From e28abc8748b938011b55e3e3d331b5d34ecaf1a4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 4 Aug 2021 20:29:49 +0000 Subject: [PATCH] more trimming/clarity work in progress, prototyping - 4604 - 1357733 is a duplicate of [1359076](https://bugzilla.mozilla.org/show_bug.cgi?id=1359076) which was non-stable -> [1462308](https://bugzilla.mozilla.org/show_bug.cgi?id=1462308) which I listed for now, where certain Sensor APIs were disabled in FF62+ - see [this](https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/62#APIs_2) - so swap 1357733 with 1462308 - remove tor ticket: it adds nothing: it just says, ooh, flip this pref - 4604: part two: we need to update what the threat is - added MDN Sensor API status page - I need to check but AFAIK, only orientation and motion is left: motion has some precision (that's the 1292751 bugzilla) - left in for now: the PoC - but 99% sure (see above bullet point) it doesn't apply anymore to FF - 4606: we don't need the tor issue: the FP info is listed in the description (USB device ID enumeration) - 4607: wicg is all we need - 4610: bugzilla adds nothing, it's just a reference to the pref being added, tor ticket also adds nothing: FPing issue is in description anyway, that's four more lines less noise --- user.js | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/user.js b/user.js index 47d5811..8830673 100644 --- a/user.js +++ b/user.js @@ -1500,8 +1500,8 @@ user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] /*** [SECTION 4600]: RFP ALTERNATIVES [WARNING] DO NOT USE - These are all covered by RFP and if used can interfere - These prefs are insufficient, can cause breakage, and will make you stand out + These are all covered by RFP and if used can interfere. These prefs are + insufficient on their own, can cause breakage, and will make you stand out ***/ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); /* 4601: spoof number of CPU cores [FF48+] ***/ @@ -1512,31 +1512,27 @@ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan * [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI ***/ // user_pref("dom.enable_performance", false); /* 4604: disable device sensor API - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758 - * [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ - * [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751 ***/ + * [1] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ + * [2] https://developer.mozilla.org/en-US/docs/Web/API/Sensor_APIs + * [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1462308,1292751 ***/ // user_pref("device.sensors.enabled", false); /* 4605: disable site specific zoom * Zoom levels affect screen res and are highly fingerprintable. This does not stop you using * zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs * and new windows are reset to default and only the current tab retains the current zoom ***/ // user_pref("browser.zoom.siteSpecific", false); -/* 4606: disable gamepad API - USB device ID enumeration - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023 ***/ +/* 4606: disable gamepad API to prevent USB device ID enumeration ***/ // user_pref("dom.gamepad.enabled", false); -/* 4607: disable giving away network info [FF31+] +/* 4607: disable Network Information API [FF31+] * e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none - * [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API - * [2] https://wicg.github.io/netinfo/ ***/ + * [1] https://wicg.github.io/netinfo/ ***/ // user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] /* 4608: disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API * [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API * [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis * [3] https://wiki.mozilla.org/HTML5_Speech_API ***/ // user_pref("media.webspeech.synth.enabled", false); -/* 4610: disable video statistics - JS performance fingerprinting [FF25+] - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757 - * [2] https://bugzilla.mozilla.org/654550 ***/ +/* 4610: disable video statistics to mitigate JS performance fingerprinting [FF25+] ***/ // user_pref("media.video_stats.enabled", false); /* 4611: disable touch events * 0=disabled, 1=enabled, 2=autodetect