From b761a9dd32f79395b0fca183ad8fe45f7e99d26f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 8 Jul 2021 07:08:38 +0000 Subject: [PATCH] 4505: experimental RFP prefs and tidy up all instances (eight) of "do not use": all caps, no asterisks, immediately after [warning] --- user.js | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 5d41699..79757b0 100644 --- a/user.js +++ b/user.js @@ -786,7 +786,7 @@ user_pref("security.insecure_connection_text.enabled", true); // [FF60+] user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1401: disable websites choosing fonts (0=block, 1=allow) * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector - * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) + * [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/ // user_pref("browser.display.use_document_fonts", 0); /* 1403: disable icon fonts (glyphs) and local fallback rendering @@ -805,7 +805,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4620) - * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) + * [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] @@ -1393,8 +1393,8 @@ user_pref("privacy.firstparty.isolate", true); RFP covers a wide range of ongoing fingerprinting solutions. It is an all-or-nothing buy in: you cannot pick and choose what parts you want - [WARNING] Do NOT use extensions to alter RFP protected metrics - [WARNING] Do NOT use prefs in section 4600 with RFP as they can interfere + [WARNING] DO NOT USE extensions to alter RFP protected metrics + [WARNING] DO NOT USE prefs in section 4600 with RFP as they can interfere FF41+ 418986 - limit window.screen & CSS media queries leaking identifiable info @@ -1475,11 +1475,16 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDE * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but * dislike margins being applied, then flip this pref, keeping in mind that it is effectively fingerprintable - * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it + * [WARNING] DO NOT USE: the dimension pref is only meant for testing * [1] https://bugzilla.mozilla.org/1407366 * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] +/* 4505: experimental RFP [FF91+] + * [WARNING] DO NOT USE unless testing, see [1] comment 12 + * [1] https://bugzilla.mozilla.org/1635603 ***/ + // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); + // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); /* 4510: disable showing about:blank as soon as possible during startup [FF60+] * When default true this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ @@ -1489,7 +1494,7 @@ user_pref("browser.startup.blankWindow", false); user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] /*** [SECTION 4600]: RFP ALTERNATIVES - [WARNING] Do NOT use prefs in this section with RFP as they can interfere + [WARNING] DO NOT USE prefs in this section with RFP as they can interfere ***/ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these