Disable virtual reality devices APIs
// https://bugzilla.mozilla.org/show_bug.cgi?id=1558358
// https://hg.mozilla.org/mozilla-central/rev/d97d53e8c4f9
user_pref("dom.vr.external.enabled", false);
user_pref("dom.vr.service.enabled", false);
user_pref("dom.vr.test.enabled", false);
// -------------------------------------
// Pref : Disable Telemetry
// https://bugzilla.mozilla.org/show_bug.cgi?id=1548646
// https://hg.mozilla.org/mozilla-central/rev/4f4de4742c98
user_pref("security.identitypopup.recordEventElemetry", false);
// -------------------------------------
// Pref : Disable other sync settings (by prevention)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1560154
// https://hg.mozilla.org/mozilla-central/rev/68aacb4ba7f9
user_pref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false);
// -------------------------------------
// Pref : Disable WOFF2 (Web Open Font Format)
// https://bugzilla.mozilla.org/1556991
// https://hg.mozilla.org/mozilla-central/rev/69d1b01b2847
user_pref("gfx.downloadable_fonts.woff2.enabled", false);
// -------------------------------------
// Pref : Enable plugins click-to-play
// https://bugzilla.mozilla.org/1519434
// https://hg.mozilla.org/mozilla-central/rev/38fc0d299eb0
user_pref("plugins.click_to_play", true);
// -------------------------------------
// Pref : Disable autoplay of HTML5 media
// https://bugzilla.mozilla.org/1562331
// https://hg.mozilla.org/mozilla-central/rev/3780202d7104
user_pref("media.autoplay.allow-muted", false);
// -------------------------------------
// FF70+
// -------------------------------------