diff --git a/user.js b/user.js index f834cf3..ad3f9a7 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,8 @@ // /****************************************************************************** * * * * * * * * * * * * * * @quindecim | user.js * * * * * * * * * * * * * * - * for Fennec F-Droid * - * * * * * a project based on gHacks user.js and Librefox Browser * * * * * * + * * + * project based on gHacksuser.js and Librefox Browser. Redesigned for Fennec * ******************************************************************************/ // // gHacks: https://github.com/ghacksuserjs/ghacks-user.js @@ -111,8 +111,6 @@ user_pref("app.update.url.android", ""); // Pref : user_pref("breakpad.reportURL", ""); // Pref : -user_pref("browser.search.suggest.enabled", false); -// Pref : user_pref("captivedetect.canonicalURL", ""); // Pref : user_pref("devtools.devices.url", ""); @@ -136,8 +134,6 @@ user_pref("identity.fxaccounts.remote.oauth.uri", ""); user_pref("identity.fxaccounts.remote.profile.uri", ""); // [FENNEC][BUG] If empty "Settings" faded user_pref("identity.fxaccounts.remote.webchannel.uri", "https://127.0.0.1"); -// Pref : -user_pref("layout.css.visited_links_enabled", false); // Pref : Disable predictor / prefetching // Network predicator load pages before they are opened // with mose hover for example @@ -150,9 +146,6 @@ user_pref("browser.snippets.syncPromo.enabled", false); user_pref("webextensions.storage.sync.enabled", false); user_pref("webextensions.storage.sync.serverURL", ""); user_pref("privacy.item.syncAccount", false); -// Pref : Referer: ALL: control the amount of information to send -// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port -user_pref("network.http.referer.trimmingPolicy", 0); // Pref : Disable collection/sending of the health report (healthreport.sqlite*) user_pref("datareporting.policy.currentPolicyVersion", 0); user_pref("datareporting.policy.dataSubmissionEnabled", false); @@ -213,12 +206,6 @@ user_pref("media.webspeech.recognition.enable", false); user_pref("dom.vibrator.enabled", false); // Pref : Don't use Mozilla-provided location-specific search engines user_pref("browser.search.geoSpecificDefaults", false); -// Pref : Don't trim HTTP off of URLs in the address bar. -// https://bugzilla.mozilla.org/show_bug.cgi?id=665580 -user_pref("browser.urlbar.trimURLs", false); -// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar -// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html -user_pref("browser.fixup.alternate.enabled", false); // Pref : Don't monitor OS online/offline connection state // https://trac.torproject.org/projects/tor/ticket/18945 user_pref("network.manage-offline-status", false); @@ -390,6 +377,39 @@ user_pref("media.autoplay.enabled.user-gestures-needed", false); user_pref("media.block-autoplay-until-in-foreground", true); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Location Bar / Search Bar / Suggestions / History / Forms +// >>>>>>>>>>>>>>>>>>>> +// Pref : Disable location bar using search +// Don't leak typos to a search engine, give an error message instead +user_pref("keyword.enabled", false); +// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar +// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html +user_pref("browser.fixup.alternate.enabled", false); +// Pref : Don't trim HTTP off of URLs in the address bar +// https://bugzilla.mozilla.org/show_bug.cgi?id=665580 +user_pref("browser.urlbar.trimURLs", false); +// Pref : Limit history leaks via enumeration (PER TAB: back/forward) +// This is a PER TAB session history. You still have a full history stored under all history +// Default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical +user_pref("browser.sessionhistory.max_entries", 10); +// Pref : Disable CSS querying page history - CSS history leak +// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances' +// [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) +// https://dbaron.org/mozilla/visited-privacy +// https://bugzilla.mozilla.org/147777 +// https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector +user_pref("layout.css.visited_links_enabled", false); +// Pref : Disable search bar LIVE search suggestions +user_pref("browser.search.suggest.enabled", false); +// Pref : Disable search and form history +// [NOTE] You can clear formdata on exiting Firefox +user_pref("browser.formfill.enable", false); +// Pref : Disable date/time picker +// This can leak your locale if not en-US +// https://trac.torproject.org/projects/tor/ticket/21787 +user_pref("dom.forms.datetime", false); +// +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Security // >>>>>>>>>>>>>>>>>>>> // Pref : Pre-populate the current URL but do not pre-fetch the certificate in the @@ -502,14 +522,6 @@ user_pref("privacy.firstparty.isolate", true); user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -// Section : Locale/Time/UserAgent -// >>>>>>>>>>>>>>>>>>>> -// Pref : Disable date/time picker -// This can leak your locale if not en-US -// https://trac.torproject.org/projects/tor/ticket/21787 -user_pref("dom.forms.datetime", false); -// -// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Passwords // >>>>>>>>>>>>>>>>>>>> // Pref : Disable autofilling saved passwords on HTTP pages and show warning @@ -603,6 +615,8 @@ user_pref("browser.search.geoip.url", ""); user_pref("browser.search.geoip.timeout", 0); user_pref("browser.search.geoSpecificDefaults.url", ""); user_pref("browser.snippets.geoUrl", ""); +// Pref : [FENNEC] Set Browser locale +user_pref("intl.locale.os", "en-US"); // Pref : Set OS & APP locale // If set to empty, the OS locales are used. If not set at all, default locale is used user_pref("intl.locale.requested", "en-US"); @@ -864,6 +878,39 @@ user_pref("dom.storageManager.enabled", false); user_pref("dom.storage_access.enabled", false); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Headers / Referers +// >>>>>>>>>>>>>>>>>>>> +// Pref : Control when images/links send a referer +// 0=never, 1=send only when links are clicked, 2=for links and images (default) +user_pref("network.http.sendRefererHeader", 2); +// Pref : Control the amount of information to send +// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port +user_pref("network.http.referer.trimmingPolicy", 0); +// Pref : Control when to send a referer +// 0=always (default), 1=only if base domains match, 2=only if hosts match +user_pref("network.http.referer.XOriginPolicy", 1); +// Pref : Control the amount of information to send +// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port +user_pref("network.http.referer.XOriginTrimmingPolicy", 0); +// Pref : Disable spoofing a referer +// [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery) protections that some sites may rely on +user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] +// Pref : Set the default Referrer Policy [FF59+] +// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade +// [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy +// https://www.w3.org/TR/referrer-policy/ +// https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy +// https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ +user_pref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3] +user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] +// Pref : Hide (not spoof) referrer when leaving a .onion domain +// [NOTE] Firefox cannot access .onion sites by default. We recommend you use the Tor Browser which is specifically designed for hidden services +// https://bugzilla.mozilla.org/1305144 +user_pref("network.http.referer.hideOnionSource", true); // [DEFAULT: false] +// Pref : Disable the DNT (Do Not Track) HTTP header +user_pref("privacy.donottrackheader.enabled", false); // [DEFAULT: true] +// +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Resist Fingerprinting // >>>>>>>>>>>>>>>>>>>> // Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)