diff --git a/user.js (less connections) b/user.js (less connections) index c01706d..178d7d2 100644 --- a/user.js (less connections) +++ b/user.js (less connections) @@ -479,7 +479,6 @@ user_pref("devtools.gcli.lodashSrc", ""); // [DESKTOP] // Pref : Disable Firefox screenshot extension // https://support.mozilla.org/en-US/kb/firefox-screenshots user_pref("extensions.screenshots.disabled", true); // [DESKTOP] -user_pref("extensions.screenshots.upload-disabled", true); // [DESKTOP] // ------------------------------------- // Pref : Disable spellchecker functionality by default // 0=none, 1-multi-line, 2=multi-line & single-line @@ -1097,7 +1096,6 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false] // user_pref("extensions.lastAppBuildId", ""); // user_pref("media.gmp-manager.buildID", ""); // user_pref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP] -// user_pref("general.buildID.override", ""); // ------------------------------------- // Pref : Disable raw TCP socket support (mozTCPSocket) // https://gitlab.torproject.org/legacy/trac/-/issues/18863 @@ -1376,7 +1374,7 @@ user_pref("network.prefetch-next", false); // Pref : Disable DNS prefetching // https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching user_pref("network.dns.disablePrefetch", true); -user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true FF70+] +user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] // ------------------------------------- // Pref : Disable pinging URIs specified in HTML ping= attributes user_pref("browser.send_pings", false); @@ -1483,6 +1481,14 @@ user_pref("security.ssl.require_safe_negotiation", true); // Pref : Enforce TLS 1.0 and 1.1 downgrades as session only user_pref("security.tls.version.enable-deprecated", false); // ------------------------------------- +// Pref: Control TLS versions with min and max +// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 +// [STATS] Firefox telemetry (June 2020) shows only 0.16% of SSL handshakes use 1.0 or 1.1 +// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. +// https://www.ssllabs.com/ssl-pulse/ ***/ +// user_pref("security.tls.version.min", 3); // [DEFAULT: 3] +// user_pref("security.tls.version.max", 4); +// ------------------------------------- // Pref : Disable SSL Error Reporting // https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html user_pref("security.ssl.errorReporting.enabled", false); @@ -1569,29 +1575,15 @@ user_pref("security.mixed_content.block_object_subrequest", true); // https://en.wikipedia.org/wiki/3des#Security // https://en.wikipedia.org/wiki/Meet-in-the-middle_attack // https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html -user_pref("security.ssl3.rsa_des_ede3_sha", false); -user_pref("security.ssl3.dhe_dss_des_ede3_sha", false); // [DESKTOP] -user_pref("security.ssl3.dhe_rsa_des_ede3_sha", false); // [DESKTOP] -user_pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); // [DESKTOP] -user_pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); // [DESKTOP] -user_pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); // [DESKTOP] -user_pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); // [DESKTOP] -user_pref("security.ssl3.rsa_fips_des_ede3_sha", false); // [DESKTOP] +// user_pref("security.ssl3.rsa_des_ede3_sha", false); // ------------------------------------- -// Pref : Disable 40/56/128-bit ciphers -user_pref("security.ssl3.rsa_rc4_40_md5", false); // 40-bit // [DESKTOP] -user_pref("security.ssl3.rsa_rc2_40_md5", false); // 40-bit // [DESKTOP] -user_pref("security.ssl3.rsa_1024_rc4_56_sha", false); // 56-bit // [DESKTOP] -user_pref("security.ssl3.rsa_camellia_128_sha", false); // 128-bit // [DESKTOP] -user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // 128-bit -user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // 128-bit -user_pref("security.ssl3.ecdh_rsa_aes_128_sha", false); // 128-bit // [DESKTOP] -user_pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); // 128-bit // [DESKTOP] -user_pref("security.ssl3.dhe_rsa_camellia_128_sha", false); // 128-bit // [DESKTOP] -user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // 128-bit // [DESKTOP] -// ------------------------------------- -// Pref : Disable 256 bits ciphers without PFS -user_pref("security.ssl3.rsa_camellia_256_sha", false); // [DESKTOP] +// Pref: Disable the remaining non-modern cipher suites as of FF78 (in order of preferred by FF) ***/ +// user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); +// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); +// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); +// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS +// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS // ------------------------------------- // Pref : Disable SEED cipher // https://en.wikipedia.org/wiki/SEED @@ -1754,8 +1746,7 @@ user_pref("signon.formlessCapture.enabled", false); // Hardens against potential credentials phishing // 0=don't allow sub-resources to open HTTP authentication credentials dialogs // 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs -// 2=allow sub-resources to open HTTP authentication credentials dialogs (default) -// https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/ +// 2=allow sub-resources to open HTTP authentication credentials dialogs (default) ***/ user_pref("network.auth.subresource-http-auth-allow", 1); // ------------------------------------- // Pref : Prevent cross-origin images from triggering an HTTP-Authentication prompt @@ -1864,7 +1855,7 @@ user_pref("browser.formfill.expire_days", 0); user_pref("browser.shell.shortcutFavicons", false); // [DESKTOP] // ------------------------------------- // Pref : Display "insecure" icon and "Not Secure" text on HTTP sites -// user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [FF59+] [DEFAULT: true FF70+] +// user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [FF59+] [DEFAULT: true] user_pref("security.insecure_connection_text.enabled", true); // [DESKTOP] user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [DESKTOP] user_pref("security.insecure_connection_text.pbmode.enabled", true); // [DESKTOP] @@ -2241,7 +2232,7 @@ user_pref("network.cookie.lifetimePolicy", 2); // user_pref("network.cookie.lifetime.days", 1); // [DEFAULT: 90] // ------------------------------------- // Pref : Disable 3rd-party cookies and site-data -// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers +// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (default) // [NOTE] Can breaks payment gateways user_pref("network.cookie.cookieBehavior", 1); // ------------------------------------- @@ -2249,7 +2240,7 @@ user_pref("network.cookie.cookieBehavior", 1); // https://bugzilla.mozilla.org/show_bug.cgi?id=1625568 user_pref("network.cookie.rejectForeignWithExceptions.enabled", false); // ------------------------------------- -// Pref : Set third-party cookies (i.e ALL) (if enabled) to session-only and set third-party non-secure (i.e HTTP) cookies to session-only +// Pref : Set third-party cookies (if enabled) to session-only // [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones // https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ user_pref("network.cookie.thirdparty.sessionOnly", true); @@ -2389,7 +2380,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); user_pref("privacy.firstparty.isolate.block_post_message", true); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs +// Section : RFP (Resist Fingerprinting) / RFP ALTERNATIVES (USER AGENT SPOOFING) // >>>>>>>>>>>>>>>>>>>> // Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project) // https://wiki.mozilla.org/Security/Tor_Uplift/Tracking @@ -2405,6 +2396,7 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDE // Dynamically resizes the inner window by applying letterboxing, using dimensions which waste the least content area, If you use the dimension pref, then it will only apply those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") // [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it // https://bugzilla.mozilla.org/1407366 +// https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ // user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // [DESKTOP] // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] // [DESKTOP] // ------------------------------------- @@ -2558,7 +2550,15 @@ user_pref("dom.network.enabled", false); // [DESKTOP] // Pref : Disable chrome animations // 0=no-preference, 1=reduce. RFP spoofs this for web content user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] -// +// ------------------------------------- +// Pref: Navigator DOM object overrides +// [WARNING] DO NOT USE ***/ +// user_pref("general.appname.override", ""); // [HIDDEN PREF] +// user_pref("general.appversion.override", ""); // [HIDDEN PREF] +// user_pref("general.buildID.override", ""); // [HIDDEN PREF] +// user_pref("general.oscpu.override", ""); // [HIDDEN PREF] +// user_pref("general.platform.override", ""); // [HIDDEN PREF] +// user_pref("general.useragent.override", ""); // [HIDDEN PREF] // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : UI (User Interface) // >>>>>>>>>>>>>>>>>>>>> @@ -2611,24 +2611,24 @@ user_pref("browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP] // ------------------------------------- // Pref : Display long lines in view-source page user_pref("view_source.wrap_long_lines", true); -// // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Deprecated / Removed / Legacy / Renamed -// ESR78.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them +// >>>>>>>>>>>>>>>>>>>> // FF79 -// 0212: enforce fallback text encoding to match en-US +// ------------------------------------- +// Pref: Enforce fallback text encoding to match en-US // When the content or server doesn't declare a charset the browser will // fallback to the "Current locale" based on your application language // [TEST] https://hsivonen.com/test/moz/check-charset.htm -// [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 -// [-] https://bugzilla.mozilla.org/1603712 +// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 +// https://bugzilla.mozilla.org/1603712 user_pref("intl.charset.fallback.override", "windows-1252"); -// +// ------------------------------------- // FF82 -// 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" +// ------------------------------------- +// Pref: Disable geographically specific results/search engines e.g. "browser.search.*.US" // i.e. ignore all of Mozilla's various search engines in multiple locales -// [-] https://bugzilla.mozilla.org/1619926 +// https://bugzilla.mozilla.org/1619926 user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); // \ No newline at end of file