diff --git a/user.js b/user.js index db431df..16a7bf7 100644 --- a/user.js +++ b/user.js @@ -1,21 +1,17 @@ // /********************************************************************************** - * user.js | Fennec F-Droid * + * user.js | Fenix, Iceraven or Fennec F-Droid * * * - * https://git.nixnet.xyz/quindecim/mobile_user.js * + * https://git.nixnet.xyz/Narsil/mobile_user.js * *********************************************************************************/ // -// Author : quindecim : https://git.nixnet.xyz/quindecim -// https://git.lushka.al/quindecim | MIRROR -// https://git.lelux.fi/quindecim | MIRROR +// Author : Narsil https://git.nixnet.xyz/Narsil/mobile_user.js // // -// Based on : gHacks : https://github.com/ghacksuserjs/ghacks-user.js -// Librefox : https://github.com/intika/Librefox -// pyllyukko : https://github.com/pyllyukko/user.js -// OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js +// Based on : * [Quindecim](https://git.lelux.fi/quindecim/mobile_user.js) + * [gHacks] (https://github.com/ghacksuserjs/ghacks-user.js) // -// License : https://git.nixnet.xyz/quindecim/mobile_user.js/src/branch/master/LICENSE.txt +// License : https://git.nixnet.xyz/Narsil/mobile_user.js/src/branch/master/LICENSE.txt // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Startup @@ -1381,13 +1377,13 @@ user_pref("network.prefetch-next", false); // Pref : Disable DNS prefetching // https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching user_pref("network.dns.disablePrefetch", true); -user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR] [DEFAULT: true] +user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true FF70+] // ------------------------------------- // Pref : Disable pinging URIs specified in HTML ping= attributes user_pref("browser.send_pings", false); // ------------------------------------- // Pref : When browser pings are enabled, only allow pinging the same host as the origin page -user_pref("browser.send_pings.require_same_host", true); +user_pref("browser.send_pings.require_same_host", true); // defense-in-depth // ------------------------------------- // Pref : Disable speculative pre-connections // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections @@ -1404,7 +1400,7 @@ user_pref("network.predictor.enable-hover-on-ssl", false); // Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc. // >>>>>>>>>>>>>>>>>>>> // Pref : Disable IPv6 -// IPv6 can be abused, especially regarding MAC addresses. They also do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it. +// * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 // [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6 // [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help. // [TEST] https://ipleak.org/ @@ -1469,10 +1465,12 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP] // Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers) // >>>>>>>>>>>>>>>>>>>> // Pref : Enable HTTPS-only-mode -// [NOTE] This is experimental +// * [WARNING] This is experimental, see [1] and you can't set exceptions if FPI is enabled, see [2] // https://www.ghacks.net/2020/03/24/firefox-76-gets-optional-https-only-mode/ -// https://bugzilla.mozilla.org/1613063 +// * [1] https://bugzilla.mozilla.org/1613063 [META] +// * [2] https://bugzilla.mozilla.org/1647829 ***/ // user_pref("dom.security.https_only_mode", true); +// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] // user_pref("dom.security.https_only_mode.upgrade_local", true); // ------------------------------------- // Pref : Require safe negotiation @@ -1556,7 +1554,7 @@ user_pref("security.family_safety.mode", 0); // 2= strict (pinning is always enforced) user_pref("security.cert_pinning.enforcement_level", 2); // ------------------------------------- -// Pref : Disable insecure active content on https pages +// Pref : enforce no insecure active content on https pages // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] // ------------------------------------- @@ -1793,12 +1791,12 @@ user_pref("dom.disable_window_move_resize", true); // [DEFAULT: true] // You can still right-click a link and open in a new window. // [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 -user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3] +user_pref("browser.link.open_newwindow", 3); // 2=new window, 3=new tab user_pref("browser.link.open_newwindow.restriction", 0); // [DEFAULT: 0] // ------------------------------------- // Pref : Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks // [NOTE] You can still manually toggle the browser's fullscreen state, but this pref will disable embedded video fullscreen controls, e.g. youtube -// [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen +// * [TEST] https://torzillafox.github.io/tzp/tzp.html#screen // user_pref("full-screen-api.enabled", false); // ------------------------------------- // Pref : Block popup windows @@ -1830,7 +1828,7 @@ user_pref("browser.cache.disk.smart_size.first_run", false); // Pref : Disable memory cache // Capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes // user_pref("browser.cache.memory.enable", false); -// user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF ESR] +// user_pref("browser.cache.memory.capacity", 0); // ------------------------------------- // Pref : Disable permissions manager from writing to disk // [NOTE] This means any permission changes are session only @@ -1838,7 +1836,8 @@ user_pref("browser.cache.disk.smart_size.first_run", false); user_pref("permissions.memory_only", true); // [HIDDEN PREF] // ------------------------------------- // Pref : Disable media cache from writing to disk in Private Browsing -// [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB +// * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB +// * [SETUP-WEB] ESR78: playback might break on subsequent loading (1650281) ***/ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); user_pref("media.memory_cache_max_size", 16384); // ------------------------------------- @@ -1876,7 +1875,7 @@ user_pref("browser.formfill.expire_days", 0); user_pref("browser.shell.shortcutFavicons", false); // [DESKTOP] // ------------------------------------- // Pref : Display "insecure" icon and "Not Secure" text on HTTP sites -user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [DEFAULT: true] +// user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [FF59+] [DEFAULT: true FF70+] user_pref("security.insecure_connection_text.enabled", true); // [DESKTOP] user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [DESKTOP] user_pref("security.insecure_connection_text.pbmode.enabled", true); // [DESKTOP] @@ -1974,7 +1973,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); // ------------------------------------- // Pref : Limit system font exposure to a whitelist [RESTART] // If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. -// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. Eventually privacy.resistFingerprinting will cover this. +// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. // https://bugzilla.mozilla.org/1121643 // user_pref("font.system.whitelist", ""); // @@ -2396,7 +2395,7 @@ user_pref("privacy.firstparty.isolate", true); // https://bugzilla.mozilla.org/1492607 // https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage user_pref("privacy.firstparty.isolate.restrict_opener_access", true); -user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR] +user_pref("privacy.firstparty.isolate.block_post_message", true); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs