diff --git a/user.js (less connections) b/user.js (less connections) index d32e5f3..ece81e1 100644 --- a/user.js (less connections) +++ b/user.js (less connections) @@ -550,8 +550,9 @@ user_pref("security.ssl.enable_false_start", false); user_pref("corroborator.enabled", false); // [DESKTOP] // ------------------------------------- // Pref : Disable Remote Settings -// https://github.com/mozilla-services/remote-settings-lambdas -// https://remote-settings.readthedocs.io/en/latest/ +// In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP +// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985 +// https://blog.mozilla.org/security/tag/crlite/ ***/ user_pref("security.remote_settings.intermediates.enabled", false); user_pref("security.remote_settings.intermediates.bucket", ""); user_pref("security.remote_settings.intermediates.collection", ""); @@ -560,7 +561,7 @@ user_pref("security.remote_settings.crlite_filters.enabled", false); user_pref("security.remote_settings.crlite_filters.bucket", ""); user_pref("security.remote_settings.crlite_filters.collection", ""); user_pref("security.remote_settings.crlite_filters.signer", ""); -user_pref("security.pki.crlite_mode", 2); +user_pref("security.pki.crlite_mode", 1); // ------------------------------------- // Pref : Disable Default Browser Agent // https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html @@ -1338,7 +1339,7 @@ user_pref("remote.log.level", ""); // [DESKTOP] // Prevent the user from bypassing security in certain cases. // "security.certerror.hideAddException" prevents adding an exception when an invalid certificate is shown. // "browser.safebrowsing.allowOverride" prevents selecting "ignore the risk" and visiting a harmful site anyway. -user_pref("browser.safebrowsing.allowOverride", false); // [DESKTOP] +user_pref("browser.safebrowsing.allowOverride", false); // [DESKTOP] [FF45+] user_pref("security.certerror.hideAddException", true); // [DESKTOP] // ------------------------------------- // Pref : Disable safe mode @@ -1395,7 +1396,7 @@ user_pref("network.predictor.enable-hover-on-ssl", false); // >>>>>>>>>>>>>>>>>>>> // Pref : Disable IPv6 // * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 -// [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6 +// [STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6 // [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help. // [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" // [TEST] https://ipleak.org/ @@ -1406,8 +1407,9 @@ user_pref("network.dns.disableIPv6", true); // [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity. // https://http2.github.io/faq/ // https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html +// https://http2.github.io/http2-spec/#rfc.section.10.8 // https://queue.acm.org/detail.cfm?id=2716278 -// https://github.com/ghacksuserjs/ghacks-user.js/issues/107 +// https://w3techs.com/technologies/details/ce-http2/all/all ***/ // user_pref("network.http.spdy.enabled", false); // user_pref("network.http.spdy.enabled.deps", false); // user_pref("network.http.spdy.enabled.http2", false); @@ -1464,8 +1466,7 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP] // [SETTING] Privacy & Security>HTTPS-Only Mode // [TEST] http://example.com [upgrade] // [TEST] http://neverssl.org/ [no upgrade] -// https://bugzilla.mozilla.org/1613063 [META] -// https://bugzilla.mozilla.org/1647829 ***/ +// https://bugzilla.mozilla.org/1613063 [META] ***/ user_pref("dom.security.https_only_mode", true); [FF76+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] // ------------------------------------- @@ -1492,7 +1493,6 @@ user_pref("security.tls.version.enable-deprecated", false); // ------------------------------------- // Pref: Control TLS versions with min and max // 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 -// [STATS] Firefox telemetry (June 2020) shows only 0.16% of SSL handshakes use 1.0 or 1.1 // [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. // https://www.ssllabs.com/ssl-pulse/ ***/ // user_pref("security.tls.version.min", 3); // [DEFAULT: 3] @@ -1655,7 +1655,7 @@ user_pref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP] // ------------------------------------- // Pref : Display warning on the padlock for "broken security" // [BUG] Warning padlock not indicated for subresources on a secure page! -// [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation +// [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation // https://wiki.mozilla.org/Security:Renegotiation // https://bugzilla.mozilla.org/1353705 // https://www.ssllabs.com/ssl-pulse/ @@ -1893,9 +1893,8 @@ user_pref("geo.enabled", false); user_pref("intl.accept_languages", "en-US, en"); // ------------------------------------- // Pref : Enforce US English locale regardless of the system locale -// [NOTE] May break some input methods e.g xim/ibus for CJK languages -// https://bugzilla.mozilla.org/867501 -// https://bugzilla.mozilla.org/1629630 +// [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages +// https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] // ------------------------------------- // Pref : Disable using the OS's geolocation service @@ -2377,14 +2376,15 @@ user_pref("privacy.donottrackheader.enabled", false); // [DEFAULT: true] // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : FPI (First Party Isolation) // >>>>>>>>>>>>>>>>>>>> -// Pref : Enable FPI (First Party Isolation) +// Pref : Enable FPI (First Party Isolation) [FF51+] // [NOTE] May break cross-domain logins and site functionality until perfected -// https://bugzilla.mozilla.org/1260931 +// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/ user_pref("privacy.firstparty.isolate", true); // ------------------------------------- // Pref : Enforce FPI restriction for window.opener [FF54+] // [NOTE] Setting this to false may reduce the breakage in the previous pref // FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But to reduce breakage it ignores the 1st-party domain (FPD) originAttribute. +// to reduce breakage it ignores the 1st-party domain (FPD) originAttribute // The 2nd pref removes that limitation and will only allow communication if FPDs also match. // https://bugzilla.mozilla.org/1319773#c22 // https://bugzilla.mozilla.org/1492607 @@ -2405,6 +2405,13 @@ user_pref("privacy.firstparty.isolate.block_post_message", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1333933 user_pref("privacy.resistFingerprinting", true); // [DEFAULT: false] // ------------------------------------- +// Pref: Set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] +// Width will round down to multiples of 200s and height to 100s, to fit your screen. +// The override values are a starting point to round from if you want some control +// https://bugzilla.mozilla.org/1330882 ***/ +// user_pref("privacy.window.maxInnerWidth", 1000); +// user_pref("privacy.window.maxInnerHeight", 1000); +// ------------------------------------- // Pref : Disable mozAddonManager Web API // [NOTE] As a side-effect allowed extensions to work on AMO. You also need to sanitize or clear extensions.webextensions.restrictedDomains to keep that side-effect // https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988