Narsil
/
mobile_user.js
forked from d3cim/mobile_user.js
2
1
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Update 'user.js'

This commit is contained in:
Narsil 2021-08-19 22:10:14 +00:00
parent ceea433708
commit 1556ef498d
1 changed files with 32 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
user.js
View File

@ -86,20 +86,7 @@ user_pref("browser.newtabpage.activity-stream.default.sites", "");
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// GEOLOCATION
// >>>>>>>>>>>>>>>>>>>>>
// Disable Location-Aware Browsing
// [WARNING] The API state is fingerprintable. Permission is already behind a prompt
// https://www.mozilla.org/firefox/geolocation/
user_pref("geo.enabled", false);
user_pref("browser.search.geoip.url", ""); // [HIDDEN PREF]
// -------------------------------------
// Set a default permission for Location [FF58+]
// 0=always ask (default), 1=allow, 2=block
// [NOTE] Best left at default "always ask", fingerprintable via Permissions API
// [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Your Location
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings
// user_pref("permissions.default.geo", 2);
// -------------------------------------
// Use Mozilla geolocation service instead of Google if geolocation is granted [FF74+]
// Use Mozilla geolocation service instead of Google if permission is granted [FF74+]
// Optionally enable logging to the console (defaults to false)
user_pref("geo.provider.network.url", "");
// user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF]
@ -117,10 +104,7 @@ user_pref("browser.region.update.enabled", false); // [[FF79+]
// Set search region
// May not be hidden if Firefox has changed your settings due to your region
user_pref("browser.search.region", "en-US, en"); // [HIDDEN PREF]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// LANGUAGE / LOCALE
// >>>>>>>>>>>>>>>>>>>>>
// -------------------------------------
// Set preferred language for displaying web pages
// https://addons.mozilla.org/about ***/
user_pref("intl.accept_languages", "en-US");
@ -858,7 +842,7 @@ user_pref("security.OCSP.require", false);
// 3 = only allow locally-added roots (e.g. anti-virus) (default)
// 4 = only allow locally-added roots or for certs in 2015 and earlier
// [SETUP-CHROME] If you have problems, update your software: SHA-1 is obsolete
// ttps://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
user_pref("security.pki.sha1_enforcement_level", 1);
// -------------------------------------
// Disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
@ -1023,10 +1007,10 @@ user_pref("network.http.referer.XOriginPolicy", 2);
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
// -------------------------------------
// Disable spoofing a referer
// [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF
// (Cross-Site Request Forgery) protections that some sites may rely on
// user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
// Enforce no spoofing of referer
// Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery)
// protections that some sites may rely on
user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
// -------------------------------------
// Set the default Referrer Policy [FF59+]
// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
@ -1085,13 +1069,6 @@ user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.getusermedia.browser.enabled", false);
user_pref("media.getusermedia.audiocapture.enabled", false);
// -------------------------------------
// Set a default permission for Camera/Microphone [FF58+]
// 0=always ask (default), 1=allow, 2=block
// [SETTING] to add site exceptions: Ctrl+I>Permissions>Use the Camera/Microphone
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings
user_pref("permissions.default.camera", 2);
user_pref("permissions.default.microphone", 2);
// -------------------------------------
// Disable GMP (Gecko Media Plugins)
// https://wiki.mozilla.org/GeckoMediaPlugins
// user_pref("media.gmp-provider.enabled", false);
@ -1152,13 +1129,6 @@ user_pref("dom.push.enabled", false);
user_pref("dom.push.connection.enabled", false);
user_pref("dom.push.serverURL", "");
user_pref("dom.push.userAgentID", "");
// -------------------------------------
// Set a default permission for Notifications [FF58+]
// 0=always ask (default), 1=allow, 2=block
// [NOTE] Best left at default "always ask", fingerprintable via Permissions API
// [SETTING] to add site exceptions: Ctrl+I>Permissions>Receive Notifications
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings
// user_pref("permissions.default.desktop-notification", 2);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT
@ -1250,17 +1220,6 @@ user_pref("dom.battery.enabled", false);
// https://wicg.github.io/media-capabilities/#security-privacy-considerations
// user_pref("media.media-capabilities.enabled", false);
// -------------------------------------
// Disable virtual reality devices
// [WARNING] The API state is fingerprintable. Permission is already behind a prompt
// https://developer.mozilla.org/docs/Web/API/WebVR_API
user_pref("dom.vr.enabled", false);
// -------------------------------------
// Set a default permission for Virtual Reality [FF73+]
// 0=always ask (default), 1=allow, 2=block
// [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings
// user_pref("permissions.default.xr", 2);
// -------------------------------------
// Disable WebGL (Web Graphics Library)
// [SETUP-WEB] When disabled, may break some websites. When enabled, provides high entropy,
// especially with readPixels(). Some of the other entropy is lessened with RFP
@ -1394,12 +1353,6 @@ user_pref("privacy.window.name.update.enabled", true);
// Disable bypassing 3rd party extension install prompts [FF82+]
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331
user_pref("extensions.postDownloadThirdPartyPrompt", false);
// -------------------------------------
// Disable Fullscreen API (requires user interaction)
// [NOTE] You can still toggle fullscreen with F11
// [WARNING] This is fingerprintable and will break embedded video/game FS controls, e.g. youtube
// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
// user_pref("full-screen-api.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DOWNLOADS
@ -1484,11 +1437,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
// [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
user_pref("network.cookie.lifetimePolicy", 2);
// -------------------------------------
// Disable offline cache (appCache)
// [NOTE] In FF90+ the storage capability has been removed.
// [WARNING] The API state is fingerprintable. Storage capability was removed in FF90+
// user_pref("browser.cache.offline.enable", false);
// -------------------------------------
// Disable service worker cache and cache storage
// [NOTE] We clear service worker cache on exit
// https://w3c.github.io/ServiceWorker/#privacy
@ -1708,6 +1656,31 @@ user_pref("network.manage-offline-status", false); // see bugzilla 620472
user_pref("_config.applied", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DON'T BOTHER
// >>>>>>>>>>>>>>>>>>>>>
// Disable APIs
// Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality
// [WHY] The API state is easily fingerprintable. Geo and VR are behind prompts
// appCache storage capability was removed in FF90. Full screen requires user interaction,
user_pref("geo.enabled", false);
// user_pref("full-screen-api.enabled", false);
// user_pref("browser.cache.offline.enable", false);
user_pref("dom.vr.enabled", false);
// -------------------------------------
// Set default permissions
// Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
// 0=always ask (default), 1=allow, 2=block
// [WHY] These are fingerprintable via Permissions API, except VR. Just add site
// exceptions as block for frequently visited annoying sites: i.e not global
// [SETTING] to add site exceptions: Ctrl+I>Permissions>
// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings
user_pref("permissions.default.geo", 2);
user_pref("permissions.default.camera", 2);
user_pref("permissions.default.microphone", 2);
user_pref("permissions.default.desktop-notification", 2);
user_pref("permissions.default.xr", 0); // Virtual Reality
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DON'T BOTHER: NON-RFP
// >>>>>>>>>>>>>>>>>>>>>
// Spoof number of CPU cores [FF48+] ***/