4600: redundant prefs FF55 due to RFP [Part1]

2024-06-26 14:32:30 +00:00 · 2017-09-30 20:15:41 +13:00 · 2017-09-30 20:15:41 +13:00 · 908a8d66f4
commit 908a8d66f4
parent 4a91b866a4
1 changed files with 41 additions and 39 deletions
--- a/user.js
+++ b/user.js
@ -1009,12 +1009,6 @@ user_pref("webgl.enable-debug-renderer-info", false);
 /* 2012: disable two more webgl preferences (FF51+) ***/
 user_pref("webgl.dxgl.enabled", false); // [WINDOWS]
 user_pref("webgl.enable-webgl2", false);
-/* 2021: disable speech recognition
- * [1] https://developer.mozilla.org/docs/Web/API/SpeechRecognition
- * [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
- * [3] https://wiki.mozilla.org/HTML5_Speech_API ***/
-user_pref("media.webspeech.recognition.enable", false);
-user_pref("media.webspeech.synth.enabled", false);
 /* 2022: disable screensharing ***/
 user_pref("media.getusermedia.screensharing.enabled", false);
 user_pref("media.getusermedia.screensharing.allowed_domains", "");
@ -1133,11 +1127,6 @@ user_pref("dom.allow_cut_copy", false); // (hidden pref)
 * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 
 * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/
   // user_pref("dom.indexedDB.enabled", false);
-/* 2411: disable resource/navigation timing ***/
-user_pref("dom.enable_resource_timing", false);
-/* 2412: disable timing attacks - javascript performance fingerprinting
- * [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI ***/
-user_pref("dom.enable_performance", false);
 /* 2414: disable shaking the screen ***/
 user_pref("dom.vibrator.enabled", false);
 /* 2415: set max popups from a single non-click event - default is 20! ***/
@ -1186,16 +1175,6 @@ user_pref("browser.offline-apps.notify", true);

 /*** 2500: HARDWARE FINGERPRINTING ***/
 user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!");
-/* 2501: disable gamepad API - USB device ID enumeration
- * [WARNING] [SETUP] Optional protection depending on your connected devices
- * [1] https://trac.torproject.org/projects/tor/ticket/13023 ***/
-   // user_pref("dom.gamepad.enabled", false);
-/* 2503: disable giving away network info (FF31+)
- * e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
- * [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API
- * [2] https://wicg.github.io/netinfo/
- * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426 ***/
-user_pref("dom.netinfo.enabled", false);
 /* 2504: disable virtual reality devices
 * [WARNING] [SETUP] Optional protection depending on your connected devices
 * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/
@ -1229,13 +1208,6 @@ user_pref("dom.webaudio.enabled", false);
 * [1] https://developer.mozilla.org/docs/Web/Events/devicechange
 * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/
 user_pref("media.ondevicechange.enabled", false);
-/* 2512: disable device sensor API
- * [WARNING] [SETUP] Optional protection depending on your device
- * [1] https://trac.torproject.org/projects/tor/ticket/15758
- * [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
- * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733
- * [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751 ***/
-   // user_pref("device.sensors.enabled", false);
 /* 2513: disable Presentation API
 * [WARNING] [SETUP] Optional protection depending on your connected devices
 * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI
@ -1246,11 +1218,6 @@ user_pref("media.ondevicechange.enabled", false);
   // user_pref("dom.presentation.discovery.enabled", false);
   // user_pref("dom.presentation.receiver.enabled", false);
   // user_pref("dom.presentation.session_transport.data_channel.enable", false);
-/* 2515: disable site specific zoom
- * Zoom levels affect screen res and are highly fingerprintable. This does not stop you using
- * zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs
- * and new windows are reset to default and only the current tab retains the current zoom ***/
-user_pref("browser.zoom.siteSpecific", false);

 /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/
 user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
@ -1565,16 +1532,16 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
 ** 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) (FF55+)
      This spoof *shouldn't* affect core chrome/Firefox performance
 ** 1217238 - reduce precision of time exposed by javascript (FF55+)
- ** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+)
+ ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+)
 ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 4700) (FF56+)
      FF56: The version number will be rounded down to the nearest multiple of 10
      FF57+: The version number will match current ESR
- ** 1369319 - disable device sensor API (see 2512) (FF56+)
- ** 1369357 - disable site specific zoom (see 2515) (FF56+)
- ** 1337161 - hide gamepads from content (see 2501) (FF56+)
- ** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+)
+ ** 1369319 - disable device sensor API (see 4604) (FF56+)
+ ** 1369357 - disable site specific zoom (see 4605) (FF56+)
+ ** 1337161 - hide gamepads from content (see 4606) (FF56+)
+ ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+)
+ ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+)
 ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 0201) (FF56+)
- ** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+)
 ** 1369309 - spoof media statistics (see 2506) (FF57+)
 ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+)
 ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+)
@ -1615,6 +1582,41 @@ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan
   // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
   // user_pref("dom.maxHardwareConcurrency", 2);
 // * * * /
+// FF56+
+// 4602: disable resource/navigation timing
+user_pref("dom.enable_resource_timing", false);
+// 4603: disable timing attacks
+   // [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
+user_pref("dom.enable_performance", false);
+// 4604: disable device sensor API
+   // [WARNING] [SETUP] Optional protection depending on your device
+   // [1] https://trac.torproject.org/projects/tor/ticket/15758
+   // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
+   // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1357733
+   // [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1292751
+   // user_pref("device.sensors.enabled", false);
+// 4605: disable site specific zoom
+   // Zoom levels affect screen res and are highly fingerprintable. This does not stop you using
+   // zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs
+   // and new windows are reset to default and only the current tab retains the current zoom
+user_pref("browser.zoom.siteSpecific", false);
+// 4606: disable gamepad API - USB device ID enumeration
+   // [WARNING] [SETUP] Optional protection depending on your connected devices
+   // [1] https://trac.torproject.org/projects/tor/ticket/13023
+   // user_pref("dom.gamepad.enabled", false);
+// 4607: disable giving away network info (FF31+)
+   // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
+   // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API
+   // [2] https://wicg.github.io/netinfo/
+   // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426
+user_pref("dom.netinfo.enabled", false);
+// 4608: disable speech recognition
+   // [1] https://developer.mozilla.org/docs/Web/API/SpeechRecognition
+   // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
+   // [3] https://wiki.mozilla.org/HTML5_Speech_API
+user_pref("media.webspeech.recognition.enable", false);
+user_pref("media.webspeech.synth.enabled", false);
+// * * * /
 // ***/

 /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING