From de07a5e272c17715ef2daf53c6ee21104865f864 Mon Sep 17 00:00:00 2001
From: Narsil <narsil@noreply@nixnet.servcies>
Date: Tue, 8 Dec 2020 06:31:52 -0500
Subject: [PATCH] Update 'user.js'

---
 user.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/user.js b/user.js
index b90cb96..41c75ff 100644
--- a/user.js
+++ b/user.js
@@ -1395,10 +1395,12 @@ user_pref("network.predictor.enable-hover-on-ssl", false);
 // Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
 // >>>>>>>>>>>>>>>>>>>>
 // Pref : Disable IPv6
-// * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
+// IPv6 can be abused, especially with MAC addresses, and can leak with VPNs. That's even
+// assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
 // [STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6
 // [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
 // [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
+// https://www.internetsociety.org/tag/ipv6-security/
 // [TEST] https://ipleak.org/
 user_pref("network.dns.disableIPv6", true);
 // -------------------------------------