d3cim
/
mobile_user.js
Archived
3
2
Fork 1
Code Issues 3 Pull Requests Releases Wiki Activity

Update 'user.js' 

 Synced with Desktop version
️ Disabled `PiP` (Picture-in-Picture) feature
️ Disabled autoplay of HTML5 media if you interacted with the site | FF78
️ Disabled using the OS's geolocation service | FF78
️ Disabled one more webextension sync process | FF78
ℹ️ Grouped CBC ciphers
ℹ️ Modified some links, tag and descriptions
ℹ️ Moved some preferences from FF77+ into deprecated section (keeping them active for ESR68.x.x)
This commit is contained in:
quindecim 2020-07-26 11:37:57 -04:00
parent a01a5e5b65
commit a5bf9841c5
1 changed files with 104 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
user.js
View File

@ -14,7 +14,6 @@
// Librefox : https://github.com/intika/Librefox
// pyllyukko : https://github.com/pyllyukko/user.js
// OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js
// CHEF-KOCH : https://github.com/CHEF-KOCH/FFCK/tree/master/user.js
//
// License : https://git.nixnet.xyz/quindecim/mobile_user.js/src/branch/master/LICENSE.txt
//
@ -101,6 +100,10 @@ user_pref("browser.newtabpage.activity-stream.discoverystream.region-basic-layou
user_pref("browser.newtabpage.activity-stream.discoverystream.region-layout-config", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.region-stories-config", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.recs.personalized", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.discoverystream.spocs.personalized", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.system.topsites", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.system.topstories", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable new tab tile ads & preload
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
@ -119,6 +122,7 @@ user_pref("browser.startup.homepage_override.mstone", "ignore");
// https://bugzilla.mozilla.org/show_bug.cgi?id=1617783
user_pref("browser.aboutwelcome.enabled", false); // [DESKTOP]
user_pref("trailhead.firstrun.branches", ""); // [DESKTOP]
user_pref("browser.aboutwelcome.overrideContent", ""); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Quiet Fox
@ -416,7 +420,6 @@ user_pref("extensions.abuseReport.enabled", false);
user_pref("extensions.abuseReport.url", "");
user_pref("extensions.abuseReport.amoDetailsURL", "");
user_pref("extensions.abuseReport.amWebAPI.enabled", false);
user_pref("extensions.abuseReport.openDialog", false);
// -------------------------------------
// Pref : Disable Firefox Hello metrics collection
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
@ -440,6 +443,9 @@ user_pref("browser.contentblocking.report.social.url", ""); // [DESKTOP]
user_pref("browser.contentblocking.report.tracker.url", ""); // [DESKTOP]
user_pref("browser.contentblocking.allowlist.annotations.enabled", false); // [FENNEC]
user_pref("browser.contentblocking.allowlist.storage.enabled", false); // [FENNEC]
user_pref("browser.contentblocking.report.endpoint_url", ""); // [DESKTOP]
user_pref("browser.contentblocking.report.monitor.home_page_url", ""); // [DESKTOP]
user_pref("browser.contentblocking.report.monitor.preferences_url", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable lockwise app callout to the ETP card
// https://bugzilla.mozilla.org/show_bug.cgi?id=1612091
@ -556,6 +562,12 @@ user_pref("security.remote_settings.crlite_filters.signer", "");
// Pref : Disable Default Browser Agent
// https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html
user_pref("default-browser-agent.enabled", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable location bar leaking single words to a DNS provider (after searching)
// 0=never resolve single words, 1=heuristic (default), 2=always resolve
// [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions
// https://bugzilla.mozilla.org/1642623
user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : IJWY To Shut Up
@ -711,6 +723,7 @@ user_pref("browser.snippets.syncPromo.enabled", false); // [FENNEC]
// Pref : Disable Webextensions sync
user_pref("webextensions.storage.sync.enabled", false); // [DESKTOP]
user_pref("webextensions.storage.sync.serverURL", "");
user_pref("webextensions.storage.sync.kinto", false);
// -------------------------------------
// Pref : Force Punycode for Internationalized Domain Names
// https://www.xudongz.com/blog/2017/idn-phishing/
@ -744,7 +757,7 @@ user_pref("media.webspeech.test.fake_recognition_service", false); // [DEFAULT:
user_pref("browser.search.geoSpecificDefaults", false);
// -------------------------------------
// Pref : Don't monitor OS online/offline connection state
// https://trac.torproject.org/projects/tor/ticket/18945
// https://gitlab.torproject.org/legacy/trac/-/issues/18945
user_pref("network.manage-offline-status", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Set File URI Origin Policy
@ -760,7 +773,7 @@ user_pref("security.dialog_enable_delay", 700);
// -------------------------------------
// Pref : Disable ADB extension download
// https://developer.mozilla.org/docs/Tools/WebIDE
// https://trac.torproject.org/projects/tor/ticket/16222
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222
user_pref("devtools.debugger.remote-enabled", false);
user_pref("devtools.remote.adb.extensionURL", ""); // [DESKTOP]
user_pref("devtools.remote.adb.extensionID", ""); // [DESKTOP]
@ -793,7 +806,7 @@ user_pref("mathml.disabled", true);
user_pref("middlemouse.paste", false);
// -------------------------------------
// Pref : Disable middle mouse click opening links from clipboard
// https://trac.torproject.org/projects/tor/ticket/10089
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089
user_pref("middlemouse.contentLoadURL", false);
// -------------------------------------
// Pref : Limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
@ -918,6 +931,7 @@ user_pref("browser.urlbar.filter.javascript", true); // [DESKTOP]
user_pref("pdfjs.disabled", true); // [DEFAULT: false] // [DESKTOP]
user_pref("pdfjs.enabledCache.state", false); // [DESKTOP]
user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); // [DESKTOP]
user_pref("browser.helperApps.showOpenOptionForPdfJS", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable exposure of system colors to CSS or canvas
// [NOTE] See second listed bug: may cause black on black for elements with undefined colors
@ -996,6 +1010,14 @@ user_pref("dom.push.udp.wakeupEnabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable hiding mime types not associated with a plugin
user_pref("browser.download.hide_plugins_without_extensions", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable PiP (Picture-in-picture)
user_pref("media.videocontrols.picture-in-picture.enabled", false);
user_pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
user_pref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false); // [FENIX]
user_pref("media.videocontrols.picture-in-picture.audio-toggle.enabled", false); // [DESKTOP]
user_pref("media.videocontrols.picture-in-picture.keyboard-controls.enabled", false); // [DESKTOP]
user_pref("media.videocontrols.picture-in-picture.video-toggle.always-show", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : DOM (Document Object Model) & Javascript
@ -1037,7 +1059,7 @@ user_pref("javascript.options.asmjs", false);
// [NOTE] In FF75+, when (both) Ion and JIT are disabled, **and** the new hidden pref is enabled, then Ion can still be used by extensions
// [WARNING] Disabling Ion/JIT can cause some site issues and performance loss
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
// https://trac.torproject.org/projects/tor/ticket/26019
// https://gitlab.torproject.org/legacy/trac/-/issues/26019
user_pref("javascript.options.ion", false);
// user_pref("javascript.options.baselinejit", false); // [FENNEC - BUG] Addons issues
// user_pref("javascript.options.jit_trustedprincipals", true); // [HIDDEN PREF] // [DESKTOP ?]
@ -1047,7 +1069,7 @@ user_pref("javascript.options.native_regexp", false);
// https://webassembly.org/
// https://developer.mozilla.org/docs/WebAssembly
// https://en.wikipedia.org/wiki/WebAssembly
// https://trac.torproject.org/projects/tor/ticket/21549
// https://gitlab.torproject.org/legacy/trac/-/issues/21549
user_pref("javascript.options.wasm", false);
user_pref("javascript.options.wasm_baselinejit", false);
user_pref("javascript.options.wasm_cranelift", false);
@ -1056,6 +1078,7 @@ user_pref("javascript.options.wasm_ionjit", false);
user_pref("javascript.options.wasm_reftypes", false);
user_pref("javascript.options.wasm_trustedprincipals", false);
user_pref("javascript.options.wasm_verbose", false);
user_pref("javascript.options.wasm_multi_value", false);
// -------------------------------------
// Pref : Disable Intersection Observer API
// Almost a year to complete, three versions late to stable (as default false), number #1 cause of crashes in nightly numerous times, and is (primarily) an ad network API for "ad viewability checks" down to a pixel level
@ -1067,7 +1090,7 @@ user_pref("dom.IntersectionObserver.enabled", false);
// Pref : Disable Shared Memory (Spectre mitigation)
// https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
// https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
user_pref("javascript.options.shared_memory", false); // [DEFAULT: false]
user_pref("javascript.options.shared_memory", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable (limited but sufficient) window.opener protection
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
@ -1082,7 +1105,7 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
// user_pref("general.buildID.override", "");
// -------------------------------------
// Pref : Disable raw TCP socket support (mozTCPSocket)
// https://trac.torproject.org/projects/tor/ticket/18863
// https://gitlab.torproject.org/legacy/trac/-/issues/18863
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
user_pref("dom.mozTCPSocket.enabled", false); // [DESKTOP]
@ -1137,7 +1160,7 @@ user_pref("media.realtime_decoder.enabled", false); // [DEFAULT: true] // [FENNE
user_pref("canvas.capturestream.enabled", false);
// -------------------------------------
// Pref : Disable camera image capture
// https://trac.torproject.org/projects/tor/ticket/16339
// https://gitlab.torproject.org/legacy/trac/-/issues/16339
user_pref("dom.imagecapture.enabled", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable offscreen canvas
@ -1152,7 +1175,9 @@ user_pref("media.autoplay.block-event.enabled", true); // [DEFAULT: false]
user_pref("media.autoplay.block-webaudio", true); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable autoplay of HTML5 media if you interacted with the site
user_pref("media.autoplay.enabled.user-gestures-needed", true); // [DEFAULT: true]
// 0=sticky (default), 1=transient, 2=user
// https://html.spec.whatwg.org/multipage/interaction.html#sticky-activation
user_pref("media.autoplay.blocking_policy", 2);
// -------------------------------------
// Pref : Disable autoplay of HTML5 media in non-active tabs
// https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
@ -1198,7 +1223,7 @@ user_pref("browser.formfill.enable", false);
// -------------------------------------
// Pref : Disable date/time picker
// [WARNING] This can leak your locale if not en-US
// https://trac.torproject.org/projects/tor/ticket/21787
// https://gitlab.torproject.org/legacy/trac/-/issues/21787
// https://bugzilla.mozilla.org/show_bug.cgi?id=1287503
// user_pref("dom.forms.datetime", false);
// -------------------------------------
@ -1234,6 +1259,7 @@ user_pref("browser.urlbar.autocomplete.enabled", false); // [FENNEC]
user_pref("browser.urlbar.suggest.history", false); // [DESKTOP]
user_pref("browser.urlbar.suggest.bookmark", false); // [DESKTOP]
user_pref("browser.urlbar.suggest.openpage", false); // [DESKTOP]
user_pref("browser.urlbar.suggest.topsites", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable browsing and download history
// user_pref("places.history.enabled", false); // [DESKTOP]
@ -1378,7 +1404,10 @@ user_pref("network.predictor.enable-hover-on-ssl", false);
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable IPv6
// If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
// IPv6 can be abused, especially regarding MAC addresses. They also do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it.
// [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6
// [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
// [TEST] https://ipleak.org/
user_pref("network.dns.disableIPv6", true);
// -------------------------------------
// Pref : Disable HTTP2 (which was based on SPDY which is now deprecated)
@ -1421,7 +1450,7 @@ user_pref("network.trr.resolvers", "[]");
user_pref("security.sri.enable", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable using UNC (Uniform Naming Convention) paths
// https://trac.torproject.org/projects/tor/ticket/26424
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424
user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Disable HTTP Alternative Services
@ -1454,14 +1483,6 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
user_pref("security.ssl.require_safe_negotiation", true);
// -------------------------------------
// Pref : Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
// Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1
// https://www.ssllabs.com/ssl-pulse/
// user_pref("security.tls.version.min", 3);
// user_pref("security.tls.version.max", 4);
// -------------------------------------
// Pref : Enforce TLS 1.0 and 1.1 downgrades as session only
user_pref("security.tls.version.enable-deprecated", false);
// -------------------------------------
@ -1526,7 +1547,7 @@ user_pref("security.pki.sha1_enforcement_level", 1);
// 0=disable detecting Family Safety mode and importing the root
// 1=only attempt to detect Family Safety mode (don't import the root)
// 2=detect Family Safety mode and import the root
// https://trac.torproject.org/projects/tor/ticket/21686
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
user_pref("security.family_safety.mode", 0);
// -------------------------------------
// Pref : Enfore Public Key Pinning
@ -1536,7 +1557,7 @@ user_pref("security.family_safety.mode", 0);
user_pref("security.cert_pinning.enforcement_level", 2);
// -------------------------------------
// Pref : Disable insecure active content on https pages
// https://trac.torproject.org/projects/tor/ticket/21323
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable insecure passive content (such as images) on https pages
@ -1587,15 +1608,11 @@ user_pref("security.ssl3.ecdhe_ecdsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_rsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_null_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Enable GCM ciphers (TLSv1.2 only)
// Pref : Enable GCM ciphers (TLS 1.2 only)
// https://en.wikipedia.org/wiki/Galois/Counter_Mode
user_pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable ciphers with ECDHE and key size > 128bits
user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable ChaCha20 and Poly1305
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
// https://tools.ietf.org/html/rfc7905
@ -1605,9 +1622,11 @@ user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
user_pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
// -------------------------------------
// Pref : Disable the remaining non-modern cipher suites (fallbacks)
user_pref("security.ssl3.rsa_aes_128_sha", false);
user_pref("security.ssl3.rsa_aes_256_sha", false);
// Pref : Ciphers with CBC & SHA-1 (disabled)
user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // [DEFAULT: true]
user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
user_pref("security.ssl3.rsa_aes_128_sha", false); // [DEFAULT: true]
user_pref("security.ssl3.rsa_aes_256_sha", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable ciphers with DSA (max 1024 bits)
user_pref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP]
@ -1638,8 +1657,10 @@ user_pref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Display warning on the padlock for "broken security"
// [BUG] Warning padlock not indicated for subresources on a secure page!
// [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation
// https://wiki.mozilla.org/Security:Renegotiation
// https://bugzilla.mozilla.org/1353705
// https://www.ssllabs.com/ssl-pulse/
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
// -------------------------------------
// Pref : Control "Add Security Exception" dialog on SSL warnings
@ -1655,7 +1676,7 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true);
// Pref : Disable GIO as a potential proxy bypass vector
// Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far.
// https://bugzilla.mozilla.org/1433507
// https://trac.torproject.org/23044
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23044
// https://en.wikipedia.org/wiki/GVfs
// https://en.wikipedia.org/wiki/GIO_(software)
user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
@ -1771,7 +1792,7 @@ user_pref("dom.disable_window_move_resize", true); // [DEFAULT: true]
// This stops malicious window sizes and some screen resolution leaks.
// You can still right-click a link and open in a new window.
// [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
// https://trac.torproject.org/projects/tor/ticket/9881
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
user_pref("browser.link.open_newwindow.restriction", 0); // [DEFAULT: 0]
// -------------------------------------
@ -1898,8 +1919,10 @@ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP]
user_pref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP]
user_pref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP]
user_pref("geo.provider.network.url", "");
user_pref("geo.provider-country.network.scan", false);
user_pref("geo.provider-country.network.url", "");
user_pref("browser.region.update.enabled", false); // [FENIX]
user_pref("browser.region.log", false);
user_pref("browser.region.network.scan", false);
user_pref("browser.region.network.url", "");
// -------------------------------------
// Pref : Disable logging geolocation to the console
user_pref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
@ -1907,7 +1930,7 @@ user_pref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [D
// Pref : Enforce fallback text encoding to match en-US
// When the content or server doesn't declare a charset the browser will fallback to the "Current locale" based on your application language
// [TEST] https://hsivonen.com/test/moz/check-charset.htm
// https://trac.torproject.org/projects/tor/ticket/20025
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
user_pref("intl.charset.fallback.override", "windows-1252");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@ -1930,7 +1953,7 @@ user_pref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Couri
// Pref : Disable icon fonts (glyphs) and local fallback rendering
// [NOTE] You can do this with uBlock Origin
// https://bugzilla.mozilla.org/789788
// https://trac.torproject.org/projects/tor/ticket/8455
// https://gitlab.torproject.org/legacy/trac/-/issues/8455
// https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts
// user_pref("gfx.downloadable_fonts.enabled", false);
// user_pref("gfx.downloadable_fonts.fallback_delay", -1);
@ -2406,8 +2429,8 @@ user_pref("media.navigator.video.enabled", false);
// [NOTE] *may* affect core performance, will affect content.
// Default settings seems to be the best
// https://bugzilla.mozilla.org/1008453
// https://trac.torproject.org/projects/tor/ticket/21675
// https://trac.torproject.org/projects/tor/ticket/22127
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127
// https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
// user_pref("dom.maxHardwareConcurrency", 2);
// -------------------------------------
@ -2422,7 +2445,7 @@ user_pref("dom.enable_performance", false); // [DEFAULT: true]
user_pref("dom.enable_performance_navigation_timing", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable sensor API
// https://trac.torproject.org/projects/tor/ticket/15758
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758
// https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751
user_pref("device.sensors.enabled", false); // [DEFAULT: true]
@ -2434,7 +2457,7 @@ user_pref("device.sensors.test.events", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable gamepad API - USB device ID enumeration
// Optional protection depending on your connected devices
// https://trac.torproject.org/projects/tor/ticket/13023
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023
user_pref("dom.gamepad.enabled", false); // [DEFAULT: true]
user_pref("dom.gamepad.extensions.enabled", false); // [DEFAULT: true]
user_pref("dom.gamepad.haptic_feedback.enabled", false); // [DEFAULT: false]
@ -2457,7 +2480,7 @@ user_pref("media.webspeech.synth.enabled", false); // [DEFAULT: true]
user_pref("media.webspeech.synth_force_global_queue", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable video statistics - JS performance fingerprinting
// https://trac.torproject.org/projects/tor/ticket/15757
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757
// https://bugzilla.mozilla.org/654550
user_pref("media.video_stats.enabled", false); // [DEFAULT: true]
// -------------------------------------
@ -2466,7 +2489,7 @@ user_pref("media.video_stats.enabled", false); // [DEFAULT: true]
// 0=disabled, 1=enabled, 2=autodetect
// This pref is set to 2 by default, which results in the Touch API being exposed only when touch hardware is present. So we should either set it to "1" (enable) or "0" (disable) to ensure that JS code can't fingerprint the user's hardware.
// https://developer.mozilla.org/docs/Web/API/Touch_events
// https://trac.torproject.org/projects/tor/ticket/10286
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286
user_pref("dom.w3c_touch_events.enabled", 1); // [DEFAULT: 2] // [FENNEC - BUG] ff disabled, disallow copy/paste any text
// -------------------------------------
// Pref : Disable MediaDevices change detection
@ -2542,9 +2565,9 @@ user_pref("browser.startup.blankWindow", false); // [DESKTOP]
// https://www.torproject.org/projects/torbrowser/design/#fingerprinting-defenses
user_pref("dom.network.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Enforce prefers-reduced-motion as no-preference
// 0=no-preference, 1=reduce
user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF]
// Pref : Disable chrome animations
// 0=no-preference, 1=reduce. RFP spoofs this for web content
user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : UI (User Interface)
@ -2557,10 +2580,6 @@ user_pref("browser.contentblocking.trackingprotection.ui.enabled", false); // [D
// -------------------------------------
// Pref : Disable auto hide download button
user_pref("browser.download.autohideButton", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable browser animation
// https://bugzilla.mozilla.org/show_bug.cgi?id=1352069
user_pref("toolkit.cosmeticAnimations.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Personal
@ -2604,14 +2623,6 @@ user_pref("browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP]
user_pref("view_source.wrap_long_lines", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Hotfix
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable UNC
// [NOTE] Disabling UNC can cause extension storage to fail
// https://github.com/ghacksuserjs/ghacks-user.js/issues/923
user_pref("network.file.disable_unc_paths", false); // [HIDDEN PREF]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Deprecated / Removed / Legacy / Renamed
// >>>>>>>>>>>>>>>>>>>>
// ESR68.x still uses all the following prefs
@ -2875,7 +2886,7 @@ user_pref("dom.vr.openvr.action_input", false);
// -------------------------------------
// Pref : Disable GeoIP-based search defaults
// [NOTE] May not be hidden if Firefox has changed your settings due to your locale
// https://trac.torproject.org/projects/tor/ticket/16254
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
// user_pref("browser.search.region", "US"); // [HIDDEN PREF]
// -------------------------------------
@ -2926,3 +2937,36 @@ user_pref("signon.management.overrideURI", "");
// -------------------------------------
// FF78+
// -------------------------------------
// Pref : Disable autoplay of HTML5 media if you interacted with the site
// https://bugzilla.mozilla.org/show_bug.cgi?id=1509933
// https://hg.mozilla.org/mozilla-central/rev/5b34a70e2378
// https://hg.mozilla.org/mozilla-central/rev/95805db3a142
user_pref("media.autoplay.enabled.user-gestures-needed", true);
// -------------------------------------
// Pref : Disable browser animations
// https://bugzilla.mozilla.org/show_bug.cgi?id=1640501
// https://hg.mozilla.org/comm-central/rev/4d4bad93b27d
user_pref("toolkit.cosmeticAnimations.enabled", false);
// -------------------------------------
// Pref : Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
// Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1
// https://www.ssllabs.com/ssl-pulse/
// user_pref("security.tls.version.min", 3);
// user_pref("security.tls.version.max", 4);
// -------------------------------------
// Pref : Disable extension's report option in about:addons
// https://bugzilla.mozilla.org/show_bug.cgi?id=1614653
// https://hg.mozilla.org/mozilla-central/rev/92e149d41267
// https://hg.mozilla.org/mozilla-central/rev/682318515715
user_pref("extensions.abuseReport.openDialog", false);
// -------------------------------------
// Pref : Disable using the OS's geolocation service
// https://bugzilla.mozilla.org/show_bug.cgi?id=1627538
// https://hg.mozilla.org/mozilla-central/rev/710b5a3282f8
user_pref("geo.provider-country.network.scan", false);
user_pref("geo.provider-country.network.url", "");
// -------------------------------------
// FF79+
// -------------------------------------