forked from d3cim/mobile_user.js
Update 'user.js'
This commit is contained in:
parent
25da92c176
commit
e44c6a2273
45
user.js
45
user.js
|
@ -1,21 +1,17 @@
|
|||
//
|
||||
/**********************************************************************************
|
||||
* user.js | Fennec F-Droid *
|
||||
* user.js | Fenix, Iceraven or Fennec F-Droid *
|
||||
* *
|
||||
* https://git.nixnet.xyz/quindecim/mobile_user.js *
|
||||
* https://git.nixnet.xyz/Narsil/mobile_user.js *
|
||||
*********************************************************************************/
|
||||
//
|
||||
// Author : quindecim : https://git.nixnet.xyz/quindecim
|
||||
// https://git.lushka.al/quindecim | MIRROR
|
||||
// https://git.lelux.fi/quindecim | MIRROR
|
||||
// Author : Narsil https://git.nixnet.xyz/Narsil/mobile_user.js
|
||||
//
|
||||
//
|
||||
// Based on : gHacks : https://github.com/ghacksuserjs/ghacks-user.js
|
||||
// Librefox : https://github.com/intika/Librefox
|
||||
// pyllyukko : https://github.com/pyllyukko/user.js
|
||||
// OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js
|
||||
// Based on : * [Quindecim](https://git.lelux.fi/quindecim/mobile_user.js)
|
||||
* [gHacks] (https://github.com/ghacksuserjs/ghacks-user.js)
|
||||
//
|
||||
// License : https://git.nixnet.xyz/quindecim/mobile_user.js/src/branch/master/LICENSE.txt
|
||||
// License : https://git.nixnet.xyz/Narsil/mobile_user.js/src/branch/master/LICENSE.txt
|
||||
//
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Startup
|
||||
|
@ -1381,13 +1377,13 @@ user_pref("network.prefetch-next", false);
|
|||
// Pref : Disable DNS prefetching
|
||||
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
|
||||
user_pref("network.dns.disablePrefetch", true);
|
||||
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR] [DEFAULT: true]
|
||||
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true FF70+]
|
||||
// -------------------------------------
|
||||
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
|
||||
user_pref("browser.send_pings", false);
|
||||
// -------------------------------------
|
||||
// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
|
||||
user_pref("browser.send_pings.require_same_host", true);
|
||||
user_pref("browser.send_pings.require_same_host", true); // defense-in-depth
|
||||
// -------------------------------------
|
||||
// Pref : Disable speculative pre-connections
|
||||
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
|
||||
|
@ -1404,7 +1400,7 @@ user_pref("network.predictor.enable-hover-on-ssl", false);
|
|||
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Disable IPv6
|
||||
// IPv6 can be abused, especially regarding MAC addresses. They also do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it.
|
||||
// * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
|
||||
// [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6
|
||||
// [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
|
||||
// [TEST] https://ipleak.org/
|
||||
|
@ -1469,10 +1465,12 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
|
|||
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Enable HTTPS-only-mode
|
||||
// [NOTE] This is experimental
|
||||
// * [WARNING] This is experimental, see [1] and you can't set exceptions if FPI is enabled, see [2]
|
||||
// https://www.ghacks.net/2020/03/24/firefox-76-gets-optional-https-only-mode/
|
||||
// https://bugzilla.mozilla.org/1613063
|
||||
// * [1] https://bugzilla.mozilla.org/1613063 [META]
|
||||
// * [2] https://bugzilla.mozilla.org/1647829 ***/
|
||||
// user_pref("dom.security.https_only_mode", true);
|
||||
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
|
||||
// user_pref("dom.security.https_only_mode.upgrade_local", true);
|
||||
// -------------------------------------
|
||||
// Pref : Require safe negotiation
|
||||
|
@ -1556,7 +1554,7 @@ user_pref("security.family_safety.mode", 0);
|
|||
// 2= strict (pinning is always enforced)
|
||||
user_pref("security.cert_pinning.enforcement_level", 2);
|
||||
// -------------------------------------
|
||||
// Pref : Disable insecure active content on https pages
|
||||
// Pref : enforce no insecure active content on https pages
|
||||
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
|
||||
user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true]
|
||||
// -------------------------------------
|
||||
|
@ -1793,12 +1791,12 @@ user_pref("dom.disable_window_move_resize", true); // [DEFAULT: true]
|
|||
// You can still right-click a link and open in a new window.
|
||||
// [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
|
||||
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
|
||||
user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
|
||||
user_pref("browser.link.open_newwindow", 3); // 2=new window, 3=new tab
|
||||
user_pref("browser.link.open_newwindow.restriction", 0); // [DEFAULT: 0]
|
||||
// -------------------------------------
|
||||
// Pref : Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
|
||||
// [NOTE] You can still manually toggle the browser's fullscreen state, but this pref will disable embedded video fullscreen controls, e.g. youtube
|
||||
// [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen
|
||||
// * [TEST] https://torzillafox.github.io/tzp/tzp.html#screen
|
||||
// user_pref("full-screen-api.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Block popup windows
|
||||
|
@ -1830,7 +1828,7 @@ user_pref("browser.cache.disk.smart_size.first_run", false);
|
|||
// Pref : Disable memory cache
|
||||
// Capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes
|
||||
// user_pref("browser.cache.memory.enable", false);
|
||||
// user_pref("browser.cache.memory.capacity", 0); // [HIDDEN PREF ESR]
|
||||
// user_pref("browser.cache.memory.capacity", 0);
|
||||
// -------------------------------------
|
||||
// Pref : Disable permissions manager from writing to disk
|
||||
// [NOTE] This means any permission changes are session only
|
||||
|
@ -1838,7 +1836,8 @@ user_pref("browser.cache.disk.smart_size.first_run", false);
|
|||
user_pref("permissions.memory_only", true); // [HIDDEN PREF]
|
||||
// -------------------------------------
|
||||
// Pref : Disable media cache from writing to disk in Private Browsing
|
||||
// [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB
|
||||
// * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB
|
||||
// * [SETUP-WEB] ESR78: playback might break on subsequent loading (1650281) ***/
|
||||
user_pref("browser.privatebrowsing.forceMediaMemoryCache", true);
|
||||
user_pref("media.memory_cache_max_size", 16384);
|
||||
// -------------------------------------
|
||||
|
@ -1876,7 +1875,7 @@ user_pref("browser.formfill.expire_days", 0);
|
|||
user_pref("browser.shell.shortcutFavicons", false); // [DESKTOP]
|
||||
// -------------------------------------
|
||||
// Pref : Display "insecure" icon and "Not Secure" text on HTTP sites
|
||||
user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [DEFAULT: true]
|
||||
// user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [FF59+] [DEFAULT: true FF70+]
|
||||
user_pref("security.insecure_connection_text.enabled", true); // [DESKTOP]
|
||||
user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [DESKTOP]
|
||||
user_pref("security.insecure_connection_text.pbmode.enabled", true); // [DESKTOP]
|
||||
|
@ -1974,7 +1973,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
|
|||
// -------------------------------------
|
||||
// Pref : Limit system font exposure to a whitelist [RESTART]
|
||||
// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
|
||||
// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. Eventually privacy.resistFingerprinting will cover this.
|
||||
// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy.
|
||||
// https://bugzilla.mozilla.org/1121643
|
||||
// user_pref("font.system.whitelist", "");
|
||||
//
|
||||
|
@ -2396,7 +2395,7 @@ user_pref("privacy.firstparty.isolate", true);
|
|||
// https://bugzilla.mozilla.org/1492607
|
||||
// https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
|
||||
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
|
||||
user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR]
|
||||
user_pref("privacy.firstparty.isolate.block_post_message", true);
|
||||
//
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs
|
||||
|
|
Loading…
Reference in New Issue