9999 revamp

Nits, review syntax etc. Note: 2 items missing deprecation bugzilla tickets, we can get those in time. Note if each section number is made active, the prefs are also - except those which either match the current js (eg TP/SB not active but we do block reporting) or they make no sense or were inactive originally (eg personal 3000 settings etc) - might want to review those choices as well. Also, a few numbers etc changed to match current numbers (eg replaced by items etc, new sections)
This commit is contained in:
Thorin-Oakenpants 2017-06-03 16:33:00 +12:00 committed by GitHub
parent e4a8dcf0dc
commit f74b327403

395
user.js
View File

@ -1600,179 +1600,230 @@ user_pref("browser.urlbar.decodeURLsOnCopy", true);
/* END: internal custom pref to test for syntax errors ***/ /* END: internal custom pref to test for syntax errors ***/
user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue"); user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Remarkable bird, the Norwegian Blue");
/*** 9999: DEPRECATED / REMOVED /*** 9999: DEPRECATED / REMOVED / LEGACY
Confirmed by resetting as well as via documentation, bugzilla tickets, and DXR searches. Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable,
[NOTE] Numbers may get re-used ***/ viewer-friendly version of the deprecated bugzilla tickets. To enable a section
/* 2607: (23+) disable page thumbnails, it was around v23, not 100% sure when change /* FFxx to // FFxx. The original state of each pref has been preserved,
* this pref was replaced with browser.pagethumbnails.capturing_disabled ***/ or changed to match the current setup, but you are advised to review them.
// user_pref("pageThumbs.enabled", false); [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/
/* 2408: (31+) disable network API - fingerprinting vector ***/ /* FF42 and older
// user_pref("dom.network.enabled", false); // 2607: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled
/* 2620: (35+) disable WebSockets // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=897811
* [1] https://developer.mozilla.org/en-US/Firefox/Releases/35 ***/ user_pref("pageThumbs.enabled", false);
// user_pref("network.websocket.enabled", false); // 2503: (31+) disable network API - replaced by dom.netinfo.enabled
/* 2023: (37+) disable camera autofocus callback (was in 36, not in 37) // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=960426
* Not part of any specification, the API will be superceded by the WebRTC Capture user_pref("dom.network.enabled", false);
* and Stream API ( http://w3c.github.io/mediacapture-main/getusermedia.html ) // 2620: (35+) disable WebSockets
* [1] https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/ ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1091016
// user_pref("camera.control.autofocus_moving_callback.enabled", false); user_pref("network.websocket.enabled", false);
/* 1804: (41+) disable plugin enumeration ***/ // 1610: (36+) set DNT "value" to "not be tracked" (FF21+)
// user_pref("plugins.enumerable_names", ""); // [1] http://kb.mozillazine.org/Privacy.donottrackheader.value
/* 0420: (42+) disable tracking protection // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1042135#c101
* this particular pref was never in stable // user_pref("privacy.donottrackheader.value", 1);
* labelled v42+ because that's when tracking protection landed ***/ // 2023: (37+) disable camera autofocus callback
// user_pref("browser.polaris.enabled", false); // The API will be superceded by the WebRTC Capture and Stream API
/* 2803: (42+) what to clear on shutdown // [1] https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/API/CameraControl/
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184#c23 ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683
user_pref("camera.control.autofocus_moving_callback.enabled", false);
// 0415: (FF41+) disable reporting URLs - removed or replaced by various
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1109475
user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL
user_pref("browser.safebrowsing.reportGenericURL", ""); // removed
user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL
user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed
user_pref("browser.safebrowsing.reportURL", ""); // removed
// 1804: (41+) disable plugin enumeration
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1169945
user_pref("plugins.enumerable_names", "");
// 2803: (42+) clear passwords on shutdown
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1102184
// user_pref("privacy.clearOnShutdown.passwords", false); // user_pref("privacy.clearOnShutdown.passwords", false);
/* 0411: (43+) disable safebrowsing urls & download ***/ // 3001a: (42+) disable warning when a domain requests full screen
// user_pref("browser.safebrowsing.gethashURL", ""); // replaced by setting full-screen-api.warning.timeout to zero
// user_pref("browser.safebrowsing.malware.reportURL", ""); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1160017
// user_pref("browser.safebrowsing.provider.google.appRepURL", "");
// user_pref("browser.safebrowsing.reportErrorURL", "");
// user_pref("browser.safebrowsing.reportGenericURL", "");
// user_pref("browser.safebrowsing.reportMalwareErrorURL", "");
// user_pref("browser.safebrowsing.reportMalwareURL", "");
// user_pref("browser.safebrowsing.reportURL", "");
// user_pref("browser.safebrowsing.updateURL", "");
/* 0420: (43+) disable tracking protection. FF43+ URLs are now part of safebrowsing
* [1] https://wiki.mozilla.org/Security/Tracking_protection (look under Prefs)
* [NOTE] getupdateURL = WRONG / never existed. updateURL = CORRECT and has been added FYI ***/
// user_pref("browser.trackingprotection.gethashURL", "");
// user_pref("browser.trackingprotection.getupdateURL", "");
// user_pref("browser.trackingprotection.updateURL", "");
/* 1803: (43+) remove plugin finder service
* [1] http://kb.mozillazine.org/Pfs.datasource.url ***/
// user_pref("pfs.datasource.url", "");
/* 2403: (43+) disable scripts changing images
* [TEST] http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2
* [WARNING] Will break some sites such as Google Maps and a lot of web apps ***/
// user_pref("dom.disable_image_src_set", true);
/* 2615: (43+) disable http2 for now as well ***/
// user_pref("network.http.spdy.enabled.http2draft", false);
/* 3001a: (43+) disable warning when a domain requests full screen
* replaced by setting full-screen-api.warning.timeout to zero ***/
// user_pref("full-screen-api.approval-required", false); // user_pref("full-screen-api.approval-required", false);
/* 3003: (43+) disable new search panel UI [Classic Theme Restorer can restore the old search] ***/ // ***/
/* FF43
// 0410's: disable safebrowsing urls & updates - replaced by various
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372
// user_pref("browser.safebrowsing.gethashURL", ""); // browser.safebrowsing.provider.google.gethashURL
// user_pref("browser.safebrowsing.updateURL", ""); // browser.safebrowsing.provider.google.updateURL
user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing.provider.google.reportURL
// 0420's: disable tracking protection - replaced by various
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107372
// user_pref("browser.trackingprotection.gethashURL", ""); // browser.safebrowsing.provider.mozilla.gethashURL
// user_pref("browser.trackingprotection.updateURL", ""); // browser.safebrowsing.provider.mozilla.updateURL
// 1803: remove plugin finder service
// [1] http://kb.mozillazine.org/Pfs.datasource.url
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1202193
user_pref("pfs.datasource.url", "");
// 2614: disable HTTP2
// [-]
user_pref("network.http.spdy.enabled.http2draft", false);
// 3003: disable new search panel UI
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1119250
// user_pref("browser.search.showOneOffButtons", false); // user_pref("browser.search.showOneOffButtons", false);
/* 1201: (44+) block rc4 whitelist // ***/
* [1] https://developer.mozilla.org/en-US/Firefox/Releases/44#Security ***/ /* FF44
// user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); // 0414: disable safebrowsing's real-time binary checking (google) (FF43+)
/* 2417: (44+) disable SharedWorkers, which allow the exchange of data between iFrames that // [-]
* are open in different tabs, even if the sites do not belong to the same domain. user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL
* [1] https://www.torproject.org/projects/torbrowser/design/#identifier-linkability (no. 8) // 1200's: block rc4 whitelist
* [2] https://bugs.torproject.org/15562 // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1201025
* is used in FF 45 and 46 code once, to set it for a test ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215796
// user_pref("dom.workers.sharedWorkers.enabled", false); user_pref("security.tls.insecure_fallback_hosts.use_static_list", false);
/* 1005: (45+) disable deferred level of storing extra session data 0=all 1=http-only 2=none ***/ // 2301: disable SharedWorkers
// user_pref("browser.sessionstore.privacy_level_deferred", 2); // [1] https://bugs.torproject.org/15562
/* 0333a: (46+) disable health report // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1207635
* [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234526 ***/ user_pref("dom.workers.sharedWorkers.enabled", false);
// user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref) // 2403: disable scripts changing images
// user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref) // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=773429
/* 0334b: (46+) disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers ***/ // user_pref("dom.disable_image_src_set", true);
// user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); // ***/
/* 0373: (46+) disable "Pocket". FF46 replaced these with extensions.pocket.* ***/ /* FF45
// user_pref("browser.pocket.enabled", false); // 1005: disable deferred level of storing extra session data 0=all 1=http-only 2=none
// user_pref("browser.pocket.api", ""); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235379
// user_pref("browser.pocket.site", ""); user_pref("browser.sessionstore.privacy_level_deferred", 2);
// user_pref("browser.pocket.oAuthConsumerKey", ""); // ***/
/* 0410e: (46+) safebrowsing ***/ /* FF46
// user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check // 0333a: disable health report
/* 0333b: (47+) disable about:healthreport page UNIFIED ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234526
// user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); user_pref("datareporting.healthreport.service.enabled", false); // (hidden pref)
/* 0330b: (47+) set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry user_pref("datareporting.healthreport.documentServerURI", ""); // (hidden pref)
* is enabled ONLY for people that opted into it, even if unified Telemetry is enabled // 0334b: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers
* [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580 ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1234522
// user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref) user_pref("datareporting.policy.dataSubmissionEnabled.v2", false);
/* 0807: (47+) disable history manipulation // 0373: disable "Pocket" - replaced by extensions.pocket.*
* [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1215694
* [WARNING] If set to false it breaks some sites (youtube) ability to correctly show the user_pref("browser.pocket.enabled", false);
* url in location bar and for the forward/back tab history to work ***/ user_pref("browser.pocket.api", "");
// user_pref("browser.history.allowPopState", false); user_pref("browser.pocket.site", "");
// user_pref("browser.history.allowPushState", false); user_pref("browser.pocket.oAuthConsumerKey", "");
// user_pref("browser.history.allowReplaceState", false); // 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url
/* (48+) disable dom.mozTCPSocket.enabled (raw TCP socket support) // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1239587
* [1] https://trac.torproject.org/projects/tor/ticket/18863 user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check
* [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ // 0420: disable polaris (part of Tracking Protection, never used in stable)
* [3] https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1235565
// user_pref("dom.mozTCPSocket.enabled", false); // user_pref("browser.polaris.enabled", false);
/* 0806: (48+) disable 'unified complete': 'Search with [default search engine]' // ***/
* this feature has been added back in Classic Theme Restorer /* FF47
* [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html ***/ // 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry
// is enabled ONLY for people that opted into it, even if unified Telemetry is enabled
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580
user_pref("toolkit.telemetry.unifiedIsOptIn", true); // (hidden pref)
// 0333b: disable about:healthreport page UNIFIED
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1236580
user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,");
// 0807: disable history manipulation
// [1] https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1249542
user_pref("browser.history.allowPopState", false);
user_pref("browser.history.allowPushState", false);
user_pref("browser.history.allowReplaceState", false);
// ***/
/* FF48
// 0806: disable 'unified complete': 'Search with [default search engine]'
// [1] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1181078
// user_pref("browser.urlbar.unifiedcomplete", false); // user_pref("browser.urlbar.unifiedcomplete", false);
/* 0372: (49+) disable "Hello" (TokBox/Telefonica WebRTC voice & video call PUP) WebRTC (IP leak) // ***/
* [1] https://www.mozilla.org/en-US/privacy/firefox-hello/ /* FF49
* [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello // 0372: disable "Hello"
* [3] https://support.mozilla.org/en-US/kb/hello-status ***/ // [1] https://www.mozilla.org/en-US/privacy/firefox-hello/
// user_pref("loop.enabled", false); // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello
// user_pref("loop.server", ""); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1287827
// user_pref("loop.feedback.formURL", ""); user_pref("loop.enabled", false);
// user_pref("loop.feedback.manualFormURL", ""); user_pref("loop.server", "");
// user_pref("loop.facebook.appId", ""); user_pref("loop.feedback.formURL", "");
// user_pref("loop.facebook.enabled", false); user_pref("loop.feedback.manualFormURL", "");
// user_pref("loop.facebook.fallbackUrl", ""); user_pref("loop.facebook.appId", "");
// user_pref("loop.facebook.shareUrl", ""); user_pref("loop.facebook.enabled", false);
// user_pref("loop.logDomains", false); user_pref("loop.facebook.fallbackUrl", "");
/* 2202: (49+) ONE of the new window UI prefs ***/ user_pref("loop.facebook.shareUrl", "");
// user_pref("dom.disable_window_open_feature.scrollbars", true); user_pref("loop.logDomains", false);
/* 2431: (49+) disable ONE of the push notification prefs ***/ // 2202: disable new window scrollbars being hidden
// user_pref("dom.push.udp.wakeupEnabled", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1257887
/* 0101: (50+) disable ONE of the "slow startup" options ***/ user_pref("dom.disable_window_open_feature.scrollbars", true);
// user_pref("browser.usedOnWindows10.introURL", ""); // 2303: disable push notification (UDP wake-up)
/* 0308: (50+) disable update plugin notifications // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1265914
* if using Flash/Java/Silverlight, it is best to turn on their own auto-update mechanisms. user_pref("dom.push.udp.wakeupEnabled", false);
* See 1804 below: Mozilla only checks a few plugins and will soon do away with NPAPI ***/ // ***/
// user_pref("plugins.update.notifyUser", false); /* FF50
/* 0410a: (50+) "Block dangerous and deceptive content" pref name change ***/ // 0101: disable Windows10 intro on startup [WINDOWS]
// user_pref("browser.safebrowsing.enabled", false); // FF49 and earlier // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1274633
/* 1202: (50+) disable rc4 ciphers user_pref("browser.usedOnWindows10.introURL", "");
* [1] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ // 0308: disable update plugin notifications
* [2] https://trac.torproject.org/projects/tor/ticket/17369 ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905
// user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); user_pref("plugins.update.notifyUser", false);
// user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // 0410: disable "Block dangerous and deceptive content"- replaced by browser.safebrowsing.phishing.enabled
// user_pref("security.ssl3.rsa_rc4_128_md5", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1025965
// user_pref("security.ssl3.rsa_rc4_128_sha", false); // user_pref("browser.safebrowsing.enabled", false);
/* 1809: (50+) remove Mozilla's plugin update URL ***/ // 1266: disable rc4 ciphers
// user_pref("plugins.update.url", ""); // [1] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/
/* 1851: (51+) delay play of videos until they're visible // [2] https://trac.torproject.org/projects/tor/ticket/17369
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1180563 ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1268728
// user_pref("media.block-play-until-visible", true); user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
/* 2504: (51+) disable virtual reality devices ***/ user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
// user_pref("dom.vr.oculus050.enabled", false); user_pref("security.ssl3.rsa_rc4_128_md5", false);
/* 2614: (51+) disable SPDY ***/ user_pref("security.ssl3.rsa_rc4_128_sha", false);
// user_pref("network.http.spdy.enabled.v3-1", false); // 1809: remove Mozilla's plugin update URL
/* 1602: (?) this DNT .value pref (still in code) was deprecated some time ago // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1277905
* [1] http://kb.mozillazine.org/Privacy.donottrackheader.value (pref required since FF21+) ***/ user_pref("plugins.update.url", "");
// user_pref("privacy.donottrackheader.value", 1); // (hidden pref) // ***/
/* 1601: (52+) disable referer from an SSL Website /* FF51
* removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1308725 ***/ // 1851: delay play of videos until they're visible
// user_pref("network.http.sendSecureXSiteReferrer", false); // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1180563
/* 1850: (52+) disable the Adobe EME "Primetime CDM" (Content Decryption Module) // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1262053
* [1] https://trac.torproject.org/projects/tor/ticket/16285 ***/ user_pref("media.block-play-until-visible", true);
// user_pref("media.gmp-eme-adobe.enabled", false); // 2504: disable virtual reality devices
// user_pref("media.gmp-eme-adobe.visible", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1250244
// user_pref("media.gmp-eme-adobe.autoupdate", false); user_pref("dom.vr.oculus050.enabled", false);
/* 2405: (52+) https://wiki.mozilla.org/WebAPI/Security/WebTelephony ***/ // 2614: disable SPDY
// user_pref("dom.telephony.enabled", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1248197
/* 2502: (52+) disable Battery Status API. Initially a Linux issue (high precision readout) that was fixed. user_pref("network.http.spdy.enabled.v3-1", false);
* However, it is still another metric for fingerprinting, used to raise entropy. // ***/
* eg: do you have a battery or not, current charging status, charge level, times remaining etc /* FF52
* [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/ // 1601: disable referer from an SSL Website
* [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127 // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1308725
* [3] https://www.w3.org/TR/battery-status/ user_pref("network.http.sendSecureXSiteReferrer", false);
* [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online // 1850: disable Adobe EME "Primetime CDM" (Content Decryption Module)
* [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. // [1] https://trac.torproject.org/projects/tor/ticket/16285
* [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329538 // FF52
// user_pref("dom.battery.enabled", false); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1337121 // FF52
/* 1265: (53+) block rc4 fallback ***/ // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329543 // FF53
// user_pref("security.tls.unrestricted_rc4_fallback", false); user_pref("media.gmp-eme-adobe.enabled", false);
/* 1806: (53+) disable Acrobat, Quicktime, WMP user_pref("media.gmp-eme-adobe.visible", false);
* The string refers to min version number allowed ***/ user_pref("media.gmp-eme-adobe.autoupdate", false);
// user_pref("plugin.scan.Acrobat", "99999"); // 2405: disable WebTelephony API
// user_pref("plugin.scan.Quicktime", "99999"); // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony
// user_pref("plugin.scan.WindowsMediaPlayer", "99999"); // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1309719
/* 2022: (53+) disable screensharing ***/ user_pref("dom.telephony.enabled", false);
// user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); // 2502: disable Battery Status API. Initially a Linux issue (high precision readout) that
/* 2507: (53+) disable keyboard fingerprinting ***/ // was fixed. However, it is still another metric for fingerprinting, used to raise entropy.
// user_pref("dom.beforeAfterKeyboardEvent.enabled", false); // eg: do you have a battery or not, current charging status, charge level, times remaining etc
// [1] http://techcrunch.com/2015/08/04/battery-attributes-can-be-used-to-track-web-users/
// [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1124127
// [3] https://www.w3.org/TR/battery-status/
// [4] https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online
// [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code.
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1313580
user_pref("dom.battery.enabled", false);
// ***/
/* FF53
// 1265: block rc4 fallback
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1130670
user_pref("security.tls.unrestricted_rc4_fallback", false);
// 1806: disable Acrobat, Quicktime, WMP (the string = min version number allowed)
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317109
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317110
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1317108
user_pref("plugin.scan.Acrobat", "99999");
user_pref("plugin.scan.Quicktime", "99999");
user_pref("plugin.scan.WindowsMediaPlayer", "99999");
// 2022: disable screensharing
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1329562
user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false);
// 2507: disable keyboard fingerprinting
// [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1322736
user_pref("dom.beforeAfterKeyboardEvent.enabled", false);
// ***/