Commit Graph

125 Commits

Author SHA1 Message Date
quindecim b2153d81ca Update 'user.js'
️ Disabled one missing sync pref from FF68 update
️ Disabled few missing extension recommendations/report prefs from FF68 update
ℹ️ Fixed author's links in credits
ℹ️ Duplicated removed
2019-07-15 12:37:50 +03:00
quindecim 84fd992784 Update 'user.js'
 Defaulted to an empty value about DoH resolvers instead Cloudflare and co. (FF68)
️ Disabled entirely add-on and certificate blocklists (OneCRL) from Mozilla
️ Disabled more sync (FF68)
️ Disabled more telemetry (FF68)
️ Disabled recommendations in about:addons Extensions and Themes panes (FF68)
️ Disabled report extension option in about:addons (FF68)
️ Decreased more system information leakage to Mozilla addons update servers
️ Disabled the Enterprise Roots preference (FF68)
️ Disabled access to navigator.mediaDevices features on HTTP web pages (FF68)
️ Disabled FF Remote Agent (FF68)
️ Disabled more VR features (FF68)
ℹ️ Fixed some typo
ℹ️ Fixed FF doesen't save theme selected by user
ℹ️ Removed "Defaulting Proxy settings" because the two values I entered are the same of default now
2019-07-08 12:27:28 +03:00
quindecim ae0d8b182f Update 'user.js'
️ Disabled more sync prefs
️ Disabled warnings by entering full screen mode
️ Disabled missing prefs in already disabled pref
️ Disabled completly Virtual Reality feauture
ℹ️ Sorted some prefs
ℹ️ Synced desktop prefs (even missing ones)
2019-06-23 20:24:52 +03:00
quindecim cf686dafca
Update user.js
 reEnabled javascript baseline JIT  (ADDONS BUG)
 Added missing prefs in already existing prefs
️ Disabled more telemetry
️ Disabled FF Recommended Extensions suggestions (FF68+)
️ Disabled more webGL (FF68+)
ℹ️ Synced with Desktop (also missing prefs)
2019-06-06 16:32:41 +00:00
quindecim 848dfe1385
Update user.js
 Masked more builID in according to TBB
 reEnabled reader mode
️ Disabled new cryptomining and fingerprinting trackingprotection
️ Disabled javascript Ion, baseline JIT and RegExp to help harden JS against exploits (disabled in TBB, performance loss??) [need test]
ℹ️ Added some descriptions
2019-05-28 09:00:22 +00:00
quindecim e6c5ccde7c
Update user.js
 Same of Desktop (even missing ones)
2019-05-25 16:45:03 +00:00
quindecim 66f36a526c
Update user.js
 Imported (even if inactive) same prefs of desktop
️ Disabled all sensors
2019-05-24 19:15:59 +00:00
quindecim 39be449ddf
Update user.js
 Imported (even if inactive) same prefs of desktop
 Added some descriptions
️ Disabled useragent updates and site specific overrides
️ Disabled OCSP (again..)
️ Disabled Reader mode (less RAM consumption..just a bit) [useless?]
ℹ️ Sorted lot of prefs
2019-05-21 19:53:35 +00:00
quindecim 1be2cda14b
Update user.js
 Imported (even if inactive) same prefs of desktop

️ Disabled reveal buildID

ℹ️ Changed `#test` line. from `user.js.applied` to `_config.applied`
ℹ️ Set history leaks via enumeration (PER TAB: back/forward) from `8` to `20`
ℹ️ Added UI section 



DESKTOP

 Enabled app from auto-update (DESKTOP ONLY)
 Locked "close tab with dbclick" function (DESKTOP ONLY)
 Added "PROTECTION" section to lock mozilla.cfg file itself (DESKTOP ONLY)

️ Locked reveal buildID
️ Locked more activity stream contents
️ Locked Browser Error Reporter
️ Locked contentblocking reportBreakage
️ Locked Onboarding + tour
️ Locked check default browser on first run
️ Locked more unwanted connections
️ Locked browser translate integration
️ Locked raw TCP socket support (mozTCPSocket)
️ Locked more UI tours
️ Locked more safebrowsing connections
️ Locked more Normandy/SHIELD
️ Defaulted browser animations (DESKTOP ONLY)
️ Defaulted autohide download button (DESKTOP ONLY)
️ Locked and hidden third-party cookie and tracking protection UI (DESKTOP ONLY)

ℹ️ Changed `#test` line. from `user.js.applied` to `_config.applied`
ℹ️ Set history leaks via enumeration (PER TAB: back/forward) from 8 to 20
ℹ️ Added UI section
2019-05-16 09:59:26 +00:00
quindecim 5f1424fdbe
Update user.js
 Fixed credits section and added CHEF-KOCH
 Added some descriptions 
 Sanitized URL to update user addons
 reEnabled OCSP
 Enabled  display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP)
 Enabled insecure password warnings (DESKTOP)
 reEnabled icon font (for better user experience)
 Enabled Auto Notification of Outdated Plugins (DESKTOP)
 reEnabled cache storage
 Enabled Firefox to clear items on shutdown (DESKTOP)
 Enabled ResistFingerprint letterboxing (DESKTOP)
 Enabled middle-click mouse enabling auto-scrolling (DESKTOP)
ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP)

️ Disabled default browser check (DESKTOP)
️ Disabled extension recommendations (DESKTOP)
️ Disabled various Activity Stream content (DESKTOP)
️ Disabled new tab tile ads & preload (DESKTOP)
️ Disabled more telemetry (DESKTOP)
️ Disabled Telemetry Coverage (DESKTOP)
️ Disabled health report (DESKTOP)
️ Disabled Crash Reports (DESKTOP)
️ Disabled Opt-out of themes updates (DESKTOP)
️ Disabled Studies and SHIELD (DESKTOP)
️ Disabled Heartbeat (DESKTOP)
️ Disabled about:addons Get Add-ons panel (DESKTOP)
️ Disabled Firefox Hello metrics collection (DESKTOP)
️ Blocked more unwanted connections
️ Disabled Webextensions sync (DESKTOP)
️ Disabled WebIDE and ADB extension download (DESKTOP)
️ Disabled Pocket (DESKTOP)
️ Disabled built-in PDF reader (DESKTOP)
️ Disabled exposure of system colors to CSS or canvas (DESKTOP)
️ Disabled Scripting of Plugins by JavaScript (DESKTOP)
️ Disabled JAR from opening Unsafe File Types (DESKTOP)
️ Disabled displaying Javascript in History URLs (DESKTOP)
️ Locked web content in file processes (DESKTOP)
️ Masked build ID (DESKTOP)
️ Disabled Archive API (DESKTOP)
️ Disabled screensharing (DESKTOP)
️ Disabled face detection (DESKTOP)
️ Disabled completely autoplay
️ Disabled Windows jumplist (WINDOWS)
️ Disabled Windows taskbar preview (WINDOWS)
️ Disabled UITour backend (DESKTOP)
️ Disabled location bar making speculative connections (DESKTOP)
️ Disabled location bar suggesting "preloaded" top websites (DESKTOP)
️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP)
️ Disabled HTTP Alternative Services (DESKTOP)
️ Disallowed NTLMv1 (DESKTOP)
️ Disabled more chipers (DESKTOP)
️ Disabled favicons in shortcuts (DESKTOP)
️ Disabled automatic Firefox start and session restore after reboot (DESKTOP)
️ Disabled using the OS's geolocation service (DESKTOP)
️ Disabled logging geolocation to the console (DESKTOP)
️ Disabled widevine CDM (DESKTOP)
️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP)
️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP)
️ Disabled PingCentre telemetry (DESKTOP)
️ Disabled System Add-on updates
️ Disabled Experiments (DESKTOP)
️ Disabled Mozilla permission to silently opt you into tests (DESKTOP)
️ Disabled Normandy/Shield (DESKTOP)
️ Disabled Form Autofill (DESKTOP)
️ Disabled mozAddonManager Web API (DESKTOP)
️ Disabled network API
️ Disabled inline autocomplete in URL bar (DESKTOP)

ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP)
ℹ️ Set new tab page "about:blank" (DESKTOP)
2019-05-14 07:29:30 +00:00
quindecim d359a60df8
Update user.js 2019-05-10 20:50:17 +00:00
dimqua 1c71655709 Remove duplicates 2019-05-08 01:44:03 +03:00
quindecim fea114e16a
Update user.js
 Fully synced with gHacks and pyllukko user.js
 Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko
 Reordered some prefs and fixed some text descriptions
 Enabled only whitelisted URL protocol handlers
 Enabled CSP 1.1 script-nonce directive support
 Enabled OCSP Must-Staple support
 Enabled Subresource Integrity by default
 Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers
 reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons
 Enforce US English locale regardless of the system locale (hidden pref)
 Enforced websites to ask to store data for offline use

️ Disabled SSDP (Simple Service Discovery Protocol)
️ Disable auto updating of lightweight themes [FENNEC]
️ Romeved some unused prefs
️ Disabled page thumbnail collection
️ Disabled automatic send selection to clipboard (autocopy)
️Disabled middle mouse click paste (useless on android)
️ Disabled clipboard commands (cut/copy) from "non-privileged" content
️ Disabled WebAssembly
️ Disabled DNS prefetching from HTTPS too
️ Disable SSL session tracking by default
️ Disabled GIO as a potential proxy bypass vector
️ Disabled one more GeoIP lookup on your address (hidden pref)
️ Rejected .onion hostnames before passing the to DNS

ℹ️ Set to "2" bookmarks backups in case of system crash
ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless)
ℹ️ Set how often in minutes Firefox should ask for the master password = 1
ℹ️ Set "Delete Search and Form History" from "180" days to "0"
2019-05-07 08:26:05 +00:00
quindecim 8cd60245ec
Update user.js
 reEnabled download and share images
 Enabled HSTS preload list
️ Disabled Telemetry Coverage (hidden pref, I'm not sure that it is also present in fennec but for safety I added it)
️ Set max popups from a single non-click event from 2 to 0 (default 20) 
️ Removed limits of the amount of entries in your DNS cache
️ Disabled navigator.registerProtocolHandler (can no longer be used on insecure sites)

 (thanks to https://github.com/v1nc for these suggestions)
2019-05-06 07:59:33 +00:00
quindecim faac2e2858
Update user.js
 Enabled addons autoupdate (need tests)
 Sanitized FFox blocklist URL (so it won't send identifiable information)
 Enforced the proxy server to do any DNS lookups when using SOCKS
 Added some descriptions into OCSP section
 Enabled require a valid OCSP
 Added OrangeManBad in credits
 Sorted and fixed some prefs response for OCSP enabled certificates
️ Disabled more webspeech prefs
️ Disabled some more webgl prefs
2019-05-04 17:30:35 +00:00
quindecim 61386840c9
Update user.js
 Added dividing lines for each prefs to make it easier to read.
 Sorted rules
 General text optimization
 Added MIT license

no prefs has been added or modified in this update. I prefer to isolate it from future changes as it would be difficult and uncomfortable to find what has changed due to the addition of all the divisors.
2019-05-02 09:06:56 +00:00
quindecim f72caeb4e2
Update user.js
 Sorted some prefs
 Added new section: "Personal", with some personal prefs
 Removed some incorrect prefs
 Refined all timeout parameters "1" to "-1"
 Enabled "Always enable zoom" feature by default
️ Disabled In-Browser Feed Handling
️ Disable more unwanted connections [FENNEC]
️ Disabled widevine CDM (Content Decryption Module)
️ Disabled location bar autocomplete
2019-05-01 09:22:54 +00:00
quindecim cda2ae9c2e
Update user.js
 reEnabled touch(screen) events [set to 1(enabled) instead 2(autodetect)]
 Added a dedicated rule in about:config to test user.js
 Removed some duplicated and incorrect rules
 Started to refine timeout parameters "1" to "-1"
️ Blocked more unwanted connections [FENNEC]
️ Disabled more feedback
2019-04-30 18:29:58 +02:00
quindecim 96da182e37
Update user.js
 Sorted lot of rules and sections
 Adjusted credits (added pyllyukko)
 Control TLS versions with min (1.2) and max (1.3)
 Added some descriptions
 Enebled warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
 Set control "Add Security Exception" dialog on SSL warnings to "pre-populate url" only
 Enabled display advanced information on Insecure Connection warning pages
️ Disabled old SSL/TLS "insecure" renegotiation
️ Disabled SSL Error Reporting
️ Disabled TLS1.3 0-RTT (round-trip time)
️ Disallowed SHA-1
️ Disabled Family Safety cert
️ Disabled 3DES, 128 bits, DHE (Diffie-Hellman Key Exchange), and the remaining non-modern cipher suites
️ Disabled resource timing API
️ Disabled sensor API
️ Disabled gamepad API (USB device ID enumeration)
️ Disabled "dom.netinfo" (giving away network info)
️ Disabled video statistics (JS performance fingerprinting)
️ Disabled touch(screen) events
️ Disabled MediaDevices change detection
️ Disabled WebGL debug info being available to websites
️ Disabled PointerEvents
2019-04-28 23:52:16 +00:00
quindecim 8ad625e231
Update user.js
 Sorted a lot of rules and fixed some parameters
 Enabled window.opener protection
️ Disabled Service Workers
️ Disabled Web Notifications
️ Disabled Push Notifications
️ Disabled "Confirm you want to leave" dialog on page close
️ Disabled asm.js
️ Disabled Intersection Observer API
2019-04-27 17:36:54 +00:00
quindecim c37fe0699b
[HOTFIX] Update user.js
 Fixed typing error
2019-04-27 09:34:46 +00:00
quindecim f396d8e581
Update user.js
 Sorted a lot of rules and refined various parameters
 Set max popups from a single non-click event (from 3 to 2)
️ Disabled Network Connectivity checks
️ Disable Web Compatibility Reporter
️ Prevent websites from disabling new window features
️ Blocked popup windows during load
️ Limited events that can cause a popup
2019-04-27 09:27:34 +00:00
quindecim 9ee52dfa2e
Update user.js
 reEnabled datatime picker
 reEnabled top search bar to using words instead url only
️ Limited more info sended and disabled more unwanted connection
️ Disabled completely snippets [FENNEC]
2019-04-26 00:08:12 +00:00
quindecim a09b3c5d90
Update user.js
 Credits adjusted
 Sorted some rules and added some descriptions
 Set Browser locale (fennec exclusive)
 Added Headers/Referers section to limit sended info
️ Disabled search suggestions / forms / limited history contents and more..
2019-04-25 16:58:17 +00:00
quindecim 130b27e17a added the base file
the project was born on telegram, and there were published the first changelogs from creation. 
@fennec_fdroid
2019-04-24 23:38:24 +00:00