✅ Synced with Desktop version
⛔️ Disabled `PiP` (Picture-in-Picture) feature
⛔️ Disabled autoplay of HTML5 media if you interacted with the site | FF78
⛔️ Disabled using the OS's geolocation service | FF78
⛔️ Disabled one more webextension sync process | FF78
ℹ️ Grouped CBC ciphers
ℹ️ Modified some links, tag and descriptions
ℹ️ Moved some preferences from FF77+ into deprecated section (keeping them active for ESR68.x.x)
✅ Synced with Desktop version
✅ Added, but not enabled, https_only_mode.upgrade_local (still experimental) | FF77
✅ Enforced prefers-reduced-motion as no-preference
to local IP addresses are also upgraded)
⛔️ Disabled permissions manager from writing to disk
ℹ️ Modified some links, tag and descriptions
ℹ️ Moved some preferences from FF76+ into deprecated section (keeping them active for ESR68.x.x)
✅ Synced with Desktop version
✅ Enforced no system colors (they can be fingerprinted)
⛔️ Disabled lockwise app callout to the ETP card | FF75
⛔️ Disabled Remote Settings | FF75
⛔️ Disabled permissions delegation | FF73
ℹ️ Fixed a typo that didn't allow the correct deactivation of extensions.getAddons.cache.enabled pref
ℹ️ Added some links and descriptions
ℹ️ Moved some preferences from FF74+ into deprecated section (keeping them active for ESR68.x.x)
✅ Synced with Desktop version
✅ Enforced FPI (First Party Isolation) by allow communication only if FPDs also match
⛔️ Disabled experiments extensions (ex legacy) | FF74
⛔️ Disabled Network Predictor on SSL
⛔️ Disabled geo -country.network.scan and -country.network.url | FENIX
⛔️ Disabled the remaining non-modern cipher suites
ℹ️ Increased history leaks via enumeration (PER TAB: back/forward) from 3 to 4
ℹ️ Removed all the redundant buildIDs values. Let privacy.resistFingerprinting do the rest
ℹ️ Renamed using the OS's geolocation service pref | FF74
ℹ️ Created a dedicated section for FPI (First Party Isolation)
ℹ️ Added some links and descriptions
ℹ️ Moved some preferences from FF73+ into deprecated section (keeping them active for ESR68.x.x)
✅ Synced with Desktop version
✅ Synced all the buildIDs with Tor's ones
✅ Added a pref (commented by default) to "Enable start in Private Browsing mode"
⛔️ Disabled SSDP (Simple Service Discovery Protocol)
⛔️ Disabled all the in-browser feeds handling
⛔️ Disabled tickle time under wifi network (no more packets transmitted trought 4886 port over Wi-Fi)
⛔️ Disabled two more VR prefs | FF73
⛔️ Disabled browser animations
ℹ️ Reduced history leaks via enumeration (PER TAB: back/forward) from 20 to 3
ℹ️ Set to keep cookies until you close FF
ℹ️ Added some links and descriptions
ℹ️ Moved some preferences from FF72+ into deprecated section (keeping them active for ESR68.x)
✅ Synced with Desktop version
✅ Synced all the buildIDs with Tor's ones
✅ Added a pref (commented by default) to set the days before cookies are delated if you choose for:
network.cookie.lifetimePolicy = 3
⛔️ Disabled two more webgl prefs
⛔️ Disabled two more signon prefs
⛔️ Disabled one more extensions.blocklist pref
ℹ️ Commented extensions.lastAppBuildId pref because it's constantly overwritten
ℹ️ Added some links and descriptions
ℹ️ Moved some preferences from FF71+ into deprecated section (keeping them active for ESR68.x)
✅ Synced with Desktop version
✅ Synced all the buildIDs with Tor's ones
✅ Sanitized app.releaseNotesURL
⛔️ Disabled Firefox Developer Tools
⛔️ Disabled search suggestions prompt "blue" bar
⛔️ Disabled ping to Mozilla for Man-in-the-Middle detection
⛔️ Disabled deprecated TLS versions
⛔️ Disabled all the WebAssembly remaining prefs
⛔️ Disabled more telemetry | FF71+
ℹ️ Remove all the timeout prefs
ℹ️ Reordered and renamed some prefs with better criteria
ℹ️ Moved some preferences from FF70+ into deprecated section (keeping them active for ESR68.x)
✅ Synced with Desktop version
✅ Enabled (again) disk cache for SSL page - READ HERE
(https://github.com/ghacksuserjs/ghacks-user.js/issues/792)✅ Enforced fallback text encoding to match en-US
✅ Forced Encrypted Server Name Indication (eSNI) (for TLS 1.3 if TRR/DoH is enabled)
✅ Synced all the buildIDs with Tor's ones
ℹ️ Removed lots of [DESKTOP] tag to match the incoming Fenix
ℹ️ Reordered and renamed many prefs with better criteria
ℹ️ Changed repository name to mobile_user.js
ℹ️ Removed all the http:// links
ℹ️ Removed ESR60.x support
ℹ️ Moved some preferences from FF70+ into deprecated section (keeping them active for ESR68.x)
✅ Synced with Desktop version
✅ Synced all the buildIDs with Tor's ones
ℹ️ Moved some preferences from FF69+ into deprecated section (keeping them active for ESR60.x and ESR68.x)
ℹ️ Added new links for better descriptions
✅ Synced with Desktop version (missing prefs)
ℹ️ Updated author link, added mirrors
ℹ️ Moved lots of preferences from FF52-FF63 and newest ones from FF69+ into deprecated section (keeping them active for ESR60.x)
ℹ️ Fixed typos
✅ Created new section "Deprecated": moved inside it the already existing prefs and added some missing ones that have been removed, renamed or changed over time (these prefs remain active for ESR60.x versions)
ℹ️ Fixed some descriptions for a better explanation
✅ Defaulted to an empty value about DoH resolvers instead Cloudflare and co. (FF68)
⛔️ Disabled entirely add-on and certificate blocklists (OneCRL) from Mozilla
⛔️ Disabled more sync (FF68)
⛔️ Disabled more telemetry (FF68)
⛔️ Disabled recommendations in about:addons Extensions and Themes panes (FF68)
⛔️ Disabled report extension option in about:addons (FF68)
⛔️ Decreased more system information leakage to Mozilla addons update servers
⛔️ Disabled the Enterprise Roots preference (FF68)
⛔️ Disabled access to navigator.mediaDevices features on HTTP web pages (FF68)
⛔️ Disabled FF Remote Agent (FF68)
⛔️ Disabled more VR features (FF68)
ℹ️ Fixed some typo
ℹ️ Fixed FF doesen't save theme selected by user
ℹ️ Removed "Defaulting Proxy settings" because the two values I entered are the same of default now
✅ Masked more builID in according to TBB
✅ reEnabled reader mode
⛔️ Disabled new cryptomining and fingerprinting trackingprotection
⛔️ Disabled javascript Ion, baseline JIT and RegExp to help harden JS against exploits (disabled in TBB, performance loss??) [need test]
ℹ️ Added some descriptions
✅ Imported (even if inactive) same prefs of desktop
✅ Added some descriptions
⛔️ Disabled useragent updates and site specific overrides
⛔️ Disabled OCSP (again..)
⛔️ Disabled Reader mode (less RAM consumption..just a bit) [useless?]
ℹ️ Sorted lot of prefs
✅ Fully synced with gHacks and pyllukko user.js
✅ Reviewed and added all the "HIDDEN PREFS" from gHacks and pyllyukko
✅ Reordered some prefs and fixed some text descriptions
✅ Enabled only whitelisted URL protocol handlers
✅ Enabled CSP 1.1 script-nonce directive support
✅ Enabled OCSP Must-Staple support
✅ Enabled Subresource Integrity by default
✅ Enabled GCM, ECDHE and key size > 128bits, ChaCha20 and Poly1305 ciphers
✅ reEnabled ssl3.rsa_aes_128/256_sha due compatibility reasons
✅ Enforce US English locale regardless of the system locale (hidden pref)
✅ Enforced websites to ask to store data for offline use
⛔️ Disabled SSDP (Simple Service Discovery Protocol)
⛔️ Disable auto updating of lightweight themes [FENNEC]
⛔️ Romeved some unused prefs
⛔️ Disabled page thumbnail collection
⛔️ Disabled automatic send selection to clipboard (autocopy)
⛔️Disabled middle mouse click paste (useless on android)
⛔️ Disabled clipboard commands (cut/copy) from "non-privileged" content
⛔️ Disabled WebAssembly
⛔️ Disabled DNS prefetching from HTTPS too
⛔️ Disable SSL session tracking by default
⛔️ Disabled GIO as a potential proxy bypass vector
⛔️ Disabled one more GeoIP lookup on your address (hidden pref)
⛔️ Rejected .onion hostnames before passing the to DNS
ℹ️ Set to "2" bookmarks backups in case of system crash
ℹ️ Removed Set browser, os and app locale prefs (figure out that are useless)
ℹ️ Set how often in minutes Firefox should ask for the master password = 1
ℹ️ Set "Delete Search and Form History" from "180" days to "0"
✅ reEnabled download and share images
✅ Enabled HSTS preload list
⛔️ Disabled Telemetry Coverage (hidden pref, I'm not sure that it is also present in fennec but for safety I added it)
⛔️ Set max popups from a single non-click event from 2 to 0 (default 20)
⛔️ Removed limits of the amount of entries in your DNS cache
⛔️ Disabled navigator.registerProtocolHandler (can no longer be used on insecure sites)
(thanks to https://github.com/v1nc for these suggestions)
✅ Enabled addons autoupdate (need tests)
✅ Sanitized FFox blocklist URL (so it won't send identifiable information)
✅ Enforced the proxy server to do any DNS lookups when using SOCKS
✅ Added some descriptions into OCSP section
✅ Enabled require a valid OCSP
✅ Added OrangeManBad in credits
✅ Sorted and fixed some prefs response for OCSP enabled certificates
⛔️ Disabled more webspeech prefs
⛔️ Disabled some more webgl prefs
✅ Added dividing lines for each prefs to make it easier to read.
✅ Sorted rules
✅ General text optimization
✅ Added MIT license
no prefs has been added or modified in this update. I prefer to isolate it from future changes as it would be difficult and uncomfortable to find what has changed due to the addition of all the divisors.
✅ reEnabled touch(screen) events [set to 1(enabled) instead 2(autodetect)]
✅ Added a dedicated rule in about:config to test user.js
✅ Removed some duplicated and incorrect rules
✅ Started to refine timeout parameters "1" to "-1"
⛔️ Blocked more unwanted connections [FENNEC]
⛔️ Disabled more feedback
✅ Sorted lot of rules and sections
✅ Adjusted credits (added pyllyukko)
✅ Control TLS versions with min (1.2) and max (1.3)
✅ Added some descriptions
✅ Enebled warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
✅ Set control "Add Security Exception" dialog on SSL warnings to "pre-populate url" only
✅ Enabled display advanced information on Insecure Connection warning pages
⛔️ Disabled old SSL/TLS "insecure" renegotiation
⛔️ Disabled SSL Error Reporting
⛔️ Disabled TLS1.3 0-RTT (round-trip time)
⛔️ Disallowed SHA-1
⛔️ Disabled Family Safety cert
⛔️ Disabled 3DES, 128 bits, DHE (Diffie-Hellman Key Exchange), and the remaining non-modern cipher suites
⛔️ Disabled resource timing API
⛔️ Disabled sensor API
⛔️ Disabled gamepad API (USB device ID enumeration)
⛔️ Disabled "dom.netinfo" (giving away network info)
⛔️ Disabled video statistics (JS performance fingerprinting)
⛔️ Disabled touch(screen) events
⛔️ Disabled MediaDevices change detection
⛔️ Disabled WebGL debug info being available to websites
⛔️ Disabled PointerEvents
✅ Sorted a lot of rules and fixed some parameters
✅ Enabled window.opener protection
⛔️ Disabled Service Workers
⛔️ Disabled Web Notifications
⛔️ Disabled Push Notifications
⛔️ Disabled "Confirm you want to leave" dialog on page close
⛔️ Disabled asm.js
⛔️ Disabled Intersection Observer API
✅ Sorted a lot of rules and refined various parameters
✅ Set max popups from a single non-click event (from 3 to 2)
⛔️ Disabled Network Connectivity checks
⛔️ Disable Web Compatibility Reporter
⛔️ Prevent websites from disabling new window features
⛔️ Blocked popup windows during load
⛔️ Limited events that can cause a popup
✅ reEnabled datatime picker
✅ reEnabled top search bar to using words instead url only
⛔️ Limited more info sended and disabled more unwanted connection
⛔️ Disabled completely snippets [FENNEC]
✅ Credits adjusted
✅ Sorted some rules and added some descriptions
✅ Set Browser locale (fennec exclusive)
✅ Added Headers/Referers section to limit sended info
⛔️ Disabled search suggestions / forms / limited history contents and more..
Narsil
quindecim
quindecim
dimqua