This commit is contained in:
Thorin-Oakenpants 2021-05-25 17:46:45 +00:00 committed by GitHub
parent 9cc132e69d
commit f0b5e3649d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

23
user.js
View File

@ -116,7 +116,7 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false);
/* 0105b: disable Activity Stream Snippets
* Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
* [1] https://abouthome-snippets-service.readthedocs.io/ ***/
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false FF89+]
/* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
@ -273,9 +273,9 @@ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true]
Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+)
doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity)
#Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
[1] https://wiki.mozilla.org/Security/Safe_Browsing
[2] https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
[1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
[2] https://wiki.mozilla.org/Security/Safe_Browsing
[3] https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
***/
/* 0410: disable SB (Safe Browsing)
* [WARNING] Do this at your own risk! These are the master switches.
@ -425,8 +425,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
your environment (no unwanted eyeballs), your device (restricted access), your device's
unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check
the items cleared on shutdown in section 2800.
[NOTE] The urlbar is also commonly referred to as the location bar and address bar
#Required reading [#] https://xkcd.com/538/
[1] https://xkcd.com/538/
***/
user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
/* 0801: disable location bar using search
@ -657,7 +656,9 @@ user_pref("security.tls.version.enable-deprecated", false);
user_pref("security.tls.enable_0rtt_data", false);
/** OCSP (Online Certificate Status Protocol)
#Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/
[1] https://scotthelme.co.uk/revocation-is-broken/
[2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
***/
/* 1211: control when to use OCSP fetching (to confirm current validity of certificates)
* 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
* OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority)
@ -815,7 +816,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
scheme+host+port+path: https://example.com:8888/foo/bar.html
scheme+host+port: https://example.com:8888
---
#Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
[1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
***/
user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
/* 1601: ALL: control when images/links send a referer
@ -1250,8 +1251,8 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
user_pref("network.cookie.cookieBehavior", 1);
user_pref("browser.contentblocking.category", "custom");
/* 2702: set third-party cookies (if enabled, see 2701) to session-only
[NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
.nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
* [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
* .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
* [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/
user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
@ -1449,7 +1450,7 @@ user_pref("privacy.firstparty.isolate", true);
1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+)
FF78+
1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+)
1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (non-ANDROID) (FF80+)
1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (Windows, Mac, some Linux) (FF80+)
1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+)
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");