Compare commits

..

No commits in common. "master" and "master" have entirely different histories.

4 changed files with 68 additions and 1223 deletions

View File

@ -15,25 +15,15 @@ user.js file for configuring and hardening Pale Moon privacy and security.-
This user.js is mainly based on arkenfox project (56 and recent version).
On the other hand, it avoids all the automatic connections even though security could be reduced slightly (according to Spyware Watchdog website) For instance, OSCP is a privacy breach. Nevertheless, it is also a security feature.
On the other hand, it tries to avoid all the automatic connections even though security could be reduced slightly (according to Spyware Watchdog website) For instance, OSCP is a privacy breach. Nevertheless, it is also a security feature.
It has also some changes in order to improve fingerprinting like canvas.poisondata and others.
Finally, it tries to resemble Firefox ESR version (useragent, buildID, platform and so on)
## Known problems
`Some breakage?`
Try changing "network.http.referer.XOriginPolicy" from 2 to 1
## Thanks:
* [Arkenfox user.js](https://github.com/arkenfox/user.js)
* [Pale Moon Browser Spyware Mitigation Guide](https://spyware.neocities.org/guides/palemoon.html)
* [Web browser](https://git.nuegia.net/webbrowser.git)
* [Pale Moon Release Notes](https://www.palemoon.org/releasenotes.shtml)
## License
@ -44,4 +34,4 @@ See `LICENSE` for more details.
## Other mirrors
https://codeberg.org/Narsil/user.js/src/branch/main/palemoon
https://gitlab.com/Jorgu81/user.js/tree/master/Pale%20Moon

View File

@ -1,10 +0,0 @@
## user.js for Pale Moon.
For testing purposes only. Inspired in [Web Browser](https://git.nuegia.net/webbrowser.git/) mitigations.
## Differences
* No Javascript
* No UserAgent
* No buildID, appname, appversion, platform nor oscpu

File diff suppressed because it is too large Load Diff

143
user.js
View File

@ -1,29 +1,33 @@
// **********************************************************************************
// user.js | Pale Moon
// https://git.nixnet.services/Narsil/palemoon_user.js
// **********************************************************************************
//
// Author : Narsil : https://git.nixnet.services/Narsil
// **********************************************************************************
// user.js | Pale Moon *
// *
// https://git.nixnet.xyz/Narsil/palemoon_user.js *
// *********************************************************************************/
//
// Author : Narsil : https://git.nixnet.xyz/Narsil
//
//
//
// Based on : arkenfox : https://github.com/arkenfox/user.js
//
// License : https://git.nixnet.services/Narsil/palemoon_user.js/raw/branch/master/LICENSE
//
// License : https://git.nixnet.xyz/Narsil/desktop_user.js/raw/branch/master/LICENSE
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// STARTUP
// >>>>>>>>>>>>>>>>>>>>>
// Disable about:config warning
user_pref("general.warnOnAboutConfig", false);
// -------------------------------------
//-------------------------------------
// Disable about:networking warning
user_pref("network.warnOnAboutNetworking", false);
// -------------------------------------
//-------------------------------------
// Disable default browser check
user_pref("browser.shell.checkDefaultBrowser", false);
user_pref("browser.shell.skipDefaultBrowserCheckOnFirstRun", true);
// -------------------------------------
// Set START page
// 0=blank, 1=home, 2=last visited page, 3=resume previous session
// Set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session)
user_pref("browser.startup.page", 0);
// -------------------------------------
// Set HOME+NEWWINDOW page
@ -52,15 +56,8 @@ user_pref("browser.newtabpage.add_to_session_history", false);
// Hide tabs (only one in use)
// user_pref("browser.tabs.autoHide", true);
// -------------------------------------
// Control listed history entries in the menu
// user_pref("browser.history.menuMaxResults", 0); // [HIDDEN PREF]
// -------------------------------------
// Tabs on top
// user_pref(“browser.tabs.onTop", true);
// -------------------------------------
// Control whether the tab page title is included in the window title
user_pref("privacy.exposeContentTitleInWindow", false);
user_pref("privacy.exposeContentTitleInWindow.pbm", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// GEOLOCATION
@ -140,7 +137,7 @@ user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.server", "");
// -------------------------------------
// Disable Pale Moon permission to silently opt you into tests
// Disable Mozilla permission to silently opt you into tests
user_pref("network.allow-experiments", false);
// -------------------------------------
// Disable Captive Portal detection
@ -154,18 +151,12 @@ user_pref("browser.feedback.url", "");
// Disable auto updating of personas (themes)
user_pref("lightweightThemes.update.enabled", false);
// -------------------------------------
// Disable Tracking Protection in all windows
user_pref("privacy.trackingprotection.pbmode.enabled", false);
user_pref("privacy.trackingprotection.enabled", false);
// -------------------------------------
// Disable detailed error reporting of media errors for debugging purposes
user_pref("media.sourceErrorDetails.enabled", false);
// -------------------------------------
// Disable handler urls
user_pref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
user_pref("gecko.handlerService.schemes.mailto.0.name", "");
user_pref("gecko.handlerService.schemes.mailto.1.uriTemplate", "");
user_pref("gecko.handlerService.schemes.mailto.1.name", "");
user_pref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
user_pref("gecko.handlerService.schemes.irc.0.name", "");
user_pref("gecko.handlerService.schemes.ircs.0.uriTemplate", "");
user_pref("gecko.handlerService.schemes.ircs.0.name", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on]
@ -175,16 +166,18 @@ user_pref("network.prefetch-next", false);
// -------------------------------------
// Disable DNS prefetching
user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF]
// -------------------------------------
// Disable predictor / prefetching
user_pref("network.predictor.enabled", false);
// user_pref("network.predictor.enable-prefetch", false);
user_pref("network.predictor.enable-prefetch", false);
// -------------------------------------
// Disable link-mouseover opening connection to linked server
user_pref("network.http.speculative-parallel-limit", 0);
// -------------------------------------
// Enforce no "Hyperlink Auditing" (click ng)
// user_pref("browser.send_pings", false);
user_pref("browser.send_pings", false);
user_pref("browser.send_pings.require_same_host", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// HTTP* / TCP/IP / DNS / PROXY / SOCKS etc
@ -245,7 +238,7 @@ user_pref("browser.formfill.enable", false);
user_pref("browser.formfill.saveHttpsForms", false);
// -------------------------------------
// Disable browsing and download history
// user_pref("places.history.enabled", false);
user_pref("places.history.enabled", false);
// -------------------------------------
// Enable immediately showing the edit dialog for new bookmarks
// user_pref("browser.bookmarks.editDialog.showForNewBookmarks", true);
@ -365,6 +358,15 @@ user_pref("security.ssl.require_safe_negotiation", true);
// -------------------------------------
// Disable SSL session tracking
user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
// -------------------------------------
// Block rc4 fallback
user_pref("security.tls.unrestricted_rc4_fallback", false);
// -------------------------------------
// Disable TLS1.3 0-RTT (round-trip time)
user_pref("security.tls.enable_0rtt_data", false);
// -------------------------------------
// Disable TLS 1.3 draft support
// user_pref("security.tls.version.max", 4);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// OCSP (Online Certificate Status Protocol)
@ -388,7 +390,6 @@ user_pref("security.pki.sha1_enforcement_level", 0);
// -------------------------------------
// Disable Windows 8.1's Microsoft Family Safety cert
user_pref("security.family_safety.mode", 0);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// MIXED CONTENT
// >>>>>>>>>>>>>>>>>>>>>
@ -413,8 +414,6 @@ user_pref("security.mixed_content.block_display_content", true);
// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
// user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
//
@ -476,8 +475,8 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
// Disable spoofing a referer
// user_pref("network.http.referer.spoofSource", false);
// -------------------------------------
// Disable Global Privacy Control feature
user_pref("privacy.GPCheader.enabled", false);
// Enable the DNT (Do Not Track) HTTP header
user_pref("privacy.donottrackheader.enabled", false);
// -------------------------------------
// Block authentication-locked cross-origin image subresources by default to prevent spurious auth prompts
// user_pref("network.auth.subresource-http-img-XO-auth", true);
@ -488,6 +487,9 @@ user_pref("privacy.GPCheader.enabled", false);
// Set default plugin state (i.e. new plugins on discovery) to never activate
user_pref("plugin.default.state", 0);
// -------------------------------------
// Disable widevine CDM (Content Decryption Module)
user_pref("media.gmp-manager.url", "");
// -------------------------------------
// Enable click to play and set to 0 minutes
user_pref("plugins.click_to_play", true);
user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0);
@ -501,6 +503,9 @@ user_pref("media.gmp-manager.url", ""); // [HIDDEN PREF]
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// MEDIA / CAMERA / MIC
// >>>>>>>>>>>>>>>>>>>>>
// Disable WebRTC (Web Real-Time Communication)
user_pref("media.peerconnection.enabled", false);
// -------------------------------------
// Disable camera stuff
user_pref("camera.control.face_detection.enabled", false);
// -------------------------------------
@ -527,6 +532,7 @@ user_pref("webgl.disabled", true);
user_pref("webgl.enable-webgl2", false);
// -------------------------------------
// Limit WebGL
// user_pref("webgl.min_capability_mode", true);
user_pref("webgl.disable-extensions", true);
user_pref("webgl.disable-fail-if-major-performance-caveat", true);
// -------------------------------------
@ -611,7 +617,7 @@ user_pref("dom.event.clipboardevents.enabled", false);
// Set max popups from a single non-click event - default is 20!
user_pref("dom.popup_maximum", 3);
// -------------------------------------
// Disable idle observation
// Disable idle observation ***/
user_pref("dom.idle-observers-api.enabled", false);
// -------------------------------------
// Disable Intersection Observer API
@ -629,7 +635,6 @@ user_pref("javascript.options.asmjs", false);
// Disable Ion and baseline JIT to harden against JS exploits
// user_pref("javascript.options.ion", false);
// user_pref("javascript.options.baselinejit", false);
// user_pref("javascript.options.native_regexp", false);
// -------------------------------------
// Disable WebAssembly
user_pref("javascript.options.wasm", false);
@ -655,7 +660,6 @@ user_pref("dom.keyboardevent.code.enabled", false);
// -------------------------------------
// Randomize Canvas
user_pref("canvas.poisondata", true);
user_pref("canvas.poisondata.interval", 60);
// -------------------------------------
// Disable Presentation API
// user_pref("dom.presentation.enabled", false);
@ -684,12 +688,12 @@ user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
user_pref("devtools.chrome.enabled", false);
// -------------------------------------
// Disable MathML (Mathematical Markup Language)
user_pref("mathml.disabled", true);
// user_pref("mathml.disabled", true);
// -------------------------------------
// Disable middle mouse click opening links from clipboard
user_pref("middlemouse.contentLoadURL", false);
// -------------------------------------
// Remove special permissions for certain domains
// Remove special permissions for certain mozilla domains
user_pref("permissions.manager.defaultsUrl", "");
// -------------------------------------
// Enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
@ -733,11 +737,6 @@ user_pref("browser.download.hide_plugins_without_extensions", false);
// Enforce CSP (Content Security Policy)
user_pref("security.csp.enable", true);
// -------------------------------------
// Disable CSP reports
user_pref("security.csp.speccompliant", false);
user_pref("security.signed_content.CSP.default", "");
user_pref("security.csp.reporting.enabled", false);
// -------------------------------------
// Disable JAR from opening Unsafe File Types
user_pref("network.jar.open-unsafe-types", false);
// -------------------------------------
@ -844,15 +843,15 @@ user_pref("privacy.clearOnShutdown.siteSettings", true);
// -------------------------------------
// Reset default items to clear with Ctrl-Shift-Del
user_pref("privacy.cpd.cache", true);
user_pref("privacy.cpd.connectivityData", true);
user_pref("privacy.cpd.cookies", true);
user_pref("privacy.cpd.connectivityData", false);
user_pref("privacy.cpd.cookies", false);
user_pref("privacy.cpd.downloads", true);
user_pref("privacy.cpd.formdata", true);
user_pref("privacy.cpd.history", true);
user_pref("privacy.cpd.offlineApps", true);
user_pref("privacy.cpd.passwords", true);
user_pref("privacy.cpd.offlineApps", false);
user_pref("privacy.cpd.passwords", false);
user_pref("privacy.cpd.sessions", true);
user_pref("privacy.cpd.siteSettings", true);
user_pref("privacy.cpd.siteSettings", false);
// -------------------------------------
// Reset default 'Time range to clear' for 'Clear Recent History'
user_pref("privacy.sanitize.timeSpan", 0);
@ -863,15 +862,14 @@ user_pref("dom.disable_beforeunload", true);
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// RFP ALTERNATIVES
// >>>>>>>>>>>>>>>>>>>>>
// Spoof number of CPU cores
user_pref("dom.maxHardwareConcurrency", 2);
// Spoof (or limit?) number of CPU cores
// user_pref("dom.maxHardwareConcurrency", 4);
// -------------------------------------
// Disable resource/navigation timing
user_pref("dom.enable_resource_timing", false);
user_pref("dom.enable_performance_navigation_timing", false);
// -------------------------------------
// Disable timing attacks
// user_pref("dom.enable_performance", false);
user_pref("dom.enable_performance", false);
// -------------------------------------
// Disable device sensor API
user_pref("device.sensors.enabled", false);
@ -903,18 +901,17 @@ user_pref("dom.w3c_pointer_events.enabled", false);
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// RFP ALTERNATIVES (NAVIGATOR / USER AGENT SPOOFING)
// >>>>>>>>>>>>>>>>>>>>>
// Navigator DOM object overrides. Using Tor browser values.
user_pref("general.buildID.override", "20181001000000"); // (HIDDEN PREF)
user_pref("browser.startup.homepage_override.buildID", "20100101"); // (HIDDEN PREF)
user_pref("network.http.useragent.global_override", "Mozilla/5.0 (X11; Linux x86_64; rv:115.0) Gecko/20100101 Firefox/115.0"); // (HIDDEN PREF)
user_pref("general.appname.override", "Netscape"); // (HIDDEN PREF)
user_pref("general.appversion.override", "5.0 (X11)"); // (HIDDEN PREF)
user_pref("general.platform.override", "Linux x86_64"); // (HIDDEN PREF)
user_pref("general.oscpu.override", "Linux x86_64"); // (HIDDEN PREF)
// Navigator DOM object overrides
user_pref("general.buildID.override", "20181001000000"); // Firefox ESR ID
user_pref("browser.startup.homepage_override.buildID", "20181001000000"); // Firefox ESR ID
user_pref("network.http.useragent.global_override", "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"); // Firefox ESR Agent
user_pref("general.useragent.updates.url", "");
// -------------------------------------
// Set a preferred language for spellchecking, overrides document/element languages
user_pref("spellchecker.dictionary.override", "");
// -------------------------------------
// Test/override the app.update.url
// user_pref("app.update.url.override", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// PERSONAL
@ -924,7 +921,7 @@ user_pref("startup.homepage_welcome_url", "");
user_pref("startup.homepage_override_url", "");
user_pref("services.sync.prefs.sync.browser.startup.homepage", "about:blank");
// -------------------------------------
// Enable ctrl-tab previews
// Enable ctrl-tab previews ***/
user_pref("browser.ctrlTab.previews", true);
// -------------------------------------
// Control urlbar click behaviour (with defaults)
@ -975,17 +972,6 @@ user_pref("dom.archivereader.enabled", false);
// -------------------------------------
// Define whether animated lightweight themes (Personas) are allowed
user_pref("lightweightThemes.animation.enabled", false);
// -------------------------------------
// Disable summary/details html elements
// user_pref("dom.details_element.enabled", false);
// -------------------------------------
// Enable Hardware Acceleration
// user_pref("layers.acceleration.enabled", true);
// user_pref("layers.acceleration.force", true);
// -------------------------------------
// Disable CSS-based animations and transition effects
user_pref("layout.css.animation.enabled", false);
user_pref("layout.css.transition.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// WARNINGS
@ -1028,11 +1014,14 @@ user_pref("general.smoothScroll", false);
// user_pref("browser.bookmarks.max_backups", 2);
user_pref("network.manage-offline-status", false);
// user_pref("xpinstall.signatures.required", false);
user_pref("javascript.options.shared_memory", false);
// -------------------------------------
// Enable the <menuitem> html tag
// user_pref("dom.menuitem.enabled", true);
// -------------------------------------
// Test user.js in about:config
// Control the use of node.getRootNode
user_pref("dom.getRootNode.enabled", false);
// -------------------------------------
// SUCCESS
user_pref("_config.applied", true);
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
//