Update 'user.js'

This commit is contained in:
Narsil 2020-09-19 06:54:09 -04:00
parent 25da92c176
commit e44c6a2273
1 changed files with 22 additions and 23 deletions

45
user.js
View File

@ -1,21 +1,17 @@
//
/**********************************************************************************
* user.js | Fennec F-Droid *
* user.js | Fenix, Iceraven or Fennec F-Droid *
* *
* https://git.nixnet.xyz/quindecim/mobile_user.js *
* https://git.nixnet.xyz/Narsil/mobile_user.js *
*********************************************************************************/
//
// Author : quindecim : https://git.nixnet.xyz/quindecim
// https://git.lushka.al/quindecim | MIRROR
// https://git.lelux.fi/quindecim | MIRROR
// Author : Narsil https://git.nixnet.xyz/Narsil/mobile_user.js
//
//
// Based on : gHacks : https://github.com/ghacksuserjs/ghacks-user.js
// Librefox : https://github.com/intika/Librefox
// pyllyukko : https://github.com/pyllyukko/user.js
// OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js
// Based on : * [Quindecim](https://git.lelux.fi/quindecim/mobile_user.js)
* [gHacks] (https://github.com/ghacksuserjs/ghacks-user.js)
//
// License : https://git.nixnet.xyz/quindecim/mobile_user.js/src/branch/master/LICENSE.txt
// License : https://git.nixnet.xyz/Narsil/mobile_user.js/src/branch/master/LICENSE.txt
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Startup
@ -1381,13 +1377,13 @@ user_pref("network.prefetch-next", false);
// Pref : Disable DNS prefetching
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR] [DEFAULT: true]
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true FF70+]
// -------------------------------------
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
user_pref("browser.send_pings", false);
// -------------------------------------
// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
user_pref("browser.send_pings.require_same_host", true);
user_pref("browser.send_pings.require_same_host", true); // defense-in-depth
// -------------------------------------
// Pref : Disable speculative pre-connections
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
@ -1404,7 +1400,7 @@ user_pref("network.predictor.enable-hover-on-ssl", false);
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable IPv6
// IPv6 can be abused, especially regarding MAC addresses. They also do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it.
// * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
// [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6
// [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
// [TEST] https://ipleak.org/
@ -1469,10 +1465,12 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable HTTPS-only-mode
// [NOTE] This is experimental
// * [WARNING] This is experimental, see [1] and you can't set exceptions if FPI is enabled, see [2]
// https://www.ghacks.net/2020/03/24/firefox-76-gets-optional-https-only-mode/
// https://bugzilla.mozilla.org/1613063
// * [1] https://bugzilla.mozilla.org/1613063 [META]
// * [2] https://bugzilla.mozilla.org/1647829 ***/
// user_pref("dom.security.https_only_mode", true);
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
// user_pref("dom.security.https_only_mode.upgrade_local", true);
// -------------------------------------
// Pref : Require safe negotiation
@ -1556,7 +1554,7 @@ user_pref("security.family_safety.mode", 0);
// 2= strict (pinning is always enforced)
user_pref("security.cert_pinning.enforcement_level", 2);
// -------------------------------------
// Pref : Disable insecure active content on https pages
// Pref : enforce no insecure active content on https pages
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true]
// -------------------------------------
@ -1793,12 +1791,12 @@ user_pref("dom.disable_window_move_resize", true); // [DEFAULT: true]
// You can still right-click a link and open in a new window.
// [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
user_pref("browser.link.open_newwindow", 3); // 2=new window, 3=new tab
user_pref("browser.link.open_newwindow.restriction", 0); // [DEFAULT: 0]
// -------------------------------------
// Pref : Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
// [NOTE] You can still manually toggle the browser's fullscreen state, but this pref will disable embedded video fullscreen controls, e.g. youtube
// [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen
// * [TEST] https://torzillafox.github.io/tzp/tzp.html#screen
// user_pref("full-screen-api.enabled", false);
// -------------------------------------
// Pref : Block popup windows
@ -1830,7 +1828,7 @@ user_pref("browser.cache.disk.smart_size.first_run", false);
// Pref : Disable memory cache
// Capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes
// user_pref("browser.cache.memory.enable", false);
// user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF ESR]
// user_pref("browser.cache.memory.capacity", 0);
// -------------------------------------
// Pref : Disable permissions manager from writing to disk
// [NOTE] This means any permission changes are session only
@ -1838,7 +1836,8 @@ user_pref("browser.cache.disk.smart_size.first_run", false);
user_pref("permissions.memory_only", true); // [HIDDEN PREF]
// -------------------------------------
// Pref : Disable media cache from writing to disk in Private Browsing
// [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB
// * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB
// * [SETUP-WEB] ESR78: playback might break on subsequent loading (1650281) ***/
user_pref("browser.privatebrowsing.forceMediaMemoryCache", true);
user_pref("media.memory_cache_max_size", 16384);
// -------------------------------------
@ -1876,7 +1875,7 @@ user_pref("browser.formfill.expire_days", 0);
user_pref("browser.shell.shortcutFavicons", false); // [DESKTOP]
// -------------------------------------
// Pref : Display "insecure" icon and "Not Secure" text on HTTP sites
user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [DEFAULT: true]
// user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [FF59+] [DEFAULT: true FF70+]
user_pref("security.insecure_connection_text.enabled", true); // [DESKTOP]
user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [DESKTOP]
user_pref("security.insecure_connection_text.pbmode.enabled", true); // [DESKTOP]
@ -1974,7 +1973,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
// -------------------------------------
// Pref : Limit system font exposure to a whitelist [RESTART]
// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. Eventually privacy.resistFingerprinting will cover this.
// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy.
// https://bugzilla.mozilla.org/1121643
// user_pref("font.system.whitelist", "");
//
@ -2396,7 +2395,7 @@ user_pref("privacy.firstparty.isolate", true);
// https://bugzilla.mozilla.org/1492607
// https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR]
user_pref("privacy.firstparty.isolate.block_post_message", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs