Git-Mirrors/user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-04-21 08:06:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

arkenfox v128

Browse Source
This commit is contained in:
Wraaath 2024-08-26 14:56:52 +02:00
parent 61ffcaf671
commit d2f0d8e73b
2 changed files with 325 additions and 255 deletions

134
user-overrides.js

@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
* date: 7 June 2024
* version: 126
* date: 26 August 2024
* version: 128
* urls: https://github.com/arkenfox/user.js [repo]
* : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@ -57,7 +57,7 @@
2700: ETP (ENHANCED TRACKING PROTECTION)
2800: SHUTDOWN & SANITIZING
4000: FPP (fingerprintingProtection)
4500: RFP (resistFingerprinting)
4500: OPTIONAL RFP (resistFingerprinting)
5000: OPTIONAL OPSEC
5500: OPTIONAL HARDENING
6000: DON'T TOUCH
@ -131,17 +131,9 @@ user_pref(
"_user.js.parrot",
"0200 syntax error: the parrot's definitely deceased!"
);
/* 0201: use Mozilla geolocation service instead of Google if permission is granted [FF74+]
* Optionally enable logging to the console (defaults to false) ***/
user_pref(
"geo.provider.network.url",
"https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"
);
// user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF]
/* 0202: disable using the OS's geolocation service ***/
user_pref("geo.provider.ms-windows-location", false); // [WINDOWS]
user_pref("geo.provider.use_corelocation", false); // [MAC]
user_pref("geo.provider.use_gpsd", false); // [LINUX] [HIDDEN PREF]
user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX]
/*** [SECTION 0300]: QUIETER FOX ***/
@ -239,8 +231,8 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!");
/* 0401: disable SB (Safe Browsing)
* [WARNING] Do this at your own risk! These are the master switches
* [SETTING] Privacy & Security>Security>... Block dangerous and deceptive content ***/
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", true);
user_pref("browser.safebrowsing.phishing.enabled", true);
/* 0402: disable SB checks for downloads (both local lookups + remote)
* This is the master switch for the safebrowsing.downloads* prefs (0403, 0404)
* [SETTING] Privacy & Security>Security>... "Block dangerous downloads" ***/
@ -273,7 +265,7 @@ user_pref("network.prefetch-next", false);
/* 0602: disable DNS prefetching
* [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/
user_pref("network.dns.disablePrefetch", true);
// user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true]
user_pref("network.dns.disablePrefetchFromHTTPS", true);
/* 0603: disable predictor / prefetching ***/
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
@ -324,7 +316,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""
* [SETTING] Privacy & Security>DNS over HTTPS
* [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
* [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
* [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
* [3] https://support.mozilla.org/kb/firefox-dns-over-https
* [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
user_pref("network.trr.mode", 3);
/* 0712: set DoH provider
@ -343,13 +335,13 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
* [NOTE] The UI is controlled by the .enabled pref
* [SETTING] Search>Address Bar>Suggestions from...
* [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false]
user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false]
user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false]
user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+]
user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+]
/* 0803: disable live search suggestions
* [NOTE] Both must be true for live search to work in the location bar
* [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
* [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/
* [SETTING] Search>Show search suggestions | Show search suggestions in address bar results ***/
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.urlbar.suggest.searches", false);
/* 0805: disable urlbar trending search suggestions [FF118+]
@ -363,9 +355,13 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa
user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
user_pref("browser.urlbar.clipboard.featureGate", false);
/* 0808: disable recent searches [FF120+]
* [NOTE] Recent searches are cleared with history (2811)
* [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/
// user_pref("browser.urlbar.recentsearches.featureGate", false);
/* 0810: disable search and form history
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [NOTE] We also clear formdata on exit (2811)
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
* [2] https://bugzilla.mozilla.org/381681 ***/
@ -420,8 +416,8 @@ user_pref(
"1000 syntax error: the parrot's gone to meet 'is maker!"
);
/* 1001: disable disk cache
* [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this
* [NOTE] We also clear cache on exit (2811) ***/
* [NOTE] We also clear cache on exit (2811)
* [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/
user_pref("browser.cache.disk.enable", false);
/* 1002: disable media cache from writing to disk in Private Browsing
* [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/
@ -576,7 +572,7 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
/* 2003: force a single network interface for ICE candidates generation [FF42+]
* When using a system-wide proxy, it uses the proxy interface
* [1] https://developer.mozilla.org/en-US/docs/Web/API/RTCIceCandidate
* [1] https://developer.mozilla.org/docs/Web/API/RTCIceCandidate
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
user_pref("media.peerconnection.ice.default_address_only", true);
/* 2004: force exclusion of private IPs from ICE candidates [FF51+]
@ -644,8 +640,10 @@ user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: fa
/* 2630: disable content analysis by DLP (Data Loss Prevention) agents
* DLP agents are background processes on managed computers that allow enterprises to monitor locally running
* applications for data exfiltration events, which they can allow/block based on customer defined DLP policies.
* 0=Block all requests, 1=Warn on all requests (which lets the user decide), 2=Allow all requests
* [1] https://github.com/chromium/content_analysis_sdk */
user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false]
user_pref("browser.contentanalysis.enabled", false); // [FF121+] [DEFAULT: false]
user_pref("browser.contentanalysis.default_result", 0); // [FF127+] [DEFAULT: 0]
/** DOWNLOADS ***/
/* 2651: enable user interaction for security by always asking where to download
@ -693,7 +691,7 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
* Opener and redirect heuristics are granted for 30 days, see [3]
* [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
* [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
* [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
* [3] https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
// user_pref("privacy.antitracking.enableWebcompat", false);
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
@ -702,6 +700,8 @@ user_pref(
"2800 syntax error: the parrot's bleedin' demised!"
);
/* 2810: enable Firefox to clear items on shutdown
* [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and
* via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815)
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
@ -723,9 +723,8 @@ user_pref("privacy.clearOnShutdown.openWindows", false);
/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/
/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME]
* [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below).
* serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for
* both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
* [NOTE] Exceptions: A "cookie" permission also controls "offlineApps" (see note below). For cross-domain logins,
* add exceptions for both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
* [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
* [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies
* [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271)
@ -780,7 +779,9 @@ user_pref("privacy.sanitize.timeSpan", 0);
In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled
by ETP (2701). FPP will also use Remote Services in future to relax FPP protections
on a per site basis for compatibility (4003).
on a per site basis for compatibility (4004).
https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc
1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux)
https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
@ -791,19 +792,30 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
* [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/
user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+]
/* 4002: set global FPP overrides [FF114+]
* Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are
* not used by RFP) e.g. "+AllTargets,-CSSPrefersColorScheme" or "-AllTargets,+CanvasRandomization"
* [NOTE] Be aware that not all RFP protections are necessarily in RFPTargets
* [WARNING] Not recommended. Either use RFP or FPP at defaults
* uses "RFPTargets" [1] which despite the name these are not used by RFP
* e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone
* e.g. "-AllTargets,+CanvasRandomization,+JSDateTimeUTC" = no targets but do use FPP canvas and change timezone
* [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults
* [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/
user_pref("privacy.fingerprintingProtection.overrides", "");
/* 4003: disable remote FPP overrides [FF127+] ***/
user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false);
user_pref(
"privacy.fingerprintingProtection.overrides",
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC"
);
/* 4003: set granular FPP overrides
* JSON format: e.g."[{\"firstPartyDomain\": \"netflix.com\", \"overrides\": \"-CanvasRandomization,-FrameRate,\"}]"
* [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults ***/
// user_pref("privacy.fingerprintingProtection.granularOverrides", "");
/* 4004: disable remote FPP overrides [FF127+] ***/
// user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false);
/*** [SECTION 4500]: RFP (resistFingerprinting)
/*** [SECTION 4500]: OPTIONAL RFP (resistFingerprinting)
RFP overrides FPP (4000)
It is an all-or-nothing buy in: you cannot pick and choose what parts you want
FF128+ Arkenfox by default uses FPP (automatically enabled with ETP Strict). For most people
this is all you need. To use RFP instead, add RFP (4501) to your overrides, and optionally
add letterboxing (4504), spoof_english (4506), and webgl (4520).
RFP is an all-or-nothing buy in: you cannot pick and choose what parts you want
[TEST] https://arkenfox.github.io/TZP/tzp.html
[WARNING] DO NOT USE extensions to alter RFP protected metrics
@ -861,13 +873,12 @@ user_pref(
"4500 syntax error: the parrot's popped 'is clogs"
);
/* 4501: enable RFP
* [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar.
* RFP also has a few side effects: mainly timezone is UTC, and websites will prefer light theme
* [NOTE] pbmode applies if true and the original pref is false
* [1] https://bugzilla.mozilla.org/418986 ***/
user_pref("privacy.resistFingerprinting", true); // [FF41+]
user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+]
/* 4502: set new window size rounding max values [FF55+]
* [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar.
* RFP also has a few side effects: mainly that timezone is GMT, and websites will prefer light theme ***/
// user_pref("privacy.resistFingerprinting", true); // [FF41+]
// user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+]
/* 4502: set RFP new window size max rounded values [FF55+]
* [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen
* [1] https://bugzilla.mozilla.org/1330882 ***/
user_pref("privacy.window.maxInnerWidth", 1600);
@ -876,7 +887,7 @@ user_pref("privacy.window.maxInnerHeight", 900);
* [NOTE] To allow extensions to work on AMO, you also need 2662
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
/* 4504: enable RFP letterboxing [FF67+]
/* 4504: enable letterboxing [FF67+]
* Dynamically resizes the inner window by applying margins in stepped ranges [2]
* If you use the dimension pref, then it will only apply those resolutions.
* The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000")
@ -887,12 +898,10 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
* [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/
user_pref("privacy.resistFingerprinting.letterboxing", false); // [HIDDEN PREF]
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
/* 4505: experimental RFP [FF91+]
* [WARNING] DO NOT USE unless testing, see [1] comment 12
* [1] https://bugzilla.mozilla.org/1635603 ***/
/* 4505: disable RFP by domain [FF91+] ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
/* 4506: disable RFP spoof english prompt [FF59+]
* 0=prompt, 1=disabled, 2=enabled (requires RFP)
* 0=prompt, 1=disabled, 2=enabled
* [NOTE] When changing from value 2, preferred languages ('intl.accept_languages') is not reset.
* [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale.
* [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/
@ -900,12 +909,6 @@ user_pref("privacy.spoof_english", 1);
/* 4510: disable using system colors
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", true); // [DEFAULT: false NON-WINDOWS]
/* 4511: enforce non-native widget theme
* Security: removes/reduces system API calls, e.g. win32k API [1]
* Fingerprinting: provides a uniform look and feel across platforms [2]
* [1] https://bugzilla.mozilla.org/1381938
* [2] https://bugzilla.mozilla.org/1411425 ***/
user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
/* 4512: enforce links targeting new windows to open in a new tab instead
* 1=most recent window or tab, 2=new window, 3=new tab
* Stops malicious window sizes and some screen resolution leaks.
@ -917,8 +920,7 @@ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
/* 4513: set all open window methods to abide by "browser.link.open_newwindow" (4512)
* [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/
user_pref("browser.link.open_newwindow.restriction", 0);
/* 4520: disable WebGL (Web Graphics Library)
* [SETUP-WEB] If you need it then override it. RFP still randomizes canvas for naive scripts ***/
/* 4520: disable WebGL (Web Graphics Library) ***/
user_pref("webgl.disabled", false);
/*** [SECTION 5000]: OPTIONAL OPSEC
@ -1035,7 +1037,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
* [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js
* [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/
// user_pref("javascript.options.asmjs", false);
/* 5505: disable Ion and baseline JIT to harden against JS exploits
/* 5505: disable Ion and baseline JIT to harden against JS exploits [RESTART]
* [NOTE] When both Ion and JIT are disabled, and trustedprincipals
* is enabled, then Ion can still be used by extensions (1599226)
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit
@ -1064,8 +1066,8 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
/* 5509: disable IPv6 if using a VPN
* This is an application level fallback. Disabling IPv6 is best done at an OS/network
* level, and/or configured properly in system wide VPN setups.
* [SETUP-WEB] PR_CONNECT_RESET_ERROR
* [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
* [SETUP-WEB] PR_CONNECT_RESET_ERROR
* [TEST] https://ipleak.org/
* [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
// user_pref("network.dns.disableIPv6", true);
@ -1111,6 +1113,9 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/
// user_pref("accessibility.force_disabled", "");
// user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
// user_pref("geo.provider.network.url", "");
// user_pref("geo.provider.network.logging.enabled", "");
// user_pref("geo.provider.use_gpsd", "");
// user_pref("network.protocol-handler.external.ms-windows-store", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
@ -1343,6 +1348,17 @@ user_pref("browser.ping-centre.telemetry", false);
// 9003: disable What's New toolbar icon [FF69+]
// [-] https://bugzilla.mozilla.org/1724300
user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
// FF127
// 2630: disable content analysis by DLP (Data Loss Prevention) agents - replaced by default_result
// [-] https://bugzilla.mozilla.org/1880314
user_pref("browser.contentanalysis.default_allow", false);
// 4511: enforce non-native widget theme
// Security: removes/reduces system API calls, e.g. win32k API [1]
// Fingerprinting: provides a uniform look and feel across platforms [2]
// [1] https://bugzilla.mozilla.org/1381938
// [2] https://bugzilla.mozilla.org/1411425
// [-] https://bugzilla.mozilla.org/1848899
user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
// ***/
/* END: internal custom pref to test for syntax errors ***/

446
user.js

@ -73,7 +73,10 @@
* no longer necessarily means that all prefs have been applied. Check the console right
* after startup for any warnings/error messages related to non-applied prefs
* [1] https://blog.mozilla.org/nnethercote/2018/03/09/a-new-preferences-parser-for-firefox/ ***/
user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?");
user_pref(
"_user.js.parrot",
"START: Oh yes, the Norwegian Blue... what's wrong with it?"
);
/* 0000: disable about:config warning ***/
user_pref("browser.aboutConfig.showWarning", false);
@ -102,14 +105,20 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); //
user_pref("browser.newtabpage.activity-stream.default.sites", "");
/*** [SECTION 0200]: GEOLOCATION ***/
user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!");
user_pref(
"_user.js.parrot",
"0200 syntax error: the parrot's definitely deceased!"
);
/* 0202: disable using the OS's geolocation service ***/
user_pref("geo.provider.ms-windows-location", false); // [WINDOWS]
user_pref("geo.provider.use_corelocation", false); // [MAC]
user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX]
/*** [SECTION 0300]: QUIETER FOX ***/
user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!");
user_pref(
"_user.js.parrot",
"0300 syntax error: the parrot's not pinin' for the fjords!"
);
/** RECOMMENDATIONS ***/
/* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/
user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF]
@ -171,7 +180,7 @@ user_pref("app.normandy.api_url", "");
/* 0350: disable Crash Reports ***/
user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+]
// user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] [DEFAULT: false]
// user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] [DEFAULT: false]
/* 0351: enforce no submission of backlogged Crash Reports [FF58+]
* [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false]
@ -200,28 +209,28 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!");
/* 0401: disable SB (Safe Browsing)
* [WARNING] Do this at your own risk! These are the master switches
* [SETTING] Privacy & Security>Security>... Block dangerous and deceptive content ***/
// user_pref("browser.safebrowsing.malware.enabled", false);
// user_pref("browser.safebrowsing.phishing.enabled", false);
// user_pref("browser.safebrowsing.malware.enabled", false);
// user_pref("browser.safebrowsing.phishing.enabled", false);
/* 0402: disable SB checks for downloads (both local lookups + remote)
* This is the master switch for the safebrowsing.downloads* prefs (0403, 0404)
* [SETTING] Privacy & Security>Security>... "Block dangerous downloads" ***/
// user_pref("browser.safebrowsing.downloads.enabled", false);
// user_pref("browser.safebrowsing.downloads.enabled", false);
/* 0403: disable SB checks for downloads (remote)
* To verify the safety of certain executable files, Firefox may submit some information about the
* file, including the name, origin, size and a cryptographic hash of the contents, to the Google
* Safe Browsing service which helps Firefox determine whether or not the file should be blocked
* [SETUP-SECURITY] If you do not understand this, or you want this protection, then override this ***/
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
// user_pref("browser.safebrowsing.downloads.remote.url", ""); // Defense-in-depth
// user_pref("browser.safebrowsing.downloads.remote.url", ""); // Defense-in-depth
/* 0404: disable SB checks for unwanted software
* [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/
// user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
// user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
// user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
// user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
/* 0405: disable "ignore this warning" on SB warnings [FF45+]
* If clicked, it bypasses the block for that session. This is a means for admins to enforce SB
* [TEST] see https://github.com/arkenfox/user.js/wiki/Appendix-A-Test-Sites#-mozilla
* [1] https://bugzilla.mozilla.org/1226490 ***/
// user_pref("browser.safebrowsing.allowOverride", false);
// user_pref("browser.safebrowsing.allowOverride", false);
/*** [SECTION 0600]: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - e.g. clicked on] ***/
user_pref("_user.js.parrot", "0600 syntax error: the parrot's no more!");
@ -242,10 +251,13 @@ user_pref("network.http.speculative-parallel-limit", 0);
user_pref("browser.places.speculativeConnect.enabled", false);
/* 0610: enforce no "Hyperlink Auditing" (click tracking)
* [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/
// user_pref("browser.send_pings", false); // [DEFAULT: false]
// user_pref("browser.send_pings", false); // [DEFAULT: false]
/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS ***/
user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!");
user_pref(
"_user.js.parrot",
"0700 syntax error: the parrot's given up the ghost!"
);
/* 0702: set the proxy server to do any DNS lookups when using SOCKS
* e.g. in Tor, this stops your local DNS server from knowing your Tor destination
* as a remote Tor node will handle the DNS request
@ -266,13 +278,13 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""
* [WARNING] Default true is a security feature against malicious extensions [1]
* [SETUP-CHROME] If you use a proxy and you trust your extensions
* [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/
// user_pref("network.proxy.failover_direct", false);
// user_pref("network.proxy.failover_direct", false);
/* 0706: disable proxy bypass for system request failures [FF95+]
* RemoteSettings, UpdateService, Telemetry [1]
* [WARNING] If false, this will break the fallback for some security features
* [SETUP-CHROME] If you use a proxy and you understand the security impact
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
// user_pref("network.proxy.allow_bypass", false);
// user_pref("network.proxy.allow_bypass", false);
/* 0710: enable DNS-over-HTTPS (DoH) [FF60+]
* 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off (no rollout)
* see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
@ -281,13 +293,13 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""
* [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
* [3] https://support.mozilla.org/kb/firefox-dns-over-https
* [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
// user_pref("network.trr.mode", 3);
// user_pref("network.trr.mode", 3);
/* 0712: set DoH provider
* The custom uri is the value shown when you "Choose provider>Custom>"
* [NOTE] If you USE custom then "network.trr.uri" should be set the same
* [SETTING] Privacy & Security>DNS over HTTPS>Increased/Max>Choose provider ***/
// user_pref("network.trr.uri", "https://example.dns");
// user_pref("network.trr.custom_uri", "https://example.dns");
// user_pref("network.trr.uri", "https://example.dns");
// user_pref("network.trr.custom_uri", "https://example.dns");
/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
@ -317,11 +329,11 @@ user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: fal
user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
// user_pref("browser.urlbar.clipboard.featureGate", false);
// user_pref("browser.urlbar.clipboard.featureGate", false);
/* 0808: disable recent searches [FF120+]
* [NOTE] Recent searches are cleared with history (2811)
* [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/
// user_pref("browser.urlbar.recentsearches.featureGate", false);
// user_pref("browser.urlbar.recentsearches.featureGate", false);
/* 0810: disable search and form history
* [NOTE] We also clear formdata on exit (2811)
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
@ -332,7 +344,7 @@ user_pref("browser.formfill.enable", false);
/* 0815: disable tab-to-search [FF85+]
* Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
* [SETTING] Search>Address Bar>When using the address bar, suggest>Search engines ***/
// user_pref("browser.urlbar.suggest.engines", false);
// user_pref("browser.urlbar.suggest.engines", false);
/* 0820: disable coloring of visited links
* [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
* redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
@ -343,7 +355,7 @@ user_pref("browser.formfill.enable", false);
* [3] https://bugzilla.mozilla.org/1632765
* [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use)
* [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/
// user_pref("layout.css.visited_links_enabled", false);
// user_pref("layout.css.visited_links_enabled", false);
/* 0830: enable separate default search engine in Private Windows and its UI setting
* [SETTING] Search>Default Search Engine>Choose a different default search engine for Private Windows only ***/
user_pref("browser.search.separatePrivateDefault", true); // [FF70+]
@ -371,10 +383,13 @@ user_pref("network.auth.subresource-http-auth-allow", 1);
/* 0906: enforce no automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+]
* [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for...
* [1] https://support.mozilla.org/kb/windows-sso ***/
// user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false]
// user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false]
/*** [SECTION 1000]: DISK AVOIDANCE ***/
user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
user_pref(
"_user.js.parrot",
"1000 syntax error: the parrot's gone to meet 'is maker!"
);
/* 1001: disable disk cache
* [NOTE] We also clear cache on exit (2811)
* [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/
@ -464,7 +479,7 @@ user_pref("security.pki.crlite_mode", 2);
/** MIXED CONTENT ***/
/* 1241: disable insecure passive content (such as images) on https pages ***/
// user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244)
// user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244)
/* 1244: enable HTTPS-Only mode in all windows
* When the top-level is HTTPS, insecure subresources are also upgraded (silent fail)
* [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")
@ -472,9 +487,9 @@ user_pref("security.pki.crlite_mode", 2);
* [TEST] http://example.com [upgrade]
* [TEST] http://httpforever.com/ | http://http.rip [no upgrade] ***/
user_pref("dom.security.https_only_mode", true); // [FF76+]
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
/* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
// user_pref("dom.security.https_only_mode.upgrade_local", true);
// user_pref("dom.security.https_only_mode.upgrade_local", true);
/* 1246: disable HTTP background requests [FF82+]
* When attempting to upgrade, if the server doesn't respond within 3 seconds, Firefox sends
* a top-level HTTP request without path in order to check if the server supports HTTPS or not
@ -515,13 +530,13 @@ user_pref("privacy.userContext.ui.enabled", true);
/* 1702: set behavior on "+ Tab" button to display container menu on left click [FF74+]
* [NOTE] The menu is always shown on long press and right click
* [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/
// user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
// user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
/* 1703: set external links to open in site-specific containers [FF123+]
* [SETUP-WEB] Depending on your container extension(s) and their settings
* true=Firefox will not choose a container (so your extension can)
* false=Firefox will choose the container/no-container (default)
* [1] https://bugzilla.mozilla.org/1874599 ***/
// user_pref("browser.link.force_default_user_context_id_for_external_opens", true);
// user_pref("browser.link.force_default_user_context_id_for_external_opens", true);
/*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/
user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
@ -535,32 +550,38 @@ user_pref("media.peerconnection.ice.default_address_only", true);
/* 2004: force exclusion of private IPs from ICE candidates [FF51+]
* [SETUP-HARDEN] This will protect your private IP even in TRUSTED scenarios after you
* grant device access, but often results in breakage on video-conferencing platforms ***/
// user_pref("media.peerconnection.ice.no_host", true);
// user_pref("media.peerconnection.ice.no_host", true);
/* 2020: disable GMP (Gecko Media Plugins)
* [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
// user_pref("media.gmp-provider.enabled", false);
// user_pref("media.gmp-provider.enabled", false);
/*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/
user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
user_pref(
"_user.js.parrot",
"2400 syntax error: the parrot's kicked the bucket!"
);
/* 2402: prevent scripts from moving and resizing open windows ***/
user_pref("dom.disable_window_move_resize", true);
/*** [SECTION 2600]: MISCELLANEOUS ***/
user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
user_pref(
"_user.js.parrot",
"2600 syntax error: the parrot's run down the curtain!"
);
/* 2603: remove temp files opened from non-PB windows with an external application
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=302433,1738574 ***/
user_pref("browser.download.start_downloads_in_tmp_dir", true); // [FF102+]
user_pref("browser.helperApps.deleteTempFileOnExit", true);
/* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
user_pref("browser.uitour.enabled", false);
// user_pref("browser.uitour.url", ""); // Defense-in-depth
// user_pref("browser.uitour.url", ""); // Defense-in-depth
/* 2608: reset remote debugging to disabled
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/
user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
/* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+]
* 0 (default) or 1=allow, 2=block
* [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts ***/
// user_pref("permissions.default.shortcuts", 2);
// user_pref("permissions.default.shortcuts", 2);
/* 2616: remove special permissions for certain mozilla domains [FF35+]
* [1] resource://app/defaults/permissions ***/
user_pref("permissions.manager.defaultsUrl", "");
@ -616,16 +637,19 @@ user_pref("browser.download.always_ask_before_handling_new_types", true);
* [SETUP-CHROME] Breaks usage of files which are installed outside allowed directories
* [1] https://archive.is/DYjAM ***/
user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF]
// user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
// user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
/* 2661: disable bypassing 3rd party extension install prompts [FF82+]
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
user_pref("extensions.postDownloadThirdPartyPrompt", false);
/* 2662: disable webextension restrictions on certain mozilla domains (you also need 4503) [FF60+]
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
// user_pref("extensions.webextensions.restrictedDomains", "");
// user_pref("extensions.webextensions.restrictedDomains", "");
/*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/
user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
user_pref(
"_user.js.parrot",
"2700 syntax error: the parrot's joined the bleedin' choir invisible!"
);
/* 2701: enable ETP Strict Mode [FF86+]
* ETP Strict Mode enables Total Cookie Protection (TCP)
* [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of
@ -640,31 +664,34 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
* [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
* [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
* [3] https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
// user_pref("privacy.antitracking.enableWebcompat", false);
// user_pref("privacy.antitracking.enableWebcompat", false);
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
user_pref(
"_user.js.parrot",
"2800 syntax error: the parrot's bleedin' demised!"
);
/* 2810: enable Firefox to clear items on shutdown
* [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and
* via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815)
* via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815)
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS | v2 migration is FF128+ ***/
/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME]
* [NOTE] If "history" is true, downloads will also be cleared ***/
user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true]
user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true]
user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true]
// user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false]
// user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false]
// user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false]
// user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false]
/* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
* [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811)
* [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/
// user_pref("privacy.clearOnShutdown.openWindows", true);
// user_pref("privacy.clearOnShutdown.openWindows", true);
/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/
/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME]
@ -678,7 +705,7 @@ user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [F
* [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/
user_pref("privacy.clearOnShutdown.cookies", true); // Cookies
user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data
user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true]
user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Site Data, Active Logins [FF128+]
/** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/
@ -688,7 +715,7 @@ user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Sit
user_pref("privacy.clearSiteData.cache", true);
user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
// user_pref("privacy.clearSiteData.siteSettings", false);
// user_pref("privacy.clearSiteData.siteSettings", false);
/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS | clearHistory migration is FF128+ ***/
/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME]
@ -696,20 +723,20 @@ user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
* [NOTE] Regardless of what you set "downloads" to, as soon as the dialog
* for "Clear Recent History" is opened, it is synced to the same as "history"
* [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/
user_pref("privacy.cpd.cache", true); // [DEFAULT: true]
user_pref("privacy.cpd.cache", true); // [DEFAULT: true]
user_pref("privacy.clearHistory.cache", true);
user_pref("privacy.cpd.formdata", true); // [DEFAULT: true]
user_pref("privacy.cpd.history", true); // [DEFAULT: true]
// user_pref("privacy.cpd.downloads", true); // not used, see note above
user_pref("privacy.cpd.history", true); // [DEFAULT: true]
// user_pref("privacy.cpd.downloads", true); // not used, see note above
user_pref("privacy.clearHistory.historyFormDataAndDownloads", true);
user_pref("privacy.cpd.cookies", false);
user_pref("privacy.cpd.sessions", true); // [DEFAULT: true]
user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false]
user_pref("privacy.clearHistory.cookiesAndStorage", false);
// user_pref("privacy.cpd.openWindows", false); // Session Restore
// user_pref("privacy.cpd.passwords", false);
// user_pref("privacy.cpd.siteSettings", false);
// user_pref("privacy.clearHistory.siteSettings", false);
// user_pref("privacy.cpd.openWindows", false); // Session Restore
// user_pref("privacy.cpd.passwords", false);
// user_pref("privacy.cpd.siteSettings", false);
// user_pref("privacy.clearHistory.siteSettings", false);
/** SANITIZE MANUAL: TIMERANGE ***/
/* 2840: set "Time range to clear" for "Clear Data" (2820) and "Clear History" (2830)
@ -735,20 +762,20 @@ user_pref("privacy.sanitize.timeSpan", 0);
user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
/* 4001: enable FPP in PB mode [FF114+]
* [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/
// user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+]
// user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+]
/* 4002: set global FPP overrides [FF114+]
* uses "RFPTargets" [1] which despite the name these are not used by RFP
* e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone
* e.g. "-AllTargets,+CanvasRandomization,+JSDateTimeUTC" = no targets but do use FPP canvas and change timezone
* [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults
* [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/
// user_pref("privacy.fingerprintingProtection.overrides", "");
// user_pref("privacy.fingerprintingProtection.overrides", "");
/* 4003: set granular FPP overrides
* JSON format: e.g."[{\"firstPartyDomain\": \"netflix.com\", \"overrides\": \"-CanvasRandomization,-FrameRate,\"}]"
* [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults ***/
// user_pref("privacy.fingerprintingProtection.granularOverrides", "");
// user_pref("privacy.fingerprintingProtection.granularOverrides", "");
/* 4004: disable remote FPP overrides [FF127+] ***/
// user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false);
// user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false);
/*** [SECTION 4500]: OPTIONAL RFP (resistFingerprinting)
RFP overrides FPP (4000)
@ -810,13 +837,16 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
1787790 - normalize system fonts (FF128)
1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128)
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
user_pref(
"_user.js.parrot",
"4500 syntax error: the parrot's popped 'is clogs"
);
/* 4501: enable RFP
* [NOTE] pbmode applies if true and the original pref is false
* [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar.
* RFP also has a few side effects: mainly that timezone is GMT, and websites will prefer light theme ***/
// user_pref("privacy.resistFingerprinting", true); // [FF41+]
// user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+]
// user_pref("privacy.resistFingerprinting", true); // [FF41+]
// user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+]
/* 4502: set RFP new window size max rounded values [FF55+]
* [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen
* [1] https://bugzilla.mozilla.org/1330882 ***/
@ -835,10 +865,10 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
* [WARNING] DO NOT USE: the dimension pref is only meant for testing
* [1] https://bugzilla.mozilla.org/1407366
* [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/
// user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
// user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
/* 4505: disable RFP by domain [FF91+] ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
/* 4506: disable RFP spoof english prompt [FF59+]
* 0=prompt, 1=disabled, 2=enabled
* [NOTE] When changing from value 2, preferred languages ('intl.accept_languages') is not reset.
@ -860,12 +890,15 @@ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
* [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/
user_pref("browser.link.open_newwindow.restriction", 0);
/* 4520: disable WebGL (Web Graphics Library) ***/
// user_pref("webgl.disabled", true);
// user_pref("webgl.disabled", true);
/*** [SECTION 5000]: OPTIONAL OPSEC
Disk avoidance, application data isolation, eyeballs...
***/
user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow");
user_pref(
"_user.js.parrot",
"5000 syntax error: the parrot's taken 'is last bow"
);
/* 5001: start Firefox in PB (Private Browsing) mode
* [NOTE] In this mode all windows are "private windows" and the PB mode icon is not displayed
* [NOTE] The P in PB mode can be misleading: it means no "persistent" disk state such as history,
@ -876,82 +909,82 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
* [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode
* [1] https://wiki.mozilla.org/Private_Browsing
* [2] https://support.mozilla.org/kb/common-myths-about-private-browsing ***/
// user_pref("browser.privatebrowsing.autostart", true);
// user_pref("browser.privatebrowsing.autostart", true);
/* 5002: disable memory cache
* capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kibibytes ***/
// user_pref("browser.cache.memory.enable", false);
// user_pref("browser.cache.memory.capacity", 0);
// user_pref("browser.cache.memory.enable", false);
// user_pref("browser.cache.memory.capacity", 0);
/* 5003: disable saving passwords
* [NOTE] This does not clear any passwords already saved
* [SETTING] Privacy & Security>Logins and Passwords>Ask to save logins and passwords for websites ***/
// user_pref("signon.rememberSignons", false);
// user_pref("signon.rememberSignons", false);
/* 5004: disable permissions manager from writing to disk [FF41+] [RESTART]
* [NOTE] This means any permission changes are session only
* [1] https://bugzilla.mozilla.org/967812 ***/
// user_pref("permissions.memory_only", true); // [HIDDEN PREF]
// user_pref("permissions.memory_only", true); // [HIDDEN PREF]
/* 5005: disable intermediate certificate caching [FF41+] [RESTART]
* [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only.
* Saved logins and passwords are not available. Reset the pref and restart to return them ***/
// user_pref("security.nocertdb", true);
// user_pref("security.nocertdb", true);
/* 5006: disable favicons in history and bookmarks
* [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your
* actual history (and bookmarks) already do. Your history is more detailed, so
* control that instead; e.g. disable history, clear history on exit, use PB mode
* [NOTE] favicons.sqlite is sanitized on Firefox close ***/
// user_pref("browser.chrome.site_icons", false);
// user_pref("browser.chrome.site_icons", false);
/* 5007: exclude "Undo Closed Tabs" in Session Restore ***/
// user_pref("browser.sessionstore.max_tabs_undo", 0);
// user_pref("browser.sessionstore.max_tabs_undo", 0);
/* 5008: disable resuming session from crash
* [TEST] about:crashparent ***/
// user_pref("browser.sessionstore.resume_from_crash", false);
// user_pref("browser.sessionstore.resume_from_crash", false);
/* 5009: disable "open with" in download dialog [FF50+]
* Application data isolation [1]
* [1] https://bugzilla.mozilla.org/1281959 ***/
// user_pref("browser.download.forbid_open_with", true);
// user_pref("browser.download.forbid_open_with", true);
/* 5010: disable location bar suggestion types
* [SETTING] Search>Address Bar>When using the address bar, suggest ***/
// user_pref("browser.urlbar.suggest.history", false);
// user_pref("browser.urlbar.suggest.bookmark", false);
// user_pref("browser.urlbar.suggest.openpage", false);
// user_pref("browser.urlbar.suggest.topsites", false); // [FF78+]
// user_pref("browser.urlbar.suggest.history", false);
// user_pref("browser.urlbar.suggest.bookmark", false);
// user_pref("browser.urlbar.suggest.openpage", false);
// user_pref("browser.urlbar.suggest.topsites", false); // [FF78+]
/* 5011: disable location bar dropdown
* This value controls the total number of entries to appear in the location bar dropdown ***/
// user_pref("browser.urlbar.maxRichResults", 0);
// user_pref("browser.urlbar.maxRichResults", 0);
/* 5012: disable location bar autofill
* [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
// user_pref("browser.urlbar.autoFill", false);
// user_pref("browser.urlbar.autoFill", false);
/* 5013: disable browsing and download history
* [NOTE] We also clear history and downloads on exit (2811)
* [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/
// user_pref("places.history.enabled", false);
// user_pref("places.history.enabled", false);
/* 5014: disable Windows jumplist [WINDOWS] ***/
// user_pref("browser.taskbar.lists.enabled", false);
// user_pref("browser.taskbar.lists.frequent.enabled", false);
// user_pref("browser.taskbar.lists.recent.enabled", false);
// user_pref("browser.taskbar.lists.tasks.enabled", false);
// user_pref("browser.taskbar.lists.enabled", false);
// user_pref("browser.taskbar.lists.frequent.enabled", false);
// user_pref("browser.taskbar.lists.recent.enabled", false);
// user_pref("browser.taskbar.lists.tasks.enabled", false);
/* 5016: discourage downloading to desktop
* 0=desktop, 1=downloads (default), 2=custom
* [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/
// user_pref("browser.download.folderList", 2);
// user_pref("browser.download.folderList", 2);
/* 5017: disable Form Autofill
* If .supportedCountries includes your region (browser.search.region) and .supported
* is "detect" (default), then the UI will show. Stored data is not secure, uses JSON
* [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses
* [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/
// user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
// user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+]
// user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
// user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+]
/* 5018: limit events that can cause a pop-up ***/
// user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
// user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
/* 5019: disable page thumbnail collection ***/
// user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
// user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
/* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/
// user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
// user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
/* 5021: disable location bar using search
* Don't leak URL typos to a search engine, give an error message instead
* Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
* [NOTE] This does not affect explicit user action such as using search buttons in the
* dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) ***/
// user_pref("keyword.enabled", false);
// user_pref("keyword.enabled", false);
/*** [SECTION 5500]: OPTIONAL HARDENING
Not recommended. Overriding these can cause breakage and performance issues,
@ -960,27 +993,27 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
/* 5501: disable MathML (Mathematical Markup Language) [FF51+]
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mathml ***/
// user_pref("mathml.disabled", true); // 1173199
// user_pref("mathml.disabled", true); // 1173199
/* 5502: disable in-content SVG (Scalable Vector Graphics) [FF53+]
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+svg ***/
// user_pref("svg.disabled", true); // 1216893
// user_pref("svg.disabled", true); // 1216893
/* 5503: disable graphite
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite
* [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/
// user_pref("gfx.font_rendering.graphite.enabled", false);
// user_pref("gfx.font_rendering.graphite.enabled", false);
/* 5504: disable asm.js [FF22+]
* [1] http://asmjs.org/
* [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js
* [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/
// user_pref("javascript.options.asmjs", false);
// user_pref("javascript.options.asmjs", false);
/* 5505: disable Ion and baseline JIT to harden against JS exploits [RESTART]
* [NOTE] When both Ion and JIT are disabled, and trustedprincipals
* is enabled, then Ion can still be used by extensions (1599226)
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit
* [2] https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ ***/
// user_pref("javascript.options.ion", false);
// user_pref("javascript.options.baselinejit", false);
// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
// user_pref("javascript.options.ion", false);
// user_pref("javascript.options.baselinejit", false);
// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
/* 5506: disable WebAssembly [FF52+]
* Vulnerabilities [1] have increasingly been found, including those known and fixed
* in native programs years ago [2]. WASM has powerful low-level access, making
@ -989,16 +1022,16 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm
* [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
* [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
// user_pref("javascript.options.wasm", false);
// user_pref("javascript.options.wasm", false);
/* 5507: disable rendering of SVG OpenType fonts ***/
// user_pref("gfx.font_rendering.opentype_svg.enabled", false);
// user_pref("gfx.font_rendering.opentype_svg.enabled", false);
/* 5508: disable all DRM content (EME: Encryption Media Extension)
* Optionally hide the UI setting which also disables the DRM prompt
* [SETTING] General>DRM Content>Play DRM-controlled content
* [TEST] https://bitmovin.com/demos/drm
* [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
// user_pref("media.eme.enabled", false);
// user_pref("browser.eme.ui.enabled", false);
// user_pref("media.eme.enabled", false);
// user_pref("browser.eme.ui.enabled", false);
/* 5509: disable IPv6 if using a VPN
* This is an application level fallback. Disabling IPv6 is best done at an OS/network
* level, and/or configured properly in system wide VPN setups.
@ -1006,16 +1039,16 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
* [SETUP-WEB] PR_CONNECT_RESET_ERROR
* [TEST] https://ipleak.org/
* [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
// user_pref("network.dns.disableIPv6", true);
// user_pref("network.dns.disableIPv6", true);
/* 5510: control when to send a cross-origin referer
* 0=always (default), 1=only if base domains match, 2=only if hosts match
* [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/
// user_pref("network.http.referer.XOriginPolicy", 2);
// user_pref("network.http.referer.XOriginPolicy", 2);
/* 5511: set DoH bootstrap address [FF89+]
* Firefox uses the system DNS to initially resolve the IP address of your DoH server.
* When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox
* won't use the system DNS. If the IP doesn't match then DoH won't work ***/
// user_pref("network.trr.bootstrapAddr", "10.0.0.1"); // [HIDDEN PREF]
// user_pref("network.trr.bootstrapAddr", "10.0.0.1"); // [HIDDEN PREF]
/*** [SECTION 6000]: DON'T TOUCH ***/
user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@ -1047,24 +1080,27 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
* [WHY] https://support.mozilla.org/kb/quarantined-domains */
user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/
// user_pref("accessibility.force_disabled", "");
// user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
// user_pref("geo.provider.network.url", "");
// user_pref("geo.provider.network.logging.enabled", "");
// user_pref("geo.provider.use_gpsd", "");
// user_pref("network.protocol-handler.external.ms-windows-store", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
// user_pref("privacy.partition.serviceWorkers", "");
// user_pref("accessibility.force_disabled", "");
// user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
// user_pref("geo.provider.network.url", "");
// user_pref("geo.provider.network.logging.enabled", "");
// user_pref("geo.provider.use_gpsd", "");
// user_pref("network.protocol-handler.external.ms-windows-store", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
// user_pref("privacy.partition.serviceWorkers", "");
/*** [SECTION 7000]: DON'T BOTHER ***/
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
user_pref(
"_user.js.parrot",
"7000 syntax error: the parrot's pushing up daisies!"
);
/* 7001: disable APIs
* Location-Aware Browsing, Full Screen
* [WHY] The API state is easily fingerprintable.
* Geo is behind a prompt (7002). Full screen requires user interaction ***/
// user_pref("geo.enabled", false);
// user_pref("full-screen-api.enabled", false);
// user_pref("geo.enabled", false);
// user_pref("full-screen-api.enabled", false);
/* 7002: set default permissions
* Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
* 0=always ask (default), 1=allow, 2=block
@ -1072,145 +1108,160 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* exceptions as allow/block for frequently visited/annoying sites: i.e. not global
* [SETTING] to add site exceptions: Ctrl+I>Permissions>
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
// user_pref("permissions.default.geo", 0);
// user_pref("permissions.default.camera", 0);
// user_pref("permissions.default.microphone", 0);
// user_pref("permissions.default.desktop-notification", 0);
// user_pref("permissions.default.xr", 0); // Virtual Reality
// user_pref("permissions.default.geo", 0);
// user_pref("permissions.default.camera", 0);
// user_pref("permissions.default.microphone", 0);
// user_pref("permissions.default.desktop-notification", 0);
// user_pref("permissions.default.xr", 0); // Virtual Reality
/* 7003: disable non-modern cipher suites [1]
* [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks
* [1] https://browserleaks.com/ssl ***/
// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
// user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
// user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
/* 7004: control TLS versions
* [WHY] Passive fingerprinting and security ***/
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
// user_pref("security.tls.version.max", 4);
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
// user_pref("security.tls.version.max", 4);
/* 7005: disable SSL session IDs [FF36+]
* [WHY] Passive fingerprinting and perf costs. These are session-only
* and isolated with network partitioning (FF85+) and/or containers ***/
// user_pref("security.ssl.disable_session_identifiers", true);
// user_pref("security.ssl.disable_session_identifiers", true);
/* 7006: onions
* [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/
// user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
// user_pref("network.http.referer.hideOnionSource", true); // 1305144
// user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
// user_pref("network.http.referer.hideOnionSource", true); // 1305144
/* 7007: referers
* [WHY] Only cross-origin referers (1602, 5510) matter ***/
// user_pref("network.http.sendRefererHeader", 2);
// user_pref("network.http.referer.trimmingPolicy", 0);
// user_pref("network.http.sendRefererHeader", 2);
// user_pref("network.http.referer.trimmingPolicy", 0);
/* 7008: set the default Referrer Policy [FF59+]
* 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
* [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/
// user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2]
// user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
// user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2]
// user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
/* 7010: disable HTTP Alternative Services [FF37+]
* [WHY] Already isolated with network partitioning (FF85+) ***/
// user_pref("network.http.altsvc.enabled", false);
// user_pref("network.http.altsvc.enabled", false);
/* 7011: disable website control over browser right-click context menu
* [WHY] Just use Shift-Right-Click ***/
// user_pref("dom.event.contextmenu.enabled", false);
// user_pref("dom.event.contextmenu.enabled", false);
/* 7012: disable icon fonts (glyphs) and local fallback rendering
* [WHY] Breakage, font fallback is equivalency, also RFP
* [1] https://bugzilla.mozilla.org/789788
* [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/
// user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+]
// user_pref("gfx.downloadable_fonts.fallback_delay", -1);
// user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+]
// user_pref("gfx.downloadable_fonts.fallback_delay", -1);
/* 7013: disable Clipboard API
* [WHY] Fingerprintable. Breakage. Cut/copy/paste require user
* interaction, and paste is limited to focused editable fields ***/
// user_pref("dom.event.clipboardevents.enabled", false);
// user_pref("dom.event.clipboardevents.enabled", false);
/* 7014: disable System Add-on updates
* [WHY] It can compromise security. System addons ship with prefs, use those ***/
// user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
// user_pref("extensions.systemAddon.update.url", ""); // [FF44+]
// user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
// user_pref("extensions.systemAddon.update.url", ""); // [FF44+]
/* 7015: enable the DNT (Do Not Track) HTTP header
* [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/
// user_pref("privacy.donottrackheader.enabled", true);
// user_pref("privacy.donottrackheader.enabled", true);
/* 7016: customize ETP settings
* [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled
* [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/
// user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5]
// user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
// user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+]
// user_pref("privacy.query_stripping.enabled", true); // [FF101+]
// user_pref("privacy.trackingprotection.enabled", true);
// user_pref("privacy.trackingprotection.socialtracking.enabled", true);
// user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
// user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
// user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5]
// user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
// user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+]
// user_pref("privacy.query_stripping.enabled", true); // [FF101+]
// user_pref("privacy.trackingprotection.enabled", true);
// user_pref("privacy.trackingprotection.socialtracking.enabled", true);
// user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
// user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
/* 7017: disable service workers
* [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/
// user_pref("dom.serviceWorkers.enabled", false);
// user_pref("dom.serviceWorkers.enabled", false);
/* 7018: disable Web Notifications [FF22+]
* [WHY] Web Notifications are behind a prompt (7002)
* [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/
// user_pref("dom.webnotifications.enabled", false);
// user_pref("dom.webnotifications.enabled", false);
/* 7019: disable Push Notifications [FF44+]
* [WHY] Website "push" requires subscription, and the API is required for CRLite (1224)
* [NOTE] To remove all subscriptions, reset "dom.push.userAgentID"
* [1] https://support.mozilla.org/kb/push-notifications-firefox ***/
// user_pref("dom.push.enabled", false);
// user_pref("dom.push.enabled", false);
/* 7020: disable WebRTC (Web Real-Time Communication)
* [WHY] Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until
* required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access
* [TEST] https://browserleaks.com/webrtc
* [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ
* [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/
// user_pref("media.peerconnection.enabled", false);
// user_pref("media.peerconnection.enabled", false);
/* 7021: enable GPC (Global Privacy Control) in non-PB windows
* [WHY] Passive and active fingerprinting. Mostly redundant with Tracking Protection
* in ETP Strict (2701) and sanitizing on close (2800s) ***/
// user_pref("privacy.globalprivacycontrol.enabled", true);
// user_pref("privacy.globalprivacycontrol.enabled", true);
/*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING
[WHY] They are insufficient to help anti-fingerprinting and do more harm than good
[WARNING] DO NOT USE with RFP. RFP already covers these and they can interfere
***/
user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan");
user_pref(
"_user.js.parrot",
"8000 syntax error: the parrot's crossed the Jordan"
);
/* 8001: prefsCleaner: reset items useless for anti-fingerprinting ***/
// user_pref("browser.display.use_document_fonts", "");
// user_pref("browser.zoom.siteSpecific", "");
// user_pref("device.sensors.enabled", "");
// user_pref("dom.enable_performance", "");
// user_pref("dom.enable_resource_timing", "");
// user_pref("dom.gamepad.enabled", "");
// user_pref("dom.maxHardwareConcurrency", "");
// user_pref("dom.w3c_touch_events.enabled", "");
// user_pref("dom.webaudio.enabled", "");
// user_pref("font.system.whitelist", "");
// user_pref("general.appname.override", "");
// user_pref("general.appversion.override", "");
// user_pref("general.buildID.override", "");
// user_pref("general.oscpu.override", "");
// user_pref("general.platform.override", "");
// user_pref("general.useragent.override", "");
// user_pref("media.navigator.enabled", "");
// user_pref("media.ondevicechange.enabled", "");
// user_pref("media.video_stats.enabled", "");
// user_pref("media.webspeech.synth.enabled", "");
// user_pref("ui.use_standins_for_native_colors", "");
// user_pref("webgl.enable-debug-renderer-info", "");
// user_pref("browser.display.use_document_fonts", "");
// user_pref("browser.zoom.siteSpecific", "");
// user_pref("device.sensors.enabled", "");
// user_pref("dom.enable_performance", "");
// user_pref("dom.enable_resource_timing", "");
// user_pref("dom.gamepad.enabled", "");
// user_pref("dom.maxHardwareConcurrency", "");
// user_pref("dom.w3c_touch_events.enabled", "");
// user_pref("dom.webaudio.enabled", "");
// user_pref("font.system.whitelist", "");
// user_pref("general.appname.override", "");
// user_pref("general.appversion.override", "");
// user_pref("general.buildID.override", "");
// user_pref("general.oscpu.override", "");
// user_pref("general.platform.override", "");
// user_pref("general.useragent.override", "");
// user_pref("media.navigator.enabled", "");
// user_pref("media.ondevicechange.enabled", "");
// user_pref("media.video_stats.enabled", "");
// user_pref("media.webspeech.synth.enabled", "");
// user_pref("ui.use_standins_for_native_colors", "");
// user_pref("webgl.enable-debug-renderer-info", "");
/*** [SECTION 9000]: NON-PROJECT RELATED ***/
user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!");
user_pref(
"_user.js.parrot",
"9000 syntax error: the parrot's cashed in 'is chips!"
);
/* 9001: disable welcome notices ***/
user_pref("browser.startup.homepage_override.mstone", "ignore"); // [HIDDEN PREF]
/* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
user_pref(
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons",
false
);
user_pref(
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features",
false
);
/* 9004: disable search terms [FF110+]
* [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/
user_pref("browser.urlbar.showSearchTerms.enabled", false);
/*** [SECTION 9999]: DEPRECATED / RENAMED ***/
user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
user_pref(
"_user.js.parrot",
"9999 syntax error: the parrot's shuffled off 'is mortal coil!"
);
/* ESR115.x still uses all the following prefs
// [NOTE] replace the * with a slash in the line above to re-enable active ones
// FF116
@ -1280,4 +1331,7 @@ user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
// ***/
/* END: internal custom pref to test for syntax errors ***/
user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!");
user_pref(
"_user.js.parrot",
"SUCCESS: No no he's not dead, he's, he's restin'!"
);