From 222729fde2b399ce532467209362ef48e002e6ca Mon Sep 17 00:00:00 2001
From: Narsil <narsil@noreply@nixnet.servcies>
Date: Mon, 26 Oct 2020 14:35:54 -0400
Subject: [PATCH] Update 'user.js (less connections)'

---
 user.js (less connections) | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/user.js (less connections) b/user.js (less connections)
index e3e17ad..c0d6631 100644
--- a/user.js (less connections)	
+++ b/user.js (less connections)	
@@ -1045,14 +1045,17 @@ user_pref("javascript.options.asmjs", false);
 // https://gitlab.torproject.org/legacy/trac/-/issues/26019
 user_pref("javascript.options.ion", false);
 // user_pref("javascript.options.baselinejit", false); // [BUG] Addons issues
-// user_pref("javascript.options.jit_trustedprincipals", true); // [HIDDEN PREF] // [DESKTOP ?]
+// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [DESKTOP HIDDEN PREF]
 user_pref("javascript.options.native_regexp", false);
 // -------------------------------------
 // Pref : Disable WebAssembly
-// https://webassembly.org/
+// Vulnerabilities have increasingly been found, including those known and fixed
+// in native programs years ago [2]. WASM has powerful low-level access, making
+// certain attacks (brute-force) and vulnerabilities more possible
+// [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising [2][3]
 // https://developer.mozilla.org/docs/WebAssembly
-// https://en.wikipedia.org/wiki/WebAssembly
-// https://gitlab.torproject.org/legacy/trac/-/issues/21549
+// https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
+// https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
 user_pref("javascript.options.wasm", false);
 user_pref("javascript.options.wasm_baselinejit", false);
 user_pref("javascript.options.wasm_cranelift", false);
@@ -1382,6 +1385,7 @@ user_pref("network.predictor.enable-hover-on-ssl", false);
 // * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
 // [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6
 // [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
+// [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
 // [TEST] https://ipleak.org/
 user_pref("network.dns.disableIPv6", true);
 // -------------------------------------