diff --git a/user.js b/user.js index 7c8a9e9..488e07e 100644 --- a/user.js +++ b/user.js @@ -846,7 +846,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If * you block sites choosing fonts in 1401, this preference is irrelevant. In future, - * privacy.resistFingerprinting (see 2699) may cover this, and 1401 can be relaxed. + * privacy.resistFingerprinting (see 4500) may cover this, and 1401 can be relaxed. * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ // user_pref("font.system.whitelist", ""); // (hidden pref) @@ -1244,9 +1244,8 @@ user_pref("dom.presentation.discoverable", false); user_pref("dom.presentation.discovery.enabled", false); user_pref("dom.presentation.receiver.enabled", false); user_pref("dom.presentation.session_transport.data_channel.enable", false); -/* 2514: spoof (or limit?) number of CPU cores (also see 2699f) (FF48+) +/* 2514: spoof (or limit?) number of CPU cores (FF48+) * [WARNING] *may* affect core chrome/Firefox performance, will affect content. - * Highly recommended to leave this (DOM) and use 2699f (navigator) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 * [2] https://trac.torproject.org/projects/tor/ticket/21675 * [3] https://trac.torproject.org/projects/tor/ticket/22127 @@ -1437,7 +1436,7 @@ user_pref("security.csp.experimentalEnabled", true); navigator objects, resource://URIs, locale, feature detection and more. 2. You are not in a controlled set of significant numbers, where the values are enforced by default. It works for TBB because for TBB, the spoofed values ARE their default. - * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 2699) + * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500) * Values below are for example only based on the current ESR/TBB at the time of writing ***/ /* 2697a: navigator.userAgent leaks in JS @@ -1457,53 +1456,6 @@ user_pref("security.csp.experimentalEnabled", true); // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) /* 2697g: general.useragent.locale (related, see 0204) ***/ -/*** 2699: privacy.resistFingerprinting - This master switch will be used for a wide range of items, - many of which will **override** existing prefs from FF55+ - ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) - [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) - [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 - [NOTE] This will probably make your values pretty unique until you resize or snap the - inner window width + height into standard/common resolutions (such as 1366x768) - To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit - Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test - your window size, do some math, resize to allow for all the non inner window elements - [TEST] http://browserspy.dk/screen.php - ** 1281949 - spoof screen orientation (FF50+) - ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) - ** 1330890 - spoof timezone as UTC 0 (FF55+) - ** 1360039 - spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) - This spoof *shouldn't* affect core chrome/Firefox performance - ** 1217238 - reduce precision of time exposed by javascript (FF55+) - ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) - ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 2697) (FF56+) - FF56: The version number will be rounded down to the nearest multiple of 10 - FF57+: The version number will match current ESR - ** 1369319 - disable device sensor API (see 2512) (FF56+) - ** 1369357 - disable site specific zoom (see 2515) (FF56+) - ** 1337161 - hide gamepads from content (see 2501) (FF56+) - ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) - ** 1372069 - disable geolocation API (see 0201) (FF56+) - ** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+) - ** 1369309 - spoof media statistics (see 2506) (FF57+) - ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) - ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) - ** 1382545 - reduce fingerprinting in Animation API (FF57+) - ** 1354633 - limit MediaError.message to a whitelist (FF57+) - ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) - This blocks exposure of local IP Addresses via mDNS (Multicast DNS) -***/ -/* 2699a: enable privacy.resistFingerprinting (FF41+) - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ -user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) -/* 2699b: set new window sizes to round to hundreds (FF55+) [SETUP] - * [NOTE] Width will round to multiples of 200s and height to 100s, to fit your screen. - * The override values are a starting point to round from if you want some control - * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 - * [2] https://hardware.metrics.mozilla.com/ ***/ - // user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref) - // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) - /*** 2700: COOKIES & DOM STORAGE ***/ user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: disable cookies on all sites [SETUP] @@ -1618,6 +1570,57 @@ user_pref("privacy.firstparty.isolate", true); * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); +/*** 4500: privacy.resistFingerprinting + This master switch will be used for a wide range of items, many of which will + **override** existing prefs from FF55+, often providing a **better** solution + + IMPORTANT: As existing prefs become redundant, and some of them WILL interfere + with how RFP works, they will be moved to section 4600 and made inactive + + ** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+) + [POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match) + [NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800 + [NOTE] This will probably make your values pretty unique until you resize or snap the + inner window width + height into standard/common resolutions (such as 1366x768) + To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit + Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test + your window size, do some math, resize to allow for all the non inner window elements + [TEST] http://browserspy.dk/screen.php + ** 1281949 - spoof screen orientation (FF50+) + ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) + ** 1330890 - spoof timezone as UTC 0 (FF55+) + ** 1360039 - spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+) + This spoof *shouldn't* affect core chrome/Firefox performance + ** 1217238 - reduce precision of time exposed by javascript (FF55+) + ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+) + ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 2697) (FF56+) + FF56: The version number will be rounded down to the nearest multiple of 10 + FF57+: The version number will match current ESR + ** 1369319 - disable device sensor API (see 2512) (FF56+) + ** 1369357 - disable site specific zoom (see 2515) (FF56+) + ** 1337161 - hide gamepads from content (see 2501) (FF56+) + ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+) + ** 1372069 - disable geolocation API (see 0201) (FF56+) + ** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+) + ** 1369309 - spoof media statistics (see 2506) (FF57+) + ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+) + ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+) + ** 1382545 - reduce fingerprinting in Animation API (FF57+) + ** 1354633 - limit MediaError.message to a whitelist (FF57+) + ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+) + This blocks exposure of local IP Addresses via mDNS (Multicast DNS) +***/ +/* 4501: enable privacy.resistFingerprinting (FF41+) + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/ +user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) +/* 4502: set new window sizes to round to hundreds (FF55+) [SETUP] + * [NOTE] Width will round to multiples of 200s and height to 100s, to fit your screen. + * The override values are a starting point to round from if you want some control + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 + * [2] https://hardware.metrics.mozilla.com/ ***/ +user_pref("privacy.window.maxInnerWidth", 1400); // (hidden pref) +user_pref("privacy.window.maxInnerHeight", 800); // (hidden pref) + /*** 5000: PERSONAL SETTINGS [SETUP] Settings that are handy to migrate and/or are not in the Options interface. Users can put their own non-security/privacy/fingerprinting/tracking stuff here ***/