Git-Mirrors/user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-04-21 16:16:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

Part 1: inactive dead wood, see #710

Browse Source
This commit is contained in:
Thorin-Oakenpants 2019-04-28 12:26:37 +00:00 committed by GitHub
parent b4a4856223
commit 301f023840
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
user.js
View File

@ -44,7 +44,7 @@
0100: STARTUP
0200: GEOLOCATION
0300: QUIET FOX
0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION
0400: BLOCKLISTS / SAFE BROWSING
0500: SYSTEM ADD-ONS / EXPERIMENTS
0600: BLOCK IMPLICIT OUTBOUND
0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc
@ -275,67 +275,27 @@ user_pref("network.captive-portal-service.enabled", false); // [FF52+]
* [1] https://bugzilla.mozilla.org/1460537 ***/
user_pref("network.connectivity-service.enabled", false);
/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION
This section has security & tracking protection implications vs privacy concerns vs effectiveness
vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP)
and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED.
Safe Browsing is designed to protect users from malicious sites. Tracking Protection is designed
to lessen the impact of third parties on websites to reduce tracking and to speed up your browsing.
These do rely on 3rd parties (Google for SB and Disconnect for TP), but many steps, which are
continually being improved, have been taken to preserve privacy. Disable at your own risk.
/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING (SB)
Safe Browsing does rely on Google, but many steps have been taken to preserve privacy. *IF* required
a full url is never sent to Google, only a PART-hash of the prefix, and this is hidden with noise of
other real PART-hashes. Google also swear it is anonymized and only used to flag malicious sites.
Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) doesn't
even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity)
#Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
[1] https://wiki.mozilla.org/Security/Safe_Browsing
***/
user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!");
/** BLOCKLISTS ***/
/* 0401: enable Firefox blocklist, but sanitize blocklist url
/* 0401: enforce Firefox blocklist, but sanitize blocklist url
* [NOTE] It includes updates for "revoked certificates"
* [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
* [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/
user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true]
user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/");
/* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists
* What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications
* As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be
* revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes ***/
// user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates
// user_pref("services.blocklist.addons.collection", "");
// user_pref("services.blocklist.plugins.collection", "");
// user_pref("services.blocklist.gfx.collection", "");
/** SAFE BROWSING (SB)
This sub-section has been redesigned to differentiate between "real-time"/"user initiated" data
being sent to Google from all other settings such as using local blocklists/whitelists and updating
those lists. There are NO privacy issues here. *IF* required, a full url is never sent to Google,
only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. Google also
swear it is anonymized and only used to flag malicious sites/activity. Firefox also takes measures
such as striping out identifying parameters and storing safe browsing cookies in a separate jar.
SB v4 (FF57+) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity)
#Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
[1] https://wiki.mozilla.org/Security/Safe_Browsing ***/
/* 0410: disable "Block dangerous and deceptive content"
* This covers deceptive sites such as phishing and social engineering
* [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/
// user_pref("browser.safebrowsing.malware.enabled", false);
// user_pref("browser.safebrowsing.phishing.enabled", false); // [FF50+]
/* 0411: disable "Block dangerous downloads"
* This covers malware and PUPs (potentially unwanted programs)
* [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/
// user_pref("browser.safebrowsing.downloads.enabled", false);
/* 0412: disable "Warn me about unwanted and uncommon software"
* [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/
// user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // [FF48+]
// user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); // [FF48+]
// user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // [FF49+]
// user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // [FF49+]
/* 0413: disable Google safebrowsing updates ***/
// user_pref("browser.safebrowsing.provider.google.updateURL", "");
// user_pref("browser.safebrowsing.provider.google.gethashURL", "");
// user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // [FF50+]
// user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // [FF50+]
/* 0414: disable binaries NOT in local lists being checked by Google (real-time checking) ***/
/* 0402: disable binaries NOT in Safe Browsing local lists being checked
* [SETUP-WEB] This is a real-time check with Google. If you want this protection, turn it on ***/
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
/* 0415: disable reporting URLs ***/
/* 0403: disable reporting URLs ***/
user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.reportPhishURL", "");
user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // [FF50+]
@ -343,43 +303,15 @@ user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); /
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // [FF54+]
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // [FF54+]
user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // [FF54+]
/* 0416: disable 'ignore this warning' on Safe Browsing warnings
/* 0404: disable 'ignore this warning' on Safe Browsing warnings
* If clicked, it bypasses the block for that session. This is a means for admins to enforce SB
* [TEST] see github wiki APPENDIX A: Test Sites: Section 5
* [1] https://bugzilla.mozilla.org/1226490 ***/
// user_pref("browser.safebrowsing.allowOverride", false);
/* 0417: disable data sharing [FF58+] ***/
/* 0405: disable data sharing [FF58+] ***/
user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
/** TRACKING PROTECTION (TP)
There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well,
as it offers more comprehensive and specialized lists. It also allows per domain control. ***/
/* 0420: enable Tracking Protection in all windows
* [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610)
* [1] https://wiki.mozilla.org/Security/Tracking_protection
* [2] https://support.mozilla.org/kb/tracking-protection-firefox ***/
// user_pref("privacy.trackingprotection.pbmode.enabled", true); // [DEFAULT: true]
// user_pref("privacy.trackingprotection.enabled", true);
/* 0422: set which Tracking Protection block list to use
* [WARNING] We don't recommend enforcing this from here, as available block lists can change
* [SETTING] Privacy & Security>Content Blocking>All Detected Trackers>Change block list ***/
// user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic
/* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting [FF48+]
* [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
* [2] https://bugzilla.mozilla.org/1237198 ***/
// user_pref("browser.safebrowsing.blockedURIs.enabled", false);
/* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/
// user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
// user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");
/* 0425: disable passive Tracking Protection [FF53+]
* Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list
* [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows
* This is included for people who want to completely disable Tracking Protection.
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/
// user_pref("privacy.trackingprotection.annotate_channels", false);
// user_pref("privacy.trackingprotection.lower_network_priority", false);
/*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS
System Add-ons are a method for shipping extensions, considered to be
built-in features to Firefox, that are hidden from the about:addons UI.
@ -974,7 +906,7 @@ user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
* [1] https://bugzilla.mozilla.org/1305144 ***/
user_pref("network.http.referer.hideOnionSource", true);
/* 1610: ALL: enable the DNT (Do Not Track) HTTP header
* [NOTE] DNT is enforced with TP (see 0420) regardless of this pref
* [NOTE] DNT is enforced with Tracking Protection regardless of this pref
* [SETTING] Privacy & Security>Content Blocking>Send websites a "Do Not Track"... ***/
user_pref("privacy.donottrackheader.enabled", true);
@ -1024,7 +956,7 @@ user_pref("plugin.scan.plid.all", false);
/* 1820: disable all GMP (Gecko Media Plugins) [SETUP-WEB]
* [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
user_pref("media.gmp-provider.enabled", false);
user_pref("media.gmp-manager.updateEnabled", false); // HIDDEN PREF]
user_pref("media.gmp-manager.updateEnabled", false); // [HIDDEN PREF]
/* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/
user_pref("media.gmp-widevinecdm.visible", false);
user_pref("media.gmp-widevinecdm.enabled", false);
@ -1837,13 +1769,6 @@ user_pref("network.websocket.enabled", false);
// [1] https://developer.mozilla.org/docs/Archive/B2G_OS/API/CameraControl
// [-] https://bugzilla.mozilla.org/1107683
user_pref("camera.control.autofocus_moving_callback.enabled", false);
// 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various
// [-] https://bugzilla.mozilla.org/1109475
user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL
user_pref("browser.safebrowsing.reportGenericURL", ""); // removed
user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL
user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed
user_pref("browser.safebrowsing.reportURL", ""); // removed
// 0702: (41+) disable HTTP2 (draft)
// [-] https://bugzilla.mozilla.org/1132357
user_pref("network.http.spdy.enabled.http2draft", false);
@ -1859,15 +1784,6 @@ user_pref("plugins.enumerable_names", "");
// user_pref("full-screen-api.approval-required", false);
// ***/
/* FF43
// 0410's: disable safebrowsing urls & updates - replaced by various
// [-] https://bugzilla.mozilla.org/1107372
// user_pref("browser.safebrowsing.gethashURL", ""); // browser.safebrowsing.provider.google.gethashURL
// user_pref("browser.safebrowsing.updateURL", ""); // browser.safebrowsing.provider.google.updateURL
user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing.provider.google.reportURL
// 0420's: disable tracking protection - replaced by various
// [-] https://bugzilla.mozilla.org/1107372
// user_pref("browser.trackingprotection.gethashURL", ""); // browser.safebrowsing.provider.mozilla.gethashURL
// user_pref("browser.trackingprotection.updateURL", ""); // browser.safebrowsing.provider.mozilla.updateURL
// 1803: remove plugin finder service
// [1] http://kb.mozillazine.org/Pfs.datasource.url
// [-] https://bugzilla.mozilla.org/1202193
@ -1877,9 +1793,6 @@ user_pref("pfs.datasource.url", "");
// user_pref("browser.search.showOneOffButtons", false);
// ***/
/* FF44
// 0414: disable safebrowsing's real-time binary checking (google) [FF43+]
// [-] https://bugzilla.mozilla.org/1237103
user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL
// 1200's: block rc4 whitelist
// [-] https://bugzilla.mozilla.org/1215796
user_pref("security.tls.insecure_fallback_hosts.use_static_list", false);
@ -1906,12 +1819,6 @@ user_pref("datareporting.healthreport.documentServerURI", ""); // [HIDDEN PREF]
// 0341: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers
// [-] https://bugzilla.mozilla.org/1234522
user_pref("datareporting.policy.dataSubmissionEnabled.v2", false);
// 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url
// [-] https://bugzilla.mozilla.org/1239587
user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check
// 0420: disable polaris (part of Tracking Protection, never used in stable)
// [-] https://bugzilla.mozilla.org/1235565
// user_pref("browser.polaris.enabled", false);
// 0510: disable "Pocket" [FF39+] - replaced by extensions.pocket.*
// [-] https://bugzilla.mozilla.org/1215694
user_pref("browser.pocket.enabled", false);
@ -1968,9 +1875,6 @@ user_pref("browser.usedOnWindows10.introURL", "");
// 0308: disable plugin update notifications
// [-] https://bugzilla.mozilla.org/1277905
user_pref("plugins.update.notifyUser", false);
// 0410: disable "Block dangerous and deceptive content" - replaced by browser.safebrowsing.phishing.enabled
// [-] https://bugzilla.mozilla.org/1025965
// user_pref("browser.safebrowsing.enabled", false);
// 1266: disable rc4 ciphers
// [1] https://trac.torproject.org/projects/tor/ticket/17369
// [-] https://bugzilla.mozilla.org/1268728
@ -2028,10 +1932,6 @@ user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false);
user_pref("dom.beforeAfterKeyboardEvent.enabled", false);
// ***/
/* FF54
// 0415: disable reporting URLs (safe browsing)
// [-] https://bugzilla.mozilla.org/1288633
user_pref("browser.safebrowsing.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.reportPhishMistakeURL", "");
// 1830: block websites detecting DRM is disabled
// [-] https://bugzilla.mozilla.org/1242321
user_pref("media.eme.apiVisible", false);
@ -2229,12 +2129,6 @@ user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF]
// [SETTING] General>Firefox Updates>Never check for updates
// [-] https://bugzilla.mozilla.org/1420514
// user_pref("app.update.enabled", false);
// 0402: enable Kinto blocklist updates [FF50+]
// What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications
// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be
// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes
// [-] https://bugzilla.mozilla.org/1458917
user_pref("services.blocklist.update_enabled", true); // [DEFAULT: true]
// 0503: disable "Savant" Shield study [FF61+]
// [-] https://bugzilla.mozilla.org/1457226
user_pref("shield.savant.enabled", false);