From 3873fec8aae338d2c911d9f0cc27b68b26ba13ad Mon Sep 17 00:00:00 2001 From: Narsil Date: Thu, 19 Aug 2021 08:27:41 +0000 Subject: [PATCH] Update 'user.js' --- user.js | 40 ++++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/user.js b/user.js index 20e2130..bc1788b 100644 --- a/user.js +++ b/user.js @@ -50,7 +50,8 @@ user_pref("browser.startup.homepage", "about:blank"); user_pref("browser.newtabpage.enabled", false); user_pref("browser.newtab.preload", false); // ------------------------------------- -// Disable Activity Stream telemetry +// Disable some Activity Stream items +// Activity Stream is the default homepage/newtab based on metadata and browsing behavior user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); user_pref("browser.newtabpage.activity-stream.showSearch", false); @@ -81,8 +82,8 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // user_pref("browser.newtabpage.activity-stream.default.sites", ""); // ------------------------------------- // Start Firefox in PB (Private Browsing) mode -// https://wiki.mozilla.org/Private_Browsing -// https://spreadprivacy.com/is-private-browsing-really-private/ +// https://wiki.mozilla.org/Private_Browsing +// https://support.mozilla.org/kb/common-myths-about-private-browsing // user_pref("browser.privatebrowsing.autostart", true); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> @@ -258,7 +259,6 @@ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAU // ------------------------------------- // Disable Captive Portal detection // https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy -// https://wiki.mozilla.org/Necko/CaptivePortal user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // [FF52+] // ------------------------------------- @@ -446,8 +446,7 @@ user_pref("browser.safebrowsing.features.trackingProtection.update", false); // >>>>>>>>>>>>>>>>>>>>> // Disable Normandy/Shield [FF60+] // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" -// https://wiki.mozilla.org/Firefox/Shield -// https://github.com/mozilla/normandy +// https://mozilla.github.io/normandy/ user_pref("app.normandy.enabled", false); user_pref("app.normandy.api_url", ""); user_pref("app.normandy.shieldLearnMoreUrl", ""); @@ -858,14 +857,12 @@ user_pref("security.OCSP.require", false); // CERTS / HPKP (HTTP Public Key Pinning) // >>>>>>>>>>>>>>>>>>>>> // Disable or limit SHA-1 certificates -// 0=all SHA1 certs are allowed -// 1=all SHA1 certs are blocked -// 2=deprecated option that now maps to 1 -// 3=only allowed for locally-added roots (e.g. anti-virus) -// 4=only allowed for locally-added roots or for certs in 2015 and earlier -// [SETUP-CHROME] When disabled, some man-in-the-middle devices, e.g. security scanners and -// antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete -// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ +// 0 = allow all +// 1 = block all +// 3 = only allow locally-added roots (e.g. anti-virus) (default) +// 4 = only allow locally-added roots or for certs in 2015 and earlier +// [SETUP-CHROME] If you have problems, update your software: SHA-1 is obsolete +// ttps://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ user_pref("security.pki.sha1_enforcement_level", 1); // ------------------------------------- // Disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS] @@ -1253,8 +1250,8 @@ user_pref("javascript.options.wasm", false); // https://bugzilla.mozilla.org/1313580 user_pref("dom.battery.enabled", false); // ------------------------------------- -// Disable hardware acceleration to reduce graphics fingerprinting [SETUP-HARDEN] -// [WARNING] Affects text rendering (fonts will look different), impacts video performance, +// Disable hardware acceleration [SETUP-HARDEN] +// WARNING] Affects rendering and performance // and parts of Quantum that utilize the GPU will also be affected as they are rolled out // [SETTING] General>Performance>Custom>Use hardware acceleration when available // https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration @@ -1262,15 +1259,15 @@ user_pref("dom.battery.enabled", false); // user_pref("layers.acceleration.disabled", true); // ------------------------------------- // Disable Media Capabilities API [FF63+] -// [WARNING] This *may* affect media performance if disabled, no one is sure +// [WARNING] The API state is fingerprintable and disabling may affect performance // https://github.com/WICG/media-capabilities // https://wicg.github.io/media-capabilities/#security-privacy-considerations // user_pref("media.media-capabilities.enabled", false); // ------------------------------------- // Disable virtual reality devices -// Optional protection depending on your connected devices +// [WARNING] The API state is fingerprintable // https://developer.mozilla.org/docs/Web/API/WebVR_API -// user_pref("dom.vr.enabled", false); +user_pref("dom.vr.enabled", false); // ------------------------------------- // Set a default permission for Virtual Reality [FF73+] // 0=always ask (default), 1=allow, 2=block @@ -1287,7 +1284,7 @@ user_pref("webgl.disabled", true); user_pref("webgl.enable-webgl2", false); // ------------------------------------- // Limit WebGL -user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] +// user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+] // ------------------------------------- // Enforce no system colors // [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors @@ -1371,7 +1368,6 @@ user_pref("permissions.manager.defaultsUrl", ""); user_pref("webchannel.allowObject.urlWhitelist", ""); // ------------------------------------- // Use Punycode in Internationalized Domain Names to eliminate possible spoofing -// Firefox has *some* protections, but it is better to be safe than sorry // [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded // [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) // https://wiki.mozilla.org/IDN_Display_Algorithm @@ -1859,7 +1855,7 @@ user_pref("security.mixed_content.block_object_subrequest", true); // ------------------------------------- // Disable Flash plugin // 0=deactivated, 1=ask, 2=enabled -// ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash +// ESR52.x is the last branch to fully support NPAPI, FF52+ stable only supports Flash // [NOTE] You can still override individual sites via site permissions // https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] user_pref("plugin.state.flash", 0); // [DEFAULT: 1]