From 12936d4ffed6eca1ca4c0295b5123e33dd36c930 Mon Sep 17 00:00:00 2001 From: Narsil Date: Sun, 28 Feb 2021 14:18:55 -0500 Subject: [PATCH] Update 'user.js (less connections)' --- user.js (less connections) | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/user.js (less connections) b/user.js (less connections) index 0d96200..5e880fc 100644 --- a/user.js (less connections) +++ b/user.js (less connections) @@ -1194,6 +1194,18 @@ user_pref("browser.urlbar.trimURLs", false); // Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical user_pref("browser.sessionhistory.max_entries", 4); // [DEFAULT: 50] // ------------------------------------- +// Pref : Disable coloring of visited links - CSS history leak +// Bulk rapid history sniffing was mitigated in 2010. Slower and more expensive +// redraw timing attacks were largely mitigated in FF77+. Using RFP further hampers timing +// attacks. Don't forget clearing history on close. However, social engineering +// and advanced targeted timing attacks could still produce usable results +// https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector +// https://dbaron.org/mozilla/visited-privacy +// https://bugzilla.mozilla.org/1632765 +// https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) +// https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/ +user_pref("layout.css.visited_links_enabled", false); +// ------------------------------------- // Pref : Disable live search suggestions user_pref("browser.search.suggest.enabled", false); user_pref("browser.search.suggest.enabled.private", false); @@ -1986,7 +1998,7 @@ user_pref("media.gmp-manager.updateEnabled", false); // [DESKTOP] user_pref("media.gmp.trial-create.enabled", false); // [WINDOWS] // [DESKTOP] // ------------------------------------- // Pref : Disable all DRM content (EME: Encryption Media Extension) -// [NOTE] if you need CDM, e.g. Netflix, Amazon Prime, Hulu, whatever +// [NOTE] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV // https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next user_pref("media.eme.enabled", false); // ------------------------------------- @@ -1997,7 +2009,7 @@ user_pref("media.gmp-gmpopenh264.autoupdate", false); // [DESKTOP] user_pref("media.gmp-gmpopenh264.visible", false); // ------------------------------------- // Pref : Disable widevine CDM (Content Decryption Module) -// [NOTE] if you need CDM, e.g. Netflix, Amazon Prime, Hulu, whatever +// [NOTE] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV user_pref("media.gmp-widevinecdm.enabled", false); // [DESKTOP] user_pref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true] user_pref("media.gmp-widevinecdm.autoupdate", false); // [DESKTOP]