forked from d3cim/mobile_user.js
Update user.js
✅ Enabled addons autoupdate (need tests) ✅ Sanitized FFox blocklist URL (so it won't send identifiable information) ✅ Enforced the proxy server to do any DNS lookups when using SOCKS ✅ Added some descriptions into OCSP section ✅ Enabled require a valid OCSP ✅ Added OrangeManBad in credits ✅ Sorted and fixed some prefs response for OCSP enabled certificates ⛔️ Disabled more webspeech prefs ⛔️ Disabled some more webgl prefs
This commit is contained in:
parent
61386840c9
commit
faac2e2858
146
user.js
146
user.js
|
@ -11,26 +11,19 @@
|
|||
// Based on : gHacks: https://github.com/ghacksuserjs/ghacks-user.js
|
||||
// Librefox: https://github.com/intika/Librefox
|
||||
// pyllyukko: https://github.com/pyllyukko/user.js
|
||||
// OrangeManBad: https://git.nixnet.xyz/OrangeManBad/user.js
|
||||
//
|
||||
// License : https://github.com/quindecim/fennec_user.js/blob/master/LICENSE.txt
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Quiet Fox
|
||||
// >>>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Disable auto-CHECKING for extension and theme updates
|
||||
// user_pref("extensions.update.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Disable app from auto-update
|
||||
user_pref("app.update.auto", false);
|
||||
user_pref("app.update.autodownload", "");
|
||||
user_pref("app.update.channel", "");
|
||||
user_pref("app.update.timerFirstInterval", -1);
|
||||
user_pref("app.update.timerMinimumDelay", -1);
|
||||
user_pref("app.update.url.android", "");
|
||||
// -------------------------------------
|
||||
// Pref : Opt-out of add-on metadata updates
|
||||
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
|
||||
user_pref("extensions.getAddons.cache.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Never check updates for search engines
|
||||
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
|
||||
user_pref("browser.search.update", false);
|
||||
|
@ -129,10 +122,6 @@ user_pref("browser.chromeURL", "");
|
|||
user_pref("general.useragent.updates.url", "");
|
||||
// -------------------------------------
|
||||
// Pref : Block unwanted connections
|
||||
user_pref("extensions.getAddons.compatOverides.url", "");
|
||||
user_pref("extensions.getAddons.get.url", "");
|
||||
user_pref("extensions.getAddons.langpacks.url", "");
|
||||
user_pref("extensions.getAddons.search.browseURL", "");
|
||||
user_pref("extensions.getLocales.get.url", "");
|
||||
user_pref("identity.sync.tokenserver.uri", "");
|
||||
user_pref("media.decoder-doctor.new-issue-endpoint", "");
|
||||
|
@ -172,13 +161,9 @@ user_pref("layout.accessiblecaret.hapticfeedback", false); // [DEFAULT: true]
|
|||
// Pref :
|
||||
user_pref("dom.registerProtocolHandler.insecure.enabled", true);
|
||||
// -------------------------------------
|
||||
// Pref : Block list url disabled
|
||||
user_pref("extensions.blocklist.url", "");
|
||||
user_pref("extensions.blocklist.detailsURL", "");
|
||||
user_pref("extensions.blocklist.itemURL", "");
|
||||
user_pref("extensions.update.url", "");
|
||||
user_pref("extensions.update.background.url", "");
|
||||
user_pref("extensions.getAddons.browseAddons", "");
|
||||
// Pref : Updates addons automatically
|
||||
// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
|
||||
user_pref("extensions.update.enabled", true);
|
||||
// -------------------------------------
|
||||
// Pref : Disable Firefox Accounts and Sync
|
||||
user_pref("identity.fxaccounts.auth.uri", "");
|
||||
|
@ -230,7 +215,11 @@ user_pref("beacon.enabled", false);
|
|||
// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
|
||||
// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
|
||||
// https://wiki.mozilla.org/HTML5_Speech_API
|
||||
user_pref("media.webspeech.recognition.enable", false);
|
||||
user_pref("media.webspeech.recognition.enable", false); // [DEFAULT: true]
|
||||
user_pref("media.webspeech.recognition.force_enable", false); // [DEFAULT: false]
|
||||
user_pref("media.webspeech.test.enable", false); // [DEFAULT: false]
|
||||
user_pref("media.webspeech.test.fake_fsm_events", false); // [DEFAULT: false]
|
||||
user_pref("media.webspeech.test.fake_recognition_service", false); // [DEFAULT: false]
|
||||
// -------------------------------------
|
||||
// Pref : Don't use Mozilla-provided location-specific search engines
|
||||
user_pref("browser.search.geoSpecificDefaults", false);
|
||||
|
@ -449,8 +438,10 @@ user_pref("webgl.disabled", true);
|
|||
user_pref("webgl.enable-webgl2", false);
|
||||
user_pref("webgl.min_capability_mode", true);
|
||||
user_pref("pdfjs.enableWebGL", false);
|
||||
user_pref("webgl.disable-extensions", true);
|
||||
user_pref("webgl.disable-extensions", true); // [DEFAULT: false]
|
||||
user_pref("webgl.disable-wgl", true); // [DEFAULT: false]
|
||||
user_pref("webgl.disable-fail-if-major-performance-caveat", true);
|
||||
user_pref("webgl.can-lose-context-in-foreground", false); // [DEFAULT: true]
|
||||
// -------------------------------------
|
||||
// Pref : Disable audiocapture
|
||||
user_pref("media.getusermedia.browser.enabled", false);
|
||||
|
@ -611,7 +602,7 @@ user_pref("network.dns.disableIPv6", true);
|
|||
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request
|
||||
// http://kb.mozillazine.org/Network.proxy.socks_remote_dns
|
||||
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
|
||||
// user_pref("network.proxy.socks_remote_dns", true);
|
||||
user_pref("network.proxy.socks_remote_dns", true);
|
||||
// -------------------------------------
|
||||
// Pref : Remove paths when sending URLs to PAC scripts
|
||||
// CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
|
||||
|
@ -667,12 +658,33 @@ user_pref("security.ssl.errorReporting.url", "");
|
|||
// https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/
|
||||
user_pref("security.tls.enable_0rtt_data", false);
|
||||
// -------------------------------------
|
||||
// Pref : Check disabled section
|
||||
// OCSP Leaks the visited sited exactly same issue as safebrowsing.
|
||||
// Stapling have the site itself proof that his certificate is good through the CA so apparently nothing is leaked in this case.
|
||||
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
|
||||
// Pref : Require a valid OCSP response for OCSP enabled certificates
|
||||
// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA
|
||||
// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses
|
||||
// [NOTE] `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable
|
||||
// [NOTE] `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal)
|
||||
user_pref("security.OCSP.require", true);
|
||||
// -------------------------------------
|
||||
// Pref : Enable OSCP (Online Certificate Status Protocol)
|
||||
// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
|
||||
// https://www.imperialviolet.org/2014/04/19/revchecking.html
|
||||
// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/
|
||||
// https://wiki.mozilla.org/CA:RevocationPlan
|
||||
// https://wiki.mozilla.org/CA:ImprovingRevocation
|
||||
// https://wiki.mozilla.org/CA:OCSP-HardFail
|
||||
// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html
|
||||
// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html
|
||||
// [NOTE] OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host
|
||||
// [NOTE] OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder
|
||||
// [NOTE] OCSP adds latency (performance)
|
||||
// [NOTE] Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10)
|
||||
// CIS Version 1.2.0 October 21st, 2011 2.2.4
|
||||
user_pref("security.OCSP.enabled", 0);
|
||||
user_pref("security.OCSP.require", false);
|
||||
// -------------------------------------
|
||||
// Pref : Enable OCSP Stapling support
|
||||
// Stapling have the site itself proof that his certificate is good through the CA so apparently nothing is leaked in this case.
|
||||
// https://en.wikipedia.org/wiki/OCSP_stapling
|
||||
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
|
||||
user_pref("security.ssl.enable_ocsp_stapling", true);
|
||||
// -------------------------------------
|
||||
// Pref : Disallow SHA-1
|
||||
|
@ -887,7 +899,7 @@ user_pref("browser.cache.disk.smart_size.enabled", false);
|
|||
user_pref("browser.cache.disk.smart_size.first_run", false);
|
||||
// -------------------------------------
|
||||
// Pref : Disable disk cache for SSL pages
|
||||
//http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
|
||||
// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
|
||||
user_pref("browser.cache.disk_cache_ssl", false);
|
||||
// -------------------------------------
|
||||
// Pref : Disable memory cache
|
||||
|
@ -948,7 +960,7 @@ user_pref("intl.locale.os", "en-US");
|
|||
// If set to empty, the OS locales are used. If not set at all, default locale is used
|
||||
user_pref("intl.locale.requested", "en-US");
|
||||
// -------------------------------------
|
||||
// Pref: Set language to match
|
||||
// Pref : Set language to match
|
||||
user_pref("intl.accept_languages", "en-US, en");
|
||||
// -------------------------------------
|
||||
// Pref : Use APP locale over OS locale in regional preferences
|
||||
|
@ -963,7 +975,7 @@ user_pref("intl.regional_prefs.use_os_locales", false);
|
|||
// [NOTE] Disabling fonts can uglify the web a fair bit.
|
||||
user_pref("browser.display.use_document_fonts", 0);
|
||||
// -------------------------------------
|
||||
// Pref: Set more legible default fonts
|
||||
// Pref : Set more legible default fonts
|
||||
// [NOTE] Example below for Windows/Western only
|
||||
// user_pref("font.name.serif.x-unicode", "Georgia");
|
||||
// user_pref("font.name.serif.x-western", "Georgia"); // [DEFAULT: Times New Roman]
|
||||
|
@ -972,33 +984,33 @@ user_pref("browser.display.use_document_fonts", 0);
|
|||
// user_pref("font.name.monospace.x-unicode", "Lucida Console");
|
||||
// user_pref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courier New]
|
||||
// -------------------------------------
|
||||
// Pref: Disable icon fonts (glyphs) and local fallback rendering
|
||||
// Pref : Disable icon fonts (glyphs) and local fallback rendering
|
||||
// https://bugzilla.mozilla.org/789788
|
||||
// https://trac.torproject.org/projects/tor/ticket/8455
|
||||
user_pref("gfx.downloadable_fonts.enabled", false);
|
||||
user_pref("gfx.downloadable_fonts.fallback_delay", -1);
|
||||
// -------------------------------------
|
||||
// Pref: Disable rendering of SVG OpenType fonts
|
||||
// Pref : Disable rendering of SVG OpenType fonts
|
||||
// https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this
|
||||
user_pref("gfx.font_rendering.opentype_svg.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref: Disable WOFF2 (Web Open Font Format)
|
||||
// Pref : Disable WOFF2 (Web Open Font Format)
|
||||
user_pref("gfx.downloadable_fonts.woff2.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref: Disable CSS Font Loading API
|
||||
// Pref : Disable CSS Font Loading API
|
||||
// [NOTE] Disabling fonts can uglify the web a fair bit.
|
||||
user_pref("layout.css.font-loading-api.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref: Disable special underline handling for a few fonts which you will probably never use
|
||||
// Pref : Disable special underline handling for a few fonts which you will probably never use
|
||||
// Any of these fonts on your system can be enumerated for fingerprinting.
|
||||
// http://kb.mozillazine.org/Font.blacklist.underline_offset
|
||||
user_pref("font.blacklist.underline_offset", "");
|
||||
// -------------------------------------
|
||||
// Pref: Disable graphite which turned back on by default
|
||||
// Pref : Disable graphite which turned back on by default
|
||||
// https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
|
||||
user_pref("gfx.font_rendering.graphite.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref: Limit system font exposure to a whitelist [RESTART]
|
||||
// Pref : Limit system font exposure to a whitelist [RESTART]
|
||||
// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
|
||||
// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. Eventually privacy.resistFingerprinting will cover this.
|
||||
// https://bugzilla.mozilla.org/1121643
|
||||
|
@ -1007,7 +1019,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
|
|||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Plugins
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref: Set default plugin state (i.e. new plugins on discovery) to never activate
|
||||
// Pref : Set default plugin state (i.e. new plugins on discovery) to never activate
|
||||
// 0=disabled, 1=ask to activate, 2=active - you can override individual plugins
|
||||
user_pref("plugin.default.state", 0);
|
||||
// -------------------------------------
|
||||
|
@ -1040,38 +1052,24 @@ user_pref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true]
|
|||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Blocklists / Safe Browsing / Tracking Protection
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// This section has security & tracking protection implications vs privacy concerns vs effectiveness vs 3rd party 'censorship'. If you disable Tracking Protection (TP) and/or Safe Browsing (SB), REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED.
|
||||
// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla
|
||||
// Updated at interval defined in extensions.blocklist.interval
|
||||
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 0);
|
||||
user_pref("extensions.blocklist.enabled", false);
|
||||
user_pref("extensions.blocklist.interval", 0);
|
||||
user_pref("extensions.blocklist.level", 0);
|
||||
user_pref("extensions.blocklist.pingCountTotal", 0);
|
||||
user_pref("extensions.blocklist.pingCountVersion", 0);
|
||||
user_pref("extensions.blocklist.url", "");
|
||||
user_pref("services.blocklist.addons.signer", ""); // [DEFAULT: remote-settings.content-signature.mozilla.org]
|
||||
user_pref("services.blocklist.bucket", "");
|
||||
user_pref("services.blocklist.plugins.signer", "");
|
||||
user_pref("services.blocklist.pinning.signer", ""); // [DEFAULT: pinning-preload.content-signature.mozilla.org]
|
||||
user_pref("services.blocklist.pinning.bucket", "");
|
||||
user_pref("services.blocklist.pinning.checked", 0);
|
||||
user_pref("services.blocklist.pinning.collection", "");
|
||||
user_pref("services.blocklist.pinning.enabled", false);
|
||||
user_pref("services.blocklist.plugins.checked", 0);
|
||||
user_pref("services.blocklist.plugins.collection", "");
|
||||
// https://wiki.mozilla.org/Blocklisting
|
||||
// https://blocked.cdn.mozilla.net/
|
||||
// http://kb.mozillazine.org/Extensions.blocklist.enabled
|
||||
// http://kb.mozillazine.org/Extensions.blocklist.url
|
||||
// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
|
||||
// Updated at interval defined in extensions.blocklist.interval (default: 86400)
|
||||
user_pref("extensions.blocklist.enabled", true);
|
||||
// -------------------------------------
|
||||
// Pref : Disable individual unwanted/unneeded parts of the Kinto blocklists
|
||||
// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications
|
||||
// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes
|
||||
user_pref("services.blocklist.onecrl.signer", ""); // [DEFAULT: onecrl.content-signature.mozilla.org]
|
||||
user_pref("services.blocklist.onecrl.checked", 0);
|
||||
user_pref("services.blocklist.onecrl.collection", "");
|
||||
user_pref("services.blocklist.addons.checked", 0);
|
||||
user_pref("services.blocklist.addons.collection", "");
|
||||
user_pref("services.blocklist.gfx.signer", ""); // [DEFAULT: remote-settings.content-signature.mozilla.org]
|
||||
user_pref("services.blocklist.gfx.checked", 0);
|
||||
user_pref("services.blocklist.gfx.collection", "");
|
||||
// Pref : Decrease system information leakage to Mozilla blocklist update servers
|
||||
// https://trac.torproject.org/projects/tor/ticket/16931
|
||||
// https://www.reddit.com/r/firefox/comments/9v5lue/firefox_tip_sanitize_firefox_blocklist_url_so_it/
|
||||
user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/"); // [URL SANITIZED]
|
||||
// -------------------------------------
|
||||
// Pref : Opt-out of add-on metadata updates
|
||||
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
|
||||
user_pref("extensions.getAddons.cache.enabled", false)
|
||||
user_pref("extensions.getAddons.search.browseURL", "");
|
||||
// -------------------------------------
|
||||
// Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents)
|
||||
user_pref("browser.safebrowsing.allowOverride", false);
|
||||
|
@ -1184,7 +1182,7 @@ user_pref("browser.cache.offline.capacity", 0);
|
|||
// https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/
|
||||
user_pref("browser.cache.offline.insecure.enable", false);
|
||||
// -------------------------------------
|
||||
// Pref: Display a notification bar when websites offer data for offline use
|
||||
// Pref : Display a notification bar when websites offer data for offline use
|
||||
// http://kb.mozillazine.org/Browser.offline-apps.notify
|
||||
user_pref("browser.offline-apps.notify", true); // [DEFAULT: true]
|
||||
// -------------------------------------
|
||||
|
@ -1308,15 +1306,18 @@ user_pref("dom.netinfo.enabled", false); // [DEFAULT: true]
|
|||
// https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
|
||||
// https://wiki.mozilla.org/HTML5_Speech_API
|
||||
user_pref("media.webspeech.synth.enabled", false); // [DEFAULT: false]
|
||||
user_pref("media.webspeech.synth_force_global_queue", false); // [DEFAULT: false]
|
||||
// -------------------------------------
|
||||
// Pref : Disable video statistics - JS performance fingerprinting
|
||||
// https://trac.torproject.org/projects/tor/ticket/15757
|
||||
// https://bugzilla.mozilla.org/654550
|
||||
user_pref("media.video_stats.enabled", false); // [DEFAULT: true]
|
||||
// -------------------------------------
|
||||
// Pref : Disable touch events
|
||||
// Fingerprinting attack vector - leaks screen res & actual screen coordinates
|
||||
// Pref : Force touch events enabled by default
|
||||
// Fingerprinting attack vector - leaks screen res & actual screen coordinates.
|
||||
// 0=disabled, 1=enabled, 2=autodetect
|
||||
// This pref is set to 2 by default, which results in the Touch API being exposed only when touch hardware is present. So we should either set it to "1" (enable) or "0" (disable) to ensure that JS code can't fingerprint the user's hardware.
|
||||
// [FENNEC - BUG] If disabled, unables you to copy or paste any text.
|
||||
// https://developer.mozilla.org/docs/Web/API/Touch_events
|
||||
// https://trac.torproject.org/projects/tor/ticket/10286
|
||||
user_pref("dom.w3c_touch_events.enabled", 1); // [DEFAULT: 2]
|
||||
|
@ -1379,4 +1380,5 @@ user_pref("browser.ui.zoom.force-user-scalable", true); // [DEFAULT: false]
|
|||
// https://bugzilla.mozilla.org/1502392
|
||||
// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5
|
||||
user_pref("browser.urlbar.autocomplete.enabled", false); // [DEFAULT: true]
|
||||
// -------------------------------------
|
||||
//
|
||||
//
|
||||
|
|
Loading…
Reference in New Issue