Update user.js

 Sorted a lot of rules and refined various parameters
 Set max popups from a single non-click event (from 3 to 2)
️ Disabled Network Connectivity checks
️ Disable Web Compatibility Reporter
️ Prevent websites from disabling new window features
️ Blocked popup windows during load
️ Limited events that can cause a popup
This commit is contained in:
quindecim 2019-04-27 09:27:34 +00:00 committed by GitHub
parent 9ee52dfa2e
commit f396d8e581
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 169 additions and 85 deletions

254
user.js
View File

@ -9,6 +9,72 @@
// Librefox: https://github.com/intika/Librefox
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Quiet Fox
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable auto-CHECKING for extension and theme updates
// user_pref("extensions.update.enabled", false);
// Pref : Disable app from auto-update
user_pref("app.update.auto", false);
user_pref("app.update.autodownload", "");
user_pref("app.update.channel", "");
user_pref("app.update.timerFirstInterval", -1);
user_pref("app.update.timerMinimumDelay", -1);
user_pref("app.update.url.android", "");
// Pref : Opt-out of add-on metadata updates
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false);
user_pref("extensions.getAddons.cache.lastUpdate", 0);
user_pref("extensions.getAddons.cache.LastUpdate", 0);
// Pref : Never check updates for search engines
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
user_pref("browser.search.update", false);
user_pref("browser.search.update.interval", -1);
user_pref("browser.search.update.log", false);
// Pref : Disable sending Flash Player crash reports
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
// Pref : Disable sending the URL of the website where a plugin crashed
user_pref("dom.ipc.plugins.reportCrashURL", false);
// Pref : Disable telemetry
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.server_owner", "");
user_pref("toolkit.telemetry.unified", false);
// Pref : Disable collection/sending of the health report (healthreport.sqlite*)
user_pref("datareporting.policy.currentPolicyVersion", 0);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.policy.currentPolicyAcceptedVersion", 0);
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0);
user_pref("datareporting.policy.dataSubmissionPolicyBypassNotification", false);
user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "");
user_pref("datareporting.policy.FirstRunURL", "");
user_pref("datareporting.policy.firstRunURL", "");
user_pref("datareporting.policy.minimumPolicyVersion", 0);
user_pref("datareporting.policy.minimumPolicyVersion.channel-beta", 0);
// Pref : Disable personalized Extension Recommendations in about:addons and AMO
* [NOTE] This pref has no effect when Health Reports are disabled
// https://support.mozilla.org/kb/personalized-extension-recommendations
user_pref("browser.discovery.enabled", false); // [DEFAULT: false]
// Pref : Disable Crash Reports
user_pref("breakpad.reportURL", "");
// Pref : Disable automatic captive portal detection
// https://en.wikipedia.org/wiki/Captive_portal
// https://wiki.mozilla.org/Necko/CaptivePortal
// https://trac.torproject.org/projects/tor/ticket/21790
user_pref("captivedetect.canonicalURL", "");
user_pref("network.captive-portal-service.enabled", false);
user_pref("network.captive-portal-service.backoffFactor", "");
user_pref("network.captive-portal-service.maxInterval", -1);
user_pref("network.captive-portal-service.minInterval", -1);
// Pref : Disable Network Connectivity checks
// https://bugzilla.mozilla.org/1460537
user_pref("network.connectivity-service.enabled", false); // [DEFAULT: true]
user_pref("network.connectivity-service.IPv4.url", "");
user_pref("network.connectivity-service.IPv6.url", "");
user_pref("network.connectivity-service.DNSv4.domain", "");
user_pref("network.connectivity-service.DNSv6.domain", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : IJWY To Shut Up
// I Just Want You To Shut Up : Closing all non necessary communication to mozilla.org etc.
// >>>>>>>>>>>>>>>>>>>>>
@ -70,48 +136,14 @@ user_pref("urlclassifier.phishTable", "");
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Miscellaneous
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable speculative pre-connections
// Disable prefetch link on hover.
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
user_pref("network.http.speculative-parallel-limit", 0);
// Pref : Disable predictor / prefetching
// Network predicator load pages before they are opened
// with mose hover for example
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.cleaned-up", true);
// Pref : Disable prefetching of <link rel="next"> URLs
// http://kb.mozillazine.org/Network.prefetch-next
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited,
// so the browser downloads them immediately so they can be displayed immediately when the user requests it.
user_pref("network.prefetch-next", false);
// Pref : Disable telemetry
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.server_owner", "");
user_pref("toolkit.telemetry.unified", false);
// Pref :
// Pref : Disable Web Compatibility Reporter
// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
user_pref("extensions.webcompat-reporter.enabled", false);
user_pref("extensions.webcompat-reporter.newIssueEndpoint", "");
// Pref : Disable System Add-on updates
user_pref("extensions.systemAddon.update.url", "");
// Pref :
user_pref("app.feedback.baseURL", "");
// Pref : Disable app from auto-update
user_pref("app.update.auto", false);
user_pref("app.update.autodownload", "");
user_pref("app.update.channel", "");
user_pref("app.update.lastUpdateTime.auto-addon-background-update-timer", 0);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 0);
user_pref("app.update.lastUpdateTime.services-settings-poll-changes", 0);
user_pref("app.update.lastUpdateTime.user-agent-updates-timer", 0);
user_pref("app.update.lastUpdateTime-xpi-signature-verification", 0);
user_pref("app.update.timerFirstInterval", 0);
user_pref("app.update.timerMinimumDelay", 0);
user_pref("app.update.url.android", "");
// Pref :
user_pref("breakpad.reportURL", "");
// Pref :
user_pref("captivedetect.canonicalURL", "");
// Pref :
user_pref("devtools.devices.url", "");
// Pref :
@ -134,12 +166,6 @@ user_pref("identity.fxaccounts.remote.oauth.uri", "");
user_pref("identity.fxaccounts.remote.profile.uri", "");
// [FENNEC][BUG] If empty "Settings" faded
user_pref("identity.fxaccounts.remote.webchannel.uri", "https://0.0.0.0");
// Pref : Disable predictor / prefetching
// Network predicator load pages before they are opened
// with mose hover for example
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enable-prefetch", false);
// Pref : Disable sync
user_pref("services.sync.enabled", false);
user_pref("browser.startup.homepage_override.mstone", "ignore");
@ -148,22 +174,12 @@ user_pref("webextensions.storage.sync.serverURL", "");
user_pref("privacy.item.syncAccount", false);
// Pref : [FENNEC] Disable snippets
user_pref("browser.snippets.enabled", false);
user_pref("browser.snippets.firstrunHomepage.enabled", false);
user_pref("browser.snippets.firstrunHomepageenabled", false);
user_pref("browser.snippets.statsUrl", "");
user_pref("browser.snippets.updateInterval", -1);
user_pref("browser.snippets.updateUrl", "");
user_pref("browser.snippets.syncPromo.enabled", false);
// Pref : Disable collection/sending of the health report (healthreport.sqlite*)
user_pref("datareporting.policy.currentPolicyVersion", 0);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.policy.currentPolicyAcceptedVersion", 0);
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0);
user_pref("datareporting.policy.dataSubmissionPolicyBypassNotification", false);
user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "");
user_pref("datareporting.policy.FirstRunURL", "");
user_pref("datareporting.policy.firstRunURL", "");
user_pref("datareporting.policy.minimumPolicyVersion", 0);
user_pref("datareporting.policy.minimumPolicyVersion.channel-beta", 0);
// Pref : Disable right-click menu manipulation via JavaScript (disabled)
user_pref("dom.event.contextmenu.enabled", false);
// Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript
@ -179,12 +195,6 @@ user_pref("dom.event.clipboardevents.enabled", false);
// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6
user_pref("network.IDN_show_punycode", true);
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
// http://kb.mozillazine.org/Browser.send_pings
user_pref("browser.send_pings", false);
// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
// http://kb.mozillazine.org/Browser.send_pings.require_same_host
user_pref("browser.send_pings.require_same_host", true);
// Pref : Disable prefetching of <link rel="next"> URLs
// http://kb.mozillazine.org/Network.prefetch-next
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
@ -228,14 +238,6 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false);
// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
user_pref("security.dialog_enable_delay", 700);
// Pref : Opt-out of add-on metadata updates
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user_pref("extensions.getAddons.cache.enabled", false);
user_pref("extensions.getAddons.cache.lastUpdate", 0);
// Pref : Disable sending Flash Player crash reports
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
// Pref : When Flash crash reports are enabled, don't send the visited URL in the crash report
user_pref("dom.ipc.plugins.reportCrashURL", false);
// Default Value
// 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
user_pref("services.blocklist.addons.signer", "");
@ -261,17 +263,6 @@ user_pref("devtools.debugger.remote-enabled", false);
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
user_pref("devtools.debugger.force-local", true);
// Pref : Never check updates for search engines
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
user_pref("browser.search.update", false);
user_pref("browser.search.update.interval", 0);
user_pref("browser.search.update.log", false);
// Pref : Disable automatic captive portal detection (Firefox >= 52.0)
// https://support.mozilla.org/en-US/questions/1157121
user_pref("network.captive-portal-service.enabled", false);
user_pref("network.captive-portal-service.backoffFactor", "");
user_pref("network.captive-portal-service.maxInterval", 0);
user_pref("network.captive-portal-service.minInterval", 0);
// Pref : Prevent accessibility services from accessing your browser
// https://support.mozilla.org/kb/accessibility-services
user_pref("accessibility.force_disabled", 1);
@ -477,14 +468,68 @@ user_pref("security.tls.version.min", 2);
user_pref("network.dnsCacheEntries", 100);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : User Settings
// Section : Block Implicit Outbound
// >>>>>>>>>>>>>>>>>>>>
// If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
user_pref("network.dns.disableIPv6", true);
// Pref : Disable prefetching of <link rel="next"> URLs
// http://kb.mozillazine.org/Network.prefetch-next
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it.
user_pref("network.prefetch-next", false);
// Pref : Disable DNS prefetching
// http://kb.mozillazine.org/Network.dns.disablePrefetch
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
user_pref("network.dns.disablePrefetch", true);
// Pref : Disable Seer/Necko
// https://developer.mozilla.org/docs/Mozilla/Projects/Necko
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.cleaned-up", true);
// Pref : Disable speculative pre-connections
// Disable prefetch link on hover.
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
user_pref("network.http.speculative-parallel-limit", 0);
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
// http://kb.mozillazine.org/Browser.send_pings
user_pref("browser.send_pings", false);
// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
// http://kb.mozillazine.org/Browser.send_pings.require_same_host
user_pref("browser.send_pings.require_same_host", true);
// Pref : Disable predictor / prefetching
// Network predicator load pages before they are opened with mose hover for example
user_pref("network.predictor.enable-prefetch", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : HTTP / TCP/IP / DNS / PROXY / SOCKS etc.
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable IPv6
// If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
user_pref("network.dns.disableIPv6", true);
// Pref : Disable HTTP2 (which was based on SPDY which is now deprecated)
// HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance privacy, and in fact opens up a number of server-side fingerprinting opportunities.
// [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
// https://http2.github.io/faq/
// https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html
// https://queue.acm.org/detail.cfm?id=2716278
// https://github.com/ghacksuserjs/ghacks-user.js/issues/107
// user_pref("network.http.spdy.enabled", false);
// user_pref("network.http.spdy.enabled.deps", false);
// user_pref("network.http.spdy.enabled.http2", false);
// user_pref("network.http.spdy.websockets", false);
// Pref : Disable HTTP Alternative Services
// [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
// https://tools.ietf.org/html/rfc7838#section-9
// https://www.mnot.net/blog/2016/03/09/alt-svc
// user_pref("network.http.altsvc.enabled", false);
// user_pref("network.http.altsvc.oe", false);
// Pref : Enforce the proxy server to do any DNS lookups when using SOCKS
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request
// http://kb.mozillazine.org/Network.proxy.socks_remote_dns
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
// user_pref("network.proxy.socks_remote_dns", true);
// Pref : Remove paths when sending URLs to PAC scripts
// CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
// https://bugzilla.mozilla.org/1255474
user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false]
// Pref : Disable (or setup) DNS-over-HTTPS (DoH)
// TRR = Trusted Recursive Resolver
// .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
@ -497,6 +542,10 @@ user_pref("network.dns.disablePrefetch", true);
user_pref("network.trr.mode", 0);
user_pref("network.trr.bootstrapAddress", "");
user_pref("network.trr.uri", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : User Settings
// >>>>>>>>>>>>>>>>>>>>
// Pref : Do No Tracker enabled by default
user_pref("privacy.donottrackheader.enabled", false);
// Pref : Enable Container Tabs
@ -564,9 +613,44 @@ user_pref("signon.formlessCapture.enabled", false);
user_pref("network.auth.subresource-http-auth-allow", 1);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Window Meddling & Leaks / Popups
// >>>>>>>>>>>>>>>>>>>>
// Pref : Prevent websites from disabling new window features
// http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features
user_pref("dom.disable_window_open_feature.close", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.menubar", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.minimizable", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.personalbar", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true]
user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true]
user_pref("dom.disable_window_open_feature.titlebar", true); // [DEFAULT: false]
user_pref("dom.disable_window_open_feature.toolbar", true); // [DEFAULT: false]
// Pref : Prevent scripts from moving and resizing open windows
user_pref("dom.disable_window_move_resize", true); // [DEFAULT: true]
// Pref : Open links targeting new windows in a new tab instead
// This stops malicious window sizes and some screen resolution leaks.
// You can still right-click a link and open in a new window.
// [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
// https://trac.torproject.org/projects/tor/ticket/9881
user_pref("browser.link.open_newwindow", 2); // [DEFAULT: 3]
user_pref("browser.link.open_newwindow.restriction", 0); // [DEFAULT: 0]
// Pref : Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
// [NOTE] You can still manually toggle the browser's fullscreen state, but this pref will disable embedded video fullscreen controls, e.g. youtube
// [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html
// user_pref("full-screen-api.enabled", false);
// Pref : Block popup windows
user_pref("dom.disable_open_during_load", true); // [DEFAULT: true]
// Pref : Set max popups from a single non-click event
user_pref("dom.popup_maximum", 3); // [DEFAULT: 4]
// Pref : Limit events that can cause a popup
// http://kb.mozillazine.org/Dom.popup_allowed_events
user_pref("dom.popup_allowed_events", "click dblclick"); // [DEFAULT: "change click dblclick mouseup pointerup notificationclick reset submit touchend"]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Cache / Session (Re)Store / Favicons
// >>>>>>>>>>>>>>>>>>>>
// ETAG and other cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized by modifying response headers. Another solution is to use a hardened configuration with Temporary Containers. Alternatively, you can *LIMIT* exposure by clearing cache on close. Or on a regular basis manually or with an extension.
// ETAG and other cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk and memory cache. ETAGs can also be neutralized by modifying response headers. Another solution is to use a hardened configuration with Temporary Containers. Alternatively, you can *LIMIT* exposure by clearing cache on close. Or on a regular basis manually or with an extension.
// https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags
// https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/
// https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache