Update 'user.js'

 Synced with Desktop version
 Enforced FPI (First Party Isolation) by allow communication only if FPDs also match
️ Disabled experiments extensions (ex legacy) | FF74
️ Disabled Network Predictor on SSL
️ Disabled geo -country.network.scan and -country.network.url | FENIX
️ Disabled  the remaining non-modern cipher suites
ℹ️ Increased history leaks via enumeration (PER TAB: back/forward) from 3 to 4
ℹ️ Removed all the redundant buildIDs values. Let privacy.resistFingerprinting do the rest
ℹ️ Renamed using the OS's geolocation service pref | FF74
ℹ️ Created a dedicated section for FPI (First Party Isolation)
ℹ️ Added some links and descriptions
ℹ️ Moved some preferences from FF73+ into deprecated section (keeping them active for ESR68.x.x)
This commit is contained in:
quindecim 2020-03-15 13:00:28 -04:00
parent 8a95f26341
commit 46d3a158d0
1 changed files with 96 additions and 44 deletions

140
user.js
View File

@ -80,6 +80,7 @@ user_pref("browser.newtabpage.activity-stream.feeds.sections", false); // [DESKT
user_pref("browser.newtabpage.activity-stream.feeds.systemtick", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.topsites", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.recommendationproviderswitcher", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream (others)
user_pref("browser.newtabpage.activity-stream.messageCenterExperimentEnabled", false);
@ -92,6 +93,7 @@ user_pref("browser.newtabpage.activity-stream.discoverystream.endpointSpocsClear
user_pref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.personalization.modelKeys", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable new tab tile ads & preload
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
@ -509,6 +511,10 @@ user_pref("browser.contentHandlers.types.3.uri", ""); // [FENNEC]
// If you're on wifi and an IPv4 DHCP network we will send 0 length UDP packets at port 4886 of your gateway at the default rate of 60hz for 400ms from the start of the transaction in an attempt to improve RTT during the critical early phases
// https://bugzilla.mozilla.org/show_bug.cgi?id=888268
user_pref("network.tickle-wifi.enabled", false);
// -------------------------------------
// Pref : Disable Corroborate.jsm telemetry
// https://bugzilla.mozilla.org/show_bug.cgi?id=1608308
user_pref("corroborator.enabled", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : IJWY To Shut Up
@ -628,8 +634,8 @@ user_pref("extensions.webcompat-reporter.newIssueEndpoint", "");
// Pref : Don't let XPIProvider install distribution add-ons
user_pref("extensions.installDistroAddons", false); // [DEFAULT: false] // [FENNEC]
// -------------------------------------
// Pref : Disable legacy extensions
user_pref("extensions.legacy.enabled", false);
// Pref : Disable experiments extensions
user_pref("extensions.experiments.enabled", false);
// -------------------------------------
// Pref : Provide haptic feedback on longPress selection events
user_pref("layout.accessiblecaret.hapticfeedback", false); // [DEFAULT: true]
@ -769,7 +775,7 @@ user_pref("browser.download.folderList", 2);
// -------------------------------------
// Pref : Enforce user interaction, for security, by always asking the user where to download and then forget
// [FENNEC] Fix for downloading issues
// user_pref("browser.download.useDownloadDir", false);
// user_pref("browser.download.useDownloadDir", false); // [FENNEC - BUG] It causes the breakage of all downloads
user_pref("browser.download.lastDir", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable adding downloads to the system's "recent documents" list
@ -1009,11 +1015,11 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
// Pref : Don't reveal build ID
// Value taken from Tor Browser for Android
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
user_pref("browser.startup.homepage_override.buildID", "20100101");
// user_pref("extensions.lastAppBuildId", ""); // [FENNEC - BUG] Value that is constantly rewritten
user_pref("media.gmp-manager.buildID", "20200402060101");
user_pref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
user_pref("general.buildID.override", "20100101");
// user_pref("browser.startup.homepage_override.buildID", "");
// user_pref("extensions.lastAppBuildId", "");
// user_pref("media.gmp-manager.buildID", "");
// user_pref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
// user_pref("general.buildID.override", "");
// -------------------------------------
// Pref : Disable raw TCP socket support (mozTCPSocket)
// https://trac.torproject.org/projects/tor/ticket/18863
@ -1044,7 +1050,6 @@ user_pref("webgl.disabled", true);
user_pref("webgl.enable-webgl2", false);
user_pref("webgl.min_capability_mode", true);
user_pref("pdfjs.enableWebGL", false);
user_pref("webgl.disable-extensions", true); // [DEFAULT: false]
user_pref("webgl.disable-wgl", true); // [DEFAULT: false]
user_pref("webgl.disable-fail-if-major-performance-caveat", true);
user_pref("webgl.can-lose-context-in-foreground", false); // [DEFAULT: true]
@ -1110,7 +1115,7 @@ user_pref("browser.urlbar.trimURLs", false);
// Pref : Limit history leaks via enumeration (PER TAB: back/forward)
// This is a PER TAB session history. You still have a full history stored under all history
// Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
user_pref("browser.sessionhistory.max_entries", 3); // [DEFAULT: 50]
user_pref("browser.sessionhistory.max_entries", 4); // [DEFAULT: 50]
// -------------------------------------
// Pref : Disable coloring of visited links - CSS history leak
// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances'
@ -1306,6 +1311,7 @@ user_pref("network.http.speculative-parallel-limit", 0);
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enable-prefetch", false);
user_pref("network.predictor.enable-hover-on-ssl", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
@ -1380,13 +1386,6 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
user_pref("security.ssl.require_safe_negotiation", true);
// -------------------------------------
// Pref : Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
// https://www.ssllabs.com/ssl-pulse/
user_pref("security.tls.version.min", 3);
user_pref("security.tls.version.max", 4);
// -------------------------------------
// Pref : Disable deprecated TLS versions
user_pref("security.tls.version.enable-deprecated", false);
// -------------------------------------
@ -1517,9 +1516,9 @@ user_pref("security.ssl3.ecdh_ecdsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable ciphers with ECDHE and key size > 128bits
user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // [DEFAULT: true]
// Pref : Disable ciphers with ECDHE and key size > 128bits
user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable ChaCha20 and Poly1305
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
@ -1530,9 +1529,9 @@ user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
user_pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
// -------------------------------------
// Pref : Fallbacks due compatibility reasons
user_pref("security.ssl3.rsa_aes_128_sha", true);
user_pref("security.ssl3.rsa_aes_256_sha", true);
// Pref : Disable the remaining non-modern cipher suites (fallbacks)
user_pref("security.ssl3.rsa_aes_128_sha", false);
user_pref("security.ssl3.rsa_aes_256_sha", false);
// -------------------------------------
// Pref : Disable ciphers with DSA (max 1024 bits)
user_pref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP]
@ -1588,29 +1587,19 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : User Settings
// >>>>>>>>>>>>>>>>>>>>
// Pref : Set long press behaviour on "+ Tab" button to display container menu
// 0=disabled long press, 1=when clicked, the menu is shown
// 2=the menu is shown after X milliseconds
// [NOTE] The menu does not contain a non-container tab option
// https://bugzilla.mozilla.org/1328756
user_pref("privacy.userContext.longPressBehavior", 2);
// Pref : Set behaviour on "+ Tab" button to display container menu on left click
// [NOTE] The menu is always shown on long press and right click each new tab
// user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); // [DESKTOP]
// -------------------------------------
// Pref : Enable Container Tabs setting in preferences
// https://bugzilla.mozilla.org/1279029
user_pref("privacy.userContext.ui.enabled", true);
user_pref("privacy.userContext.ui.enabled", true); // [DESKTOP]
// -------------------------------------
// Pref : Enable Container Tabs
user_pref("privacy.userContext.enabled", true);
user_pref("privacy.userContext.enabled", true); // [DESKTOP]
// -------------------------------------
// Pref : Enable a private container for thumbnail loads
user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable First Party Isolation
// [SETUP-WEB] May break cross-domain logins and site functionality until perfected
// https://bugzilla.mozilla.org/1260931
// Enabled via addons
user_pref("privacy.firstparty.isolate", true);
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Passwords
@ -1618,7 +1607,6 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
// Pref : Disable about:logins (Firefox Lockwise)
// https://lockwise.firefox.com/
// https://support.mozilla.org/en-US/kb/firefox-lockwise-managing-account-data
user_pref("signon.management.page.enabled", false); // [DESKTOP]
user_pref("signon.management.overrideURI", ""); // [DESKTOP]
user_pref("signon.management.page.breach-alerts.enabled", false); // [DESKTOP]
user_pref("signon.management.page.breachAlertUrl", ""); // [DESKTOP]
@ -1798,6 +1786,10 @@ user_pref("security.insecure_password.ui.enabled", true); // [DESKTOP]
// Pref : Disable automatic Firefox start and session restore after reboot
// https://bugzilla.mozilla.org/603903
user_pref("toolkit.winRegisterApplicationRestart", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable "Restore Session", even after a crash
user_pref("browser.sessionstore.resume_from_crash", false);
user_pref("browser.sessionstore.resume_session_once", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Geolocation / Language / Locale
@ -1824,10 +1816,12 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP]
user_pref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP]
user_pref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP]
user_pref("geo.wifi.uri", ""); // [DESKTOP]
user_pref("geo.provider.network.url", "");
user_pref("geo.provider-country.network.scan", false); // [FENIX]
user_pref("geo.provider-country.network.url", ""); // [FENIX]
// -------------------------------------
// Pref : Disable logging geolocation to the console
user_pref("geo.wifi.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
user_pref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Enforce fallback text encoding to match en-US
// When the content or server doesn't declare a charset the browser will fallback to the "Current locale" based on your application language
@ -1856,9 +1850,9 @@ user_pref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Couri
// [NOTE] You can do this with uBlock Origin
// https://bugzilla.mozilla.org/789788
// https://trac.torproject.org/projects/tor/ticket/8455
// https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
// https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts
// user_pref("gfx.downloadable_fonts.enabled", false);
// user_pref("gfx.downloadable_fonts.fallback_delay", 0);
// user_pref("gfx.downloadable_fonts.fallback_delay", -1);
// -------------------------------------
// Pref : Disable CSS Font Loading API
// [NOTE] Disabling fonts can uglify the web a fair bit.
@ -2279,6 +2273,24 @@ user_pref("network.dns.blockDotOnion", true); // [DEFAULT: true]
user_pref("privacy.donottrackheader.enabled", false); // [DEFAULT: true]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : FPI (First Party Isolation)
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable FPI (First Party Isolation)
// [SETUP-WEB] May break cross-domain logins and site functionality until perfected
// https://bugzilla.mozilla.org/1260931
user_pref("privacy.firstparty.isolate", true);
// -------------------------------------
// Pref : Enforce FPI restriction for window.opener [FF54+]
// [NOTE] Setting this to false may reduce the breakage in the previous pref
// FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But to reduce breakage it ignores the 1st-party domain (FPD) originAttribute.
// The 2nd pref removes that limitation and will only allow communication if FPDs also match.
// https://bugzilla.mozilla.org/1319773#c22
// https://bugzilla.mozilla.org/1492607
// https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
@ -2712,4 +2724,44 @@ user_pref("remote.force-local", true);
user_pref("signon.storeSignons", false);
// -------------------------------------
// FF74+
// -------------------------------------
// Pref : Disable legacy extensions
// https://bugzilla.mozilla.org/show_bug.cgi?id=1524327
// https://hg.mozilla.org/comm-central/rev/c1457ba6362c
user_pref("extensions.legacy.enabled", false);
// -------------------------------------
// Pref : Disable about:logins (Firefox Lockwise)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1606888
// https://hg.mozilla.org/mozilla-central/rev/0c7b5a9964dd
user_pref("signon.management.page.enabled", false);
// -------------------------------------
// Pref : Disable WebGL extensions
// https://bugzilla.mozilla.org/show_bug.cgi?id=1477756
// https://hg.mozilla.org/mozilla-central/rev/ccfa767dba64
user_pref("webgl.disable-extensions", true);
// -------------------------------------
// Pref : Disable using the OS's geolocation service
// https://bugzilla.mozilla.org/show_bug.cgi?id=1613627
// https://hg.mozilla.org/mozilla-central/rev/261683a6e351
user_pref("geo.wifi.uri", "");
// -------------------------------------
// Pref : Disable logging geolocation to the console
// https://bugzilla.mozilla.org/show_bug.cgi?id=1613627
// https://hg.mozilla.org/mozilla-central/rev/261683a6e351
user_pref("geo.wifi.logging.enabled", false); // [HIDDEN PREF]
// -------------------------------------
// Pref : Set behaviour on "+ Tab" button to display container menu
// 0=no menu (default), 1=show when clicked, 2=show on long press
// https://bugzilla.mozilla.org/show_bug.cgi?id=1606265
// https://hg.mozilla.org/mozilla-central/rev/4a6071f143a5
user_pref("privacy.userContext.longPressBehavior", 2);
// -------------------------------------
// Pref : Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
// https://bugzilla.mozilla.org/show_bug.cgi?id=1606734
user_pref("security.tls.version.min", 3);
// user_pref("security.tls.version.max", 4);
// -------------------------------------
// FF75+
// -------------------------------------