From c21b9faefc0d99ab4f91836ceddc68a2a52ff9cb Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 14 Jun 2022 07:01:01 +0000 Subject: [PATCH 001/110] dom.storage.next_gen --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 1216e70..435bae7 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 12-June-2022 + Last updated: 14-June-2022 Instructions: - [optional] close Firefox and backup your profile @@ -35,6 +35,7 @@ /* 92-102 */ 'browser.urlbar.suggest.quicksuggest', // 95 'dom.securecontext.whitelist_onions', // 97 + 'dom.storage.next_gen', // 102 'network.http.spdy.enabled', // 100 'network.http.spdy.enabled.deps', 'network.http.spdy.enabled.http2', From 3fcc711c5acc24032fb9ee5d6b104f6dde0a2315 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 1 Jul 2022 02:42:16 +0000 Subject: [PATCH 002/110] network.cookie.lifetimePolicy https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 435bae7..e86dc4b 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 14-June-2022 + Last updated: 30-June-2022 Instructions: - [optional] close Firefox and backup your profile @@ -41,6 +41,7 @@ 'network.http.spdy.enabled.http2', 'network.http.spdy.websockets', 'layout.css.font-visibility.level', // 94 + 'network.cookie.lifetimePolicy', // 102 [technically removed in 104] 'security.csp.enable', // 99 'security.ssl3.rsa_des_ede3_sha', // 93 /* 79-91 */ From d466cf694e56265a325d3cf6c6248a6e596e60aa Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 1 Jul 2022 08:15:39 +0000 Subject: [PATCH 003/110] two password prefs https://bugzilla.mozilla.org/1767099 --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index e86dc4b..5db8b48 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 30-June-2022 + Last updated: 1-July-2022 Instructions: - [optional] close Firefox and backup your profile @@ -42,7 +42,9 @@ 'network.http.spdy.websockets', 'layout.css.font-visibility.level', // 94 'network.cookie.lifetimePolicy', // 102 [technically removed in 104] + 'security.ask_for_password', // 102 'security.csp.enable', // 99 + 'security.password_lifetime', // 102 'security.ssl3.rsa_des_ede3_sha', // 93 /* 79-91 */ 'browser.cache.offline.storage.enable', From ceacc9dd74086478d43ccf3a4f0bd5befda53a43 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 2 Jul 2022 00:43:25 +0000 Subject: [PATCH 004/110] v102 (#1477) --- user.js | 80 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 43 insertions(+), 37 deletions(-) diff --git a/user.js b/user.js index fdd7e63..f1f9355 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 12 June 2022 -* version: 101 +* date: 1 July 2022 +* version: 102 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -82,7 +82,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set startup page [SETUP-CHROME] * 0=blank, 1=home, 2=last visited page, 3=resume previous session - * [NOTE] Session Restore is cleared with history (2811, 2812), and not used in Private Browsing mode + * [NOTE] Session Restore is cleared with history (2811, 2820), and not used in Private Browsing mode * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page @@ -389,11 +389,6 @@ user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas ***/ user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!"); -/* 0901: set when Firefox should prompt for the primary password - * 0=once per session (default), 1=every time it's needed, 2=after n minutes (0902) ***/ -user_pref("security.ask_for_password", 2); -/* 0902: set how long in minutes Firefox should remember the primary password (0901) ***/ -user_pref("security.password_lifetime", 5); // [DEFAULT: 30] /* 0903: disable auto-filling username & password form fields * can leak in cross-site forms *and* be spoofed * [NOTE] Username & password is still available when you enter the field @@ -522,7 +517,7 @@ user_pref("security.mixed_content.block_display_content", true); * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions) * [TEST] http://example.com [upgrade] - * [TEST] http://neverssl.com/ [no upgrade] ***/ + * [TEST] http://httpforever.com/ [no upgrade] ***/ user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/ @@ -758,7 +753,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin user_pref("browser.contentblocking.category", "strict"); /* 2702: disable ETP web compat features [FF93+] * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants - * Opener Heuristics are granted for 30 days and Redirect Heuristics for 15 minutes, see [3] + * Opener and redirect heuristics are granted for 30 days, see [3] * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/ * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ @@ -768,26 +763,17 @@ user_pref("privacy.partition.serviceWorkers", true); /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); -/** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/ -/* 2801: delete cookies and site data on exit - * 0=keep until they expire (default), 2=keep until you close Firefox - * [NOTE] A "cookie" block permission also controls localStorage/sessionStorage, indexedDB, - * sharedWorkers and serviceWorkers. serviceWorkers require an "Allow" permission - * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed - * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ -user_pref("network.cookie.lifetimePolicy", 2); -/* 2802: delete cache on exit [FF96+] - * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust - * [1] https://bugzilla.mozilla.org/1671182 ***/ - // user_pref("privacy.clearsitedata.cache.enabled", true); - -/** SANITIZE ON SHUTDOWN : ALL OR NOTHING ***/ +/** SANITIZE ON SHUTDOWN: ALLOWS COOKIES + SITE DATA EXCEPTIONS FF102+ ***/ /* 2810: enable Firefox to clear items on shutdown (2811) - * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ + * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note in 2811). + * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for + * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) + * [WARNING] Be selective with what cookies you keep, as they also disable partitioning (1767271) + * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question) + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * These items do not use exceptions, it is all or nothing (1681701) * [NOTE] If "history" is true, downloads will also be cleared * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) @@ -798,10 +784,16 @@ user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT: false] -user_pref("privacy.clearOnShutdown.cookies", false); +user_pref("privacy.clearOnShutdown.offlineApps", true); +user_pref("privacy.clearOnShutdown.cookies", true); // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] -/* 2812: reset default items to clear with Ctrl-Shift-Del (to match 2811) [SETUP-CHROME] +/* 2812: delete cache on exit [FF96+] + * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust + * [1] https://bugzilla.mozilla.org/1671182 ***/ + // user_pref("privacy.clearsitedata.cache.enabled", true); + +/** SANITIZE MANUAL: ALL OR NOTHING ***/ +/* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME] * This dialog can also be accessed from the menu History>Clear Recent History * Firefox remembers your last choices. This will reset them when you start Firefox * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog @@ -815,13 +807,13 @@ user_pref("privacy.cpd.cookies", false); // user_pref("privacy.cpd.downloads", true); // not used, see note above // user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] not listed // user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false] -/* 2813: clear Session Restore data when sanitizing on shutdown or manually [FF34+] +/* 2821: clear Session Restore data when sanitizing on shutdown or manually [FF34+] * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) * [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); -/* 2814: reset default "Time range to clear" for "Clear Recent History" (2812) +/* 2822: reset default "Time range to clear" for "Clear Recent History" (2820) * Firefox remembers your last choice. This will reset the value when you start Firefox * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown, @@ -841,7 +833,6 @@ user_pref("privacy.sanitize.timeSpan", 0); FF53: fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044) 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) - 1217238 - reduce precision of time exposed by javascript (FF55) FF56 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API @@ -883,6 +874,7 @@ user_pref("privacy.sanitize.timeSpan", 0); FF91+ 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) + 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was capped at 100ms) (FF102) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -975,7 +967,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow /* 5005: disable intermediate certificate caching [FF41+] [RESTART] * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them ***/ - // user_pref("security.nocertdb", true); // [HIDDEN PREF] + // user_pref("security.nocertdb", true); // [HIDDEN PREF in FF101 or lower] /* 5006: disable favicons in history and bookmarks * [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your * actual history (and bookmarks) already do. Your history is more detailed, so @@ -1068,8 +1060,6 @@ user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] /* 6004: enforce a security delay on some confirmation dialogs such as install, open/save * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] -/* 6007: enforce Local Storage Next Generation (LSNG) [FF65+] ***/ -user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] /* 6008: enforce no First Party Isolation [FF51+] * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), * and enabling FPI disables those. FPI is no longer maintained ***/ @@ -1142,7 +1132,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7005: disable SSL session IDs [FF36+] * [WHY] Passive fingerprinting and perf costs. These are session-only * and isolated with network partitioning (FF85+) and/or containers ***/ - // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] + // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF in FF101 or lower] /* 7006: onions * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 @@ -1342,6 +1332,22 @@ user_pref("security.csp.enable", true); // [DEFAULT: true] // user_pref("network.http.spdy.enabled.deps", false); // user_pref("network.http.spdy.enabled.http2", false); // user_pref("network.http.spdy.websockets", false); // [FF65+] +// FF102 + // 0901: set when Firefox should prompt for the primary password + // 0=once per session (default), 1=every time it's needed, 2=after n minutes (0902) + // [-] https://bugzilla.mozilla.org/1767099 +user_pref("security.ask_for_password", 2); + // 0902: set how long in minutes Firefox should remember the primary password (0901) + // [-] https://bugzilla.mozilla.org/1767099 +user_pref("security.password_lifetime", 5); // [DEFAULT: 30] + // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) + // 0=keep until they expire (default), 2=keep until you close Firefox + // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665 +user_pref("network.cookie.lifetimePolicy", 2); + // 6007: enforce Local Storage Next Generation (LSNG) [FF65+] + // [-] https://bugzilla.mozilla.org/1764696 +user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] // ***/ /* END: internal custom pref to test for syntax errors ***/ From c6ab6c4b4895d533c872085ebb6f3b6c78627d80 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Jul 2022 10:38:43 +0000 Subject: [PATCH 005/110] v102.1 (#1507) revert back to relying on network.cookie.lifetimePolicy --- user.js | 63 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/user.js b/user.js index f1f9355..43a44f5 100644 --- a/user.js +++ b/user.js @@ -1,6 +1,6 @@ /****** * name: arkenfox user.js -* date: 1 July 2022 +* date: 18 July 2022 * version: 102 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -333,7 +333,7 @@ user_pref("keyword.enabled", false); * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't * intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack), * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/ -user_pref("browser.fixup.alternate.enabled", false); +user_pref("browser.fixup.alternate.enabled", false); // [DEFAULT: false FF104+] /* 0804: disable live search suggestions * [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine @@ -493,11 +493,10 @@ user_pref("security.OCSP.require", true); * 2=detect Family Safety mode and import the root * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/ user_pref("security.family_safety.mode", 0); -/* 1223: enable strict pinning - * PKP (Public Key Pinning) 0=disabled, 1=allow user MiTM (such as your antivirus), 2=strict - * [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing - * by inspecting ALL your web traffic, then leave at current default=1 - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ +/* 1223: enable strict PKP (Public Key Pinning) + * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict + * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE: If you rely on an AV (antivirus) to protect + * your web browsing by inspecting ALL your web traffic, then override to current default ***/ user_pref("security.cert_pinning.enforcement_level", 2); /* 1224: enable CRLite [FF73+] * 0 = disabled @@ -763,17 +762,26 @@ user_pref("privacy.partition.serviceWorkers", true); /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); -/** SANITIZE ON SHUTDOWN: ALLOWS COOKIES + SITE DATA EXCEPTIONS FF102+ ***/ -/* 2810: enable Firefox to clear items on shutdown (2811) - * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note in 2811). - * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for - * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) - * [WARNING] Be selective with what cookies you keep, as they also disable partitioning (1767271) - * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes - * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question) +/** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/ +/* 2801: delete cookies and site data on exit + * 0=keep until they expire (default), 2=keep until you close Firefox + * [NOTE] A "cookie" block permission also controls localStorage/sessionStorage, indexedDB, + * sharedWorkers and serviceWorkers. serviceWorkers require an "Allow" permission + * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ +user_pref("network.cookie.lifetimePolicy", 2); +/* 2802: delete cache on exit [FF96+] + * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust + * [1] https://bugzilla.mozilla.org/1671182 ***/ + // user_pref("privacy.clearsitedata.cache.enabled", true); + +/** SANITIZE ON SHUTDOWN : ALL OR NOTHING ***/ +/* 2810: enable Firefox to clear items on shutdown (2811) + * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); /* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] + * These items do not use exceptions, it is all or nothing (1681701) * [NOTE] If "history" is true, downloads will also be cleared * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) @@ -784,13 +792,9 @@ user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.offlineApps", true); -user_pref("privacy.clearOnShutdown.cookies", true); - // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] -/* 2812: delete cache on exit [FF96+] - * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust - * [1] https://bugzilla.mozilla.org/1671182 ***/ - // user_pref("privacy.clearsitedata.cache.enabled", true); +user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT: false] +user_pref("privacy.clearOnShutdown.cookies", false); + // user_pref("privacy.clearOnShutdown.siteSettings", false); /** SANITIZE MANUAL: ALL OR NOTHING ***/ /* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME] @@ -805,12 +809,11 @@ user_pref("privacy.cpd.sessions", true); // [DEFAULT: true] user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false] user_pref("privacy.cpd.cookies", false); // user_pref("privacy.cpd.downloads", true); // not used, see note above - // user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] not listed - // user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false] + // user_pref("privacy.cpd.passwords", false); + // user_pref("privacy.cpd.siteSettings", false); /* 2821: clear Session Restore data when sanitizing on shutdown or manually [FF34+] * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) - * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) - * [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/ + * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); // user_pref("privacy.cpd.openWindows", true); /* 2822: reset default "Time range to clear" for "Clear Recent History" (2820) @@ -976,7 +979,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("browser.chrome.site_icons", false); /* 5007: exclude "Undo Closed Tabs" in Session Restore ***/ // user_pref("browser.sessionstore.max_tabs_undo", 0); -/* 5008: disable resuming session from crash ***/ +/* 5008: disable resuming session from crash + * [TEST] about:crashparent ***/ // user_pref("browser.sessionstore.resume_from_crash", false); /* 5009: disable "open with" in download dialog [FF50+] * Application data isolation [1] @@ -1340,11 +1344,6 @@ user_pref("security.ask_for_password", 2); // 0902: set how long in minutes Firefox should remember the primary password (0901) // [-] https://bugzilla.mozilla.org/1767099 user_pref("security.password_lifetime", 5); // [DEFAULT: 30] - // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) - // 0=keep until they expire (default), 2=keep until you close Firefox - // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665 -user_pref("network.cookie.lifetimePolicy", 2); // 6007: enforce Local Storage Next Generation (LSNG) [FF65+] // [-] https://bugzilla.mozilla.org/1764696 user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] From a5e75c4bd3b23ea6537d1d6cbb488e6e95c06ecc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Jul 2022 11:27:05 +0000 Subject: [PATCH 006/110] fixup network.cookie.lifetimePolicy migration code was backed out in FF102.1 --- scratchpad-scripts/arkenfox-cleanup.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 5db8b48..0dce2a9 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 1-July-2022 + Last updated: 18-July-2022 Instructions: - [optional] close Firefox and backup your profile @@ -32,6 +32,8 @@ const aPREFS = [ /* DEPRECATED */ + /* 103+ */ + 'network.cookie.lifetimePolicy', // 103 [technically removed in 104] /* 92-102 */ 'browser.urlbar.suggest.quicksuggest', // 95 'dom.securecontext.whitelist_onions', // 97 @@ -41,7 +43,6 @@ 'network.http.spdy.enabled.http2', 'network.http.spdy.websockets', 'layout.css.font-visibility.level', // 94 - 'network.cookie.lifetimePolicy', // 102 [technically removed in 104] 'security.ask_for_password', // 102 'security.csp.enable', // 99 'security.password_lifetime', // 102 From 4b4248157a400200387cb521606c90f1fb6ebe2f Mon Sep 17 00:00:00 2001 From: Brad Smith Date: Sun, 24 Jul 2022 09:10:06 -0400 Subject: [PATCH 007/110] make updater.sh check explicitly for Y/y instead of N/n (#1511) thanks @infinitewarp --- updater.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/updater.sh b/updater.sh index 74f378c..b36cc2a 100755 --- a/updater.sh +++ b/updater.sh @@ -2,9 +2,9 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.4 +## version: 3.5 ## Author: Pat Johnson (@overdodactyl) -## Additional contributors: @earthlng, @ema-pe, @claustromaniac +## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() ) @@ -195,7 +195,7 @@ update_updater() { echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" read -p "" -n 1 -r echo -e "\n\n" - [[ $REPLY =~ ^[Nn]$ ]] && return 0 # Update available, but user chooses not to update + ! [[ $REPLY =~ ^[Yy]$ ]] && return 0 # Update available, but user chooses not to update fi else return 0 # No update available @@ -253,7 +253,7 @@ update_userjs() { echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}" read -p "" -n 1 -r echo -e "\n" - if [[ $REPLY =~ ^[Nn]$ ]]; then + if ! [[ $REPLY =~ ^[Yy]$ ]]; then echo -e "${RED}Process aborted${NC}" rm "$newfile" return 1 From 996881aef184246a011ac29382e91d634cda7b65 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 24 Jul 2022 13:11:28 +0000 Subject: [PATCH 008/110] Update updater.sh --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index b36cc2a..bf275c5 100755 --- a/updater.sh +++ b/updater.sh @@ -195,10 +195,10 @@ update_updater() { echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" read -p "" -n 1 -r echo -e "\n\n" - ! [[ $REPLY =~ ^[Yy]$ ]] && return 0 # Update available, but user chooses not to update + [[ $REPLY =~ ^[Yy]$ ]] || return 0 # Update available, but user chooses not to update fi else - return 0 # No update available + return 0 # No update available fi mv "${tmpfile}" "$SCRIPT_FILE" chmod u+x "$SCRIPT_FILE" From ded7c01a08c296cf27a1b7c39d1abc66d7f6e046 Mon Sep 17 00:00:00 2001 From: xfzv <78810647+xfzv@users.noreply.github.com> Date: Sat, 30 Jul 2022 12:22:32 +0000 Subject: [PATCH 009/110] Back up prefs.js to `prefsjs_backups` directory (#1514) --- prefsCleaner.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 7db9ef0..e83c2fd 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -69,7 +69,8 @@ fStart() { fi fFF_check - bakfile="prefs.js.backup.$(date +"%Y-%m-%d_%H%M")" + mkdir -p prefsjs_backups + bakfile="prefsjs_backups/prefs.js.backup.$(date +"%Y-%m-%d_%H%M")" mv prefs.js "${bakfile}" || fQuit 1 "Operation aborted.\nReason: Could not create backup file $bakfile" echo -e "\nprefs.js backed up: $bakfile" echo "Cleaning prefs.js..." From ecb63e82c9e6ec1d0b027e9b3d583b3ab3a5e368 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 30 Jul 2022 12:23:27 +0000 Subject: [PATCH 010/110] Update prefsCleaner.sh --- prefsCleaner.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index e83c2fd..da2cfe9 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.4 +## version: 1.5 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -82,7 +82,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.4 ║" +echo " ║ v1.5 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 6e53e841f78c512f4d1eedb6a2409df746eea979 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 31 Jul 2022 10:50:24 +0000 Subject: [PATCH 011/110] security.pki.sha1_enforcement_level --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 0dce2a9..e3fafda 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 18-July-2022 + Last updated: 31-August-2022 Instructions: - [optional] close Firefox and backup your profile @@ -34,6 +34,7 @@ /* DEPRECATED */ /* 103+ */ 'network.cookie.lifetimePolicy', // 103 [technically removed in 104] + 'security.pki.sha1_enforcement_level', // 103 /* 92-102 */ 'browser.urlbar.suggest.quicksuggest', // 95 'dom.securecontext.whitelist_onions', // 97 From 0dba33688fe468aca9b58c60910201afb3b89f60 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 17 Aug 2022 19:24:38 +0000 Subject: [PATCH 012/110] v103 (#1508) --- user.js | 113 ++++++++++++++++++++++++++++++-------------------------- 1 file changed, 61 insertions(+), 52 deletions(-) diff --git a/user.js b/user.js index 43a44f5..8ae66eb 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 18 July 2022 -* version: 102 +* date: 18 August 2022 +* version: 103 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -30,8 +30,9 @@ * It is best to use the arkenfox release that is optimized for and matches your Firefox version * EVERYONE: each release - run prefsCleaner to reset prefs made inactive, including deprecated (9999s) - ESR91 - - If you are not using arkenfox v91... (not a definitive list) + ESR102 + - If you are not using arkenfox v102-1... (not a definitive list) + - 2815: clearOnShutdown cookies + offlineApps should be false - 9999: switch the appropriate deprecated section(s) back on * INDEX: @@ -82,7 +83,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set startup page [SETUP-CHROME] * 0=blank, 1=home, 2=last visited page, 3=resume previous session - * [NOTE] Session Restore is cleared with history (2811, 2820), and not used in Private Browsing mode + * [NOTE] Session Restore is cleared with history (2811), and not used in Private Browsing mode * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page @@ -119,6 +120,7 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] user_pref("geo.provider.use_gpsd", false); // [LINUX] +user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] /* 0203: disable region updates * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ user_pref("browser.region.network.url", ""); // [FF78+] @@ -219,6 +221,7 @@ user_pref("network.connectivity-service.enabled", false); [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ [2] https://wiki.mozilla.org/Security/Safe_Browsing [3] https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work + [4] https://educatedguesswork.org/posts/safe-browsing-privacy/ ***/ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); /* 0401: disable SB (Safe Browsing) @@ -344,9 +347,9 @@ user_pref("browser.urlbar.suggest.searches", false); * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0806: disable location bar leaking single words to a DNS provider **after searching** [FF78+] - * 0=never resolve single words, 1=heuristic (default), 2=always resolve + * 0=never resolve, 1=use heuristics, 2=always resolve * [1] https://bugzilla.mozilla.org/1642623 ***/ -user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); +user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [DEFAULT: 0 FF104+] /* 0807: disable location bar contextual suggestions [FF92+] * [SETTING] Privacy & Security>Address Bar>Suggestions from... * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ @@ -622,17 +625,6 @@ user_pref("media.peerconnection.ice.default_address_only", true); * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); // user_pref("browser.eme.ui.enabled", false); -/* 2030: disable autoplay of HTML5 media [FF63+] - * 0=Allow all, 1=Block non-muted media (default), 5=Block all - * [NOTE] You can set exceptions under site permissions - * [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites ***/ - // user_pref("media.autoplay.default", 5); -/* 2031: disable autoplay of HTML5 media if you interacted with the site [FF78+] - * 0=sticky (default), 1=transient, 2=user - * Firefox's Autoplay Policy Documentation (PDF) is linked below via SUMO - * [NOTE] If you have trouble with some video sites, then add an exception (2030) - * [1] https://support.mozilla.org/questions/1293231 ***/ -user_pref("media.autoplay.blocking_policy", 2); /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); @@ -762,41 +754,43 @@ user_pref("privacy.partition.serviceWorkers", true); /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); -/** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/ -/* 2801: delete cookies and site data on exit - * 0=keep until they expire (default), 2=keep until you close Firefox - * [NOTE] A "cookie" block permission also controls localStorage/sessionStorage, indexedDB, - * sharedWorkers and serviceWorkers. serviceWorkers require an "Allow" permission - * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed - * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ -user_pref("network.cookie.lifetimePolicy", 2); -/* 2802: delete cache on exit [FF96+] - * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust - * [1] https://bugzilla.mozilla.org/1671182 ***/ - // user_pref("privacy.clearsitedata.cache.enabled", true); - -/** SANITIZE ON SHUTDOWN : ALL OR NOTHING ***/ -/* 2810: enable Firefox to clear items on shutdown (2811) - * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes ***/ +/* 2810: enable Firefox to clear items on shutdown + * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); + +/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/ /* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * These items do not use exceptions, it is all or nothing (1681701) * [NOTE] If "history" is true, downloads will also be cleared * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies - * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) - * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT: false] -user_pref("privacy.clearOnShutdown.cookies", false); - // user_pref("privacy.clearOnShutdown.siteSettings", false); + // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] +/* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+] + * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) + * [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/ + // user_pref("privacy.clearOnShutdown.openWindows", true); -/** SANITIZE MANUAL: ALL OR NOTHING ***/ +/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ ***/ +/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] + * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below). + * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for + * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) + * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) + * [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271) + * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question) + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ +user_pref("privacy.clearOnShutdown.cookies", true); // Cookies +user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data +/* 2816: set cache to clear on exit [FF96+] + * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust + * [1] https://bugzilla.mozilla.org/1671182 ***/ + // user_pref("privacy.clearsitedata.cache.enabled", true); + +/** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/ /* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME] * This dialog can also be accessed from the menu History>Clear Recent History * Firefox remembers your last choices. This will reset them when you start Firefox @@ -809,13 +803,9 @@ user_pref("privacy.cpd.sessions", true); // [DEFAULT: true] user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false] user_pref("privacy.cpd.cookies", false); // user_pref("privacy.cpd.downloads", true); // not used, see note above + // user_pref("privacy.cpd.openWindows", false); // Session Restore // user_pref("privacy.cpd.passwords", false); // user_pref("privacy.cpd.siteSettings", false); -/* 2821: clear Session Restore data when sanitizing on shutdown or manually [FF34+] - * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) - * [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) ***/ - // user_pref("privacy.clearOnShutdown.openWindows", true); - // user_pref("privacy.cpd.openWindows", true); /* 2822: reset default "Time range to clear" for "Clear Recent History" (2820) * Firefox remembers your last choice. This will reset the value when you start Firefox * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today @@ -918,7 +908,7 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] user_pref("browser.startup.blankWindow", false); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ -user_pref("browser.display.use_system_colors", false); // [DEFAULT false NON-WINDOWS] +user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] /* 4511: enforce non-native widget theme * Security: removes/reduces system API calls, e.g. win32k API [1] * Fingerprinting: provides a uniform look and feel across platforms [2] @@ -1080,8 +1070,6 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla * [WHY] To prevent wasting Mozilla's time with a custom setup ***/ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] -/* 6012: disable SHA-1 certificates ***/ -user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1 FF102+] /* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/ // user_pref("browser.urlbar.trimURLs", ""); // user_pref("dom.caches.enabled", ""); @@ -1176,7 +1164,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.donottrackheader.enabled", true); /* 7016: customize ETP settings * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/ - // user_pref("network.cookie.cookieBehavior", 5); + // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5 FF103+] // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] // user_pref("privacy.partition.network_state.ocsp_cache", true); @@ -1242,7 +1230,7 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("startup.homepage_welcome_url.additional", ""); // user_pref("startup.homepage_override_url", ""); // What's New page after updates /* WARNINGS ***/ - // user_pref("browser.tabs.warnOnClose", false); // [DEFAULT false FF94+] + // user_pref("browser.tabs.warnOnClose", false); // [DEFAULT: false FF94+] // user_pref("browser.tabs.warnOnCloseOtherTabs", false); // user_pref("browser.tabs.warnOnOpen", false); // user_pref("browser.warnOnQuitShortcut", false); // [FF94+] @@ -1269,6 +1257,14 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line +/* HTML5 MEDIA AUTOPLAY ***/ + // [NOTE] You can set exceptions under site permissions + // user_pref("media.autoplay.default", 5); // [FF63+] + // 0=Allow all, 1=Block non-muted media (default), 5=Block all + // [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites + // user_pref("media.autoplay.blocking_policy", 2); // disable autoplay if you interacted with the site [FF78+] + // 0=sticky (default), 1=transient, 2=user + // [1] https://support.mozilla.org/questions/1293231 // links to Autoplay Policy Documentation (PDF) /* UX BEHAVIOR ***/ // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing // user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+] @@ -1349,5 +1345,18 @@ user_pref("security.password_lifetime", 5); // [DEFAULT: 30] user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] // ***/ +/* ESR102.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable them +// FF103 + // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) + // 0=keep until they expire (default), 2=keep until you close Firefox + // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665 +user_pref("network.cookie.lifetimePolicy", 2); +// 6012: disable SHA-1 certificates + // [-] https://bugzilla.mozilla.org/1766687 +user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1 FF102+] +// ***/ + /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From 05abe82136a02b33c3eb71c47577d7bc5f375b58 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 18 Aug 2022 20:12:42 +0000 Subject: [PATCH 013/110] v105 partition SWers by default: https://bugzilla.mozilla.org/show_bug.cgi?id=1784900 --- user.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user.js b/user.js index 8ae66eb..4c00428 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 18 August 2022 -* version: 103 +* date: 30 August 2022 +* version: 104 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -750,7 +750,7 @@ user_pref("browser.contentblocking.category", "strict"); * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ // user_pref("privacy.antitracking.enableWebcompat", false); /* 2710: enable state partitioning of service workers [FF96+] ***/ -user_pref("privacy.partition.serviceWorkers", true); +user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); From 848290898da60d64dfaeb804228bb5528364042d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 22 Aug 2022 16:02:07 +0000 Subject: [PATCH 014/110] svg opentype fonts -> optional, see #1529 --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 4c00428..7091d41 100644 --- a/user.js +++ b/user.js @@ -549,8 +549,6 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true); /*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); -/* 1401: disable rendering of SVG OpenType fonts ***/ -user_pref("gfx.font_rendering.opentype_svg.enabled", false); /* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed * In normal windows: uses the first applicable: RFP (4506) over TP over Standard @@ -1041,6 +1039,8 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ // user_pref("javascript.options.wasm", false); +/* 5507: disable rendering of SVG OpenType fonts ***/ + // user_pref("gfx.font_rendering.opentype_svg.enabled", false); /*** [SECTION 6000]: DON'T TOUCH ***/ user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); From ff8d63f7e428462e0864ca1c20740e8631f96437 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Aug 2022 16:42:32 +0000 Subject: [PATCH 015/110] remove dead prefs https://bugzilla.mozilla.org/show_bug.cgi?id=1745248 - they migrated to `.supported` prefs (values detect or off) --- user.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 7091d41..0aedc06 100644 --- a/user.js +++ b/user.js @@ -372,8 +372,6 @@ user_pref("browser.formfill.enable", false); * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] -user_pref("extensions.formautofill.available", "off"); // [FF56+] -user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /* 0820: disable coloring of visited links @@ -1083,6 +1081,9 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("privacy.firstparty.isolate.use_site", ""); // user_pref("privacy.window.name.update.enabled", ""); // user_pref("security.insecure_connection_text.enabled", ""); +/* 6051: prefsCleaner: reset items removed from arkenfox FF102+ ***/ + // user_pref("extensions.formautofill.available", "off"); // [FF56+] + // user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); From 2b2e151f45b372bc99ef7cdffe86fa1fe6f24298 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Aug 2022 16:52:38 +0000 Subject: [PATCH 016/110] extensions.formautofill https://bugzilla.mozilla.org/1745248 - migrated to .supported in FF99 --- scratchpad-scripts/arkenfox-cleanup.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index e3fafda..b430f20 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 31-August-2022 + Last updated: 23-August-2022 Instructions: - [optional] close Firefox and backup your profile @@ -237,6 +237,9 @@ 'toolkit.telemetry.unifiedIsOptIn', /* REMOVED */ + /* 103+ */ + 'extensions.formautofill.available', + 'extensions.formautofill.creditCards.available', /* 92-102 */ 'browser.urlbar.trimURLs', 'dom.caches.enabled', From 61f01f81fdc57846012001009cba603928f62e75 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Aug 2022 16:53:27 +0000 Subject: [PATCH 017/110] tidy --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 0aedc06..85b642c 100644 --- a/user.js +++ b/user.js @@ -1082,8 +1082,8 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("privacy.window.name.update.enabled", ""); // user_pref("security.insecure_connection_text.enabled", ""); /* 6051: prefsCleaner: reset items removed from arkenfox FF102+ ***/ - // user_pref("extensions.formautofill.available", "off"); // [FF56+] - // user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] + // user_pref("extensions.formautofill.available", ""); + // user_pref("extensions.formautofill.creditCards.available", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); From d040b95ed293548cbdff13c0c10367807ac0ec30 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Aug 2022 17:29:47 +0000 Subject: [PATCH 018/110] also reset the prefs migrated to .supported also hides/shows the UI. There is no need for this, it is overkill (and users might never be able to work out how to get them back). The .enabled prefs are enough to toggle the checkboxes IF they show based on .supportedCountries (which relies on browser.search.region) --- user.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user.js b/user.js index 85b642c..bf3df89 100644 --- a/user.js +++ b/user.js @@ -1083,7 +1083,9 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("security.insecure_connection_text.enabled", ""); /* 6051: prefsCleaner: reset items removed from arkenfox FF102+ ***/ // user_pref("extensions.formautofill.available", ""); + // user_pref("extensions.formautofill.addresses.supported", ""); // user_pref("extensions.formautofill.creditCards.available", ""); + // user_pref("extensions.formautofill.creditCards.supported", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); From 06bfef8fd155fdf62e409c30cd1d68572f0c8b41 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Aug 2022 17:33:55 +0000 Subject: [PATCH 019/110] extensions.formautofill add migrated prefs for completeness - see comment in https://github.com/arkenfox/user.js/commit/d040b95ed293548cbdff13c0c10367807ac0ec30 --- scratchpad-scripts/arkenfox-cleanup.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index b430f20..1d2b1f0 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -239,7 +239,9 @@ /* REMOVED */ /* 103+ */ 'extensions.formautofill.available', + 'extensions.formautofill.addresses.supported', 'extensions.formautofill.creditCards.available', + 'extensions.formautofill.creditCards.supported', /* 92-102 */ 'browser.urlbar.trimURLs', 'dom.caches.enabled', From 5780b6d19750b165e42d4c7e698337eeea8bfa97 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 23 Aug 2022 17:51:35 +0000 Subject: [PATCH 020/110] move Form Autofill to 5000s --- user.js | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/user.js b/user.js index bf3df89..7f16d55 100644 --- a/user.js +++ b/user.js @@ -366,14 +366,6 @@ user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ user_pref("browser.formfill.enable", false); -/* 0811: disable Form Autofill - * [NOTE] Stored data is NOT secure (uses a JSON file) - * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes - * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses - * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ -user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] -user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] -user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /* 0820: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing @@ -999,6 +991,15 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow * 0=desktop, 1=downloads (default), 2=last used * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ // user_pref("browser.download.folderList", 2); +/* 5017: disable Form Autofill + * If .supportedCountries includes your region (browser.search.region) and .supported + * is "detect" (default), then the UI will show. Stored data is not secure, uses JSON + * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes + * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses + * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ + // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] + // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] + // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /*** [SECTION 5500]: OPTIONAL HARDENING Not recommended. Overriding these can cause breakage and performance issues, From 74be763f6065c9df00918a7ebe8fec5f6b3a8563 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 24 Aug 2022 05:53:46 +0000 Subject: [PATCH 021/110] add OCSP hard-fail error code --- user.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index 7f16d55..7dd0812 100644 --- a/user.js +++ b/user.js @@ -470,7 +470,8 @@ user_pref("security.tls.enable_0rtt_data", false); * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers... * [1] https://en.wikipedia.org/wiki/Ocsp ***/ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] -/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB] +/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail + * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it From e38f02bc22e15e2e90bc50a413e4fd68c43a0640 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 28 Aug 2022 00:31:59 +0000 Subject: [PATCH 022/110] add extra bugzilla --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 7dd0812..f2e931f 100644 --- a/user.js +++ b/user.js @@ -1356,7 +1356,7 @@ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) // 0=keep until they expire (default), 2=keep until you close Firefox // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665 + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761 user_pref("network.cookie.lifetimePolicy", 2); // 6012: disable SHA-1 certificates // [-] https://bugzilla.mozilla.org/1766687 From 3c73bc1e56e94d025edb732e34fc169bb5ab3e94 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 11 Sep 2022 02:39:08 +0000 Subject: [PATCH 023/110] 2720: add APS --- user.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/user.js b/user.js index f2e931f..d6faae2 100644 --- a/user.js +++ b/user.js @@ -1,6 +1,6 @@ /****** * name: arkenfox user.js -* date: 30 August 2022 +* date: 11 September 2022 * version: 104 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -740,6 +740,8 @@ user_pref("browser.contentblocking.category", "strict"); // user_pref("privacy.antitracking.enableWebcompat", false); /* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] +/* 2720: enable APS (Always Partitioning Storage) [FF104+] */ +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); From 4bc98005ec0ae56726a38d0854c645b407194278 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 1 Oct 2022 20:33:58 +0000 Subject: [PATCH 024/110] activity-stream.feeds.snippets --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 1d2b1f0..877b597 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 23-August-2022 + Last updated: 1-October-2022 Instructions: - [optional] close Firefox and backup your profile @@ -238,6 +238,7 @@ /* REMOVED */ /* 103+ */ + 'browser.newtabpage.activity-stream.feeds.snippets', 'extensions.formautofill.available', 'extensions.formautofill.addresses.supported', 'extensions.formautofill.creditCards.available', From 95ecd3e328eb9be993b23d876d8b2e142e306322 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 3 Oct 2022 07:18:30 +0000 Subject: [PATCH 025/110] browser.newtab.preload --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 877b597..7a7cfb1 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 1-October-2022 + Last updated: 3-October-2022 Instructions: - [optional] close Firefox and backup your profile @@ -238,6 +238,7 @@ /* REMOVED */ /* 103+ */ + 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.snippets', 'extensions.formautofill.available', 'extensions.formautofill.addresses.supported', From 958acf9c2ec920113ffeacfdf7f562e8d435de06 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 3 Oct 2022 13:47:30 +0000 Subject: [PATCH 026/110] activity-stream.feeds.discoverystreamfeed --- scratchpad-scripts/arkenfox-cleanup.js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 7a7cfb1..9764fb7 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -239,6 +239,7 @@ /* REMOVED */ /* 103+ */ 'browser.newtab.preload', + 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', 'extensions.formautofill.available', 'extensions.formautofill.addresses.supported', From 4e3a64b5a10d5f8329ab2af503770e5276beca20 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Oct 2022 17:15:19 +0000 Subject: [PATCH 027/110] v105 (#1541) --- user.js | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index d6faae2..85f1f36 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 11 September 2022 -* version: 104 +* date: 5 October 2022 +* version: 105 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -87,25 +87,17 @@ user_pref("browser.shell.checkDefaultBrowser", false); * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page - * about:home=Activity Stream (default, see 0105), custom URL, about:blank + * about:home=Firefox Home (default, see 0105), custom URL, about:blank * [SETTING] Home>New Windows and Tabs>Homepage and new windows ***/ user_pref("browser.startup.homepage", "about:blank"); /* 0104: set NEWTAB page - * true=Activity Stream (default, see 0105), false=blank page + * true=Firefox Home (default, see 0105), false=blank page * [SETTING] Home>New Windows and Tabs>New tabs ***/ user_pref("browser.newtabpage.enabled", false); -user_pref("browser.newtab.preload", false); -/* 0105: disable some Activity Stream items - * Activity Stream is the default homepage/newtab based on metadata and browsing behavior - * [SETTING] Home>Firefox Home Content>... to show/hide what you want ***/ -user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); -user_pref("browser.newtabpage.activity-stream.telemetry", false); -user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false] -user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); -user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); -user_pref("browser.newtabpage.activity-stream.showSponsored", false); -user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+] -user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] +/* 0105: disable sponsored content on Firefox Home (Activity Stream) + * [SETTING] Home>Firefox Home Content ***/ +user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+] Pocket > Sponsored Stories +user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Sponsored shortcuts /* 0106: clear default topsites * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); @@ -183,6 +175,9 @@ user_pref("toolkit.coverage.endpoint.base", ""); /* 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+] * Defense-in-depth: currently covered by 0331 ***/ user_pref("browser.ping-centre.telemetry", false); +/* 0335: disable Firefox Home (Activity Stream) telemetry ***/ +user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); +user_pref("browser.newtabpage.activity-stream.telemetry", false); /** STUDIES ***/ /* 0340: disable Studies @@ -276,7 +271,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 - * [STATS] Firefox telemetry (July 2021) shows ~10% of all connections are IPv6 + * [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6 * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. @@ -400,7 +395,7 @@ user_pref("network.auth.subresource-http-auth-allow", 1); /* 0906: enforce no automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+] * [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for... * [1] https://support.mozilla.org/kb/windows-sso ***/ -user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false] + // user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false] /*** [SECTION 1000]: DISK AVOIDANCE ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); @@ -416,10 +411,6 @@ user_pref("media.memory_cache_max_size", 65536); * define on which sites to save extra session data such as form content, cookies and POST data * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ user_pref("browser.sessionstore.privacy_level", 2); -/* 1004: set the minimum interval between session save operations - * Increasing this can help on older machines and some websites, as well as reducing writes [1] - * [1] https://bugzilla.mozilla.org/1304389 ***/ -user_pref("browser.sessionstore.interval", 30000); // [DEFAULT: 15000] /* 1005: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); @@ -444,7 +435,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * but the problem is that the browser can't know that. Setting this pref to true is the only way for the * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? - * [STATS] SSL Labs (July 2021) reports over 99% of top sites have secure renegotiation [4] + * [STATS] SSL Labs (Sept 2022) reports over 99.3% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -740,8 +731,9 @@ user_pref("browser.contentblocking.category", "strict"); // user_pref("privacy.antitracking.enableWebcompat", false); /* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] -/* 2720: enable APS (Always Partitioning Storage) [FF104+] */ -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); +/* 2720: enable APS (Always Partitioning Storage) ***/ +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); @@ -1086,6 +1078,9 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("privacy.window.name.update.enabled", ""); // user_pref("security.insecure_connection_text.enabled", ""); /* 6051: prefsCleaner: reset items removed from arkenfox FF102+ ***/ + // user_pref("browser.newtab.preload", ""); + // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); + // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); // user_pref("extensions.formautofill.available", ""); // user_pref("extensions.formautofill.addresses.supported", ""); // user_pref("extensions.formautofill.creditCards.available", ""); @@ -1264,6 +1259,9 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line +/* FIREFOX HOME CONTENT ***/ + // user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // Recommended by Pocket + // user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); /* HTML5 MEDIA AUTOPLAY ***/ // [NOTE] You can set exceptions under site permissions // user_pref("media.autoplay.default", 5); // [FF63+] @@ -1293,6 +1291,8 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fa // [SETTING] General>Browsing>Recommend extensions as you browse user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] // [SETTING] General>Browsing>Recommend features as you browse + // user_pref("browser.sessionstore.interval", 30000); // minimum interval between session save operations + // Increasing this may help on older machines and some websites, as well as reducing writes (1304389) // user_pref("network.manage-offline-status", false); // see bugzilla 620472 // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) From db04bc44f2982ae8e39f10d056bc7cfe7804d4fd Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 4 Oct 2022 17:34:45 +0000 Subject: [PATCH 028/110] some inactive prefs at default since 102+ - dom.vr.enabled - false FF97+ - network.http.altsvc.oe - false FF94+ - dom.netinfo.enabled - android joined desktop as false FF99+ - browser.tabs.warnOnClose - falsefalse FF94+ --- scratchpad-scripts/arkenfox-cleanup.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 9764fb7..c176784 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 3-October-2022 + Last updated: 5-October-2022 Instructions: - [optional] close Firefox and backup your profile @@ -241,10 +241,14 @@ 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', - 'extensions.formautofill.available', + 'browser.tabs.warnOnClose', + 'dom.netinfo.enabled', + 'dom.vr.enabled', 'extensions.formautofill.addresses.supported', + 'extensions.formautofill.available', 'extensions.formautofill.creditCards.available', 'extensions.formautofill.creditCards.supported', + 'network.http.altsvc.oe', /* 92-102 */ 'browser.urlbar.trimURLs', 'dom.caches.enabled', From 51f3fdbd87570488d8bac7d8e9aa5965ef9e0566 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 8 Oct 2022 14:08:55 +0000 Subject: [PATCH 029/110] devtools.chrome.enabled default false in stable, dev, beta, nightly --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index c176784..dd44842 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 5-October-2022 + Last updated: 8-October-2022 Instructions: - [optional] close Firefox and backup your profile @@ -242,6 +242,7 @@ 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', 'browser.tabs.warnOnClose', + 'devtools.chrome.enabled', 'dom.netinfo.enabled', 'dom.vr.enabled', 'extensions.formautofill.addresses.supported', From f4187632faef76df4de0cbb0cdc7199f22fadd76 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 8 Oct 2022 19:38:05 +0000 Subject: [PATCH 030/110] browser.ssl_override_behavior the code behind it was removed in FF68 - https://bugzilla.mozilla.org/show_bug.cgi?id=1530348 --- scratchpad-scripts/arkenfox-cleanup.js | 1 + 1 file changed, 1 insertion(+) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index dd44842..f839a14 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -241,6 +241,7 @@ 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', + 'browser.ssl_override_behavior', 'browser.tabs.warnOnClose', 'devtools.chrome.enabled', 'dom.netinfo.enabled', From 60dd839081dfa8347a49789923ed4bd0c154d93a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 4 Nov 2022 16:03:29 +0000 Subject: [PATCH 031/110] dom.disable_beforeunload, #1575 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index f839a14..1e98e9b 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 8-October-2022 + Last updated: 4-November-2022 Instructions: - [optional] close Firefox and backup your profile @@ -244,6 +244,7 @@ 'browser.ssl_override_behavior', 'browser.tabs.warnOnClose', 'devtools.chrome.enabled', + 'dom.disable_beforeunload', 'dom.netinfo.enabled', 'dom.vr.enabled', 'extensions.formautofill.addresses.supported', From 8a65c5a7bad0ec764d968b0941ebdf01bdcd2408 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 Nov 2022 13:28:40 +0000 Subject: [PATCH 032/110] v106 (#1558) --- user.js | 236 +++++++++++--------------------------------------------- 1 file changed, 44 insertions(+), 192 deletions(-) diff --git a/user.js b/user.js index 85f1f36..6eba484 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 5 October 2022 -* version: 105 +* date: 6 November 2022 +* version: 106 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -61,7 +61,7 @@ 6000: DON'T TOUCH 7000: DON'T BOTHER 8000: DON'T BOTHER: FINGERPRINTING - 9000: PERSONAL + 9000: NON-PROJECT RELATED 9999: DEPRECATED / REMOVED / LEGACY / RENAMED ******/ @@ -78,9 +78,6 @@ user_pref("browser.aboutConfig.showWarning", false); /*** [SECTION 0100]: STARTUP ***/ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); -/* 0101: disable default browser check - * [SETTING] General>Startup>Always check if Firefox is your default browser ***/ -user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set startup page [SETUP-CHROME] * 0=blank, 1=home, 2=last visited page, 3=resume previous session * [NOTE] Session Restore is cleared with history (2811), and not used in Private Browsing mode @@ -519,10 +516,6 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://bugzilla.mozilla.org/1353705 ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -/* 1271: control "Add Security Exception" dialog on SSL warnings - * 0=do neither, 1=pre-populate url, 2=pre-populate url + pre-fetch cert (default) - * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ -user_pref("browser.ssl_override_behavior", 1); /* 1272: display advanced information on Insecure Connection warning pages * only works when it's possible to add an exception * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) @@ -608,10 +601,6 @@ user_pref("media.eme.enabled", false); /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); -/* 2401: disable "Confirm you want to leave" dialog on page close - * Does not prevent JS leaks of the page close event - * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload ***/ -user_pref("dom.disable_beforeunload", true); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); /* 2403: block popup windows @@ -636,10 +625,6 @@ user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); -/* 2607: disable various developer tools in browser context - * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes - * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ -user_pref("devtools.chrome.enabled", false); /* 2608: reset remote debugging to disabled * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] @@ -805,14 +790,12 @@ user_pref("privacy.sanitize.timeSpan", 0); 418986 - limit window.screen & CSS media queries (FF41) [TEST] https://arkenfox.github.io/TZP/tzp.html#screen 1281949 - spoof screen orientation (FF50) - 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50-99) - FF53: fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044) 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API - version: spoofed as ESR (FF102+ this is limited to Android) + version: android version spoofed as ESR OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android 1369319 - disable device sensor API 1369357 - disable site specific zoom @@ -825,7 +808,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 1217290 & 1409677 - enable some fingerprinting resistance for WebGL 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist - FF58-90 + FF58+ 967895 - spoof canvas and enable site permission prompt (FF58) 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" @@ -847,10 +830,9 @@ user_pref("privacy.sanitize.timeSpan", 0); 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78) 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82) - FF91+ 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) - 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was capped at 100ms) (FF102) + 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -1064,23 +1046,13 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla * [WHY] To prevent wasting Mozilla's time with a custom setup ***/ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] -/* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/ - // user_pref("browser.urlbar.trimURLs", ""); - // user_pref("dom.caches.enabled", ""); - // user_pref("dom.storageManager.enabled", ""); - // user_pref("dom.storage_access.enabled", ""); - // user_pref("dom.targetBlankNoOpener.enabled", ""); - // user_pref("network.cookie.thirdparty.sessionOnly", ""); - // user_pref("network.cookie.thirdparty.nonsecureSessionOnly", ""); - // user_pref("privacy.firstparty.isolate.block_post_message", ""); - // user_pref("privacy.firstparty.isolate.restrict_opener_access", ""); - // user_pref("privacy.firstparty.isolate.use_site", ""); - // user_pref("privacy.window.name.update.enabled", ""); - // user_pref("security.insecure_connection_text.enabled", ""); -/* 6051: prefsCleaner: reset items removed from arkenfox FF102+ ***/ +/* 6050: prefsCleaner: reset items removed from arkenfox FF102+ ***/ // user_pref("browser.newtab.preload", ""); // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); + // user_pref("browser.ssl_override_behavior", ""); + // user_pref("devtools.chrome.enabled", ""); + // user_pref("dom.disable_beforeunload", ""); // user_pref("extensions.formautofill.available", ""); // user_pref("extensions.formautofill.addresses.supported", ""); // user_pref("extensions.formautofill.creditCards.available", ""); @@ -1089,13 +1061,12 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); /* 7001: disable APIs - * Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality - * [WHY] The API state is easily fingerprintable. Geo and VR are behind prompts (7002). + * Location-Aware Browsing, Full Screen, offline cache (appCache) + * [WHY] The API state is easily fingerprintable. Geo is behind a prompt (7002). * appCache storage capability was removed in FF90. Full screen requires user interaction ***/ // user_pref("geo.enabled", false); // user_pref("full-screen-api.enabled", false); // user_pref("browser.cache.offline.enable", false); - // user_pref("dom.vr.enabled", false); // [DEFAULT: false FF97+] /* 7002: set default permissions * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+] * 0=always ask (default), 1=allow, 2=block @@ -1143,7 +1114,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7010: disable HTTP Alternative Services [FF37+] * [WHY] Already isolated with network partitioning (FF85+) ***/ // user_pref("network.http.altsvc.enabled", false); - // user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+] /* 7011: disable website control over browser right-click context menu * [WHY] Just use Shift-Right-Click ***/ // user_pref("dom.event.contextmenu.enabled", false); @@ -1195,163 +1165,45 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies [WARNING] DO NOT USE with RFP. RFP already covers these and they can interfere ***/ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan"); -/* 8001: disable APIs ***/ - // user_pref("device.sensors.enabled", false); - // user_pref("dom.enable_performance", false); - // user_pref("dom.enable_resource_timing", false); - // user_pref("dom.gamepad.enabled", false); - // user_pref("dom.netinfo.enabled", false); // [DEFAULT: false NON-ANDROID: false ANDROID FF99+] - // user_pref("dom.webaudio.enabled", false); -/* 8002: disable other ***/ - // user_pref("browser.display.use_document_fonts", 0); - // user_pref("browser.zoom.siteSpecific", false); - // user_pref("dom.w3c_touch_events.enabled", 0); - // user_pref("media.navigator.enabled", false); - // user_pref("media.ondevicechange.enabled", false); - // user_pref("media.video_stats.enabled", false); - // user_pref("media.webspeech.synth.enabled", false); - // user_pref("webgl.enable-debug-renderer-info", false); -/* 8003: spoof ***/ - // user_pref("dom.maxHardwareConcurrency", 2); - // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] - // user_pref("general.appname.override", ""); // [HIDDEN PREF] - // user_pref("general.appversion.override", ""); // [HIDDEN PREF] - // user_pref("general.buildID.override", ""); // [HIDDEN PREF] - // user_pref("general.oscpu.override", ""); // [HIDDEN PREF] - // user_pref("general.platform.override", ""); // [HIDDEN PREF] - // user_pref("general.useragent.override", ""); // [HIDDEN PREF] - // user_pref("ui.use_standins_for_native_colors", true); +/* 8001: prefsCleaner: reset items useless for anti-fingerprinting ***/ + // user_pref("browser.display.use_document_fonts", ""); + // user_pref("browser.zoom.siteSpecific", ""); + // user_pref("device.sensors.enabled", ""); + // user_pref("dom.enable_performance", ""); + // user_pref("dom.enable_resource_timing", ""); + // user_pref("dom.gamepad.enabled", ""); + // user_pref("dom.maxHardwareConcurrency", ""); + // user_pref("dom.w3c_touch_events.enabled", ""); + // user_pref("dom.webaudio.enabled", ""); + // user_pref("font.system.whitelist", ""); + // user_pref("general.appname.override", ""); + // user_pref("general.appversion.override", ""); + // user_pref("general.buildID.override", ""); + // user_pref("general.oscpu.override", ""); + // user_pref("general.platform.override", ""); + // user_pref("general.useragent.override", ""); + // user_pref("media.navigator.enabled", ""); + // user_pref("media.ondevicechange.enabled", ""); + // user_pref("media.video_stats.enabled", ""); + // user_pref("media.webspeech.synth.enabled", ""); + // user_pref("ui.use_standins_for_native_colors", ""); + // user_pref("webgl.enable-debug-renderer-info", ""); -/*** [SECTION 9000]: PERSONAL - Non-project related but useful. If any interest you, add them to your overrides -***/ +/*** [SECTION 9000]: NON-PROJECT RELATED ***/ user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!"); -/* WELCOME & WHAT'S NEW NOTICES ***/ -user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch - // user_pref("startup.homepage_welcome_url", ""); - // user_pref("startup.homepage_welcome_url.additional", ""); - // user_pref("startup.homepage_override_url", ""); // What's New page after updates -/* WARNINGS ***/ - // user_pref("browser.tabs.warnOnClose", false); // [DEFAULT: false FF94+] - // user_pref("browser.tabs.warnOnCloseOtherTabs", false); - // user_pref("browser.tabs.warnOnOpen", false); - // user_pref("browser.warnOnQuitShortcut", false); // [FF94+] - // user_pref("full-screen-api.warning.delay", 0); - // user_pref("full-screen-api.warning.timeout", 0); -/* UPDATES ***/ - // user_pref("app.update.auto", false); // [NON-WINDOWS] disable auto app updates - // [NOTE] You will still get prompts to update, and should do so in a timely manner - // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them - // user_pref("browser.search.update", false); // disable search engine updates (e.g. OpenSearch) - // [NOTE] This does not affect Mozilla's built-in or Web Extension search engines - // user_pref("extensions.update.enabled", false); // disable extension and theme update checks - // user_pref("extensions.update.autoUpdateDefault", false); // disable installing extension and theme updates - // [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) - // user_pref("extensions.getAddons.cache.enabled", false); // disable extension metadata (extension detail tab) -/* APPEARANCE ***/ - // user_pref("browser.download.autohideButton", false); // [FF57+] - // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent - // user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF] - // 0=no-preference, 1=reduce: with RFP this only affects chrome - // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF] - // 0=light, 1=dark: with RFP this only affects chrome -/* CONTENT BEHAVIOR ***/ - // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" - // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] - // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line -/* FIREFOX HOME CONTENT ***/ - // user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // Recommended by Pocket - // user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); -/* HTML5 MEDIA AUTOPLAY ***/ - // [NOTE] You can set exceptions under site permissions - // user_pref("media.autoplay.default", 5); // [FF63+] - // 0=Allow all, 1=Block non-muted media (default), 5=Block all - // [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites - // user_pref("media.autoplay.blocking_policy", 2); // disable autoplay if you interacted with the site [FF78+] - // 0=sticky (default), 1=transient, 2=user - // [1] https://support.mozilla.org/questions/1293231 // links to Autoplay Policy Documentation (PDF) -/* UX BEHAVIOR ***/ - // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing - // user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+] - // user_pref("browser.tabs.closeWindowWithLastTab", false); - // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] - // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+] - // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux] - // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] - // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+] -/* UX FEATURES ***/ -user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+] - // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] - // user_pref("extensions.screenshots.disabled", true); // [FF55+] - // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] - // user_pref("reader.parse-on-load.enabled", false); // Reader View -/* OTHER ***/ - // user_pref("browser.bookmarks.max_backups", 2); -user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] - // [SETTING] General>Browsing>Recommend extensions as you browse -user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] - // [SETTING] General>Browsing>Recommend features as you browse - // user_pref("browser.sessionstore.interval", 30000); // minimum interval between session save operations - // Increasing this may help on older machines and some websites, as well as reducing writes (1304389) - // user_pref("network.manage-offline-status", false); // see bugzilla 620472 - // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) +/* 9001: disable welcome notices ***/ +user_pref("browser.startup.homepage_override.mstone", "ignore"); +/* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/ +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); +/* 9003: disable What's New toolbar icon [FF69+] ***/ +user_pref("browser.messaging-system.whatsNewPanel.enabled", false); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1] [1] https://github.com/arkenfox/user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* ESR91.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them -// FF93 -// 7003: disable non-modern cipher suites - // [-] https://bugzilla.mozilla.org/1724072 - // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES -// FF94 -// 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] - replaced by new 1402 - // [-] https://bugzilla.mozilla.org/1715507 - // user_pref("layout.css.font-visibility.level", 1); -// FF95 -// 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807 - // [-] https://bugzilla.mozilla.org/1735976 -user_pref("browser.urlbar.suggest.quicksuggest", false); -// FF96 -// 0302: disable auto-INSTALLING Firefox updates via a background service + hide the setting [FF90+] [WINDOWS] - // [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running - // [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows - // [-] https://bugzilla.mozilla.org/1738983 -user_pref("app.update.background.scheduling.enabled", false); -// FF97 -// 7006: onions - replaced by new 7006 "allowlist" - // [-] https://bugzilla.mozilla.org/1744006 - // user_pref("dom.securecontext.whitelist_onions", true); // 1382359 -// FF99 -// 6003: enforce CSP (Content Security Policy) - // [1] https://developer.mozilla.org/docs/Web/HTTP/CSP - // [-] https://bugzilla.mozilla.org/1754301 -user_pref("security.csp.enable", true); // [DEFAULT: true] -// FF100 -// 7009: disable HTTP2 - replaced by network.http.http2* prefs - // [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1] - // [1] https://w3techs.com/technologies/details/ce-http2/all/all - // [-] https://bugzilla.mozilla.org/1752621 - // user_pref("network.http.spdy.enabled", false); - // user_pref("network.http.spdy.enabled.deps", false); - // user_pref("network.http.spdy.enabled.http2", false); - // user_pref("network.http.spdy.websockets", false); // [FF65+] -// FF102 - // 0901: set when Firefox should prompt for the primary password - // 0=once per session (default), 1=every time it's needed, 2=after n minutes (0902) - // [-] https://bugzilla.mozilla.org/1767099 -user_pref("security.ask_for_password", 2); - // 0902: set how long in minutes Firefox should remember the primary password (0901) - // [-] https://bugzilla.mozilla.org/1767099 -user_pref("security.password_lifetime", 5); // [DEFAULT: 30] - // 6007: enforce Local Storage Next Generation (LSNG) [FF65+] - // [-] https://bugzilla.mozilla.org/1764696 -user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] -// ***/ - /* ESR102.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF103 @@ -1362,7 +1214,7 @@ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] user_pref("network.cookie.lifetimePolicy", 2); // 6012: disable SHA-1 certificates // [-] https://bugzilla.mozilla.org/1766687 -user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1 FF102+] + // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1] // ***/ /* END: internal custom pref to test for syntax errors ***/ From a93047e6c9fb4d6756ceb89a58a080a604280ce7 Mon Sep 17 00:00:00 2001 From: iTawkins <100447932+iTawkins@users.noreply.github.com> Date: Sun, 13 Nov 2022 14:31:17 +0000 Subject: [PATCH 033/110] Improves usability by clarifying desired action (#1583) --- prefsCleaner.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index da2cfe9..99b8981 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -88,6 +88,7 @@ echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." echo "This will allow inactive preferences to be reset to their default values." echo -e "\nThis Firefox profile shouldn't be in use during the process.\n" +echo -e "\nIn order to proceed, select a command below by entering its corresponding number.\n" [ "$1" == '-s' ] && fStart From 365e76bc9f2c9bf30509ce5f1aec6627ad84c84b Mon Sep 17 00:00:00 2001 From: junoslukan Date: Sun, 13 Nov 2022 14:37:26 +0000 Subject: [PATCH 034/110] Format date and time consistently. (#1580) * Format date and time consistently. Co-authored-by: junos Co-authored-by: earthlng --- prefsCleaner.bat | 11 +++++++---- updater.bat | 9 +++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 616ec28..7591c0e 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.4 +REM ## version: 2.5 CD /D "%~dp0" @@ -13,7 +13,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.4 #### +ECHO #### v2.5 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -30,9 +30,12 @@ IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory. IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) CALL :strlenCheck CALL :FFcheck + CALL :message "Backing up prefs.js..." -SET "_time=%time: =0%" -COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" +FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j +SET ldt=%ldt:~0,8%_%ldt:~8,6% +COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js" + CALL :message "Cleaning prefs.js..." CALL :cleanup CALL :message "All done!" diff --git a/updater.bat b/updater.bat index eef06f0..83499c2 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.16 +REM ## version: 4.17 REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows -SET v=4.15 +SET v=4.17 VERIFY ON CD /D "%~dp0" @@ -177,8 +177,9 @@ IF EXIST user.js.new ( IF DEFINED _singlebackup ( MOVE /Y user.js user.js.bak >nul ) ELSE ( - SET "_time=!time: =0!" - MOVE /Y user.js "user-backup-!date:/=-!_!_time::=.!.js" >nul + FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j + SET ldt=%ldt:~0,8%_%ldt:~8,6% + MOVE /Y user.js "user-backup-%ldt%.js" >nul ) REN user.js.new user.js CALL :message "Update complete." From 5a366493e029d04103b7f2c25c4eee6dc9b40176 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 19 Nov 2022 04:04:59 +0000 Subject: [PATCH 035/110] dom.disable_open_during_load default true since at least FF60 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 1e98e9b..892361f 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 4-November-2022 + Last updated: 19-November-2022 Instructions: - [optional] close Firefox and backup your profile @@ -245,6 +245,7 @@ 'browser.tabs.warnOnClose', 'devtools.chrome.enabled', 'dom.disable_beforeunload', + 'dom.disable_open_during_load', 'dom.netinfo.enabled', 'dom.vr.enabled', 'extensions.formautofill.addresses.supported', From cc0f05388f6c721c358e89372caac604f84fd0d9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 21 Nov 2022 00:36:37 +0000 Subject: [PATCH 036/110] v107 (#1579) --- user.js | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/user.js b/user.js index 6eba484..37c3bd0 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 6 November 2022 -* version: 106 +* date: 21 November 2022 +* version: 107 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -112,8 +112,8 @@ user_pref("geo.provider.use_gpsd", false); // [LINUX] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] /* 0203: disable region updates * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ -user_pref("browser.region.network.url", ""); // [FF78+] user_pref("browser.region.update.enabled", false); // [FF79+] + // user_pref("browser.region.network.url", ""); // [FF78+] Defense-in-depth /* 0204: set search region * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/ // user_pref("browser.search.region", "US"); // [HIDDEN PREF] @@ -491,8 +491,8 @@ user_pref("security.remote_settings.crlite_filters.enabled", true); user_pref("security.pki.crlite_mode", 2); /** MIXED CONTENT ***/ -/* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/ -user_pref("security.mixed_content.block_display_content", true); +/* 1241: disable insecure passive content (such as images) on https pages ***/ + // user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244) /* 1244: enable HTTPS-Only mode in all windows [FF76+] * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail) * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") @@ -603,9 +603,6 @@ user_pref("media.eme.enabled", false); user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); -/* 2403: block popup windows - * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ -user_pref("dom.disable_open_during_load", true); /* 2404: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); @@ -624,7 +621,7 @@ user_pref("browser.helperApps.deleteTempFileOnExit", true); user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); -user_pref("browser.uitour.url", ""); + // user_pref("browser.uitour.url", ""); // Defense-in-depth /* 2608: reset remote debugging to disabled * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] @@ -648,16 +645,16 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); * [3] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=punycode+firefox * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); -/* 2620: enforce PDFJS, disable PDFJS scripting [SETUP-CHROME] +/* 2620: enforce PDFJS, disable PDFJS scripting * This setting controls if the option "Display in Firefox" is available in the setting below * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") - * PROS: pdfjs is lightweight, open source, and more secure/vetted than most - * Exploits are rare (one serious case in seven years), treated seriously and patched quickly. + * [WHY] pdfjs is lightweight, open source, and secure: the last exploit was June 2015 [1] * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). * It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. - * CONS: You may prefer a different pdf reader for security reasons - * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code - * [SETTING] General>Applications>Portable Document Format (PDF) ***/ + * [NOTE] JS can still force a pdf to open in-browser by bundling its own code + * [SETUP-CHROME] You may prefer a different pdf reader for security/workflow reasons + * [SETTING] General>Applications>Portable Document Format (PDF) + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/ @@ -717,8 +714,8 @@ user_pref("browser.contentblocking.category", "strict"); /* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] /* 2720: enable APS (Always Partitioning Storage) ***/ -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+} +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] [DEFAULT: false FF109+] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); @@ -809,7 +806,6 @@ user_pref("privacy.sanitize.timeSpan", 0); 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist FF58+ - 967895 - spoof canvas and enable site permission prompt (FF58) 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" Block: suppresses the ondevicechange event @@ -925,7 +921,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow /* 5005: disable intermediate certificate caching [FF41+] [RESTART] * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them ***/ - // user_pref("security.nocertdb", true); // [HIDDEN PREF in FF101 or lower] + // user_pref("security.nocertdb", true); /* 5006: disable favicons in history and bookmarks * [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your * actual history (and bookmarks) already do. Your history is more detailed, so @@ -1053,6 +1049,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("browser.ssl_override_behavior", ""); // user_pref("devtools.chrome.enabled", ""); // user_pref("dom.disable_beforeunload", ""); + // user_pref("dom.disable_open_during_load", ""); // user_pref("extensions.formautofill.available", ""); // user_pref("extensions.formautofill.addresses.supported", ""); // user_pref("extensions.formautofill.creditCards.available", ""); @@ -1082,8 +1079,8 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7003: disable non-modern cipher suites [1] * [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks * [1] https://browserleaks.com/ssl ***/ - // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); - // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT: false FF109+] + // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: false FF109+] // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS @@ -1097,7 +1094,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7005: disable SSL session IDs [FF36+] * [WHY] Passive fingerprinting and perf costs. These are session-only * and isolated with network partitioning (FF85+) and/or containers ***/ - // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF in FF101 or lower] + // user_pref("security.ssl.disable_session_identifiers", true); /* 7006: onions * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 @@ -1146,8 +1143,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] /* 7017: disable service workers - * [WHY] Already isolated (FF96+) with TCP (2701) behind a pref (2710) - * or blocked with TCP in 3rd parties (FF95 or lower) ***/ + * [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/ // user_pref("dom.serviceWorkers.enabled", false); /* 7018: disable Web Notifications * [WHY] Web Notifications are behind a prompt (7002) From 5eaa8196e2bb77a8f126781c6f290af93d091070 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 22 Nov 2022 19:00:47 +0000 Subject: [PATCH 037/110] v4.18 - fix backup filename --- updater.bat | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index 83499c2..40a6d10 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.17 +REM ## version: 4.18 REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows -SET v=4.17 +SET v=4.18 VERIFY ON CD /D "%~dp0" @@ -178,8 +178,8 @@ IF EXIST user.js.new ( MOVE /Y user.js user.js.bak >nul ) ELSE ( FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j - SET ldt=%ldt:~0,8%_%ldt:~8,6% - MOVE /Y user.js "user-backup-%ldt%.js" >nul + SET ldt=!ldt:~0,8!_!ldt:~8,6! + MOVE /Y user.js "user-backup-!ldt!.js" >nul ) REN user.js.new user.js CALL :message "Update complete." From 6789dc7fefac5594d958a065463b4dc9d265c089 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 22 Nov 2022 19:50:50 +0000 Subject: [PATCH 038/110] fix typo --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 37c3bd0..c3eaab9 100644 --- a/user.js +++ b/user.js @@ -714,7 +714,7 @@ user_pref("browser.contentblocking.category", "strict"); /* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] /* 2720: enable APS (Always Partitioning Storage) ***/ -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+} +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+] user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] [DEFAULT: false FF109+] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ From 40e8e1acbe55dd266a280ab40ab418ca8d9646ec Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 28 Nov 2022 08:11:40 +0000 Subject: [PATCH 039/110] beacon.enabled, see #1586 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 892361f..3928978 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 19-November-2022 + Last updated: 28-November-2022 Instructions: - [optional] close Firefox and backup your profile @@ -238,6 +238,7 @@ /* REMOVED */ /* 103+ */ + 'beacon.enabled', 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', From 45d23f8d75c4cd23be26cfcb32689e60ebbad072 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Dec 2022 10:19:29 +0000 Subject: [PATCH 040/110] region prefs, #1590 --- scratchpad-scripts/arkenfox-cleanup.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 3928978..fa4409b 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 28-November-2022 + Last updated: 2-December-2022 Instructions: - [optional] close Firefox and backup your profile @@ -242,6 +242,9 @@ 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', + 'browser.region.network.url', + 'browser.region.update.enabled', + 'browser.search.region', 'browser.ssl_override_behavior', 'browser.tabs.warnOnClose', 'devtools.chrome.enabled', From e4a85c30c129cf664cc8a39705bb070fce828d33 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 5 Dec 2022 18:48:51 +0000 Subject: [PATCH 041/110] security.tls.version.enable-deprecated the UI for downgrading was removed in FF94, default is false --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index fa4409b..15f59d7 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 2-December-2022 + Last updated: 5-December-2022 Instructions: - [optional] close Firefox and backup your profile @@ -257,6 +257,7 @@ 'extensions.formautofill.creditCards.available', 'extensions.formautofill.creditCards.supported', 'network.http.altsvc.oe', + 'security.tls.version.enable-deprecated', /* 92-102 */ 'browser.urlbar.trimURLs', 'dom.caches.enabled', From 12ca83b550866882c338b354de53287664332560 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 10 Dec 2022 14:00:23 +0000 Subject: [PATCH 042/110] v1.6 - autoupdate --- prefsCleaner.sh | 83 ++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 71 insertions(+), 12 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 99b8981..dee3f70 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,33 +2,54 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.5 +## version: 1.6 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh -currdir=$(pwd) +## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() ) + +readonly CURRDIR=$(pwd) ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) -sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) +SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) ## fallback for Macs without coreutils -if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi +[ -z "$SCRIPT_FILE" ] && SCRIPT_FILE=${BASH_SOURCE[0]} -## change directory to the Firefox profile directory -cd "$(dirname "${sfp}")" + +AUTOUPDATE=true +QUICKSTART=false + +## download method priority: curl -> wget +DOWNLOAD_METHOD='' +if command -v curl >/dev/null; then + DOWNLOAD_METHOD='curl --max-redirs 3 -so' +elif command -v wget >/dev/null; then + DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O' +else + AUTOUPDATE=false + echo -e "No curl or wget detected.\nAutomatic self-update disabled!" +fi fQuit() { ## change directory back to the original working directory - cd "${currdir}" + cd "${CURRDIR}" [ "$1" -eq 0 ] && echo -e "\n$2" || echo -e "\n$2" >&2 exit $1 } fUsage() { - echo -e "\nUsage: $0 [-s]" + echo -e "\nUsage: $0 [-ds]" echo -e " Optional Arguments: - -s Start immediately" + -s Start immediately + -d Don't auto-update prefsCleaner.sh" +} + +download_file() { # expects URL as argument ($1) + declare -r tf=$(mktemp) + + $DOWNLOAD_METHOD "${tf}" "$1" &>/dev/null && echo "$tf" || echo '' # return the temp-filename or empty string on error } fFF_check() { @@ -40,6 +61,24 @@ fFF_check() { done } +## returns the version number of a prefsCleaner.sh file +get_prefsCleaner_version() { + echo "$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")" +} + +## updates the prefsCleaner.sh file based on the latest public version +update_prefsCleaner() { + declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/prefsCleaner.sh')" + [ -z "$tmpfile" ] && echo -e "Error! Could not download prefsCleaner.sh" && return 1 # check if download failed + + [[ $(get_prefsCleaner_version "$SCRIPT_FILE") == $(get_prefsCleaner_version "$tmpfile") ]] && return 0 + + mv "$tmpfile" "$SCRIPT_FILE" + chmod u+x "$SCRIPT_FILE" + "$SCRIPT_FILE" -s -d + exit 0 +} + fClean() { # the magic happens here prefs="@@" @@ -78,19 +117,37 @@ fStart() { fQuit 0 "All done!" } + +while getopts "sd" opt; do + case $opt in + s) + QUICKSTART=true + ;; + d) + AUTOUPDATE=false + ;; + esac +done + +## change directory to the Firefox profile directory +cd "$(dirname "${SCRIPT_FILE}")" + +[ "$AUTOUPDATE" = true ] && update_prefsCleaner + echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.5 ║" +echo " ║ v1.6 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." echo "This will allow inactive preferences to be reset to their default values." echo -e "\nThis Firefox profile shouldn't be in use during the process.\n" -echo -e "\nIn order to proceed, select a command below by entering its corresponding number.\n" -[ "$1" == '-s' ] && fStart +[ "$QUICKSTART" = true ] && fStart + +echo -e "\nIn order to proceed, select a command below by entering its corresponding number.\n" select option in Start Help Exit; do case $option in @@ -114,3 +171,5 @@ select option in Start Help Exit; do ;; esac done + +fQuit 0 From 7135907b2fe13fa55eb8ebf162603037f83e353c Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 10 Dec 2022 14:35:48 +0000 Subject: [PATCH 043/110] Update prefsCleaner.sh --- prefsCleaner.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index dee3f70..052905e 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -75,7 +75,7 @@ update_prefsCleaner() { mv "$tmpfile" "$SCRIPT_FILE" chmod u+x "$SCRIPT_FILE" - "$SCRIPT_FILE" -s -d + "$SCRIPT_FILE" "$@" -d exit 0 } @@ -132,7 +132,7 @@ done ## change directory to the Firefox profile directory cd "$(dirname "${SCRIPT_FILE}")" -[ "$AUTOUPDATE" = true ] && update_prefsCleaner +[ "$AUTOUPDATE" = true ] && update_prefsCleaner "$@" echo -e "\n\n" echo " ╔══════════════════════════╗" From f5e54b4a709ca3d58e12e7524e71d3cd7f994515 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Jan 2023 17:15:24 +0000 Subject: [PATCH 044/110] revert security.tls.version.enable-deprecated we kept it in the user js --- scratchpad-scripts/arkenfox-cleanup.js | 1 - 1 file changed, 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 15f59d7..6743ca7 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -257,7 +257,6 @@ 'extensions.formautofill.creditCards.available', 'extensions.formautofill.creditCards.supported', 'network.http.altsvc.oe', - 'security.tls.version.enable-deprecated', /* 92-102 */ 'browser.urlbar.trimURLs', 'dom.caches.enabled', From be376afc1ef9ee6c1eb305768af1da4a3eb1ca1e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 8 Jan 2023 15:20:22 +0000 Subject: [PATCH 045/110] v108 (#1606) --- user.js | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/user.js b/user.js index c3eaab9..6a150db 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 21 November 2022 -* version: 107 +* date: 9 January 2023 +* version: 108 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -110,13 +110,6 @@ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] user_pref("geo.provider.use_gpsd", false); // [LINUX] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] -/* 0203: disable region updates - * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ -user_pref("browser.region.update.enabled", false); // [FF79+] - // user_pref("browser.region.network.url", ""); // [FF78+] Defense-in-depth -/* 0204: set search region - * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/ - // user_pref("browser.search.region", "US"); // [HIDDEN PREF] /* 0210: set preferred language for displaying pages * [SETTING] General>Language and Appearance>Language>Choose your preferred language... * [TEST] https://addons.mozilla.org/about ***/ @@ -268,6 +261,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 + * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause * [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6 * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, @@ -477,7 +471,7 @@ user_pref("security.OCSP.require", true); user_pref("security.family_safety.mode", 0); /* 1223: enable strict PKP (Public Key Pinning) * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict - * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE: If you rely on an AV (antivirus) to protect + * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE * your web browsing by inspecting ALL your web traffic, then override to current default ***/ user_pref("security.cert_pinning.enforcement_level", 2); /* 1224: enable CRLite [FF73+] @@ -565,10 +559,8 @@ user_pref("privacy.userContext.ui.enabled", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) - * Firefox uses mDNS hostname obfuscation on desktop (except Windows7/8) and the - * private IP is NEVER exposed, except if required in TRUSTED scenarios; i.e. after - * you grant device (microphone or camera) access - * [SETUP-HARDEN] Test first. Windows7/8 users only: behind a proxy who never use WebRTC + * Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until + * required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access * [TEST] https://browserleaks.com/webrtc * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ @@ -603,7 +595,7 @@ user_pref("media.eme.enabled", false); user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); -/* 2404: limit events that can cause a popup [SETUP-WEB] ***/ +/* 2404: limit events that can cause a pop-up [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2600]: MISCELLANEOUS ***/ @@ -611,9 +603,6 @@ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curta /* 2601: prevent accessibility services from accessing your browser [RESTART] * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1); -/* 2602: disable sending additional analytics to web servers - * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ -user_pref("beacon.enabled", false); /* 2603: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); @@ -829,6 +818,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) + 1422237 - return "srgb" with color-gamut (FF110) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -1034,18 +1024,20 @@ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] * In FF96+ these are listed in about:compat * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] -/* 6010: enforce/reset TLS 1.0/1.1 downgrades to session only - * [NOTE] In FF97+ the TLS 1.0/1.1 downgrade UX was removed +/* 6010: enforce no TLS 1.0/1.1 downgrades * [TEST] https://tls-v1-1.badssl.com:1010/ ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] /* 6011: enforce disabling of Web Compatibility Reporter [FF56+] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla * [WHY] To prevent wasting Mozilla's time with a custom setup ***/ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] -/* 6050: prefsCleaner: reset items removed from arkenfox FF102+ ***/ +/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ + // user_pref("beacon.enabled", ""); // user_pref("browser.newtab.preload", ""); // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); + // user_pref("browser.region.network.url", ""); + // user_pref("browser.region.update.enabled", "") // user_pref("browser.ssl_override_behavior", ""); // user_pref("devtools.chrome.enabled", ""); // user_pref("dom.disable_beforeunload", ""); @@ -1194,6 +1186,9 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fa user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); /* 9003: disable What's New toolbar icon [FF69+] ***/ user_pref("browser.messaging-system.whatsNewPanel.enabled", false); +/* 9004: disable seach terms [FF110+] + * [SETTING] Search > SearchBar > Use the address bar for search and navigation > Show search terms instead of URL... ***/ +user_pref("browser.urlbar.showSearchTerms.enabled", false); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1] From 62a68f08147123b0c2c288ffdecc3f03e4ab1ae8 Mon Sep 17 00:00:00 2001 From: icpantsparti2 <101484718+icpantsparti2@users.noreply.github.com> Date: Sun, 8 Jan 2023 16:48:25 +0000 Subject: [PATCH 046/110] v108 (#1613) nit: add a ';' to the end of line 1040 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 6a150db..6cb9953 100644 --- a/user.js +++ b/user.js @@ -1037,7 +1037,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); // user_pref("browser.region.network.url", ""); - // user_pref("browser.region.update.enabled", "") + // user_pref("browser.region.update.enabled", ""); // user_pref("browser.ssl_override_behavior", ""); // user_pref("devtools.chrome.enabled", ""); // user_pref("dom.disable_beforeunload", ""); From b99dd27de828be13530ce2f48c9178d34f5f82ab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 27 Jan 2023 01:07:25 +0000 Subject: [PATCH 047/110] browser.startup.blankWindow, #1618 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6743ca7..6e06248 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 5-December-2022 + Last updated: 27-January-2023 Instructions: - [optional] close Firefox and backup your profile @@ -239,6 +239,7 @@ /* REMOVED */ /* 103+ */ 'beacon.enabled', + 'browser.startup.blankWindow', 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', From 82591911670943e629f5bc0a83adb95b2e5909ed Mon Sep 17 00:00:00 2001 From: Keith Harrison Date: Sun, 5 Feb 2023 14:06:49 +0000 Subject: [PATCH 048/110] prefsCleaner.bat: add -unattended flag (#1616) * prefsCleaner.bat: add -unattended flag Usage: prefsCleaner.bat -unattended Skips the prompt for user input and proceeds when -unattended is specified. If omitted, default behaviour is unchanged. --------- Signed-off-by: Keith Harrison Co-authored-by: earthlng --- prefsCleaner.bat | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 7591c0e..d266b3f 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,17 +3,19 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.5 +REM ## version: 2.6 CD /D "%~dp0" +IF /I "%~1"=="-unattended" (SET _ua=1) + :begin ECHO: ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.5 #### +ECHO #### v2.6 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -22,10 +24,13 @@ CALL :message "This will allow inactive preferences to be reset to their default ECHO This Firefox profile shouldn't be in use during the process. CALL :message "" TIMEOUT 1 /nobreak >nul -CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" -CLS -IF ERRORLEVEL 3 (EXIT /B) -IF ERRORLEVEL 2 (GOTO :showhelp) + +IF NOT DEFINED _ua ( + CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" + CLS + IF ERRORLEVEL 3 (EXIT /B) + IF ERRORLEVEL 2 (GOTO :showhelp) +) IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) CALL :strlenCheck From 73884850632ffe284f76881786f7d5903b917f58 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 7 Feb 2023 00:02:45 +0000 Subject: [PATCH 049/110] v109 (#1614) --- user.js | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/user.js b/user.js index 6cb9953..4217d61 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 9 January 2023 -* version: 108 +* date: 7 February 2023 +* version: 109 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -471,8 +471,7 @@ user_pref("security.OCSP.require", true); user_pref("security.family_safety.mode", 0); /* 1223: enable strict PKP (Public Key Pinning) * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict - * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE - * your web browsing by inspecting ALL your web traffic, then override to current default ***/ + * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/ user_pref("security.cert_pinning.enforcement_level", 2); /* 1224: enable CRLite [FF73+] * 0 = disabled @@ -595,8 +594,6 @@ user_pref("media.eme.enabled", false); user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); -/* 2404: limit events that can cause a pop-up [SETUP-WEB] ***/ -user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -606,8 +603,6 @@ user_pref("accessibility.force_disabled", 1); /* 2603: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2604: disable page thumbnail collection ***/ -user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); // user_pref("browser.uitour.url", ""); // Defense-in-depth @@ -853,10 +848,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); /* 4506: set RFP's font visibility level (1402) [FF94+] ***/ // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] -/* 4507: disable showing about:blank as soon as possible during startup [FF60+] - * When default true this no longer masks the RFP chrome resizing activity - * [1] https://bugzilla.mozilla.org/1448423 ***/ -user_pref("browser.startup.blankWindow", false); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] @@ -963,6 +954,10 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] +/* 5017: limit events that can cause a pop-up ***/ + // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +/* 5018: disable page thumbnail collection ***/ + // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /*** [SECTION 5500]: OPTIONAL HARDENING Not recommended. Overriding these can cause breakage and performance issues, @@ -1033,6 +1028,7 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ // user_pref("beacon.enabled", ""); + // user_pref("browser.startup.blankWindow", ""); // user_pref("browser.newtab.preload", ""); // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); @@ -1186,8 +1182,8 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fa user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); /* 9003: disable What's New toolbar icon [FF69+] ***/ user_pref("browser.messaging-system.whatsNewPanel.enabled", false); -/* 9004: disable seach terms [FF110+] - * [SETTING] Search > SearchBar > Use the address bar for search and navigation > Show search terms instead of URL... ***/ +/* 9004: disable search terms [FF110+] + * [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/ user_pref("browser.urlbar.showSearchTerms.enabled", false); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED From ca022d8c2d2d8b2e149fd34a696284759e566f4e Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 10 Mar 2023 09:21:21 +0000 Subject: [PATCH 050/110] v4.19 - use Powershell for locale-independent TS --- updater.bat | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index 40a6d10..f6174f7 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.18 +REM ## version: 4.19 REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows -SET v=4.18 +SET v=4.19 VERIFY ON CD /D "%~dp0" @@ -177,8 +177,7 @@ IF EXIST user.js.new ( IF DEFINED _singlebackup ( MOVE /Y user.js user.js.bak >nul ) ELSE ( - FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j - SET ldt=!ldt:~0,8!_!ldt:~8,6! + FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# MOVE /Y user.js "user-backup-!ldt!.js" >nul ) REN user.js.new user.js From d13f39d9f9c4dae6f7034fe8b4f29e5893a5abdc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Mar 2023 03:26:12 +0000 Subject: [PATCH 051/110] v110 (#1629) --- user.js | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 4217d61..bf931b2 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 7 February 2023 -* version: 109 +* date: 12 March 2023 +* version: 110 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -557,13 +557,6 @@ user_pref("privacy.userContext.ui.enabled", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); -/* 2001: disable WebRTC (Web Real-Time Communication) - * Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until - * required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access - * [TEST] https://browserleaks.com/webrtc - * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ - * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ - // user_pref("media.peerconnection.enabled", false); /* 2002: force WebRTC inside the proxy [FF70+] ***/ user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); /* 2003: force a single network interface for ICE candidates generation [FF42+] @@ -954,9 +947,9 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] -/* 5017: limit events that can cause a pop-up ***/ +/* 5018: limit events that can cause a pop-up ***/ // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -/* 5018: disable page thumbnail collection ***/ +/* 5019: disable page thumbnail collection ***/ // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /*** [SECTION 5500]: OPTIONAL HARDENING @@ -1143,6 +1136,13 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" * [1] https://support.mozilla.org/kb/push-notifications-firefox ***/ // user_pref("dom.push.enabled", false); +/* 7020: disable WebRTC (Web Real-Time Communication) + * [WHY] Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until + * required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access + * [TEST] https://browserleaks.com/webrtc + * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ + * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ + // user_pref("media.peerconnection.enabled", false); /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From e2e8c4ea8f9c8034a2ff72fe3c2d4a4a89404c10 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 13 Mar 2023 07:13:07 +0000 Subject: [PATCH 052/110] add arkenfox/gui --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2f33ad9..1a27d8a 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ A `user.js` is a configuration file that can control Firefox settings - for a mo The `arkenfox user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). -Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. +Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. There is also an [interactive current release](https://arkenfox.github.io/gui/), thanks to [icpantsparti2](https://github.com/icpantsparti2). Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://2019.www.torproject.org/about/torusers.html) calls for it, or for accessing hidden services. From bdaa2867b923669361a8527065e919c839668599 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 19 Mar 2023 11:16:40 +0000 Subject: [PATCH 053/110] v2.7 - use Powershell for locale-independent TS fixes #1624 --- prefsCleaner.bat | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index d266b3f..2e3403f 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.6 +REM ## version: 2.7 CD /D "%~dp0" @@ -15,7 +15,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.6 #### +ECHO #### v2.7 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -37,8 +37,7 @@ CALL :strlenCheck CALL :FFcheck CALL :message "Backing up prefs.js..." -FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j -SET ldt=%ldt:~0,8%_%ldt:~8,6% +FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js" CALL :message "Cleaning prefs.js..." From c84c419544cbbe4442190cc6325b926b519d8db5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 30 Mar 2023 04:50:25 +0000 Subject: [PATCH 054/110] v111 (#1650) --- user.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index bf931b2..3e3b84c 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 12 March 2023 -* version: 110 +* date: 30 March 2023 +* version: 111 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -262,7 +262,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause - * [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6 + * [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6 * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. @@ -426,7 +426,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * but the problem is that the browser can't know that. Setting this pref to true is the only way for the * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? - * [STATS] SSL Labs (Sept 2022) reports over 99.3% of top sites have secure renegotiation [4] + * [STATS] SSL Labs (Feb 2023) reports over 99.3% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -875,7 +875,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow * caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode). * In fact, PB mode limits or removes the ability to control some of these, and you need to quit * Firefox to clear them. PB is best used as a one off window (Menu>New Private Window) to provide - * a temporary self-contained new session. Close all Private Windows to clear the PB mode session. + * a temporary self-contained new session. Close all private windows to clear the PB session. * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [1] https://wiki.mozilla.org/Private_Browsing * [2] https://support.mozilla.org/kb/common-myths-about-private-browsing ***/ @@ -951,6 +951,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /* 5019: disable page thumbnail collection ***/ // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] +/* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/ + // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false); /*** [SECTION 5500]: OPTIONAL HARDENING Not recommended. Overriding these can cause breakage and performance issues, From f2e4a79ca0220aa2ad87e76ff59f5cbc37c5f373 Mon Sep 17 00:00:00 2001 From: Celestial Nebula <41875671+CelestialNebula@users.noreply.github.com> Date: Sat, 22 Apr 2023 11:52:26 +0000 Subject: [PATCH 055/110] updater.sh/prefsCleaner.sh: Check for root and abort (#1651) * updater.sh/prefsCleaner.sh: Check for root and abort Check if running as root and if any files have the owner/group as root|wheel. Abort on both. Should (hopefully) prevent stuff like: https://github.com/arkenfox/user.js/issues/1587 Discussion: https://github.com/arkenfox/user.js/pull/1595 --------- Co-authored-by: Mohammed Anas Co-authored-by: earthlng --- prefsCleaner.sh | 15 +++++++++++++-- updater.sh | 13 ++++++++++++- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 052905e..9aa89f0 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,12 +2,23 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.6 +## version: 1.7 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() ) +# Check if running as root and if any files have the owner/group as root/wheel. +if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then + printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + exit 1 +elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + exit 1 +fi + readonly CURRDIR=$(pwd) ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) @@ -138,7 +149,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.6 ║" +echo " ║ v1.7 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." diff --git a/updater.sh b/updater.sh index bf275c5..0f544d0 100755 --- a/updater.sh +++ b/updater.sh @@ -2,12 +2,23 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.5 +## version: 3.6 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() ) +# Check if running as root and if any files have the owner/group as root/wheel. +if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then + printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + exit 1 +elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + exit 1 +fi + readonly CURRDIR=$(pwd) SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) From 7a1d0a92af95d152349830d027648fa299b9bcba Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 23 Apr 2023 09:13:13 +0000 Subject: [PATCH 056/110] v3.7 - fix syntax error --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index 0f544d0..9f4b46b 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.6 +## version: 3.7 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, From d50c772d7d28b0a49e19e5ded6dcb0c4e52717be Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 23 Apr 2023 09:14:03 +0000 Subject: [PATCH 057/110] v1.8 - fix syntax error --- prefsCleaner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 9aa89f0..c62f070 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.7 +## version: 1.8 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, @@ -149,7 +149,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.7 ║" +echo " ║ v1.8 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 2f4b93a18fe610435f7142c3a23baa7e247d9613 Mon Sep 17 00:00:00 2001 From: bol0gna <75225753+bol0gna@users.noreply.github.com> Date: Mon, 24 Apr 2023 12:56:29 -0400 Subject: [PATCH 058/110] fix escape character, should close #1667 (#1668) --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index 9f4b46b..6a3d1f2 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.7 +## version: 3.8 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' + printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n" exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, From b117916207862d4785f6da32d48cbe4420372434 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 24 Apr 2023 16:58:19 +0000 Subject: [PATCH 059/110] Update prefsCleaner.sh --- prefsCleaner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index c62f070..f36732c 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.8 +## version: 1.9 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' + printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n" exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, @@ -149,7 +149,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.8 ║" +echo " ║ v1.9 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From bc5add9450ddc16c48d315913c43dba34baf4a24 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 4 May 2023 23:31:33 +0000 Subject: [PATCH 060/110] v112 (#1654) --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 3e3b84c..7b0962d 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 30 March 2023 -* version: 111 +* date: 4 May 2023 +* version: 112 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -491,7 +491,7 @@ user_pref("security.pki.crlite_mode", 2); * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions) * [TEST] http://example.com [upgrade] - * [TEST] http://httpforever.com/ [no upgrade] ***/ + * [TEST] http://httpforever.com/ | http://http.rip [no upgrade] ***/ user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/ @@ -1007,8 +1007,8 @@ user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] /* 6008: enforce no First Party Isolation [FF51+] - * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), - * and enabling FPI disables those. FPI is no longer maintained ***/ + * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), and enabling FPI + * disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config ***/ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] /* 6009: enforce SmartBlock shims [FF81+] * In FF96+ these are listed in about:compat From 04e6e77439bfa6e3f6b7b9c5e0afac7f74f0586a Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 5 May 2023 10:56:08 +0000 Subject: [PATCH 061/110] v3.9 - fix #1670 --- updater.sh | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/updater.sh b/updater.sh index 6a3d1f2..88e6e33 100755 --- a/updater.sh +++ b/updater.sh @@ -2,20 +2,15 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.8 +## version: 3.9 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() ) -# Check if running as root and if any files have the owner/group as root/wheel. +# Check if running as root if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n" - exit 1 -elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then - printf 'It looks like this script was previously run with elevated privileges, -you will need to change ownership of the following files to your user:\n' - find . -user 0 -o -group 0 + printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n" exit 1 fi @@ -396,6 +391,17 @@ show_banner update_updater "$@" getProfilePath # updates PROFILE_PATH or exits on error -cd "$PROFILE_PATH" && update_userjs +cd "$PROFILE_PATH" || exit 1 + +# Check if any files have the owner/group as root/wheel. +if [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + cd "$CURRDIR" + exit 1 +fi + +update_userjs cd "$CURRDIR" From c34531b67e0b9d162331fa92dc0eae2548d13fc7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Jun 2023 03:29:51 +0000 Subject: [PATCH 062/110] 114 deprecated --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6e06248..9245fc4 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 27-January-2023 + Last updated: 21-June-2023 Instructions: - [optional] close Firefox and backup your profile @@ -34,6 +34,8 @@ /* DEPRECATED */ /* 103+ */ 'network.cookie.lifetimePolicy', // 103 [technically removed in 104] + 'privacy.clearsitedata.cache.enabled', // 114 + 'privacy.resistFingerprinting.testGranularityMask', // 114 'security.pki.sha1_enforcement_level', // 103 /* 92-102 */ 'browser.urlbar.suggest.quicksuggest', // 95 From 84d515abfc631f1c824211bc609960a430ba334a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2023 12:44:53 +0000 Subject: [PATCH 063/110] extensions.formautofill.heuristics.enabled --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 9245fc4..7c3f150 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 21-June-2023 + Last updated: 11-July-2023 Instructions: - [optional] close Firefox and backup your profile @@ -33,6 +33,7 @@ const aPREFS = [ /* DEPRECATED */ /* 103+ */ + 'extensions.formautofill.heuristics.enabled', // 114 'network.cookie.lifetimePolicy', // 103 [technically removed in 104] 'privacy.clearsitedata.cache.enabled', // 114 'privacy.resistFingerprinting.testGranularityMask', // 114 From 47f152ac90d5962e0cd29ebcf8b607caa650d41d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2023 13:35:52 +0000 Subject: [PATCH 064/110] browser.cache.offline.enable --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 7c3f150..94aaa73 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -32,7 +32,8 @@ const aPREFS = [ /* DEPRECATED */ - /* 103+ */ + /* 103-115 */ + 'browser.cache.offline.enable', // 115 'extensions.formautofill.heuristics.enabled', // 114 'network.cookie.lifetimePolicy', // 103 [technically removed in 104] 'privacy.clearsitedata.cache.enabled', // 114 From 6151d664acced94364e7e3a075e6ac3ca555ef48 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 19 Jul 2023 20:38:31 +0000 Subject: [PATCH 065/110] middlemouse.contentLoadURL --- scratchpad-scripts/arkenfox-cleanup.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 94aaa73..5c0191a 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 11-July-2023 + Last updated: 20-July-2023 Instructions: - [optional] close Firefox and backup your profile @@ -241,7 +241,7 @@ 'toolkit.telemetry.unifiedIsOptIn', /* REMOVED */ - /* 103+ */ + /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', 'browser.newtab.preload', @@ -261,6 +261,7 @@ 'extensions.formautofill.available', 'extensions.formautofill.creditCards.available', 'extensions.formautofill.creditCards.supported', + 'middlemouse.contentLoadURL', 'network.http.altsvc.oe', /* 92-102 */ 'browser.urlbar.trimURLs', From 4d78abf2bfafbbcb03f8f6d6aaaf7e69b7cfee4e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Jul 2023 04:37:00 +0000 Subject: [PATCH 066/110] v115 (#1680) --- user.js | 67 ++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index 7b0962d..5ed7c08 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 4 May 2023 -* version: 112 +* date: 26 July 2023 +* version: 115 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -116,7 +116,6 @@ user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] user_pref("intl.accept_languages", "en-US, en"); /* 0211: use en-US locale regardless of the system or region locale * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] - * [TEST] https://arkenfox.github.io/TZP/tests/formatting.html * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] @@ -296,10 +295,11 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [WARNING] If false, this will break the fallback for some security features * [SETUP-CHROME] If you use a proxy and you understand the security impact * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/ - // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96] + // user_pref("network.proxy.allow_bypass", false); /* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+] - * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off + * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off * see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3] + * [SETTING] Privacy & Security>DNS over HTTPS * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https @@ -602,9 +602,6 @@ user_pref("browser.uitour.enabled", false); /* 2608: reset remote debugging to disabled * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] -/* 2611: disable middle mouse click opening links from clipboard - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/ -user_pref("middlemouse.contentLoadURL", false); /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] * 0 (default) or 1=allow, 2=block * [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts ***/ @@ -642,6 +639,8 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); * for these will show/use their correct 3rd party origin * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/ user_pref("permissions.delegation.enabled", false); +/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */ +user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX] /** DOWNLOADS ***/ /* 2651: enable user interaction for security by always asking where to download @@ -727,10 +726,6 @@ user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ user_pref("privacy.clearOnShutdown.cookies", true); // Cookies user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data -/* 2816: set cache to clear on exit [FF96+] - * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust - * [1] https://bugzilla.mozilla.org/1671182 ***/ - // user_pref("privacy.clearsitedata.cache.enabled", true); /** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/ /* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME] @@ -758,11 +753,11 @@ user_pref("privacy.sanitize.timeSpan", 0); /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) RFP covers a wide range of ongoing fingerprinting solutions. It is an all-or-nothing buy in: you cannot pick and choose what parts you want + [TEST] https://arkenfox.github.io/TZP/tzp.html [WARNING] DO NOT USE extensions to alter RFP protected metrics 418986 - limit window.screen & CSS media queries (FF41) - [TEST] https://arkenfox.github.io/TZP/tzp.html#screen 1281949 - spoof screen orientation (FF50) 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) @@ -801,19 +796,23 @@ user_pref("privacy.sanitize.timeSpan", 0); 1595823 - return audioContext sampleRate as 44100 (FF72) 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74) 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78) + 1506364 - return "no-preference" with prefers-contrast (FF80) 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82) 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) 1422237 - return "srgb" with color-gamut (FF110) + 1794628 - return "none" with inverted-colors (FF114) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); -/* 4501: enable privacy.resistFingerprinting [FF41+] +/* 4501: enable privacy.resistFingerprinting * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme + * [NOTE] pbmode applies if true and the original pref is false * [1] https://bugzilla.mozilla.org/418986 ***/ -user_pref("privacy.resistFingerprinting", true); +user_pref("privacy.resistFingerprinting", true); // [FF41+] + // user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+] /* 4502: set new window size rounding max values [FF55+] * [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen * [1] https://bugzilla.mozilla.org/1330882 ***/ @@ -822,7 +821,7 @@ user_pref("privacy.window.maxInnerHeight", 900); /* 4503: disable mozAddonManager Web API [FF57+] * [NOTE] To allow extensions to work on AMO, you also need 2662 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ -user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] +user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF FF57-108] /* 4504: enable RFP letterboxing [FF67+] * Dynamically resizes the inner window by applying margins in stepped ranges [2] * If you use the dimension pref, then it will only apply those resolutions. @@ -838,7 +837,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [WARNING] DO NOT USE unless testing, see [1] comment 12 * [1] https://bugzilla.mozilla.org/1635603 ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); - // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); /* 4506: set RFP's font visibility level (1402) [FF94+] ***/ // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] /* 4510: disable using system colors @@ -941,12 +939,10 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow /* 5017: disable Form Autofill * If .supportedCountries includes your region (browser.search.region) and .supported * is "detect" (default), then the UI will show. Stored data is not secure, uses JSON - * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] - // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /* 5018: limit events that can cause a pop-up ***/ // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /* 5019: disable page thumbnail collection ***/ @@ -1021,6 +1017,9 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla * [WHY] To prevent wasting Mozilla's time with a custom setup ***/ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] +/* 6012: enforce Quarantined Domains [FF115+] + * [WHY] https://support.mozilla.org/kb/quarantined-domains */ +user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ // user_pref("beacon.enabled", ""); // user_pref("browser.startup.blankWindow", ""); @@ -1037,16 +1036,16 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("extensions.formautofill.addresses.supported", ""); // user_pref("extensions.formautofill.creditCards.available", ""); // user_pref("extensions.formautofill.creditCards.supported", ""); + // user_pref("middlemouse.contentLoadURL", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); /* 7001: disable APIs - * Location-Aware Browsing, Full Screen, offline cache (appCache) - * [WHY] The API state is easily fingerprintable. Geo is behind a prompt (7002). - * appCache storage capability was removed in FF90. Full screen requires user interaction ***/ + * Location-Aware Browsing, Full Screen + * [WHY] The API state is easily fingerprintable. + * Geo is behind a prompt (7002). Full screen requires user interaction ***/ // user_pref("geo.enabled", false); // user_pref("full-screen-api.enabled", false); - // user_pref("browser.cache.offline.enable", false); /* 7002: set default permissions * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+] * 0=always ask (default), 1=allow, 2=block @@ -1194,9 +1193,9 @@ user_pref("browser.urlbar.showSearchTerms.enabled", false); ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); /* ESR102.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them +// [NOTE] replace the * with a slash in the line above to re-enable active ones // FF103 - // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) +// 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) // 0=keep until they expire (default), 2=keep until you close Firefox // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761 @@ -1204,6 +1203,24 @@ user_pref("network.cookie.lifetimePolicy", 2); // 6012: disable SHA-1 certificates // [-] https://bugzilla.mozilla.org/1766687 // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1] +// FF114 +// 2816: set cache to clear on exit [FF96+] + // [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust + // [1] https://bugzilla.mozilla.org/1671182 + // [-] https://bugzilla.mozilla.org/1821651 + // user_pref("privacy.clearsitedata.cache.enabled", true); +// 4505: experimental RFP [FF91+] + // [-] https://bugzilla.mozilla.org/1824235 + // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); +// 5017: disable Form Autofill heuristics + // Heuristics controls Form Autofill on forms without @autocomplete attributes + // [-] https://bugzilla.mozilla.org/1829670 + // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] +// FF115 + // 7001: disable offline cache (appCache) + // [NOTE] appCache storage capability was removed in FF90 + // [-] https://bugzilla.mozilla.org/1677718 + // user_pref("browser.cache.offline.enable", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From 915f39959c7e077f00477e6ce34a0f9f9e3e7c6b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 14 Aug 2023 03:27:30 +0000 Subject: [PATCH 067/110] external.ms-windows-store, fixes #1142 --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 5c0191a..706fbfc 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 20-July-2023 + Last updated: 14-August-2023 Instructions: - [optional] close Firefox and backup your profile @@ -241,6 +241,8 @@ 'toolkit.telemetry.unifiedIsOptIn', /* REMOVED */ + /* 116+ */ + 'network.protocol-handler.external.ms-windows-store', /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', From f1831e947bae0940bf8525447345c96ca27924ea Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 Aug 2023 06:45:37 +0000 Subject: [PATCH 068/110] media.gmp-widevinecdm.enabled this adds nothing, users can use `media.eme.enabled` if this is their threat model --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 706fbfc..87556da 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 14-August-2023 + Last updated: 26-August-2023 Instructions: - [optional] close Firefox and backup your profile @@ -242,6 +242,7 @@ /* REMOVED */ /* 116+ */ + 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', /* 103-115 */ 'beacon.enabled', From 576da2e2363d326ebefb962fd1b149b68bc88284 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 Aug 2023 07:08:23 +0000 Subject: [PATCH 069/110] Delete smartReferer.png --- wikipiki/smartReferer.png | Bin 37523 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/smartReferer.png diff --git a/wikipiki/smartReferer.png b/wikipiki/smartReferer.png deleted file mode 100644 index c64b93a9c6b9368a9fe7c92087f577fbd1c1914e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 37523 zcma%ibzGF+^Y0=G5`q#UElMLGjii8pv@}R}v(n9iba!`4cXyY7wA3!JbSQ&ri@fABOcG200Psxe^Cu+$;86wufMW0z?V*I- z=0*3z3**~oO$Pt~3;)l90!U4N1pr_wScr*z`C<-q1Ui@lzrB_c6MOy59%yP|Z2|ze zE@mj3sVMKh6ubnViOK}~#LEDc2%o-I5)Jbqh@oYq!gwwnOqH`hsM!5NT>LTVP9^;JuW(>1RMyBcN;i zIaUqeDK_A}VsHQh;IRilf9UO7SAc&CfI#9@UEqYN;`uh?gQQYw1e&Qoi2G_iWwt|C zS7)K1AD1FxBH%W7WRUuirN=FWnBA8XcNP8<0LYFZeBc(2a2>~~7$4`3Y{1cD-s?m| zzA-d}-fvEne)|XjtT}p5-oIn5CGp`$^Rc;7cz9uH5|LvF9CqlR$%uG{ZmvQbHB9-7bHv=A(>4B@G+H&wF3Zj zKT)%&jMNGbJ_P_iW&1K#iIARkzk1h&M%Mjgxf|7bcq}sX6yJbqF&M=#RO4;r zQ=*iBE2{3#kMY8&Uk?WpD87-2;rh&`6sq!C^)vaYp#7r{LD~{6G5kXS_V0IrZIW#9 zzBP)1GuZWF%|CcZ{3UX+ei=KmrAEEXPWxqFM$_bdEmj z_bdawqSd_bFyf3xtKXDimky9rsgAyPcD5jm&+p#O;YH!IKKBR~>*Jxu3lU?d zYmR;-Rh_Rgg*PQJWvldd_g!%s=Vy|)al?zoRyF7!;@`by8VcCR*y!Eh*dX1YI@Q9= zF#Kqjf2F)muQXyQO}zPhlXDZzB$-`AH7`|Z6zqF{_acp_9l0YG!^h`i7CfC9Tayvwtzm*C#W^3uIHWn$Yn9;fro!mZ zWV@?$M|q5G`l2MbcPN+u#<0#nTF5Ee%x0o(Rg##Ls8Ra4RIyZYzn#0{uqdOjUA$HE z))z-)P?}DgPSPxD{7J^P@`Cb85oXa#IYGYj3YHS90@9q;PcEIdMMue*9lAc5vcMv+ zTl@A6nHMWU1z~ejbS{alfmVx6jkbh6{z{;q%MK_&&N{esq9~@*`%$dGAi*GM%|E7j zQXp?uB0>T;++si*N)5Fcuo=jsMWdynm66+%J4#iOYc6CciYFv!;gk06RDbwuZ5aN4Q;joUq5ITXsCYGsg)?tD5sfgEpIJ) zQPeCSCtsR5XVzPF(lFdm+(=xt`5SGiqQR!Y%fQT#$gHuyqW37SJi{w!z# zrE+rOG4jBa5S;<*c8aSqzz)91g#F zhs0JDHz$R$vJ&1~LCU-p#1wqZ>bKvr8nMQxm(N!<7PypL8o-EzE`;o}ph8dq9xyvt zQ|~8FSL0CQs6sC=Q!fA_26~G$M!F*>0YyGEC}yZ3z9PO_k8ZErJ*he)h543DE@~DI zMZ&Y2MF>TrzL$UB>@KG=A3BIGr@Guu9*-HfzzO)`y)*X<-C)Zgtk)ZxE+8mCJy1CE zTd)SnBwG@f%jB|{1LV`qr^HX-G&44Z50%W)T#P~`ES3U`JT06p!UHU(nm=bXGBl*D zWyn6TFjjEeT6aM14&g!T8S7Y3529q&A)Rk-IpaNN0Yxv1S@7QRC4Q6*mgkK>7J1J2 z<7GI_DZUF$B&J&rd5_r})=BQk;NN1}j1=;xpBd%cV-I55xZJ4wISSrwHv7{RN4Lp7 zlU+&U%Y2#Y{Mv?HkguK1FE%FHPPBwdF0R3B&uq)od9=(Vpys~cHms4AA_0Basy4dp zi6%2_(qUQ1L%bfmwb+J&KpAyr za*eI_GRqG&0(Ndom{7teOo3`>Wdcp14U9Ik3Z;kYNfqAhwC-|NzPjBb-@EHktoE@~ zF*gIe_Lt`mbrdvMH6ir|H-QYs9 za|&p>NyAl!Ef#mbPsf>^PK0M9WO#YATrcY{fUV{x<$` z?b9a5)0(ACeDx;v)Ji@*n?1)pf%~{=g~8VJ*3^n-ZL8)Z_x5@Z)5~4bOrG(Tvv#+W zm&m!<%nyPq?QnPCW&hu-5(ZZ`d-( zvdbkKKDjJ;i5B2DaUXLYg)8qKUd}4Zp(nCW}k47c( zK|o}OsQR~FJ(*f|f*8}>R~wts*HS7tKyyOe?DFq#f&^9GJ=OJjjY<9d^G9)iYHbXa zn$~7#v#ra)1KW#nG`tO0VM<)jrnHoalY39+i}tLP1yvoEJ%cy?&qbe7eL|h0e*Ex$ z_=uJN^ZS%as_4(J|MOT!%)bRvd;xz8s5Abl_j!upZ$0W=g8yT~=zQhB{RQ*Jj_>VB zfAsd&`TLz-w)3IDw2|vkeBbAP3i2Nc3Kyu?{^{qLOq}XJB-mm8OUu7w{7cKf#Qi(Q zzqI)OOWeN=rHcGN{vG7s8vpjRekRAK+6C-jdUpNH^*{XWS4#jB3Z=wbM}K@iL@7i` z<^tjWWzCH6wzycrx3KGd*ZcQe5m0q(sClPi_CnJtoF+Z1_K}HenWu^cz3h8AVyZuV z1=srQ*(*l5|2$ARMlwE0)}K*P1XmLw_ut%tt#dI$UHv z5|hxn;{WP$rzR%+GbV4`3|zX1_^uP2Al(a2K8;lW;(V>o$g+ou5n*w9F7dStgc{I2 zSqjU}mC?g-`kXfmW=?N}i=`fpikC7bF$pRZ6I6KX^C^VO6v=V$)07t39|G^+8oYSu zyiclhK0zMeq}+DV+BFpsT%wloLv}Z^)PXNEz5>9>xZHi+42!Gt(D}9NU^d_3nI)87 zf+HwWn?t@J2}d+@GX2auiE00>Gx#Ntbo#i$bFPRRwQ2wI(&4s?rB2#9{MoP4bWeDe z@aeSVe8!g8mGXVdJw{+1w&%E5|0GNUxj6mP)dUqC%DiV*tI4x35sL-ZKNYOKI>>JO z_-9Ee3d_3}OskNLaDLNf_krEsVQ*G+O}9O9pEmw%iPG?xSM5{ncLga%4H-s)bwFLY|3Ug6LeTC(&_`HO_h#o>3inoGDN6T_oDz{O=75sHYO4@t z8p#K{J`AeWI9ounISd6j9!wGi!wB3u8;Bldd*BQ+iT%-pBF(8?!RhkmQIT3Z?;}j_ zx@!pi^vB(!Ava5ZGf|kD0zDH|&Vf-Zme9Zq-g_GozOG6t`F5`Mb=ZqpMsakU&+&DFa98IBIzJmr?F-dFVmtzsn_3l6~d zZ_zSxVQf@UI{4C>h;85H%Sw$~a?H@NR)}t2)NNhvNd@Q^V$Q65^ktzy-_<_L`rQCY z=Bb$HIpq3oEr!OEv>XQhyVcn_7YDHp)Zq!6?9A0CXIgS95V|Vl?90V5z-CCz=I`Sh zVIg2%HuHdKy+8}4*%}U$B%F;~T^_|bqvxv3{8}by6r3)EBg!Tjv6mT{mAGzjS701I z;tu8Rq&=bSVrOD!l6ItlxpJN4klA|@j!drFVdCv%LbBe{4A4}pc6W;L@XFjQh}b#gG%UfOr+Jqgd|@u~-X3sh4&5D}S&3d`LnM5ia=ip%o?9U=B;0xW>og^CVx=Iy+F zGEndC-mr#~PTIpA{w+4JE*zs$@V!sfa;+s3P)@g}k!-zoP~Y3&vi2T@sF~_qEcNoI zD9mbOxesP6FXl1yQ+5o+yIef-(7d~1?2v%2?*q46+z(s-*iU&EIxqK?OV#wRs?7(Nn&0pXr%$7CN-M^2=_|n_A9j*pP2y zG3RnsTaT&hS3$eNo45Oe(>u4l)Q7r377FG*`S|**Fae=J7x1g0N?KX{b!6-Jj?T<6 zER4A3!{RZnv;=ax1Ixi!*w7eUkoPBY#3ym=^QqAERx1D17%MP$zMp84z4*l#J}K(2 zCbwfb>01|8fngzyA_$Q#M+}|m^5ATep7`a<rrQ1aw=$#`HQQG3i2U>&^*JaAB|rIKH*Z z+G&7P1+616lDK~RP-qKh6@w0kr|8g5M>VGx+@S<>(LQ5nWQgQqRBx@I`}7^}X#K{Q zlP>Mt{z#s;rx8-Zar0S!W>Lyar&hidPG2$=!rx3tAF+qED3%ab*ngePpq;@^-|j8Y zR9XgGs^c1{TPS;jjjCMhXWDDM>_33+Jblq#Bz1NF{9?+hX`*&yCXEx_g|I=I?jyp} z?ry?+qW6L)x%u5|wwqIaoCL8Xi3kgCb`yvrmtdO6@SfW;qRt8ZdNnH@vg+slZ2>!R zna>B3kMu{UxFxbG^y;1$@6467 zww6twrH*AOGU}k4^j6WWO0_&MVXA8Fz?F7YkoO2QVKpg+q2-26H9H(t?j#w1yMp6h ztr~|q$16XfF47&DwJ9U@JnF2rN#}>HX%K(pZ$YpZL=sZ22RtdIpW<1tFTh?A#h*5F$24wfM0DsOh%Usatqpv7BLOmnB5g#d*c&^W)H)vJiSub z2%vjlE8S{u+w6V9qv`CE7(o>sd#+h#zDZBm%MrBY$o*XGRI;1UEsw@u*Rv+c30rS-PwGD^U{+&G}Mn@^JbWZgCcBBp-;cKiXbM0G|@0MK!arLI-szEJb{YKssz@HYz5gnnoL}gnd z*d^(bzv1IpY+=J5M|~H5$m3Q$E`ys|eBukF>FNE1+4rLFdFY+`lT4>Qf4tOjuJcol zI>;P03pjTa@g!-p%;)mK0Nnr^r5+1In+o zjKQ_;xRdlOQ6;dYRX=CWLm+sMF`H45J+>ZHts1Y$Y0Eu^IXAV1Fl!H~V0cUa$3wG2 z`;n9&4*}-z2u4S#wPc;j@9xOOnj^Zy$R=0FVEo^q>MN!hmh%VHWXod@&ZMRX<1?*m zyRY6gK2!VN!_^{jA8Y-_&{PT28*Qn^E`ZSA3BrD~V;1&1R!o!UUO8=lbj+WZCstk- zKR&R$Equ#^2fD-mNV3t27qkSjxIKzfscR2^&^lkG-{dr$%*(!8#SM6B%IF23>G?&| zE;9>HM?s1UTX?cskK}N?Wz)#F#nnYL8OAW--|=+*`uuhk)ER0QPid)PcdsO) zy2&~X>7`odjY{pO>RjpM!dwEaD`)T6V=Qh!z3szmKy&-6v}`$@jN8?tXoWm=Sy)g?zENYDypD9~pTilaIeNU#^tpUmMTU)!cL7pEK8E^a%E!FsN{NGD`U@XDJ6 zzc;vD+9H+y*cOXs9vsptMl$A7mU9hGUnNxfhaDW+46y3ZV@V9=c?2paDUBa2Cs&Rq zzSzjJp($2P7FE_ScHcXsc3zJ9U?OkxMqC3j%1|`>H?AA!Y{2rKVJ!6y;}lWmt8z(D{!h#$ z#n*lF57eYdviasYh;rH07FNrjk%u}5dqAgagj}8{I zdU+6YEy`Z=d`kEHX%Z01_||`Tq23MemljBSNfdpI5MfmE_%ez3S`w!R9#nhB|+O#S!v@oH2U(gR$Hlu1Sy!hIQ#3u5-2s|e}kgn|rE%rS}j6sq+UtdAm zy%ZW|N}FA}fx8|(AYpaKjk#U5pIJ@yd2MeLcmp|_>Jhl}-!B@+_3zJO(rakzD2MUS zzd}+3a5pthd&kmTA;#XLcTY~*C2sE}A_LYBOoVCbU(uSAM96gH9d;HeyN_w4t1tKY zYTbvk%l(9ZoqPx6BC62aX*U@1Xy0bIv&!$^T8aIUt19Q!Q$EWCfeQ z$tOfvDDEn=x?(Fa4VMkrql7szqy1?s$NY2JeNUg9o$ZY%_hBJqtXxm1M;MF7as41S zqb3y_l{28cM`VB2q50da-WM>dFYu&Wd$G)QK$^GRrD~Mn++i>WRUFTsL*rHpSU47n ztdiQwd48@>sb}kZ#$-~jobGi{RL9+W>ySi0KB^@LjfDZsAN1aH9%Ps*E0V;O$JG|A}g3OLyHuT?W=48oNZh@b4c)djkPB}-z_gr4|C1tw)QsxOSbYT?rflLfBHi#$V3UN z5`@ow|4cTp0AS3HG=;z?*S{py>A^jaQF<&D&G;#Hdy0AMi5gXyyR-jN{8%C5X?v^^b_Gm&+mDX{?Am8tCy>G#nwF7X& zoXclaM-AwSCf7hafueb_%dp8t2I%$a9P#oP6PRasas5kB&08CYH?_j22%U83i3v;G z(G7zaa+kC>QadF^bevy?q0Hgd_vz+}y9}#6n0NvtwbsC-?CW*EarB&_?g^%Ehx)~v z?a@vExm8NhIr;p@;yS4heOoEb(h-%7MwUZ&;e_)&hB$@BS9<%R>CAPMWm{d3 z;hek)-sa-m_;lfy_gJ!+xF_CfV^BGy=5P-8;T=&f@W!kQ#bo-Wy;52J>!}Xw8(bLW zo_N+T*&>(%@qo1MNu|8!z*c(vt0HwJ^KD?4S+|YX!hGh0t64u4PPuD8=sn9Fdn1m` zVA|(donPKgyIN#RbM*(uLZ8BP(hr}K_g;8OnbE+k`MNJYF|yJmjit32P4V}-Lv0~R zXMRksm)XFj(%tE$RvjC79m@LGIP@Im3!l^Fw+M|iHY8> zS6>lnMA1Wp_i#dR5s`XB6pWW(-qUi(-O9~t);&G^vPre5S#z{4q!D@UDjVPm{o2

T-pn?~Skf|Xgps#9Yq=!xsuE~#Dwl>TSVFL0t6#D=xsb6! zqF{`OFqm<++}&98KJLOOfUVv3FExH`EVo*qTAHVERvcX!Owz)Maoe1&+U2;pccix- zu5imMwz?G?u>zT}YMg{#j{OMs3!?p1#7bs9kA-7xsBFj5yW|ued(i*&s&t}h;5pL( z-B;5k0;RpF`DrhTIT>Vb2v-(K4fyMT&{lO}MNz>z+2G=hIs{P(^TvEY2%qY{xMqgK zYUH!#wQCb!+!sT#VjS~zNO`X|g1W!1Q($>{ZV zcNz;?)q_VQcqZ<@*E^zujInbUI0UP60(D3DMQlSJk&ZWhp%S3M`vf z_ae92>PNG0t`Mhxp9_IzWvmHLm+WSyvNb>=OPVIG) zo1W?Why6Hp@I~k7F^6tC;F2ZSnM2tJHOM^foM#KN>6Kpl`UnOp)mq9U>w~2}haQ~| z0e$Q)%jK6cyDsboD=zHINx79=h4*XY%t0T`JAax?>9h~IowHJ59MLwg$Dc8$wZR8& z_!10=!PN0L6n-tX!20bYCjQfj9xpaS&-H5G30JmKas}h-3&FnI%8HF&%uX_W@@a0b zr~;AcH9p)}v@>K(IOWv0)Eyk0dw&!tFA{-4X0>NUW;CAWeuON%**Cjo@|Zo84Sa6) zbapeB;xr&x^zN6Tclnq_1>$q&ko4M0Q`|c$xYVcZTWOkWdsn-QnCXX|2M5UBc(xu5 z;(}u{5`^Q0nycGHRv_(YtKmdytV5uuYGTS-6|t zSO|mazvJ2d!@Ev@oxuN!jX(Xb!2Q42_`gm61=Ue5CLF(qQUOf4rU^K+nYoo zB)>Cf`Kg~i`!O0lO7rx=LG2^{C|`;7w-y@R166+-DN+btQ49VgB2@ONHt^#_?b>oXXLLzGe2E2n+VW*eX5TnJojXDgrdyJ*@mf~?VRB{l4ry@p++1*dkM zfFJHbzD#*B`}D+0(~MSJT&Iw6vY72c6SBK1ss?S4CcH6Qd>^)>~x@!=)POG7W_ zFHvvZyy}4BMMOHCaN8y32n(y6-lpA?3>@+gN&Qg1stZNf?)_xg)sZZ5`8av;W0J$M zh^uY?T*ODoW#6LFTRrsY^66t6ZqdzPVlo)!SfP%5kcpZ$Ya89--qurTH8UkO6$i%7 zu>qX;4gz~=u-@P+mUrK4gxwY3xNaecw|voe@t5pA9xo?%u%E(*hK+W*__h=#B0lgS zD)xt5@}?ga3%d+rLI)iro9EFusDY(@=}Lj$NlN-&4`yhrvt_mnpIZVivJf3NPI%0% zoiwX?jBor$09K$R$|0wN?epf*vOyW)2JnxdPyDLsqv5-wcTtHIx8k5&M>M zD%*4Ek38=dub6cCQkL`}3PE;Q3f&oJ=hiTx)W@`TFAm?XrKL*Bg?3c99gk)5m2 z(%`p^3SG0+QR@3Jrr*#C=790JhbWCz*jYJB@ zvCmDKe*MfogOo>}Cv8Fpz6|qupIO>^&X(T?8}ohPD=-bHkvGAC3~w zgB)WgS`Rg|Ie|{LG!_>L4X>r9sJ$fTs=>4$dae_K_X)rJ)sgb2!LrhNiy{`2Z}^s* z*^ReN>c}3IjToyg!kim!kADxI7`^D0dZjK9@+9mGejN#5;-H`WB2$Ny8*I`ki-I=Om4r{$BbOLP)VX!nQiW!nF4 z`4(s%udDp0_~+zvGkTMPe=^^ky#F`TYe~a{hhc}aH?@g(bJ3od$gDM3@1?nLS*Ft( zDCp4zW;IJEr_m~$v5y+Cil>Zpy zi#_@jbYH6g={KGJ{3Uw<4?tLb-~xm7s;Ue2;lUuYJLOnkhYQa*xe*ZaS*LUP2sPdZXv^^ryGvxMJR&I{lV-49%3Pll zdYfE7_R>Z0{?r=dcjNp)WqgUlY1tIzTCwl`^(-n=(<-Q0g+^}!SydUI+aiayjf7zx zB*-+mLi6r^ys;OwW0hDI&OApoW24a#^1*sYKnSwQ;d_mOuFL2X_Jd~04sVt{1&gyf zhjT@nwgzJE{gTSHB$dLrtL#fDqDOVQ<8e>RXG5d?wuaQ5YxdT3=jgVtuQ%jc(H5gj zPbxf}CnyQeFu;q#ZQ)-!*yUiwPDtqxkRD+z3q(Y9>4I52f2u>7kRl3Qhv%15MoGzD zwm)~1%@Yw5anHQZpyb(BJ(D`6D>dcqD2o2Ol_v)m!j!s4ZIg@@uKt(mx@5VwAqk<- z=D;6xO7=#1!9XlVdRErK_u+9RlG8I%G!v7H)~U2D6;S&RlTLz1?suCE_&Pjyw`ng} zuu7PvU=HwS#|x6y#U-LHgwti42`ZKy`Ed6Ut<9;sD)gv9{Mt-c2vJE1_sMdP=)elU zv@Yj^ZP5fd3I@&Yhwc2j#)FOI=4usP5O`k_jtYYT&cJCbhQf{Fyo& zhZuMi`!b#0>Ks-^=mUZu0vtsZBACGK!hR?UHvYLLvU~hKXSWb>2JwLz)prz4nNnWm z%FAA6gdDafrQxBcw3|%$1dNCmYGy8`!_<(Dth|N8HV;r%u+tL?m1jl_AU&l%uIUE! z3<*quFJ`hj{p)rCKlk?e5#Bsu{3g{N_d7p;1Q^cGp7FaHrDSJM_jQvcbNZB4xCa+> z2%*O>xlAcx+C*4JNV2c-()7Gdk;}vh5!YGXVdSTj=UTtoDJwoLd(9!c#*D{=~LwLf8c$Iy~U)wuMAHlu?*;Zd4g4!z;! zHp|G!2tCM%kE7w0ikh1LEa6Qtgj22~`C9pArJjK6C?cEZ6(sFvyAh!bEg~~O9?w!brJ z_TDQ@8|(F+jTfHHnP50`s)g5&-K8uKWQvbco<^1HYf`%NOYh&+98}gJUes7Gqw-wm z05=!p9}^GVZ_wKkMK80ic69H5T}lZRCDXV()4$^2M^MV&KGcA8DAcSihR8~(g9#^7 zab3D8FWQFjf#~rrPQTFQ3J73ji17WuW!sF+S6**3!Z>Z4nsKEWD%!5mR3?Qu zzoVtz(0rN`tYlv|RvK418rQn6Nd43-J-$KTDPN4JK1#PUbG6c;_@Pnatx={ z@2&KqA3RJR-F7U54(8?UcL)KE$JV7CbtLDVmTj55tDy#xo8HgoAow3>7(Q`c056q! zR}B*H3z={viESH66TkuTb!Ibd5uW$gXxxZqVRDu|iB(A!t*i=1#;-l2VNBonMu*(? zxP&gr+t^zIVUS%s?FvR&SpmXL6?Ju^S7?O2X0;a6Xxuh8_^4f-v6Z62znG)AN!v7_7)=ikS4{ul8Ou`>_vvqf@|f;NIVYYtJV4g#fO0Va?r=uJZ0a zI>IsEs$~l(mhZ0O?tiZ{BS>wh0#-g`d^ez~s@kNTptxjvu5Pds2+H|LzVO|0g)(aI zdyH%H<0ABFPCr(j&(i&3nEe)&(GHuV8@irP5~Rq>r{N)oC-e~|bBDZ@^hC2amI5VM z2@KIHrx};Ouek!m$#)jDYUHWLn=iiyYVC5KxF%LPKUl)`b)mBy`~zh87zJvTeEUSF z9RaZp@O8cU+g3qaWcRZ!>?Y@-Guk}q>GyK&bE<@`g+37i3rO6%QBZU}rgO6;u+_kN zb3yC&WSJ1R##2|QwWhpMDfAL63cEMErG-RiUP?nCrNiU?=cyZhN^Es_QTx2iZsuzK zIJ9`zs7<{mC6HC3L&)#Q8NIzanYO;KH+&ItbG1irS8)~ClN)`#P|9@3u;E9BAE$ZO z2E)>JM=G7dmuk7;>_-due5{1Cv#Ru}4(>}y`pu;)JB1>u2}k@S`YV(KZJkRx0Twuy z6g-aDy&nsNd(am`Q`FD5g%=40n(h?8oPb@-(a3_n3!A4FhEzMzWEH1ikG>Mwj@)-U z2jlAhq;4_6-ux;AjTvh}zA98#U3K<&k1g0^CD=qU%~>tJo2AtIwvm%gV8DenV)-Kb zZ6Ui=Tz8sSprXE5bYynUZB@Sz4-J1_Go`5)vV8;#H3zLwA9Yj+k_zb_ z>7;O$E5qio*XJ`9mFv9aJYAei7kQL0e^y>9e)3p!a{6|6Wd~z8fH5%fM=l*kGFdo2 zcv>K#j2DO_Q>n@N7xK6L)l;SWDypiA_t&C2_5%YL5lNPJ-Z|JF|vyT1(Tm=!q=U-=4Tsh`L^1lS}h@idC+h1F}E`cDRue5 z@=4kuBP(K5h-L)10_=7z_}~n7OMM=vxG0KT&x`>l4fnd-C{)JbcYxg7o&*}8l|No= zamn>kWV_y!Pbbpr^-;l>eLq&o@J_lwSsl2}b2^Y(1NDvonvA(Od2hM$d0tSZ38rbn zHPLPFoan9&#JDA|jt@F>zNA#+L(+j(hkE+ByG*nj4eo2=MO<0_hO&>1FB{M zX%-}g>28v_yZ@(I)lc~DN;B)C$dmls+@8)#rbDEn)0qtC1P^sm;TLc-bG&y*p$8GR zyGwzXB30`%<%g44)VpPne24v#dV>1S)Y2uQYL~`AP}gjdci%Sl>RxG>Myox1n9@^e z$)UPYp2O@V&|22yXAcpv!7H%xZ}sEtB;+R;@1A0w-daKo?Zc)Nlt+gD8@V!`%JUSc z^TG{C@ie@f5Y!TPZ@rP%$Q53$a5^xcGSG3Y)Fmg^p2BB^{q7naNQ@?}2@EtkqS*C< zlJzsC%nyXuR!)d)77G7-n-@%u>!ZjzcvSh^u5B&}!sFXG^XjDs(0KTuDfy&R)3kj{ zvR&5uUf$lJksUZAr0ZeHA6T6Zk^34-0w;O$gnxJfBGp~`R#XVUve~Uk+RW{N-s-%` zG1>t3a9`=^|aaK zLa82AWsT-zG$CRSd<9R7_ZL8Z;>(o`Y&UEC!rf9Rmqg*C{hFq;3KLGNx$qaPp2JzF zi7c29vWe(HAxVb*^{J^nrt-w&j4OLy>7tkY-MlRcTSf{gb20_?It@ru`oVmb7kF3Z+F9o*qGu2dNaQ zW^X<9LCavMlYUxWe|v836y?5o^%uqrN%aZQvnOQ?OO(hh1O0H6B9zYRL-2T zGVE#2Uc(KU4ZmA!cSyS6i+j`lya!+06x6>^ER!U&vvj%G1X`>qJMegbr+PC5^=5C} zFZGga@Q&Tp%~J!N4&U65S{okX-x$*o5CtR2==q;X>RBDsJa zhh>O_ORLH7U<6J%YgJ@d%_GV|Wrec)>kHg)6Z3GR`W0J+Y-An`Zn^Y?Q|F=|NiEat(g`NTE2OV>qy5LA>N`6&d8dgU<^{ontb0fkweZQGLVY&&$tH zU_OcbNaxxKE;e{@Fb9ojQV9t+Pjl3Q9p3NOWrYSx%IN2=$Pw>e|7w-kZ&9$Z z!So`tf-H_i&>6rHBvLvf7@pcmzcUUX{?E~i=z^Tj`YbaBdId`4x%7W@9%|9QRF$3K7CQfK|i8vRdw{VxdM|BH?Pt>M2{ zRf_DUQiMzhTV06!5n6&Yh&qg}o$DtDU<6}cLhQmXeRmEgClt5@6EXT92#?GJ_~U!R z_W|c8q*=KTROE#)FjaW7Sq@m`vCPNb3K`Q9UImIW6}VpB3*F7z7GXabf+-J@w@y}8 zS@j6nQnLG%+x2}A@imnJEF0J*+WmnHsdoiZ>iW`5_ISxmlEE8F#o~7zkVb*3JHndn zi1qRiAVNQbM=mZj6ch3`<(bo~rN?P#jNLbmilgZ01@SI?KZ4UndGC%NG_S~P0_=F? z$ws98jS4UrnNZ^bo41B!ianr&c+?N%(`^!HPg@wiqHVE#IIYY}mUVK_^X%K9zC>v% zt$#*jmN4Uw{7E>bhM)<7viiI=2e3}`!K<`HdQ%mdPgCMtX`!^L3yZD}BVsBKjAwh> z+oY);p-HH5sXEKZ*mM$wH0Rr`4eCvKf6dN;{^`|6? zqMiE7gQ(;$^Es%WaFsukV6yD!xb^}3y|gsl9D;}3lLpe1SiwRTD%U`po}v(3A( zcB$A(SreI$#i`R>^QIH0b9P*{+|K&TamvB*)BUwx0_XGf3dG9l)vl}Vv~EVTE^2Jh zmz^U&%x%gVn<6eUF(>r9lu2{UiQ{f?UL)>Z6r}?q3?Nc640T+mNp53xbZ-WBKMfe1 z-94(|XWpvtM%`I*0jPIO1{~Otcg+ob)g-i|OZP*^MeW+X%ghvPJzj#`heGZz)XxqU zo)p170BE=rv>^|v(_jv!-7~sOt&YOyUs3~=@|s-A42Sa}wZC?=%MN%=Oh{dYZkaLL zOLHD9?-OfJzuh!OJ6I#Jv)TgtY@AU%6mnN z_*F(BvlA_Zl*tlp|3p|Z~?adMC$ccUAgaQV)VpS06cw6!N~1J zSVv;{C;;LWv2@rCJ^7-!ixT>~we%t4n{>*MZd_9kke$wNX-TaUu6QjBLg#ncI_d94 z?MmDEBpdAOr3bud=oM3~$8kJv%wbs?R0iqX8uyp{ACQCEwa!HD{D^Zx9!L-x#3?1v zK>t->qYkNNZPS!q;gU^%zAiL1=gY3n?q@1Jo05<7<=5-ZtqTa97xr@IckUMl&or3Q zNC3q;xFa(|%4`Kn&@|C{2^qfetxb+)p`;Fo&W9T_cI3Y;7AMt6K;<6e%if`Q zYfc(9=mC!@G)M(Ij?AFqVd3Myf3^b3!@GCl+Q)~t>0FBx<=zT6S6?J(v=<7*rE<@B z-Nu~E>IDfcl$*$89)RjEXD%OfwKdfnQL&Y2!p1-AW2X#u_I-$u6Nt}{it7Z2Lis~W zO#h9#w~UIaZ~KN-6ch=OZUt%SZUyP?ZfS<@R0(NBKpLb`O1ev8=y2$v8wMC)=zR9* zd0zEg_q*;7?|RpI{lIcy_RQ=(d;gE)SI4%S6ZlNRVI&XfWTROsju=X3MKx}F7pYr& z3|fKG=~gH&e0!al>hNw@WI5tHW0jo1XiH(zm2-gy&Gn-UUua0a^_F$7+17P#|eOXjw|vcYI$wIcKXM@P7M+2cB&uVXhvyP1buVkNQT(S>X~X@A+bih z#%C5+3u;b>YDEb_GILkk%)Un@AqMrKYHp8h}|#+}*aue>iE-R|#KI4<(k8L;IN;uzYzj=Nvn#tL+I`8KhKCJX zwm0;?ybEB1og67^9s0(zIesp81H6}u}Ij6IeC+|8EHF#eN^Aw^G%Fs*J`qXVBCH>Ot_YQL~9E z)m04ps_*Abc&~$NXjCclBTMVq9p^U}Q!lQZN;_(n+;l<3as!$ozqmcA-oRWs{p10j z!+X*YUC>ah;qw9q4shriWCN10-OZf_yXnr4ml9~7TlEdT2E0iVnpA0pGKpC~=fhmF zOekJz*7377rwsm55H~*;NEhQzXu5ELi{dKVsF(N=@s3)|5%Jkl zPnr|%#|v{7E48?HR+fz4?(AIH-^L-8o`jP@Za`PVD(r0Z7sl zHf_{+css>9Yudgz4*KIUkqa-uyTbTIFafy$7n-;)uIuc#1&h4(_8l)mhA*B%xD<=` z(&)VG9!2WJgG&w0@dkc*Qbj{x$N3pBUWI+nV(q~hPmppkDuJK8qTiglid>@t?tnQ$ zTbJwI&WH4!3{i9g-k;EF&u25WHQrd?!%Xa!lJ(%r%)3|wJ}^e2!$%&h%wme(-SDY$ z)jJ~RZw*SI7c~dFYLi}i?7lpyJRoC8z9{=07)MxNUzZS{T&%&TU>*c^la96DLrnQG zJaqBe3{DJ`0vGDxg_*>bxGy98f|*)UDFBCV4p>50iV6&FypHOtCPk*10vMH0rGT&4%f3YWqN z=5O&qc!3CVzhlIyv8dkJ>t6Ij^OSYXjPn336%7rS91MOXXT1eNr+TX9&~MaZ2%`qHu3!88bl3E4J&n6PX?&a;$M!9McGyTom=;N!icr< z1_Yu4OG)|CNj>)_{0AoNlJeh!b6j9XlzEN|yghm82h)wGwk&mvVmx+JKfk`71kbv6 zgfPFL%^03Cqf$`Yw7q3d9)KVsx3bTS%wwbf^WF!c?@*{9LA24i;Sn z$^n)S{6&AT>3OZ$OHN-(DK-q0)Kiz}Z;b$iPvzAbowIj^yZvl<)aPMFW?WYUVDY5< zaa40PtNiMm#+fL45_OF&6T+mVccrXLaJjwJQ7LZ(=8E<0w3*#Wop@~Eui zn;W-o44N{%kjD7ygCEw_$L(**zPIh37!x(rvS3rh7((b2P}F^)Gk84e(xmwI9{94D zqVJQ=hpygiBj7e+E`PYrniNvwJ;=W(+3C!hjjS)*2|9ZOYS~b4tD`EEwO*Cxnt&QMa9p{YEiJ0KsrEg zF1cRZQ0V7d16M=oS6k{idu(&__ip#;T+3^C6)F{v!4SHIR5vd#ek`z4Krtf|Q<&?Z zxp?OwuOUDSh$^<=!`j>v5)!-?;!VN5r&&2HE5_G7?*c0-;3Yg50bdwUL{_TlTvinr z6rr_xgmQGi_cdD|5YaFP{G?_-xcch1{Syc!p+4K_nq+%6euM>+HuS}_IQBuOxV8;~ zCtrtLOYCm_>i5}Q-jquEY+vH(EhJ3L^(^7%Pk6SW_e$e=WSRp*t|)Kx(M{HACNZxu z3MDfq%H%N0FKH$jDogB3H7TbUkJfqY1!C8kT8p*0)&AR3i8)8?I0xl8PEp_!*L$W-0$Cg(e&0<3$oe(t6LhP&K~QNAEm-@d*U%fXb>W+uh`PTb*xQK`&}VKLvM(E_1^P8WcaftKkY z{K-T=ZZ&7oEu!Lr&VA=i@g94umYaD?p-0>Sj1iP?N3DBdO-tT^lV4n^E&~@+9ppIy z;d<%9WWp_|W^Lh@SNW-P_y>tuL%z5rCHpR}#DlHw6wZf2$_{hp2!lBI+5?LZ+Is3eX2|mnZSQ-2eBW|-L&{&8lA7(}3R{f!Lyk9{ zG-b2gVA9(+4!yCH)lV#i{_vHu6H&5Z*?iS;nhYu2wz6VkD=7)2kj^DXQ=*3AkTI3T zvZoT27K4{Nv&p2FxW)NS^IjV|OomDG2{*E{_PhY81^$bD>+A2g{*}v45d&~o_)(<1 z-4>N9hK75$j#=^9GOgd5F8QvUdT>`6B~(=_P9=E(T2fs--YjLLSjT0@T@bi-6B0CD z(9)_H?j4my^4i3|sos!52~uk zYM}~ZADV~!9{Lr-Bxj-CLIUnSV%ntQE2NwjdyFL9HbD^L=BDs)S%9d_-hssZljKV~ zJH8eR6{xgUK-!EmPM|$H4ejJX2H0(b5QPr#)N<_T?p6h zF}MZ$(fgQ^>qmmjpjx_-+tJfxAl^4e+p@+APOLh6st)s7Gt!vkVzx6E`GNU9tVES@ z-E7c@@M2TTgRKOj>d(H)UXvoZ@4glD{SFW!#{QZo+tuu}Lz^IEA2 zy9Mkv&7(<*vO>ya(c%tfWc}gr{xT`Qchl?q?X-pSxq*XZQ>V>1YWrO$g&g3}PK5Vqd z&lPP&$G96pOctH%sWQ;9<|Loygpi^<@0=D#I-U8#a;2V9KMx9xxk>`4KY(^ZvSLma zs>HZSoR&4W3-L?4+qJ$4?VbF%y`lTN`x6WK`*H5aI*A&FR?U926Guu6_(yfGSM*~1 zgpw<^1t$Pc(ghx9N9@v*@xoVNIMKx`Iy8r8?1kbPw*Q6_)=%)V?PZR6Hz_ zA+K{x4r_>ZyY8w4{Q8dpV7`Ue5;RgAZXorK{%z?lm`l|Y^!HY?1-8}_@ksD#9cf&@ zq)q5E{<%}0dsq4Ac0oSEkbQpRqqFCr2`Y9A**j|642z4#t~v!xiVhI>MM|rmCAI7o5VcKwrMqo2S~#Y@Ifu^!ha6O{%025VLG`c|YDVrMc<2 zH1}BCtPW!_W1-9v7k{e!@P1-ov8)AvNsVDO9JgW;GZ)x}?EnM;SWLFFM5&q(BP;Me12%gd{_7P7)W~C>F1K_#i=!GJXzlVVR9uUXG3gGMBih6II22`V zJa0%4%1gU;q~-8~u96dhgmCWe*cA%qjDsV%YX&v<_Jjk{BERe^C!hwAQG4+6s^(q{ zov%jDa8P-b&MAiuB}I3WFW$7ryx0&f+)-o) zHSvd#3ky^skOMEpq9ntLhjj4~9bVeN+*8MSSqc0Nc(RiqHr!FD23qQk6F$I~e zy>=w>S@?tGAkP-_zgn%GYl66ZDEc`U@>Nb=MK@h(&0p7~^Q*WTh?8ZKeINmjQcthJShP;+J zU&S{4OOF{D^WNw(v64XnjO`F#S+RCNpq$j(*z{}L($;-3-GV8Akd&G(FCj`S653=rYI6@s)IyNUDq7;x z((a+d1O*IA!{323>R=&9NzmZ#Tm?bLdd6nA1T_N#a#s?gZyoF_YkKGCH@7*y7qMj- z`smVGpzq=QA+cuUKE57ytl6dxI5cEyJo+45aULb@tV7LTMN~gsqG=x}r9^0)9vy>T|R`l|7fu%loP%wj4Q#`6M zT|JN&uH9ixqm9kyk7?TFHif zX$micxQ7{$_n3Rg7s8~-q=@gts_~;6O zQF{4u{&790>>SRz3bRW?&Ezn)pwvCBAMcM2oKAfr$fl8QTBi&4NM_##EPJw3+@B7b zbF%)gAOG^MKBhP-`+7Ng&l&sd7avSPbP-2Zr?p_uRe-_poYqzjI#Sw9byf_29!-JC zz`N)`lgGU2F7wpf9Q@mCaCy0z@6pBK%gw6k<%Z)hR}CVhh|}iXO35cCU^R-=tv=aH znvakRJh6E_gAcl6<$;K)KeDEYYzo>WigR<73)@fv5#wB+nXhJToGfZd}$ze+KatE z`)YrV=u?p?%@CStyjJ4D*cX(PURPSCVWGCQhg@NdmF9VsXRDG|La)7^wm;#G4&=QUFx}`0T-~ zbZ%@~8Xg`i1gV1pZDVDqp8&k+tq=uDZxh+3L?MPE)IC-`B~yytyQL4gyl}LG&A?q0#IH^o02wVb?htlsB1m=E$y}LvhQCNiEB>g@+e6UD~2%#NV2vcf%(> zHcS{m-Luy84od3x*w{`+O?OD+r2Q)F@l;-4j?wT`kCQXlkAmy>*kd$3Hk%?XZzQ%I zjEezXw%%b=dxA&AZTB*4g4jCJwn$J_$ZXtAU^sTu<#~(0+%JZ|L^-~}IK}$dKa<}6 zXG1))`%Tl8HD_}g!t?)CYI6F`CzbYd))@8#So)INwRQNY9*564b1 z*-yI=ibpIELdpd8_tVYJ^#Sc)3RlQ%?SoFcc_M;zcn|HtG}Wb-)jnXKhx~f z<)~9=soj~YBJp)mo(4@c%Uf9R$n9u-S~nnuaM>ovS57O|MUwEp9QI9}BQu-ppB8Ft zz{^t~LF66B=bL}Zs?vq2%N|^ptLj!;JNS+IX3keJjBkz?pa2$BS*4uS z%~SfkE~1Sd7iwptrWK1}GoAP(aCppbfY7M}r_c0{{|MOvx`;pJTI`$1k>Y>01-)7d zRO5mr@l7R{^h_?w2NGE4%s!vz=LPf`q7S#gEfp^GU%5eQ+z!(d{)z>GC`A)z0do9x zzHVaXV{A?WOziAVTJb=aU|^e?vuk;cE^AyY27O9Vw3v%v1Ix0mY*4dwZ@DgB<~{${ zZeZ=)wARcA2j3@xeu-WR%d2ooPx?`bX|&SUK&XfE%nCY3e6~{A#A-kqw)Ix-clRne z26OOy+1Gbg(?XNy4vYi7)9GF@vQie(^b2m3U1rA!A7ISg=GgLU-L8n!{PgE zZh*BA5;|%@z3tDVw^K7lzyx`@9>@=w;yJ4oI@MP)Yz+|62r!A_Mum^GMZ^3 zuC@IuX(RvIceC$;gjIKJB9Lb*Rhcp{X42~4YH2;1Jkam_ds*JaI-grFStYD`R-&Z` zGr7Qb71e#Uch~6RZW8L<809|3%gxbG*V$F2B7F}DfU~R9MlM%7n6^!^AZ|Iqp`xY= zb5~$W`iHHuY9B=+?nc+#<{q;WgONf0vCs6~r$!P?}p@rGVR6H^14X{5_)JC&Qyuoc|HTH#B)XJ@BI?OirX6BNE4n)JP*puw@&jgMoFegI^gGbpI(XZpq3=`$b1SW%SRVKQsJgk+OS1L$lIPs?TB@paA($^VoOiU~_8M z9e6gof))3s;a;;Z;qcHIuSCewg5qQpE~8m1828hTHDC)PYn+obH>Uxr_l>g{l+3ja zb9#8!JuWFp-B$0OnK`ob_4djDP9W%R_Zp)V1h2QZH;Hz$0WEbfx_|BAwnx=%OqrrY zj%1Y8OcgQyJdCLXtN{2+_Kk{2KxsLHQ6nvX*Zcq|;N-#x_sXqdd;q*=d;&k4*k}Le zZ?5cgago-Tf^#|@c>1r2sAm%lzeae0UAgK_hL1I<_O+&$VJz@u4NLjxBN7CSOR}$n z1N?RYZ{MvuovviA$g9EX6ku^@V8EVLf>afP!tjdPdb}XWK>vp1!!7D&ZXx{*#fNP45)S z^ZR<^Dvv$`_J+9Z2K})Pp>MoQIjY(8oy5gWYt>g}h;&bq+I!4*)pY1y#aq8y>Na!> zqTIa}9F(1q`GNH4m_Sm-e3E}B;W8X48m*pY(3YG_+`io-j_({dC_x#tTu?v!C51IV zo77ewL3>wv88{%zLA~7RVre-?-OR=KL$oDc7Oryhb&WKW`ud38laz?m{q8wt=iWb)Zypv^a$6XVXZl~G zI{q!w55#;{XUzKn@(I_wj5MC$A!U^P{C%vj(EM+5iiF9*3DfG)EGPY=cMC5C`etLu zh-isu2d;bC9SC%IpUeS&sJd^PNpCkN_(vzFGdD*XFxulBpd(zEq$DZAS2lq0d(;i+ zcEd_xN%_PyTQ6*gfivKDr`7#EuECfws;H5tooi_=hTH_&bXAT5>70?Yz7d2{Q^2kEJJ|0LUR^Wv%hWbLQRL{`&NZS7PqVh>h>ZuljS`A|Ol zPNVG$CHvA&i^d0n1r1N$;Oed z@cZ|0Rp281!@4zFNKFPVt>?uQL$+BXt=m^$%UGdvJ%~f2IrvEgvp-H0aelW{a}xHG zO96lzKv6mzE?EN9ZXLXj*5)>!1&wU$_83@gE0;ED;aPB;hYy zcVxA%$6V)`x-b8UfgIlsLgWK#iQbJZsd-vC${C}T-P+&P8<>yuHl_cVnbF=TaX+!q z46RX2^Yv9gzh37xg7*?ejr~j40idqoDrBI{cZc$oiM8_yRsL2OiFaq?y3QXHW_6>A z_>@D>jClL+DcGo3z)EW2Byw9K_nIJ zQ{~wWX@z)2j}_{*1|zRb2=kV_0-XZ>k9{b*P{zJSln8G3FC@P5^CUtXs=QtBdd#oX z)bTp+2jp`*NCbdFAobzVw{z~C#PC5grY#Io{hx;e^>)0NeagTU;SHoY-_aH751Uha zEj#l)Q7-V)AxIWfC30ODCZ6|y%oNVOQa+fP|FpL4JddyOc}(+9C~**Tyjw`3Ze6W^l|FI>l&R4;3WeOc)<;5+4aLjoQ! z3r&E;mNg(D%oeNc0ktC-vJF2sT#8%3(NF?NVYQ;%Dtk1+sntPbK`F#7`u@;{6?=>& zMHnviBoNu(KK;7foGW`ugrg~XG4fw<+$ALS|3&6lEBYRk*wAoLiG@F1BPpqlNxyE+ zUjP47>X_S|`~MHjF;K$3st=k0?FHBJcc_ILd+p<>M^>8+rzIm}9sUGkTxMXVl>I5F z^0yAp)vWfadp&xcC;`+K#kQnI9V?QPn6|sp0F<=xUss25zTf!xh0Q~kK&mPua;QPX zYGDc#C8Si-$$tA`#ri(Yem*hZkY+KcW)q~$c%m&ymU+2R$xZFPkOO9J5isjgfVo)4 zH&74c=&rkh$}%b4qwkj*qin6L?41(uSM(z}^&>MPy)#$xS-w5GpoQXwgsTq(xyLpz z;Z390r#TN+DfaW6CQ|*|sN*aAZRfUJRhteKCce~U8Td%->nwW%Dv zegSwp)HK}z!I%7#bP|px!ZbmP@Bqo7EwP8W#g$s8m>e8-6>8YRqqmytxU9+uat%gN z-?{VNCdtJR{Mh{(wmTBwWui-voIEX5!AF@F-5IJNv|?+T(voq%c*q95Q6ccN>PcN1 zAM2jvDZO7wztFe-tD*=iP$uf-JXOcD z6NX}pZc%vi!B=B`Y=V!ac6gOGy}AtwCtn&}EZd?UclrKsWuBuGZF50s_b_`^8lJ#M z8LDDv@N^%=X`CGH-tIIn>)%d3ORywK1zS&C^h{pAtLdlSw&Ec)m?lVdyhSgi8)H6{ z_V~T(#L)FSu{qs#H@?2&Rq%cKa1v6$v*zgA>|7If8v*q?nZ}_bLhSo9nO|tJD8%8~ zWa7ivZ;-NH5oYX$-hQ~PqhLV5t1NPX6qTqq2E8r^#3k$mg_%-c#1X&WPcN`jiqvPUcuJc~KoaLMBXVVngKTz0v&Wyr3 zgGh2;PhV*FaXPjv5?0Sr+5+waQ&ZJ3r!cMsdB{UXR!3j`QfDrO@o(_=x0FihDftrQ zW(t*n+ah*5nrv9wh5JV-P|fZ~gA6YHO3VK^57M4zS|x}438R5T)o)FxFvnP&`RVj{MPD_OxG~iT>>U<04oJGjvSVpP3U_N5nWob zpG3*zisQgB(Rj6+EBdENQbmHUhTWXERL8t*6Dj#!v%Ib^ZAmj5POjg; zBDuPeTysYGwm|xZ^ilm2qgI-&_`f=_v~`(+S!tkg1>g%w+TRHFZy@>?&kQti=+6}a zr7(%l5?$1K^2g;^vjT3f@-`aG473(hQ$E}|J&??q%FqGLibwbMZHO`wk0&LH3CW-o z3sn<;|kZvm~^Ct#P_ z0q1mhf$Rj={WbJ2nZ6u;o<(NplGGl^idJkSkaA=1H03Wf;oGy+F3f*~Y{vEm3+Y0f z&$fu0w0yJ8$ErYA2(vo8IFlrCKpS%G#x{Z8v`% zdethkt2YSQ@p`?+I?!*Xvo3laW3*t8m?R{T%HslBror+&`Ro1yvN2N!LXtoxP(84> zwhO0VS?lrq=3^R!pEo35Jx41Oi$1T8Q8?;z&O%N+fmtN=@Z&rVBA&XSwd85})SAeW z!W4F()p{x0)NzS#82uL+u=~HEps&KB5@z52x8CLdfrHk<3GCORQ{2RlCzyD&B%TYtX%Lc3l}PA z=6yf@Y;7Cl46PRawF->?mR=&$u%!2vkMh?q8I4`5MAg3N-7fkB3bV+Z!3b(Hrsl}Z zm^z{Y$ou0W{x_jg#!b}YPJG2=&pWrokpurog7!*(t{fPrH1K|_c#2IbrE}XCQOs`z z+Hel0wfH9k-JzR~$oLwiTw_tv;&uA?O7Chn0-)8DZj$fhN1G5?k+9E@ouxwW$CpW2 zn;D-2I`p{>phLGy5AcyRkamoePn&`Txlq4m!R{Y3|5(_&=EsYV&H>q=GBBJM>(pVQ zVm+tfPN!H!cxPdal_=)f{TC&iokBC!uBPW&Yx_>oEk_iHcOt%0!Z2Jcjpq-GtNY1a zg7nVJ+?5%NFp^!y<$EJz{kXy4^BchNk2G+)H;UVbPyeMeS5xHwqgQyQd5FLNFt4~G zh5~b%RTj3L6KPxy)sJ({usYAm29Iv15^n(AK&V?_YbjxDqQftj*%<5e*1+qG>zy74 znX+43%yU8dF}HXDqTi=l2b-fnI$oJ?Ty-AEig4+3gy)3=5iORKBR?=k`hi#|E^@?T zD5_&TbqScmawzx}gYAa@t5_4`lz*$tl~VSvM2u5V^$1w=*JYLd2vL*9ky{DE2BppRMq06v;&RegvFS>Z<>-L)|SaDyG; ze68S>-{Yp(9xhCDY_hC1x5RQphw1G~e;KTOsFuJ>>%G}Hv6rDXucem*IwMkZ<}R9v zo#AqkSQV)GOraU=1}dBrXlCWbe{>M23fyPPNwrLDt}vb+{rMG_!b%h3^MNM@Ag$g} zEWoXWV!jd+y9boli39Q9vMdl6?gh#&py^K8@c?!DVC@l0Vs&f2^=s$@k(0lRaT0A6 zi7V@=VM~Oi@^B zD;qvTyTJEg;_jQ5bo~6W6&z9{Yxl%Lr~ZXz&THb0N}7kqz1SHv1d_qd1W6-jHHd^I zDDBa?Rg7&53mRN@#^`KvQc)gq)B;LkBGoD3UkYEvgpo zWVJvQ|83~>KN;qKZ1{I!|C@MG zeAEcsyel@%S47z7B;REtqJHtiHwd^}F9o zYxh3d>{@K^Ftz{7ZpzgD6u9L@kbh0_#XBO0A6-6 z)8+FU(2D~g`0A9sngUE8QR(gF?tPmh$>z2lh(Y2ioRXhqO%jM|Fg*4R`&VIX^)>J& z(uyLYHeRw(rZ;={kVCYV&Nbv^5|e=Ws7R{7MR7Qz`L1oS%i-#QN^Po;myqJd>Fdik ziURG5IKk-^Nus)sz2`$hED~{ zQqo$Ci(bD8EA;0>GA)f`ev^*f%h2vxB`#Xpi&8orbx$-UNx{sF8@3`3!XG{!cN;xg z`{@75y-w!l+Z-|N815?Qi`P(=#NWnWU!50S4FiYpw$>`e@9@x3Z-q#5LDJ3|sSR z=j5B}SA1HA=TGF`GHd+BH)lkXGd(D79J5_Pe%66p+`#YOdA*D+p0DhY2cv5Tk8w2o z3Ok8Rsf`^LU1-Y}JuMI~u&+z>9SE^SWtU|zei10hvc5($UI>^#jmGBmEZAY1_FZev zck(d`fpK{2t9|~!x8-x{Klp%9zb6D!kBDpYA_;oYB47=lFI%CXelv;5NZ9&wnZ4{_ zyU-4fKvzJS>WRC)ZEKasRR(6}i^_;G+~noTA8WVd>vlz8wvp=o_CqF_xho@{!lL>HNAid{dt@5#%bQt4V5V=f zls~FksEfYeHAa5EH6Zh;8SZuNo@k>H<&9QZ;{wKAAo8C@R zkqc_}0dbK^KOaSXrnDBpVa$%gV=o2B{+!XYxIY#)W1$r@`FLhJG=bV>^ou6 zr8_GCJTS08Svmf#S^d58{Oba8_P*-!k=nZa65Xy%hALxV*z@6Z#$$t1?CC_#uCUI+ ztQDIC(b&j$nU=!j>#vRZvp_qXPCPE_0~USz?(}&dC^BWrl5v@N*(fY8U@Q|;-QlCt z&P_-@TZ}6-+OKrcs$IqVc&p8)>#`Y5F_;`Pbq*_S20mE~ZwTmVN#l3;;TEIP0p|Wl zqt^N}?1T52MA3zfgYkby5ykO`0R_8TH!1uF&MxL+#Uq zj!OoAArNBXAOS_a`~ErxL_0Z$-M4RL_7agb>k3ikcnUmAg9G44hpN|#diXcz+=QA#zmlS_BocI7-u>NU{bQ9igclKQ5P_k`%lH8wsuy zsf}lmb5nJ-slfbGCccQ=day@_MN(eGr z0XBzsO%?2YHOPptrKId%vo#DF`i7G4Frcr0s?B^5?V~6~`M3xJ|Cmp$mM;X$SHb85c!H$g3So0S z8FoZWLRM+zQeAT*xGWTH`~7B;2I*f^xs|cB5wNBaOx8H2(d~s`>>{ubtz0NE`&V!) zhLV{osc$G&zu^dVo)VfS8U5<_BQ9B4k#-BgPPzcEcsCxwPu)E`sr84~4|Z7S%^fc^ z3QLSe*tvs$eNf_m+xYoWpqzFFf8uWbYn>5UO#m~cj?())lQO(vg722JS=a`qf2k5W zp;AjE`GpA<8;q@B2x*HRH)b>g+5ia-ZdRsDbWL$h^nOH~O#&~IcWJ_~&> zDk@g1#9elfQaB`{2#h>kFHe}d)X`<5UlZrxOw93)rm~%V!%;J28DTAH*B`#T*lY&Q zrU``l%3G{M3o~+h8wPC>%XWBRhO{n&CM;y0tfyJ@<TN=}=zEr0Qz9pJfato9RFi&vW+2nMI>eBbPLxLI$=0%AMxdzb(#< zk++Sp9bWao&=q?_5$opCH^KVi9>!2CSs(q^A*x4P<0)4$i091d>f_Pw40$_KhLI*j zbq!Hef`V~7J9=BMZD*{NNU7X3ix1fJvTrD>ZJ{)UNFW^xt5~2E9F7P9spP^w`H1^>@@673fl@o(m*ocNFewvWEuvGY=N3Tpu3jJ75~ zw5M6ykzVO#_>|K97Qya)riE~o)RL=#*)Z&QU=AUB-E6LQJi$>p#Q|#)6Q08z{OLSZ zBCY7QC{~*Suh%4=7TG1riGM>WzUk+xnbU@>lRfxX{}$?)KO&+`5tzk>_uKU4EnYbt z+DNW6oHEm!1?4MAUJx79VE~HV#E6=*Td-$QO zh)v&QP8ItPUz83u?wv zBF&rSu*|oXqLP}LJk!%L2PdU+TM1boM9g8{&%MrRg~8WJ6X$|c@af^`t1m|vtrMSG z1F1S*w3oh?Veruh=Bat)G@crlz=C&rc&+D{9w6;ldT43|5SfEMULC!e5cgeMr4e~} zc;MQ9SjI{l%c1Jpr12czcGov%`rI4mh(f|TaAqy?YCao{e5f)6H9uPT%SKj|mLsJ% z^1ZtD@W@b~Bu_D~7z8P`BK;w8wfj)|nkqU_l{Unr69@5c#Qi6qw#b<;i@aUhf+d31$nm<&VSSIq2*Z8XeVWnj`Ft2Aen7MwuB$S+d$Wa1%+2P2*NapEt( zZj=Gy`^rCO>g5xNW}Pk%2`0fLfv2;MW38guFiZKk{< z#sACurOUeh!}tpKJv2PxkZKO{EarMfN1D-4oCs})^}j9bmtCQd-Y+;JWk`$Mej497 zk7TA^{dQ-~W4PWb|DI2?q|dc(kz4t8q!4R7dZyZYrmHMaNfoW3@W4zLv- zy3d0|x9n!B9s&M1sKKt10Pa%~lUiGKjd~e*`P|=zg)FC)ZZ6PFBs$zp?hkj655(9# z%O-#E0p4(VT-P~(%LlJHFCJ{V-fZFR!RsS7EN(vf+4IU;zo4T70Hu9x>Y+1X2##lZ zo+M&@up9~kX3he>cHk`zYacv&{u~%)_69B+z0^z~F98w<6os2ZK*G2}b5no-Bt*1M zO^3;xILV9!qd=FzRp$ zNJ-D&5D6+&N<_XdO$B=X?x|rC(HL->eeDpoK)R+;cGnw*4;R3UC#r5Lu5M&tat?a> zMjlrevmw!kb)l=0^F|?71-D=%sY|chKZb6*3HV&$0{&U|E-67T&8pcaX3?X}nt;&F zvl+6}!7lAGBM4W{1To0)jW>Cqq^hdw7|(e(!$ewXA$`H{*~VryLS@}=554gP?I8^E z0?1nebJdQcm%_T(_q_+(HmI8|R)h^DQj4;7v4s^Uf)#A3kcjz6NvK3=+oE%WO94T- zp8(tp&eZRbO)hvMwe}Icd?jWFrB^7aUIK8M{bpL=)%Ne9PY(p-07J;`Ly+7ePYcJr z1!ENGB9yMGsqKa_Z(Ezk#0g+k^5Sa^ISYkjw<9$bn|4F>6+P3dcP-~IvZ?HGOPH&> zsH$4CV$}X{tnzJR?CY^q7J&tOAksx(O|?yNy(5j zf=YE~*;)eB{lK$RLV46=-faeXAHe*F2*AE5ymIzd5E_>#r zibOz#fQQ9uzKNJePizeT#dAtu5?=c^akL88l%Dsrw3Rf7myZPOfv5iIO{{-;lFF}cP8A>T-K?i@-=nI18ju_!@i+a=uF^VwN%%>s5gM&D7xu9Vg?w} z>;KsUHX#MPSTgp8Y=xHqCEXfR9FpSsr+pClY4~9D$fjTIOr~+a^*EU?mEXmJ)7-OB zZ6-t;Bw%3XW)X>a!(nrtf9qL`E7nPi)b!tIf6n@mV^Rry-v)oXBQB}S05kM{f7()X zw2V-hecrBrxlsVM z2S^nDQ`9KLpdC25v622AUF0vWN`cE(`J0=}ah)M7b}$S*r+TuEW0+4KW6@m~^&1oNjO z4S>reB$-LI?(#g9Z-4YTD&{s09`uJ_b|=R#9wdS|>H+R^4!^VOfA|o)TDSN5F_r{b z$3DkICG{=|3$~TzCM#!fj1hEZLn`uYtUhzJ`|B}JMuyX;tjdqSbsjxDp|a@W^G_Xt zKF-L%q*fYmv?tu*_ywFMCx3?%K6XikRtC=k4spI+>zUUg=lwawmDBIJBrO(@ImI3o z^nXbmsvQxF5?ofi@9MYFxwfF#wo_VM{kM==+=O zVaW!JemT+Ao5_p+d}_ijEAg#z6CK%^^IB43NpYVrL#Mc%rLBe?|6~v992aFj?t=$E);Idn2L?Qjv-?7B5;CM#{kQ%-oI`z1QqFXg7tZGk1i|_{H^gnd6Em84Xd^}M~Iv_k8ljS-m_pBgsFK5xs-qp$BK9}B-)1%^XrWwE&dqdTIl zw{haEfexJMLcZg&^8c)a<*Vifnb_|PY*Jb~{>!bdQ`zGnN~&CjfB5fhW~*Czg0OGk2sYRswoY^(o0C_5&z zAGGeo>*mKJ>htQfT;C=?nBUyUxk=1`-A3@a!-5Zm8yG+R-RN{gsT?>{_G+RMO0(A7 zFz{40cU!&c8`PGo+_&Id;K3ls`xU!(#rsZ5tJ;5McgJB>-3(AWczZB-TY}fzc8jVl zteJanRS7@Wej%6M-~4+Ea52k-qCT++)e05Sm%rTY6Pod5M&Y$o7Q0XH!mD+FYh>mc zE`IoSP5q%4hAAsvB){mtESmec+xNwf(hWyV?H3&fdghop+rvlmnJ*r9d{-o{BnH}e zcm=VSkLAsslj}5QOCDpii`X^o-DLR(I~yPDzo=r+8Y7v2NZE36c3+B^8TYEr-{&;fN_U0T3K-Lw33;7*DIy)FkIKL>3W?0WL##%E>V z{)5}+D~>6I@%W;)(FAMvI2|{&wCvnu)cz-AwZ&u8BX?heawu?(-J&Vq1^_krA3QR!zto4)P4Vt)Vg#8ds(o*l?t{I|Y> zX?67*e|yq-lx)}itWs|P ztpVcx|LayKa69yE;gxHjKYCxo?P&#Sq;M!c`m^E6jzVSN0TQqLkIeN;Z^?E89b4xD zTFei;7rAm-W>9G8+r38)@9p1-r}roMXmdKI;Vst0E*AI)Bpeg From 61a9f9d37a566d5e03e8e218bbc94f7d7631117b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 27 Aug 2023 01:49:42 +0000 Subject: [PATCH 070/110] v115.1 (#1703) The .1 refers to arkenfox, and has nothing to do with Firefox's versioning. This will better align ESR115 users' defaults with AF moving forward --- user.js | 81 +++++++++++++++++++++++++-------------------------------- 1 file changed, 35 insertions(+), 46 deletions(-) diff --git a/user.js b/user.js index 5ed7c08..ebb40a6 100644 --- a/user.js +++ b/user.js @@ -1,6 +1,6 @@ /****** * name: arkenfox user.js -* date: 26 July 2023 +* date: 27 August 2023 * version: 115 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -18,7 +18,6 @@ * Some site breakage and unintended consequences will happen. Everyone's experience will differ e.g. some user data is erased on exit (section 2800), change this to suit your needs * While not 100% definitive, search for "[SETUP" tags - e.g. third party images/videos not loading on some sites? check 1601 5. Some tag info [SETUP-SECURITY] it's one item, read it [SETUP-WEB] can cause some websites to break @@ -42,13 +41,13 @@ 0300: QUIETER FOX 0400: SAFE BROWSING 0600: BLOCK IMPLICIT OUTBOUND - 0700: DNS / DoH / PROXY / SOCKS / IPv6 + 0700: DNS / DoH / PROXY / SOCKS 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS 1000: DISK AVOIDANCE 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) 1400: FONTS - 1600: HEADERS / REFERERS + 1600: REFERERS 1700: CONTAINERS 2000: PLUGINS / MEDIA / WEBRTC 2400: DOM (DOCUMENT OBJECT MODEL) @@ -255,20 +254,8 @@ user_pref("browser.places.speculativeConnect.enabled", false); * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ // user_pref("browser.send_pings", false); // [DEFAULT: false] -/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS / IPv6 ***/ +/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); -/* 0701: disable IPv6 - * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming - * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 - * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause - * [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6 - * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an - * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, - * then this won't make much difference. If you are masking your IP, then it can only help. - * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" - * [TEST] https://ipleak.org/ - * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ -user_pref("network.dns.disableIPv6", true); /* 0702: set the proxy server to do any DNS lookups when using SOCKS * e.g. in Tor, this stops your local DNS server from knowing your Tor destination * as a remote Tor node will handle the DNS request @@ -308,13 +295,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); -/* 0801: disable location bar using search - * Don't leak URL typos to a search engine, give an error message instead - * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" - * [NOTE] This does not affect explicit user action such as using search buttons in the - * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) - * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/ -user_pref("keyword.enabled", false); /* 0802: disable location bar domain guessing * domain guessing intercepts DNS "hostname not found errors" and resends a * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work @@ -527,18 +507,13 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); // user_pref("layout.css.font-visibility.standard", 1); // user_pref("layout.css.font-visibility.trackingprotection", 1); -/*** [SECTION 1600]: HEADERS / REFERERS +/*** [SECTION 1600]: REFERERS full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); -/* 1601: control when to send a cross-origin referer - * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram - * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/ -user_pref("network.http.referer.XOriginPolicy", 2); /* 1602: control the amount of cross-origin information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); @@ -571,17 +546,6 @@ user_pref("media.peerconnection.ice.default_address_only", true); /* 2020: disable GMP (Gecko Media Plugins) * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ // user_pref("media.gmp-provider.enabled", false); -/* 2021: disable widevine CDM (Content Decryption Module) - * [NOTE] This is covered by the EME master switch (2022) ***/ - // user_pref("media.gmp-widevinecdm.enabled", false); -/* 2022: disable all DRM content (EME: Encryption Media Extension) - * Optionally hide the setting which also disables the DRM prompt - * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV - * [SETTING] General>DRM Content>Play DRM-controlled content - * [TEST] https://bitmovin.com/demos/drm - * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ -user_pref("media.eme.enabled", false); - // user_pref("browser.eme.ui.enabled", false); /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); @@ -631,8 +595,6 @@ user_pref("network.IDN_show_punycode", true); * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] -/* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/ -user_pref("network.protocol-handler.external.ms-windows-store", false); /* 2623: disable permissions delegation [FF73+] * Currently applies to cross-origin geolocation, camera, mic and screen-sharing * permissions, and fullscreen requests. Disabling delegation means any prompts @@ -933,8 +895,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow /* 5015: disable Windows taskbar preview [WINDOWS] ***/ // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false] /* 5016: discourage downloading to desktop - * 0=desktop, 1=downloads (default), 2=last used - * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ + * 0=desktop, 1=downloads (default), 2=custom + * [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/ // user_pref("browser.download.folderList", 2); /* 5017: disable Form Autofill * If .supportedCountries includes your region (browser.search.region) and .supported @@ -949,6 +911,12 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/ // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false); +/* 5021: disable location bar using search + * Don't leak URL typos to a search engine, give an error message instead + * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" + * [NOTE] This does not affect explicit user action such as using search buttons in the + * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) ***/ + // user_pref("keyword.enabled", false); /*** [SECTION 5500]: OPTIONAL HARDENING Not recommended. Overriding these can cause breakage and performance issues, @@ -989,6 +957,25 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); // user_pref("javascript.options.wasm", false); /* 5507: disable rendering of SVG OpenType fonts ***/ // user_pref("gfx.font_rendering.opentype_svg.enabled", false); +/* 5508: disable all DRM content (EME: Encryption Media Extension) + * Optionally hide the UI setting which also disables the DRM prompt + * [SETTING] General>DRM Content>Play DRM-controlled content + * [TEST] https://bitmovin.com/demos/drm + * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ + // user_pref("media.eme.enabled", false); + // user_pref("browser.eme.ui.enabled", false); +/* 5509: disable IPv6 if using a VPN + * This is an application level fallback. Disabling IPv6 is best done at an OS/network + * level, and/or configured properly in system wide VPN setups. + * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause + * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" + * [TEST] https://ipleak.org/ + * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ + // user_pref("network.dns.disableIPv6", true); +/* 5510: control when to send a cross-origin referer + * 0=always (default), 1=only if base domains match, 2=only if hosts match + * [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/ + // user_pref("network.http.referer.XOriginPolicy", 2); /*** [SECTION 6000]: DON'T TOUCH ***/ user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); @@ -1037,6 +1024,8 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] // user_pref("extensions.formautofill.creditCards.available", ""); // user_pref("extensions.formautofill.creditCards.supported", ""); // user_pref("middlemouse.contentLoadURL", ""); +/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/ + // user_pref("network.protocol-handler.external.ms-windows-store", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1082,7 +1071,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 // user_pref("network.http.referer.hideOnionSource", true); // 1305144 /* 7007: referers - * [WHY] Only cross-origin referers (1600s) need control ***/ + * [WHY] Only cross-origin referers (1602, 5510) matter ***/ // user_pref("network.http.sendRefererHeader", 2); // user_pref("network.http.referer.trimmingPolicy", 0); /* 7008: set the default Referrer Policy [FF59+] From ba173d49205ee927ed62e81e606569d98f531d38 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 28 Aug 2023 04:15:07 +0000 Subject: [PATCH 071/110] layout.css.font-visibility.resistFingerprinting --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 87556da..d3d8a98 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 26-August-2023 + Last updated: 28-August-2023 Instructions: - [optional] close Firefox and backup your profile @@ -32,6 +32,8 @@ const aPREFS = [ /* DEPRECATED */ + /* 116+ */ + 'layout.css.font-visibility.resistFingerprinting', // 116 /* 103-115 */ 'browser.cache.offline.enable', // 115 'extensions.formautofill.heuristics.enabled', // 114 From dfd5589c3dae1723b8239ad9c46e114c2f851ed2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Sep 2023 07:08:33 +0000 Subject: [PATCH 072/110] v117 deprecated --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index d3d8a98..652709e 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 28-August-2023 + Last updated: 16-September-2023 Instructions: - [optional] close Firefox and backup your profile @@ -33,7 +33,9 @@ const aPREFS = [ /* DEPRECATED */ /* 116+ */ + 'dom.webnotifications.serviceworker.enabled', // 117 'layout.css.font-visibility.resistFingerprinting', // 116 + 'security.family_safety.mode', // 117 /* 103-115 */ 'browser.cache.offline.enable', // 115 'extensions.formautofill.heuristics.enabled', // 114 From 1e6e211a061b592a176087fe9f6843249852cad2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Sep 2023 07:17:40 +0000 Subject: [PATCH 073/110] v117 (#1710) --- user.js | 65 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 46 insertions(+), 19 deletions(-) diff --git a/user.js b/user.js index ebb40a6..5e54f30 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 27 August 2023 -* version: 115 +* date: 17 September 2023 +* version: 117 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -33,6 +33,8 @@ - If you are not using arkenfox v102-1... (not a definitive list) - 2815: clearOnShutdown cookies + offlineApps should be false - 9999: switch the appropriate deprecated section(s) back on + * ESR115 + - use https://github.com/arkenfox/user.js/releases/tag/115.1 * INDEX: @@ -283,15 +285,23 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [SETUP-CHROME] If you use a proxy and you understand the security impact * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/ // user_pref("network.proxy.allow_bypass", false); -/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+] - * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off +/* 0710: enable DNS-over-HTTPS (DoH) [FF60+] + * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off (no rollout) * see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3] * [SETTING] Privacy & Security>DNS over HTTPS * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ - // user_pref("network.trr.mode", 5); + // user_pref("network.trr.mode", 3); +/* 0711: disable skipping DoH when parental controls are enabled [FF70+] ***/ +user_pref("network.dns.skipTRR-when-parental-control-enabled", false); +/* 0712: set DoH provider + * The custom uri is the value shown when you "Choose provider>Custom>" + * [NOTE] If you USE custom then "network.trr.uri" should be set the same + * [SETTING] Privacy & Security>DNS over HTTPS>Increased/Max>Choose provider ***/ + // user_pref("network.trr.uri", "https://example.dns"); + // user_pref("network.trr.custom_uri", "https://example.dns"); /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); @@ -443,12 +453,6 @@ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] user_pref("security.OCSP.require", true); /** CERTS / HPKP (HTTP Public Key Pinning) ***/ -/* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS] - * 0=disable detecting Family Safety mode and importing the root - * 1=only attempt to detect Family Safety mode (don't import the root) - * 2=detect Family Safety mode and import the root - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/ -user_pref("security.family_safety.mode", 0); /* 1223: enable strict PKP (Public Key Pinning) * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/ @@ -499,7 +503,7 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true); user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed - * In normal windows: uses the first applicable: RFP (4506) over TP over Standard + * In normal windows: uses the first applicable: RFP over TP over Standard * In Private Browsing windows: uses the most restrictive between normal and private * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ @@ -769,7 +773,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting - * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar + * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme * [NOTE] pbmode applies if true and the original pref is false * [1] https://bugzilla.mozilla.org/418986 ***/ @@ -799,8 +803,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [WARNING] DO NOT USE unless testing, see [1] comment 12 * [1] https://bugzilla.mozilla.org/1635603 ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); -/* 4506: set RFP's font visibility level (1402) [FF94+] ***/ - // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] @@ -967,7 +969,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); /* 5509: disable IPv6 if using a VPN * This is an application level fallback. Disabling IPv6 is best done at an OS/network * level, and/or configured properly in system wide VPN setups. - * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause + * [SETUP-WEB] PR_CONNECT_RESET_ERROR * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" * [TEST] https://ipleak.org/ * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ @@ -976,6 +978,11 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * 0=always (default), 1=only if base domains match, 2=only if hosts match * [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/ // user_pref("network.http.referer.XOriginPolicy", 2); +/* 5511: set DoH bootstrap address [FF89+] + * Firefox uses the system DNS to initially resolve the IP address of your DoH server. + * When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox + * won't use the system DNS. If the IP doesn't match then DoH won't work ***/ + // user_pref("network.trr.bootstrapAddr", "10.0.0.1") // [HIDDEN PREF] /*** [SECTION 6000]: DON'T TOUCH ***/ user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); @@ -1116,11 +1123,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7017: disable service workers * [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/ // user_pref("dom.serviceWorkers.enabled", false); -/* 7018: disable Web Notifications +/* 7018: disable Web Notifications [FF22+] * [WHY] Web Notifications are behind a prompt (7002) * [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/ - // user_pref("dom.webnotifications.enabled", false); // [FF22+] - // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] + // user_pref("dom.webnotifications.enabled", false); /* 7019: disable Push Notifications [FF44+] * [WHY] Push requires subscription * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" @@ -1212,5 +1218,26 @@ user_pref("network.cookie.lifetimePolicy", 2); // user_pref("browser.cache.offline.enable", false); // ***/ +/* ESR115.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable active ones +// FF116 +// 4506: set RFP's font visibility level (1402) [FF94+] + // [-] https://bugzilla.mozilla.org/1838415 + // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] +// FF117 +// 1221: disable Windows Microsoft Family Safety cert [FF50+] [WINDOWS] + // 0=disable detecting Family Safety mode and importing the root + // 1=only attempt to detect Family Safety mode (don't import the root) + // 2=detect Family Safety mode and import the root + // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 + // [-] https://bugzilla.mozilla.org/1844908 +user_pref("security.family_safety.mode", 0); +// 7018: disable service worker Web Notifications [FF44+] + // [WHY] Web Notifications are behind a prompt (7002) + // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ + // [-] https://bugzilla.mozilla.org/1842457 + // user_pref("dom.webnotifications.serviceworker.enabled", false); +// ***/ + /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From 3f6fcc13f0b8dcdcadf75edc55c62bb7148ab876 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 08:31:22 +0000 Subject: [PATCH 074/110] permissions.delegation.enabled --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 652709e..998974c 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 16-September-2023 + Last updated: 18-September-2023 Instructions: - [optional] close Firefox and backup your profile @@ -35,6 +35,7 @@ /* 116+ */ 'dom.webnotifications.serviceworker.enabled', // 117 'layout.css.font-visibility.resistFingerprinting', // 116 + 'permissions.delegation.enabled', // 118 'security.family_safety.mode', // 117 /* 103-115 */ 'browser.cache.offline.enable', // 115 From 50af4b9af4295375207eac05b2b89e05830fbd9f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 08:34:35 +0000 Subject: [PATCH 075/110] remove old prefs --- scratchpad-scripts/arkenfox-cleanup.js | 407 +------------------------ 1 file changed, 1 insertion(+), 406 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 998974c..2878031 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -1,5 +1,5 @@ /*** - This will reset the preferences that have been + This will reset the preferences that since FF91 have been - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past @@ -57,193 +57,6 @@ 'security.csp.enable', // 99 'security.password_lifetime', // 102 'security.ssl3.rsa_des_ede3_sha', // 93 - /* 79-91 */ - 'browser.cache.offline.storage.enable', - 'browser.download.hide_plugins_without_extensions', - 'browser.library.activity-stream.enabled', - 'browser.search.geoSpecificDefaults', - 'browser.search.geoSpecificDefaults.url', - 'dom.ipc.plugins.flash.subprocess.crashreporter.enabled', - 'dom.ipc.plugins.reportCrashURL', - 'dom.w3c_pointer_events.enabled', - 'intl.charset.fallback.override', - 'network.ftp.enabled', - 'plugin.state.flash', - 'security.mixed_content.block_object_subrequest', - 'security.ssl.errorReporting.automatic', - 'security.ssl.errorReporting.enabled', - 'security.ssl.errorReporting.url', - /* 69-78 */ - 'browser.newtabpage.activity-stream.telemetry.ping.endpoint', - 'browser.tabs.remote.allowLinkedWebInFileUriProcess', - 'browser.urlbar.oneOffSearches', - 'devtools.webide.autoinstallADBExtension', - 'devtools.webide.enabled', - 'dom.indexedDB.enabled', - 'extensions.blocklist.url', - 'geo.wifi.logging.enabled', - 'geo.wifi.uri', - 'gfx.downloadable_fonts.woff2.enabled', - 'media.autoplay.allow-muted', - 'media.autoplay.enabled.user-gestures-needed', - 'offline-apps.allow_by_default', - 'plugins.click_to_play', - 'privacy.userContext.longPressBehavior', - 'toolkit.cosmeticAnimations.enabled', - 'toolkit.telemetry.hybridContent.enabled', - 'webgl.disable-extensions', - /* 61-68 */ - 'app.update.enabled', - 'browser.aboutHomeSnippets.updateUrl', - 'browser.chrome.errorReporter.enabled', - 'browser.chrome.errorReporter.submitUrl', - 'browser.chrome.favicons', - 'browser.ctrlTab.previews', - 'browser.fixup.hide_user_pass', - 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', - 'browser.newtabpage.activity-stream.disableSnippets', - 'browser.onboarding.enabled', - 'browser.search.countryCode', - 'browser.urlbar.autocomplete.enabled', - 'devtools.webide.adbAddonURL', - 'devtools.webide.autoinstallADBHelper', - 'dom.event.highrestimestamp.enabled', - 'experiments.activeExperiment', - 'experiments.enabled', - 'experiments.manifest.uri', - 'experiments.supported', - 'lightweightThemes.update.enabled', - 'media.autoplay.enabled', - 'network.allow-experiments', - 'network.cookie.lifetime.days', - 'network.jar.block-remote-files', - 'network.jar.open-unsafe-types', - 'plugin.state.java', - 'security.csp.enable_violation_events', - 'security.csp.experimentalEnabled', - 'shield.savant.enabled', - /* 60 or earlier */ - 'browser.bookmarks.showRecentlyBookmarked', - 'browser.casting.enabled', - 'browser.crashReports.unsubmittedCheck.autoSubmit', - 'browser.formautofill.enabled', - 'browser.formfill.saveHttpsForms', - 'browser.fullscreen.animate', - 'browser.history.allowPopState', - 'browser.history.allowPushState', - 'browser.history.allowReplaceState', - 'browser.newtabpage.activity-stream.enabled', - 'browser.newtabpage.directory.ping', - 'browser.newtabpage.directory.source', - 'browser.newtabpage.enhanced', - 'browser.newtabpage.introShown', - 'browser.pocket.api', - 'browser.pocket.enabled', - 'browser.pocket.oAuthConsumerKey', - 'browser.pocket.site', - 'browser.polaris.enabled', - 'browser.safebrowsing.appRepURL', - 'browser.safebrowsing.enabled', - 'browser.safebrowsing.gethashURL', - 'browser.safebrowsing.malware.reportURL', - 'browser.safebrowsing.provider.google.appRepURL', - 'browser.safebrowsing.reportErrorURL', - 'browser.safebrowsing.reportGenericURL', - 'browser.safebrowsing.reportMalwareErrorURL', - 'browser.safebrowsing.reportMalwareMistakeURL', - 'browser.safebrowsing.reportMalwareURL', - 'browser.safebrowsing.reportPhishMistakeURL', - 'browser.safebrowsing.reportURL', - 'browser.safebrowsing.updateURL', - 'browser.search.showOneOffButtons', - 'browser.selfsupport.enabled', - 'browser.selfsupport.url', - 'browser.sessionstore.privacy_level_deferred', - 'browser.tabs.animate', - 'browser.trackingprotection.gethashURL', - 'browser.trackingprotection.updateURL', - 'browser.urlbar.unifiedcomplete', - 'browser.usedOnWindows10.introURL', - 'camera.control.autofocus_moving_callback.enabled', - 'camera.control.face_detection.enabled', - 'datareporting.healthreport.about.reportUrl', - 'datareporting.healthreport.about.reportUrlUnified', - 'datareporting.healthreport.documentServerURI', - 'datareporting.healthreport.service.enabled', - 'datareporting.policy.dataSubmissionEnabled.v2', - 'devtools.webide.autoinstallFxdtAdapters', - 'dom.archivereader.enabled', - 'dom.beforeAfterKeyboardEvent.enabled', - 'dom.disable_image_src_set', - 'dom.disable_window_open_feature.scrollbars', - 'dom.disable_window_status_change', - 'dom.enable_user_timing', - 'dom.flyweb.enabled', - 'dom.idle-observers-api.enabled', - 'dom.keyboardevent.code.enabled', - 'dom.network.enabled', - 'dom.push.udp.wakeupEnabled', - 'dom.telephony.enabled', - 'dom.vr.oculus050.enabled', - 'dom.workers.enabled', - 'dom.workers.sharedWorkers.enabled', - 'extensions.formautofill.experimental', - 'extensions.screenshots.system-disabled', - 'extensions.shield-recipe-client.api_url', - 'extensions.shield-recipe-client.enabled', - 'full-screen-api.approval-required', - 'general.useragent.locale', - 'geo.security.allowinsecure', - 'intl.locale.matchOS', - 'loop.enabled', - 'loop.facebook.appId', - 'loop.facebook.enabled', - 'loop.facebook.fallbackUrl', - 'loop.facebook.shareUrl', - 'loop.feedback.formURL', - 'loop.feedback.manualFormURL', - 'loop.logDomains', - 'loop.server', - 'media.block-play-until-visible', - 'media.eme.apiVisible', - 'media.eme.chromium-api.enabled', - 'media.getusermedia.screensharing.allow_on_old_platforms', - 'media.getusermedia.screensharing.allowed_domains', - 'media.gmp-eme-adobe.autoupdate', - 'media.gmp-eme-adobe.enabled', - 'media.gmp-eme-adobe.visible', - 'network.http.referer.userControlPolicy', - 'network.http.sendSecureXSiteReferrer', - 'network.http.spdy.enabled.http2draft', - 'network.http.spdy.enabled.v3-1', - 'network.websocket.enabled', - 'pageThumbs.enabled', - 'pfs.datasource.url', - 'plugin.scan.Acrobat', - 'plugin.scan.Quicktime', - 'plugin.scan.WindowsMediaPlayer', - 'plugins.enumerable_names', - 'plugins.update.notifyUser', - 'plugins.update.url', - 'privacy.clearOnShutdown.passwords', - 'privacy.donottrackheader.value', - 'security.mixed_content.send_hsts_priming', - 'security.mixed_content.use_hsts', - 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', - 'security.ssl3.ecdhe_rsa_rc4_128_sha', - 'security.ssl3.rsa_rc4_128_md5', - 'security.ssl3.rsa_rc4_128_sha', - 'security.tls.insecure_fallback_hosts.use_static_list', - 'security.tls.unrestricted_rc4_fallback', - 'security.xpconnect.plugin.unrestricted', - 'social.directories', - 'social.enabled', - 'social.remote-install.enabled', - 'social.share.activationPanelEnabled', - 'social.shareDirectory', - 'social.toast-notifications.enabled', - 'social.whitelist', - 'toolkit.telemetry.unifiedIsOptIn', /* REMOVED */ /* 116+ */ @@ -284,224 +97,6 @@ 'privacy.firstparty.isolate.use_site', 'privacy.window.name.update.enabled', 'security.insecure_connection_text.enabled', - /* 79-91 */ - 'alerts.showFavicons', - 'browser.newtabpage.activity-stream.asrouter.providers.snippets', - 'browser.send_pings.require_same_host', - 'browser.urlbar.usepreloadedtopurls.enabled', - 'dom.allow_cut_copy', - 'dom.battery.enabled', - 'dom.IntersectionObserver.enabled', - 'dom.storage.enabled', - 'dom.vibrator.enabled', - 'extensions.screenshots.upload-disabled', - 'general.warnOnAboutConfig', - 'gfx.direct2d.disabled', - 'layers.acceleration.disabled', - 'media.getusermedia.audiocapture.enabled', - 'media.getusermedia.browser.enabled', - 'media.getusermedia.screensharing.enabled', - 'media.gmp-widevinecdm.visible', - 'media.media-capabilities.enabled', - 'network.http.redirection-limit', - 'privacy.partition.network_state', - 'security.insecure_connection_icon.enabled', - 'security.mixed_content.block_active_content', - 'security.ssl.enable_ocsp_stapling', - 'security.ssl3.dhe_rsa_aes_128_sha', - 'security.ssl3.dhe_rsa_aes_256_sha', - 'webgl.min_capability_mode', - /* 69-78 */ - 'browser.cache.disk_cache_ssl', - 'browser.search.geoip.url', - 'browser.search.region', - 'browser.sessionhistory.max_entries', - 'dom.push.connection.enabled', - 'dom.push.serverURL', - 'extensions.getAddons.discovery.api_url', - 'extensions.htmlaboutaddons.discover.enabled', - 'extensions.webservice.discoverURL', - 'intl.locale.requested', - 'intl.regional_prefs.use_os_locales', - 'media.block-autoplay-until-in-foreground', - 'middlemouse.paste', - 'plugin.sessionPermissionNow.intervalInMinutes', - 'privacy.usercontext.about_newtab_segregation.enabled', - 'security.insecure_connection_icon.pbmode.enabled', - 'security.insecure_connection_text.pbmode.enabled', - 'webgl.dxgl.enabled', - /* 61-68 */ - 'app.update.service.enabled', - 'app.update.silent', - 'app.update.staging.enabled', - 'browser.cache.disk.capacity', - 'browser.cache.disk.smart_size.enabled', - 'browser.cache.disk.smart_size.first_run', - 'browser.cache.offline.insecure.enable', - 'browser.contentblocking.enabled', - 'browser.laterrun.enabled', - 'browser.offline-apps.notify', - 'browser.rights.3.shown', - 'browser.safebrowsing.blockedURIs.enabled', - 'browser.safebrowsing.downloads.remote.block_dangerous', - 'browser.safebrowsing.downloads.remote.block_dangerous_host', - 'browser.safebrowsing.provider.google.gethashURL', - 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google.reportURL', - 'browser.safebrowsing.provider.google.updateURL', - 'browser.safebrowsing.provider.google4.dataSharing.enabled', - 'browser.safebrowsing.provider.google4.dataSharingURL', - 'browser.safebrowsing.provider.google4.gethashURL', - 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google4.reportURL', - 'browser.safebrowsing.provider.google4.updateURL', - 'browser.safebrowsing.provider.mozilla.gethashURL', - 'browser.safebrowsing.provider.mozilla.updateURL', - 'browser.safebrowsing.reportPhishURL', - 'browser.sessionhistory.max_total_viewers', - 'browser.sessionstore.max_windows_undo', - 'browser.slowStartup.maxSamples', - 'browser.slowStartup.notificationDisabled', - 'browser.slowStartup.samples', - 'browser.storageManager.enabled', - 'browser.urlbar.autoFill.typed', - 'browser.urlbar.filter.javascript', - 'browser.urlbar.maxHistoricalSearchSuggestions', - 'browser.urlbar.userMadeSearchSuggestionsChoice', - 'canvas.capturestream.enabled', - 'dom.allow_scripts_to_close_windows', - 'dom.disable_window_flip', - 'dom.forms.datetime', - 'dom.imagecapture.enabled', - 'dom.popup_maximum', - 'extensions.webextensions.keepStorageOnUninstall', - 'extensions.webextensions.keepUuidOnUninstall', - 'font.blacklist.underline_offset', - 'font.name.monospace.x-unicode', - 'font.name.monospace.x-western', - 'font.name.sans-serif.x-unicode', - 'font.name.sans-serif.x-western', - 'font.name.serif.x-unicode', - 'font.name.serif.x-western', - 'gfx.offscreencanvas.enabled', - 'javascript.options.shared_memory', - 'layout.css.font-loading-api.enabled', - 'media.gmp-gmpopenh264.autoupdate', - 'media.gmp-gmpopenh264.enabled', - 'media.gmp-manager.updateEnabled', - 'media.gmp-manager.url', - 'media.gmp-manager.url.override', - 'media.gmp-widevinecdm.autoupdate', - 'media.gmp.trial-create.enabled', - 'media.navigator.video.enabled', - 'media.peerconnection.ice.tcp', - 'media.peerconnection.identity.enabled', - 'media.peerconnection.identity.timeout', - 'media.peerconnection.turn.disable', - 'media.peerconnection.use_document_iceservers', - 'media.peerconnection.video.enabled', - 'network.auth.subresource-img-cross-origin-http-auth-allow', - 'network.cookie.leave-secure-alone', - 'network.cookie.same-site.enabled', - 'network.dnsCacheEntries', - 'network.dnsCacheExpiration', - 'network.http.fast-fallback-to-IPv4', - 'network.proxy.autoconfig_url.include_path', - 'offline-apps.quota.warn', - 'pdfjs.enableWebGL', - 'plugin.default.state', - 'plugin.defaultXpi.state', - 'plugin.scan.plid.all', - 'privacy.trackingprotection.annotate_channels', - 'privacy.trackingprotection.lower_network_priority', - 'privacy.trackingprotection.pbmode.enabled', - 'privacy.trackingprotection.ui.enabled', - 'security.data_uri.block_toplevel_data_uri_navigations', - 'security.insecure_field_warning.contextual.enabled', - 'security.insecure_password.ui.enabled', - 'security.tls.version.fallback-limit', - 'services.blocklist.addons.collection', - 'services.blocklist.gfx.collection', - 'services.blocklist.onecrl.collection', - 'services.blocklist.plugins.collection', - 'services.blocklist.signing.enforced', - 'services.blocklist.update_enabled', - 'signon.autofillForms.http', - 'signon.storeWhenAutocompleteOff', - 'toolkit.telemetry.cachedClientID', - 'urlclassifier.trackingTable', - 'xpinstall.whitelist.required', - /* 60 or lower */ - 'browser.migrate.automigrate.enabled', - 'browser.search.geoip.timeout', - 'browser.search.reset.enabled', - 'browser.search.reset.whitelist', - 'browser.stopReloadAnimation.enabled', - 'browser.tabs.insertRelatedAfterCurrent', - 'browser.tabs.loadDivertedInBackground', - 'browser.tabs.loadInBackground', - 'browser.tabs.selectOwnerOnClose', - 'browser.urlbar.clickSelectsAll', - 'browser.urlbar.doubleClickSelectsAll', - 'device.storage.enabled', - 'dom.keyboardevent.dispatch_during_composition', - 'dom.presentation.controller.enabled', - 'dom.presentation.discoverable', - 'dom.presentation.discovery.enabled', - 'dom.presentation.enabled', - 'dom.presentation.receiver.enabled', - 'dom.presentation.session_transport.data_channel.enable', - 'dom.vr.oculus.enabled', - 'dom.vr.openvr.enabled', - 'dom.vr.osvr.enabled', - 'extensions.pocket.api', - 'extensions.pocket.oAuthConsumerKey', - 'extensions.pocket.site', - 'general.useragent.compatMode.firefox', - 'geo.wifi.xhr.timeout', - 'gfx.layerscope.enabled', - 'media.flac.enabled', - 'media.mediasource.enabled', - 'media.mediasource.mp4.enabled', - 'media.mediasource.webm.audio.enabled', - 'media.mediasource.webm.enabled', - 'media.mp4.enabled', - 'media.ogg.enabled', - 'media.ogg.flac.enabled', - 'media.opus.enabled', - 'media.raw.enabled', - 'media.wave.enabled', - 'media.webm.enabled', - 'media.webspeech.recognition.enable', - 'media.wmf.amd.vp9.enabled', - 'media.wmf.enabled', - 'media.wmf.vp9.enabled', - 'network.dns.blockDotOnion', - 'network.stricttransportsecurity.preloadlist', - 'security.block_script_with_wrong_mime', - 'security.fileuri.strict_origin_policy', - 'security.sri.enable', - 'services.sync.enabled', - 'ui.submenuDelay', - 'webextensions.storage.sync.enabled', - 'webextensions.storage.sync.serverURL', - // excluding these e10 settings - // 'browser.tabs.remote.autostart', - // 'browser.tabs.remote.autostart.2', - // 'browser.tabs.remote.force-enable', - // 'browser.tabs.remote.separateFileUriProcess', - // 'extensions.e10sBlocksEnabling', - // 'extensions.webextensions.remote', - // 'dom.ipc.processCount', - // 'dom.ipc.shims.enabledWarnings', - // 'dom.ipc.processCount.extension', - // 'dom.ipc.processCount.file', - // 'security.sandbox.content.level', - // 'dom.ipc.plugins.sandbox-level.default', - // 'dom.ipc.plugins.sandbox-level.flash', - // 'security.sandbox.logging.enabled', /* IMPORTANT: last active pref must not have a trailing comma */ /* reset parrot: check your open about:config after running the script */ From 336300a274a7721616d7e8109facca984b05f727 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 08:39:50 +0000 Subject: [PATCH 076/110] v118 removed these are all at default now as of at least ESR115 --- scratchpad-scripts/arkenfox-cleanup.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 2878031..e06b998 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -32,7 +32,7 @@ const aPREFS = [ /* DEPRECATED */ - /* 116+ */ + /* 116-128 */ 'dom.webnotifications.serviceworker.enabled', // 117 'layout.css.font-visibility.resistFingerprinting', // 116 'permissions.delegation.enabled', // 118 @@ -59,9 +59,14 @@ 'security.ssl3.rsa_des_ede3_sha', // 93 /* REMOVED */ - /* 116+ */ + /* 116-128 */ + 'browser.fixup.alternate.enabled', + 'browser.urlbar.dnsResolveSingleWordsAfterSearch', 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', + 'privacy.partition.always_partition_third_party_non_cookie_storage', + 'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage', + 'privacy.partition.serviceWorkers', /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', From f0513b7e64160c80f6e2430a5f3155ee855abdcf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 11:41:47 +0000 Subject: [PATCH 077/110] inactive prefs no longer needed encryption prefs false since FF109, taskbar since jesus or whatever --- scratchpad-scripts/arkenfox-cleanup.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index e06b998..fea7a68 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -61,12 +61,15 @@ /* REMOVED */ /* 116-128 */ 'browser.fixup.alternate.enabled', + 'browser.taskbar.previews.enable', 'browser.urlbar.dnsResolveSingleWordsAfterSearch', 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', 'privacy.partition.always_partition_third_party_non_cookie_storage', 'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage', 'privacy.partition.serviceWorkers', + 'security.ssl3.ecdhe_ecdsa_aes_128_sha', + 'security.ssl3.ecdhe_ecdsa_aes_256_sha', /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', From bd2e5b8d1d477951d929ea7d79ceb7a13fc322a4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 11:47:49 +0000 Subject: [PATCH 078/110] undo encryption they're not default false since 108, that was nightly only --- scratchpad-scripts/arkenfox-cleanup.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index fea7a68..d8ddf31 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -68,8 +68,6 @@ 'privacy.partition.always_partition_third_party_non_cookie_storage', 'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage', 'privacy.partition.serviceWorkers', - 'security.ssl3.ecdhe_ecdsa_aes_128_sha', - 'security.ssl3.ecdhe_ecdsa_aes_256_sha', /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', From 56f51203bf4fea8aa778b792269205d275a62665 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 21 Sep 2023 12:36:35 +0000 Subject: [PATCH 079/110] point to archived version --- scratchpad-scripts/arkenfox-cleanup.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index d8ddf31..e2487fc 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,10 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 18-September-2023 + There is an archived version at https://github.com/arkenfox/user.js/issues/1080 + if you want the full list prior to FF118 + + Last updated: 22-September-2023 Instructions: - [optional] close Firefox and backup your profile From 6e79d1bba6a932480a938bec5c2cee0388e586b9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 29 Sep 2023 10:52:55 +0000 Subject: [PATCH 080/110] deprecated v118 --- scratchpad-scripts/arkenfox-cleanup.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index e2487fc..6f783a4 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/1080 if you want the full list prior to FF118 - Last updated: 22-September-2023 + Last updated: 29-September-2023 Instructions: - [optional] close Firefox and backup your profile @@ -37,7 +37,10 @@ /* DEPRECATED */ /* 116-128 */ 'dom.webnotifications.serviceworker.enabled', // 117 + 'layout.css.font-visibility.private', // 118 'layout.css.font-visibility.resistFingerprinting', // 116 + 'layout.css.font-visibility.standard', // 118 + 'layout.css.font-visibility.trackingprotection', // 118 'permissions.delegation.enabled', // 118 'security.family_safety.mode', // 117 /* 103-115 */ From f54d632da585a08185c6164017d79315c331181f Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 7 Oct 2023 10:33:49 +0000 Subject: [PATCH 081/110] v2.0 - improve root check --- prefsCleaner.sh | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index f36732c..6586609 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,23 +2,12 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.9 +## version: 2.0 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() ) -# Check if running as root and if any files have the owner/group as root/wheel. -if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n" - exit 1 -elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then - printf 'It looks like this script was previously run with elevated privileges, -you will need to change ownership of the following files to your user:\n' - find . -user 0 -o -group 0 - exit 1 -fi - readonly CURRDIR=$(pwd) ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) @@ -143,13 +132,23 @@ done ## change directory to the Firefox profile directory cd "$(dirname "${SCRIPT_FILE}")" +# Check if running as root and if any files have the owner/group as root/wheel. +if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then + fQuit 1 "You shouldn't run this with elevated privileges (such as with doas/sudo)." +elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + fQuit 1 +fi + [ "$AUTOUPDATE" = true ] && update_prefsCleaner "$@" echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.9 ║" +echo " ║ v2.0 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 3fdcb28b8f1992b66e43582810488413b39ebdb3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Oct 2023 14:03:40 +0000 Subject: [PATCH 082/110] v118 (#1724) --- user.js | 212 ++++++++++++++++++++++++-------------------------------- 1 file changed, 92 insertions(+), 120 deletions(-) diff --git a/user.js b/user.js index 5e54f30..4798b8a 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,9 @@ /****** * name: arkenfox user.js -* date: 17 September 2023 -* version: 117 -* url: https://github.com/arkenfox/user.js +* date: 18 October 2023 +* version: 118 +* urls: https://github.com/arkenfox/user.js [repo] +* : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * README: @@ -26,15 +27,15 @@ * RELEASES: https://github.com/arkenfox/user.js/releases - * It is best to use the arkenfox release that is optimized for and matches your Firefox version - * EVERYONE: each release - - run prefsCleaner to reset prefs made inactive, including deprecated (9999s) - ESR102 - - If you are not using arkenfox v102-1... (not a definitive list) - - 2815: clearOnShutdown cookies + offlineApps should be false - - 9999: switch the appropriate deprecated section(s) back on - * ESR115 - - use https://github.com/arkenfox/user.js/releases/tag/115.1 + * Use the arkenfox release that matches your Firefox version + - DON'T wait for arkenfox to update Firefox, nothing major changes these days + * Each release + - run prefsCleaner to reset prefs made inactive, including deprecated (9999) + * ESR + - It is recommended to not use the updater, or you will get a later version which may cause issues. + So you should manually append your overrides (and keep a copy), and manually update when you + change ESR releases (arkenfox is already past that release) + - If you decide to keep updating, then the onus is on - also see section 9999 * INDEX: @@ -48,7 +49,6 @@ 0900: PASSWORDS 1000: DISK AVOIDANCE 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) - 1400: FONTS 1600: REFERERS 1700: CONTAINERS 2000: PLUGINS / MEDIA / WEBRTC @@ -56,14 +56,14 @@ 2600: MISCELLANEOUS 2700: ETP (ENHANCED TRACKING PROTECTION) 2800: SHUTDOWN & SANITIZING - 4500: RFP (RESIST FINGERPRINTING) + 4500: RFP (resistFingerprinting) 5000: OPTIONAL OPSEC 5500: OPTIONAL HARDENING 6000: DON'T TOUCH 7000: DON'T BOTHER 8000: DON'T BOTHER: FINGERPRINTING 9000: NON-PROJECT RELATED - 9999: DEPRECATED / REMOVED / LEGACY / RENAMED + 9999: DEPRECATED / RENAMED ******/ @@ -132,6 +132,9 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ user_pref("browser.discovery.enabled", false); +/* 0323: disable shopping experience [FF116+] + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1840156#c0 ***/ +user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false] /** TELEMETRY ***/ /* 0330: disable new data submission [FF41+] @@ -269,11 +272,11 @@ user_pref("network.proxy.socks_remote_dns", true); user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] /* 0704: disable GIO as a potential proxy bypass vector * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, - * dav, cdda, gphoto2, trash, etc. By default only sftp is accepted (FF87+) + * dav, cdda, gphoto2, trash, etc. From FF87-117, by default only sftp was accepted * [1] https://bugzilla.mozilla.org/1433507 * [2] https://en.wikipedia.org/wiki/GVfs * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/ -user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] +user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" FF118+] /* 0705: disable proxy direct failover for system requests [FF91+] * [WARNING] Default true is a security feature against malicious extensions [1] * [SETUP-CHROME] If you use a proxy and you trust your extensions @@ -305,36 +308,30 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false); /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); -/* 0802: disable location bar domain guessing - * domain guessing intercepts DNS "hostname not found errors" and resends a - * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work - * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com - * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't - * intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack), - * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/ -user_pref("browser.fixup.alternate.enabled", false); // [DEFAULT: false FF104+] -/* 0804: disable live search suggestions +/* 0801: disable location bar making speculative connections [FF56+] + * [1] https://bugzilla.mozilla.org/1348275 ***/ +user_pref("browser.urlbar.speculativeConnect.enabled", false); +/* 0802: disable location bar contextual suggestions [FF92+] + * [SETTING] Privacy & Security>Address Bar>Suggestions from... + * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ +user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] +user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); +/* 0803: disable live search suggestions * [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); user_pref("browser.urlbar.suggest.searches", false); -/* 0805: disable location bar making speculative connections [FF56+] - * [1] https://bugzilla.mozilla.org/1348275 ***/ -user_pref("browser.urlbar.speculativeConnect.enabled", false); -/* 0806: disable location bar leaking single words to a DNS provider **after searching** [FF78+] - * 0=never resolve, 1=use heuristics, 2=always resolve - * [1] https://bugzilla.mozilla.org/1642623 ***/ -user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [DEFAULT: 0 FF104+] -/* 0807: disable location bar contextual suggestions [FF92+] - * [SETTING] Privacy & Security>Address Bar>Suggestions from... - * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ -user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] -user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); -/* 0808: disable tab-to-search [FF85+] - * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search - * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ - // user_pref("browser.urlbar.suggest.engines", false); +/* 0805: disable urlbar trending search suggestions [FF118+] + * [SETTING] Search>Search Suggestions>Show trending search suggestions (FF119) ***/ +user_pref("browser.urlbar.trending.featureGate", false); +/* 0806: disable urlbar suggestions ***/ +user_pref("browser.urlbar.addons.featureGate", false); // [FF115+] +user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF] +user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false] +user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false] +/* 0807: disable urlbar clipboard suggestions [FF118+] ***/ + // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: false] /* 0810: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2811) @@ -342,6 +339,10 @@ user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ user_pref("browser.formfill.enable", false); +/* 0815: disable tab-to-search [FF85+] + * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search + * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ + // user_pref("browser.urlbar.suggest.engines", false); /* 0820: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing @@ -499,18 +500,6 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); -/*** [SECTION 1400]: FONTS ***/ -user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); -/* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] - * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed - * In normal windows: uses the first applicable: RFP over TP over Standard - * In Private Browsing windows: uses the most restrictive between normal and private - * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts - * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ - // user_pref("layout.css.font-visibility.private", 1); - // user_pref("layout.css.font-visibility.standard", 1); - // user_pref("layout.css.font-visibility.trackingprotection", 1); - /*** [SECTION 1600]: REFERERS full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html @@ -558,11 +547,9 @@ user_pref("dom.disable_window_move_resize", true); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); -/* 2601: prevent accessibility services from accessing your browser [RESTART] - * [1] https://support.mozilla.org/kb/accessibility-services ***/ -user_pref("accessibility.force_disabled", 1); -/* 2603: remove temp files opened with an external application - * [1] https://bugzilla.mozilla.org/302433 ***/ +/* 2603: remove temp files opened from non-PB windows with an external application + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=302433,1738574 ***/ +user_pref("browser.download.start_downloads_in_tmp_dir", true); // [FF102+] user_pref("browser.helperApps.deleteTempFileOnExit", true); /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); @@ -599,12 +586,6 @@ user_pref("network.IDN_show_punycode", true); * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] -/* 2623: disable permissions delegation [FF73+] - * Currently applies to cross-origin geolocation, camera, mic and screen-sharing - * permissions, and fullscreen requests. Disabling delegation means any prompts - * for these will show/use their correct 3rd party origin - * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/ -user_pref("permissions.delegation.enabled", false); /* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */ user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX] @@ -625,8 +606,7 @@ user_pref("browser.download.always_ask_before_handling_new_types", true); /* 2660: lock down allowed extension directories * [SETUP-CHROME] This will break extensions, language packs, themes and any other * XPI files which are installed outside of profile and application directories - * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - * [1] https://archive.is/DYjAM (archived) ***/ + * [1] https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF] user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] /* 2661: disable bypassing 3rd party extension install prompts [FF82+] @@ -653,11 +633,6 @@ user_pref("browser.contentblocking.category", "strict"); * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ // user_pref("privacy.antitracking.enableWebcompat", false); -/* 2710: enable state partitioning of service workers [FF96+] ***/ -user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] -/* 2720: enable APS (Always Partitioning Storage) ***/ -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+] -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] [DEFAULT: false FF109+] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); @@ -716,7 +691,7 @@ user_pref("privacy.cpd.cookies", false); * which will display a blank value, and are not guaranteed to work ***/ user_pref("privacy.sanitize.timeSpan", 0); -/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) +/*** [SECTION 4500]: RFP (resistFingerprinting) RFP covers a wide range of ongoing fingerprinting solutions. It is an all-or-nothing buy in: you cannot pick and choose what parts you want [TEST] https://arkenfox.github.io/TZP/tzp.html @@ -730,7 +705,7 @@ user_pref("privacy.sanitize.timeSpan", 0); FF56 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API - version: android version spoofed as ESR + version: android version spoofed as ESR (FF119 or lower) OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android 1369319 - disable device sensor API 1369357 - disable site specific zoom @@ -772,7 +747,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 1794628 - return "none" with inverted-colors (FF114) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); -/* 4501: enable privacy.resistFingerprinting +/* 4501: enable RFP * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme * [NOTE] pbmode applies if true and the original pref is false @@ -787,7 +762,7 @@ user_pref("privacy.window.maxInnerHeight", 900); /* 4503: disable mozAddonManager Web API [FF57+] * [NOTE] To allow extensions to work on AMO, you also need 2662 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ -user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF FF57-108] +user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); /* 4504: enable RFP letterboxing [FF67+] * Dynamically resizes the inner window by applying margins in stepped ranges [2] * If you use the dimension pref, then it will only apply those resolutions. @@ -894,8 +869,6 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("browser.taskbar.lists.frequent.enabled", false); // user_pref("browser.taskbar.lists.recent.enabled", false); // user_pref("browser.taskbar.lists.tasks.enabled", false); -/* 5015: disable Windows taskbar preview [WINDOWS] ***/ - // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false] /* 5016: discourage downloading to desktop * 0=desktop, 1=downloads (default), 2=custom * [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/ @@ -952,7 +925,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * Vulnerabilities [1] have increasingly been found, including those known and fixed * in native programs years ago [2]. WASM has powerful low-level access, making * certain attacks (brute-force) and vulnerabilities more possible - * [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising [2][3] + * [STATS] ~0.2% of websites, about half of which are for cryptomining / malvertising [2][3] * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ @@ -982,7 +955,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * Firefox uses the system DNS to initially resolve the IP address of your DoH server. * When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox * won't use the system DNS. If the IP doesn't match then DoH won't work ***/ - // user_pref("network.trr.bootstrapAddr", "10.0.0.1") // [HIDDEN PREF] + // user_pref("network.trr.bootstrapAddr", "10.0.0.1"); // [HIDDEN PREF] /*** [SECTION 6000]: DON'T TOUCH ***/ user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); @@ -1014,7 +987,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6012: enforce Quarantined Domains [FF115+] * [WHY] https://support.mozilla.org/kb/quarantined-domains */ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] -/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ +/* 6050: prefsCleaner: previously active items removed from arkenfox 102-114 ***/ // user_pref("beacon.enabled", ""); // user_pref("browser.startup.blankWindow", ""); // user_pref("browser.newtab.preload", ""); @@ -1031,8 +1004,21 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] // user_pref("extensions.formautofill.creditCards.available", ""); // user_pref("extensions.formautofill.creditCards.supported", ""); // user_pref("middlemouse.contentLoadURL", ""); -/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/ +/* 6051: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ + // user_pref("accessibility.force_disabled", ""); + // user_pref("browser.fixup.alternate.enabled", ""); + // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", ""); // user_pref("network.protocol-handler.external.ms-windows-store", ""); + // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", ""); + // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", ""); + // user_pref("privacy.partition.serviceWorkers", ""); +/* 6052: prefsCleaner: deprecated ESR102 items from FF103-115 ***/ + // user_pref("browser.cache.offline.enable", ""); + // user_pref("extensions.formautofill.heuristics.enabled", ""); + // user_pref("network.cookie.lifetimePolicy", ""); + // user_pref("privacy.clearsitedata.cache.enabled", ""); + // user_pref("privacy.resistFingerprinting.testGranularityMask", ""); + // user_pref("security.pki.sha1_enforcement_level", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1057,8 +1043,8 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7003: disable non-modern cipher suites [1] * [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks * [1] https://browserleaks.com/ssl ***/ - // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT: false FF109+] - // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: false FF109+] + // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS @@ -1110,8 +1096,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/ // user_pref("privacy.donottrackheader.enabled", true); /* 7016: customize ETP settings + * [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/ - // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5 FF103+] + // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5] + // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] // user_pref("privacy.partition.network_state.ocsp_cache", true); @@ -1182,42 +1170,8 @@ user_pref("browser.messaging-system.whatsNewPanel.enabled", false); * [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/ user_pref("browser.urlbar.showSearchTerms.enabled", false); -/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1] - [1] https://github.com/arkenfox/user.js/issues/123 -***/ +/*** [SECTION 9999]: DEPRECATED / RENAMED ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* ESR102.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable active ones -// FF103 -// 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) - // 0=keep until they expire (default), 2=keep until you close Firefox - // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761 -user_pref("network.cookie.lifetimePolicy", 2); -// 6012: disable SHA-1 certificates - // [-] https://bugzilla.mozilla.org/1766687 - // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1] -// FF114 -// 2816: set cache to clear on exit [FF96+] - // [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust - // [1] https://bugzilla.mozilla.org/1671182 - // [-] https://bugzilla.mozilla.org/1821651 - // user_pref("privacy.clearsitedata.cache.enabled", true); -// 4505: experimental RFP [FF91+] - // [-] https://bugzilla.mozilla.org/1824235 - // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); -// 5017: disable Form Autofill heuristics - // Heuristics controls Form Autofill on forms without @autocomplete attributes - // [-] https://bugzilla.mozilla.org/1829670 - // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] -// FF115 - // 7001: disable offline cache (appCache) - // [NOTE] appCache storage capability was removed in FF90 - // [-] https://bugzilla.mozilla.org/1677718 - // user_pref("browser.cache.offline.enable", false); -// ***/ - /* ESR115.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable active ones // FF116 @@ -1237,6 +1191,24 @@ user_pref("security.family_safety.mode", 0); // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ // [-] https://bugzilla.mozilla.org/1842457 // user_pref("dom.webnotifications.serviceworker.enabled", false); +// FF118 +// 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] + // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed + // In normal windows: uses the first applicable: RFP over TP over Standard + // In Private Browsing windows: uses the most restrictive between normal and private + // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts + // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc + // [-] https://bugzilla.mozilla.org/1847599 + // user_pref("layout.css.font-visibility.private", 1); + // user_pref("layout.css.font-visibility.standard", 1); + // user_pref("layout.css.font-visibility.trackingprotection", 1); +// 2623: disable permissions delegation [FF73+] + // Currently applies to cross-origin geolocation, camera, mic and screen-sharing + // permissions, and fullscreen requests. Disabling delegation means any prompts + // for these will show/use their correct 3rd party origin + // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion + // [-] https://bugzilla.mozilla.org/1697151 + // user_pref("permissions.delegation.enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From 35e8def0b1e5ecf1198e7efe41cfe6aa0415b320 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Oct 2023 14:59:33 +0000 Subject: [PATCH 083/110] network.dns.skipTRR-when-parental-control-enabled --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6f783a4..edb18c9 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/1080 if you want the full list prior to FF118 - Last updated: 29-September-2023 + Last updated: 18-October-2023 Instructions: - [optional] close Firefox and backup your profile @@ -41,6 +41,7 @@ 'layout.css.font-visibility.resistFingerprinting', // 116 'layout.css.font-visibility.standard', // 118 'layout.css.font-visibility.trackingprotection', // 118 + 'network.dns.skipTRR-when-parental-control-enabled', // 119 'permissions.delegation.enabled', // 118 'security.family_safety.mode', // 117 /* 103-115 */ From e2681baec38e7ad09fe1f81c6da5ff84c81b7117 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 1 Nov 2023 22:02:55 +0000 Subject: [PATCH 084/110] javascript.use_us_english_locale https://bugzilla.mozilla.org/1846224 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index edb18c9..18de648 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/1080 if you want the full list prior to FF118 - Last updated: 18-October-2023 + Last updated: 2-November-2023 Instructions: - [optional] close Firefox and backup your profile @@ -37,6 +37,7 @@ /* DEPRECATED */ /* 116-128 */ 'dom.webnotifications.serviceworker.enabled', // 117 + 'javascript.use_us_english_locale', // 119 'layout.css.font-visibility.private', // 118 'layout.css.font-visibility.resistFingerprinting', // 116 'layout.css.font-visibility.standard', // 118 From d94d68245f77665546f9b736f430540295e6229e Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 2 Nov 2023 16:18:47 -0400 Subject: [PATCH 085/110] Add favicon for Mull Signed-off-by: Tad --- wikipiki/logo-mull.png | Bin 0 -> 1566 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/logo-mull.png diff --git a/wikipiki/logo-mull.png b/wikipiki/logo-mull.png new file mode 100644 index 0000000000000000000000000000000000000000..d80042f89f667fa7bd1370547fdf5a16030eac4c GIT binary patch literal 1566 zcmV+(2I2XMP)F7{|M0Zr|pX#l%f}Z_j-JT3T8zv{0a>Edna)bW#LL@4bBq$v!O0KF&p>+4jL~ zI%AA3i^(>pU#2c`x-4-spz&q%1)T`UOG}3@6o`t6Q&I5QITvnMO3Ri^=l09HriRg$Ohoo_|_q=QPc8t}PH>B_f^*z_2zP7@|TG zSTLpWI29VeKlcyOLEk?CB8CxO3iL4Ip>9^X-ph#NSfB`r6EP%(2*564{Jp*&w&t&b z9hTLw&$tHKSxE&trtAz3*v19sVYub^*`^_FXzw5$JQ_jL@dzUyh#+xu6v^Hb+WObk zcYBchGch}z?Srq)t6{6K5Rwvl2WW&oq5teFFyR5Ny{~ zpFs#65p~wKq@7a!msru1M9$jIb8O2Nrs~2KR)qDoWl&k+o+hueLU}jJNQW>$@F)pZ z>8_Xo;BvX3E~^N5!~h0Rbd?H3G68fjO|fjA1tJ5_L7m)##u_R2BwVrmJ$OQ0Smh+4XkgP(%GHoaP&Z@~AK=K|9PO5iEu-zta0>F(4%|=sN z0Jko;KNCO&XS|jUpun65i#)Cbz%I+1%KHOM;9bpao%}Km)5raZXMSIGs)ifbR{xHi4nsv;B+{^Q&tSlA_2-BWneOypobQJO$9i^HFOA; zJn%S6q1t5!hs^?RXBp&Vaf9qs^4z@eF!(l!6lCEjd z>-FHkE84JbE%+Mhpu{SGAPCS$NtaRq&T{pgwn9Mx{bbWeu(YBaT&2ahnhcM3a*I#m zcgB({CZ-GQRRH327^zvEs_ps}=UwIHP-?Y+0|$1Nm4MM`geWDorvkKb4W0RB6Sy6A zaM=k6u6=wAn@u&BQ`bWqAeL?ih^`>{zDFp!Z8n>goFD)< zsNg^0nh-hjf_yVn6&Bw)$NR?8t$u0;2Kuo#Isc8B%vJqD)t^kR4E*d?DggfG zk0xh(3s-wKlewxWEq$mNqC+I3k6`_T^)Lg(xE<*SiMb7B4`u3vC4A0^atxdyj{ly> zu=0mdR&MP@a%%(y+BL%qLtI=NT#Exfo^2O)=oYt1I_rf&ZEz&hx8Mr$-}H0Vj!(I& zQ?socLrmaL@w#rEoTC|`0|IWtd*a$q{fIVLcymE`;SD;hk88sX%2+lvu3euz_Xn!^ zVa^Mi4K=XIxCFk*UX^Sx*2y+qS2G>={DXZcD0Z?TV-#mSKKJ5oB#FI9+Bd)i3pKbB zpPOy28`1`=u;E?RxD~Adw?R@r%hY9m-E0-@9oM0*no0&IWC4S`W8x%Cp`B(0SH#y%+>hBT8JNN&6IenJ;10M|{r9y|- Q$^ZZW07*qoM6N<$g8weihyVZp literal 0 HcmV?d00001 From 96210522d8ed072565c3d5abcbcdb0a024aa7e01 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 2 Nov 2023 20:36:12 +0000 Subject: [PATCH 086/110] Add favicon for LibreWolf --- wikipiki/logo-librewolf.png | Bin 0 -> 1253 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/logo-librewolf.png diff --git a/wikipiki/logo-librewolf.png b/wikipiki/logo-librewolf.png new file mode 100644 index 0000000000000000000000000000000000000000..0bb9299cb2ce9fa60787c4abdaee86f6af98dd26 GIT binary patch literal 1253 zcmaKqeK6Ds9L9g8$-6{~)49&eo-ScabdB_ayzDZY6_Rw`dU4|-=3J+otvf<*r@|q5 z>$qiY)@xp3$;%>XR#1R6H9ZpQ&#v$fglKF z2YVYA>EHC%$;n9FCMT|mAXXaEsIImEh%yj&Krok81S02eW-Wu%3qTYuvlOJtUv_E! z9zG=hg!e6J@&W#b|Fb9!|E(1TkYQmJ3#$tuTL?KeIp%%Ecz=MawJb3bOq!nJR@NLKOM>x@epvU;S z6Q?^7+=-AU2z`QZKECDSTo=B73Pv|B_8__!F}=9di&z2T1c(>lav!et;rcVA_9JHy zzYHOF2)_!!6rx}ltYH+5fHQ*P5tNLgbQEQys1%_}glZ9L#_(VawPUCo19u$t<9PTA z{I}?N2f-xzCh=k#!Wq1r#po=4pMz))<8yd5kJt0~V;&P?yb&24IKX>IT14+&q2#>OY7rsw9xlIK)~Ug_@49BlTvYH9^=WskV5SQj;zoq14D zVie>-5||pUTQIVtJZt0lc$z=r><*GkaN3$07-5odPp#v{_)us~y-?D6y=!yvq?b2) zi%Gq>RgqQy*JSq#GEzv>w8Db?qSU9>5~*s^4}aB zGMf_Z*krBb7oXwK5D`lcc|h72^uyh6*76vo`*u5~-M*7`t9klaV6t(7C&Bve+Roet zruNy4$l%y=4a!!_c`)Ot7G zE4V+JA9&2hub(~2SzY%jC4>GI`DUbBTk5Ugy`M1XmTx@6Rf{F%Df`Exj*1l&8fDmF zvSjW0z+EvuNi%yhjTp`>y^*UaR>sY={MQ3FEl)l@uCxPPUDS4i8hI67w4PYaP?B+R zW-XsJZAvFu&rjHEc)3${M6(w6wE1N9K3DBjVJjh5 literal 0 HcmV?d00001 From 29bb5a35f0908143f395b86263746988168c7966 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 2 Nov 2023 21:17:15 +0000 Subject: [PATCH 087/110] rename/add icons (#1760) --- .../{logo-librewolf.png => icon-librewolf.png} | Bin wikipiki/{logo-mull.png => icon-mull.png} | Bin wikipiki/icon-mullvadbrowser.png | Bin 0 -> 1237 bytes wikipiki/icon-torbrowser.png | Bin 0 -> 2044 bytes 4 files changed, 0 insertions(+), 0 deletions(-) rename wikipiki/{logo-librewolf.png => icon-librewolf.png} (100%) rename wikipiki/{logo-mull.png => icon-mull.png} (100%) create mode 100644 wikipiki/icon-mullvadbrowser.png create mode 100644 wikipiki/icon-torbrowser.png diff --git a/wikipiki/logo-librewolf.png b/wikipiki/icon-librewolf.png similarity index 100% rename from wikipiki/logo-librewolf.png rename to wikipiki/icon-librewolf.png diff --git a/wikipiki/logo-mull.png b/wikipiki/icon-mull.png similarity index 100% rename from wikipiki/logo-mull.png rename to wikipiki/icon-mull.png diff --git a/wikipiki/icon-mullvadbrowser.png b/wikipiki/icon-mullvadbrowser.png new file mode 100644 index 0000000000000000000000000000000000000000..f5381b62a0d4809a258f70acad763ba9c1f25af1 GIT binary patch literal 1237 zcmV;`1SNkl9LFe#n)J+=hXhGahUuQ3?mp#^;vAZ}c5ii&Z*lJ_PF0<+>Z^0P{M)z% z(Seb}Cq@R>lwLu$ivVN-jLvn22*KR$Kn4U1hscOw8Nq_vfyzR&d9?cR(ds`E*!0X> zr!wgX21o{$_RSx@BQRehq0TjcnYmMnb;yl(=01AqC=QBrqP?^^kb!wVP>MCfBoh*5 z&Lc94zR3cNJPaAeE*yCRVY!*k#LUL~|B?an;x${l&DR~;rF}CuCDxa#Di>Ob#!4KR znH+Q_V67TR=2X%1W1o{i#)p;t%r36OItr9fFc1id;ZmI=<7Y54vdp{n#!rU;6u?AJ z0?QaE&BXdTAj}G2B_66>qVj7$fQS%SVq`pi`vv|tP^73j<`NNF4crSs)}27RxrBiD zc>2l9SQ}_(5CoH>O#ZRJ%#D&Egh3og35^dmd0>U~;d?I83`WaDD}a5mM4U_O-GL={ zh?$FqGO$8`ws>&I91|Dsq%ytaPHAG?cxo#g7{5euut^p~$^6QOW&^Nzcy|J{8U(LK zz8fI;J)mg}6oFhr%=6dl;LvCLh!EwE+NWwOB*7Vxf_2(6`bVGunea7UT6 z`U~T+eQow^|B;Dbp5WrOKcfHuniyNhW82Q4ffj}X;rcX}qJ=~+2^wI+@GBD&Af@-% z#>*VoI?vSHT1{Q4B8iWSL1dmyfz>wr=tUH0wTqahOo}|M;hRSXB z-u*4-FCOCD>{S!e#Q1jhY@0;=Eli}T1bKM7Aq)a$JtYXsHIT?bFuz!2cx?+Z7#o{o z-;N58%#Ep9uiO4@Ga4S9hk_wfBH<9hB|t(J)P;aEAOvqeSS$b#)4!J?l$p415fuab z?*EGKetv;QtEGMSypLAM0ZdoQ%-4!MynWFlGrwKn(weEq5H35@0PxY1G%Ez5oHfJimssQ?g^v2B8>7`VIi72LWfAzHfL?Vi9g8dhJv{ z2j6W#meDs*qp!b~{9b%}09wm3Ye&sNHzi0pMXzgUMkdKDVA0!Btasu2(h7+I?pPnd zoFgWte=9I^RX{-U5aJ~Y0eKEWF9NK-rvfRSV?-Q3)z2#UcnOhUxaDH{zJ&6BQVAZ9 z<&yY29Yh{T5)sPxI?FQQ3AzzTXDc0~m^@|lD)Pl!=QLL^2Ap<5>aIQ?0f$>|abn04y!UcCvVmV=I;9E3bU zPvhFir@I$Vo+&bBb%&I*_09xHy2o)l7nvQH9DbYLuY|crC z;(@t;8%v8QvHSQc*(ijmW>$ZdYPHIL1-I}wde@9m!FAfg00000NkvXXu0mjfs$V|y literal 0 HcmV?d00001 diff --git a/wikipiki/icon-torbrowser.png b/wikipiki/icon-torbrowser.png new file mode 100644 index 0000000000000000000000000000000000000000..ad7e8d1d3e70ad8a3262ccc4a4baacf91a2131b5 GIT binary patch literal 2044 zcmVex465A$CF{)K{DF#9M>93Y7Od>27R{=&sFe`?-bVZdZb19yzS1wT!oxslJOBMwkvk2ASx%GmE>wRKVSjbRt_wVPQPL=m`&N zbAejUe?#9acdcW>Xm6bO?Cc>UB?g5dh+`-CM!-LzXtsrJhYL2)J@W$}$-s$S(?!^cSJORqG3u1;X|`n)p$X6| zL_PfOZN7~9ih%clKx5W{W2X2{i&QpA5C5ou{B{%bml}BEXBDktLIvK+j>8i>7S}Q0 z!#HTB6UDI2Lm@q5w}obcBm=S$a9h61dAYkxY`Wh<@7Ge;`<*PZY*5Z!TM2OPrwgb| z`sljP!uCg9YA_3aAo6uLHTWMP@I!IPun`#umBd4S29o};MZXS#i0558<%!AH*0B69 zA8y`2KZDq|&q2T_t1BU1e_lC?T~DN8BuRxr1mb(gi&qOVfM4yraeyo;N{*Ta0vR*S zfHI^#mU=)muG`*CpKgvd#OO;N-g{+LNptr%GAjOZ&eBW+<7YfrDZCWbQCk?3r>*zgxq~tdBc(J4m>sK=~o|#{j}0?2{F*MYCx0vIR&!)g6UFN=2@B zvIcq|NlDM7c=6A3tIFf8pLZz;AXs=}`a(_hx!ndyP#lV)Y@14efhhP)mlcRsoe}Nj zr!8-FK_T@-Ypk%%f}LY#mIdao)>U7+JE63sayr!WOcr7gsw6MO03_;qJ%A$&G;2JX zB{W2r>x3p?_m74hB- zgyKKi0wQlC812Rvt~GG^l{IG4VNnU}+?Q7U_#m72-~zDCfdfwQcz zzBSK>lQa3vK&-d;D`QciF9GECPN+W|qkOUuEh8l`$c0e=vy$ zo-8PEXP%uEGS>3D{g3Aq+JF3EQHoMAz@ItW(tzofjYgxgx)Ky*4R=z!7b~ShG`C>U z@?I7!tqJbse5YJD*ZTepiv8O7Uw$)(sgartq4b>gJeEU+8JRr4$^ay-V&WIxJ*Q&^ zN{hTR2`b62&)=vj!bz0@eW;1g0a23bLyig$eeqkJ*z;Hxot%c=ypJa@)vW?|58h{COz8oIW)I^7~c>V$}PVaY(m&g_*M ztt|z(`F?=P2L=psxvD4OWC%|WeFpi>CZ@`3`0L4eX!gV;7rq!kyc;SO5FV56c@-av zb9H?fKn#PZnFSPg()mADaQW30+?uNE0mhnRqfeK%qNmqY)Sr2FrY(lX(Nguk39M6e z+x7j-_;KzWlxVVXvq1@Q?b%F)q_W$g){;Wqc?(fd#*zVOtY>PU8Nq>2}R zd>u7U!{w!==T`1ncO?7BL+KCF<0tuXP%bkqLVlAYGC32XC52d<#q;#5pnHCF#No?>+pwdeeALPNM^jmE)F0f&$5WJ9k$94+cDzeaMxF_ ztNE5~qFza3dD_DGpBt#H>MdQfgP{+5z99h3#MnXp$WbCbtVBALDkd_7?W%ag>Ey~* zC#o&+X{So-a+YT<^5%Q&Id50#<7{mBui2n`sc4wyK~Bm;Y`fT68BqX=Xl|-h0-yy@ z_{+dtEtMAg7ysM$Z~LE9c^%1KIlv`!zd_W;Rj`i%<<({-J>}xU7|wF6PX}hTypiEg a&Gm1|sgw5)O}6a-0000 Date: Fri, 10 Nov 2023 20:52:23 -0300 Subject: [PATCH 088/110] Correct archived version link in arkenfox-cleanup.js (#1763) --- scratchpad-scripts/arkenfox-cleanup.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 18de648..1e8df4d 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - There is an archived version at https://github.com/arkenfox/user.js/issues/1080 + There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list prior to FF118 Last updated: 2-November-2023 From f95c6829fe3c0fcc478756d7acbc55020d78b141 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 19 Nov 2023 09:56:47 +0000 Subject: [PATCH 089/110] fixup date/reference --- scratchpad-scripts/arkenfox-cleanup.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 1e8df4d..6956979 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -4,7 +4,7 @@ - deprecated by Mozilla but listed in the arkenfox user.js in the past There is an archived version at https://github.com/arkenfox/user.js/issues/123 - if you want the full list prior to FF118 + if you want the full list since jesus Last updated: 2-November-2023 From fd72683abe15de5cf57574125b64879e809cf5c4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 20 Nov 2023 02:49:16 +0000 Subject: [PATCH 090/110] v119 (#1757) --- user.js | 98 ++++++++++++++++++++++----------------------------------- 1 file changed, 37 insertions(+), 61 deletions(-) diff --git a/user.js b/user.js index 4798b8a..1772671 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 18 October 2023 -* version: 118 +* date: 20 November 2023 +* version: 119 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -40,7 +40,7 @@ * INDEX: 0100: STARTUP - 0200: GEOLOCATION / LANGUAGE / LOCALE + 0200: GEOLOCATION 0300: QUIETER FOX 0400: SAFE BROWSING 0600: BLOCK IMPLICIT OUTBOUND @@ -100,7 +100,7 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); -/*** [SECTION 0200]: GEOLOCATION / LANGUAGE / LOCALE ***/ +/*** [SECTION 0200]: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: use Mozilla geolocation service instead of Google if permission is granted [FF74+] * Optionally enable logging to the console (defaults to false) ***/ @@ -109,16 +109,8 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/ /* 0202: disable using the OS's geolocation service ***/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] -user_pref("geo.provider.use_gpsd", false); // [LINUX] +user_pref("geo.provider.use_gpsd", false); // [LINUX] [HIDDEN PREF] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] -/* 0210: set preferred language for displaying pages - * [SETTING] General>Language and Appearance>Language>Choose your preferred language... - * [TEST] https://addons.mozilla.org/about ***/ -user_pref("intl.accept_languages", "en-US, en"); -/* 0211: use en-US locale regardless of the system or region locale - * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ -user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIETER FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); @@ -268,7 +260,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost user_pref("network.proxy.socks_remote_dns", true); /* 0703: disable using UNC (Uniform Naming Convention) paths [FF61+] * [SETUP-CHROME] Can break extensions for profiles on network shares - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ + * [1] https://bugzilla.mozilla.org/1413868 ***/ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] /* 0704: disable GIO as a potential proxy bypass vector * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, @@ -297,8 +289,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 3); -/* 0711: disable skipping DoH when parental controls are enabled [FF70+] ***/ -user_pref("network.dns.skipTRR-when-parental-control-enabled", false); /* 0712: set DoH provider * The custom uri is the value shown when you "Choose provider>Custom>" * [NOTE] If you USE custom then "network.trr.uri" should be set the same @@ -311,11 +301,11 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar making speculative connections [FF56+] * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); -/* 0802: disable location bar contextual suggestions [FF92+] +/* 0802: disable location bar contextual suggestions * [SETTING] Privacy & Security>Address Bar>Suggestions from... * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] -user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); +user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] /* 0803: disable live search suggestions * [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine @@ -354,6 +344,10 @@ user_pref("browser.formfill.enable", false); * [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) * [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/ // user_pref("layout.css.visited_links_enabled", false); +/* 0830: enable separate default search engine in Private Windows and its UI setting + * [SETTING] Search>Default Search Engine>Choose a different default search engine for Private Windows only ***/ +user_pref("browser.search.separatePrivateDefault", true); // [FF70+] +user_pref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+] /*** [SECTION 0900]: PASSWORDS [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas @@ -396,7 +390,7 @@ user_pref("browser.sessionstore.privacy_level", 2); /* 1005: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); -/* 1006: disable favicons in shortcuts +/* 1006: disable favicons in shortcuts [WINDOWS] * URL shortcuts use a cached randomly named .ico file which is stored in your * profile/shortcutCache directory. The .ico remains after the shortcut is deleted * If set to false then the shortcuts use a generic Firefox icon ***/ @@ -417,7 +411,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * but the problem is that the browser can't know that. Setting this pref to true is the only way for the * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? - * [STATS] SSL Labs (Feb 2023) reports over 99.3% of top sites have secure renegotiation [4] + * [STATS] SSL Labs (Nov 2023) reports over 99.5% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -462,7 +456,7 @@ user_pref("security.cert_pinning.enforcement_level", 2); * 0 = disabled * 1 = consult CRLite but only collect telemetry * 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results - * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (FF99+, default FF100+) + * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default) * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071 * [2] https://blog.mozilla.org/security/tag/crlite/ ***/ user_pref("security.remote_settings.crlite_filters.enabled", true); @@ -471,7 +465,7 @@ user_pref("security.pki.crlite_mode", 2); /** MIXED CONTENT ***/ /* 1241: disable insecure passive content (such as images) on https pages ***/ // user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244) -/* 1244: enable HTTPS-Only mode in all windows [FF76+] +/* 1244: enable HTTPS-Only mode in all windows * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail) * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions) @@ -603,12 +597,13 @@ user_pref("browser.download.manager.addToRecentDocs", false); user_pref("browser.download.always_ask_before_handling_new_types", true); /** EXTENSIONS ***/ -/* 2660: lock down allowed extension directories - * [SETUP-CHROME] This will break extensions, language packs, themes and any other - * XPI files which are installed outside of profile and application directories +/* 2660: limit allowed extension directories + * 1=profile, 2=user, 4=application, 8=system, 16=temporary, 31=all + * The pref value represents the sum: e.g. 5 would be profile and application directories + * [SETUP-CHROME] Breaks usage of files which are installed outside allowed directories * [1] https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF] -user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] + // user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] /* 2661: disable bypassing 3rd party extension install prompts [FF82+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ user_pref("extensions.postDownloadThirdPartyPrompt", false); @@ -625,7 +620,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ -user_pref("browser.contentblocking.category", "strict"); +user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF] /* 2702: disable ETP web compat features [FF93+] * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants * Opener and redirect heuristics are granted for 30 days, see [3] @@ -703,7 +698,6 @@ user_pref("privacy.sanitize.timeSpan", 0); 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 - 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API version: android version spoofed as ESR (FF119 or lower) OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android @@ -716,7 +710,6 @@ user_pref("privacy.sanitize.timeSpan", 0); 1369309 - spoof media statistics 1382499 - reduce screen co-ordinate fingerprinting in Touch API 1217290 & 1409677 - enable some fingerprinting resistance for WebGL - 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist FF58+ 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) @@ -741,7 +734,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82) 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) - 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) + 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100-115) 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) 1422237 - return "srgb" with color-gamut (FF110) 1794628 - return "none" with inverted-colors (FF114) @@ -973,10 +966,9 @@ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), and enabling FPI * disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config ***/ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] -/* 6009: enforce SmartBlock shims [FF81+] - * In FF96+ these are listed in about:compat +/* 6009: enforce SmartBlock shims (about:compat) [FF81+] * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ -user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] +user_pref("extensions.webcompat.enable_shims", true); // [HIDDEN PREF] [DEFAULT: true] /* 6010: enforce no TLS 1.0/1.1 downgrades * [TEST] https://tls-v1-1.badssl.com:1010/ ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] @@ -987,38 +979,13 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6012: enforce Quarantined Domains [FF115+] * [WHY] https://support.mozilla.org/kb/quarantined-domains */ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] -/* 6050: prefsCleaner: previously active items removed from arkenfox 102-114 ***/ - // user_pref("beacon.enabled", ""); - // user_pref("browser.startup.blankWindow", ""); - // user_pref("browser.newtab.preload", ""); - // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); - // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); - // user_pref("browser.region.network.url", ""); - // user_pref("browser.region.update.enabled", ""); - // user_pref("browser.ssl_override_behavior", ""); - // user_pref("devtools.chrome.enabled", ""); - // user_pref("dom.disable_beforeunload", ""); - // user_pref("dom.disable_open_during_load", ""); - // user_pref("extensions.formautofill.available", ""); - // user_pref("extensions.formautofill.addresses.supported", ""); - // user_pref("extensions.formautofill.creditCards.available", ""); - // user_pref("extensions.formautofill.creditCards.supported", ""); - // user_pref("middlemouse.contentLoadURL", ""); -/* 6051: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ +/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ // user_pref("accessibility.force_disabled", ""); - // user_pref("browser.fixup.alternate.enabled", ""); // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", ""); // user_pref("network.protocol-handler.external.ms-windows-store", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", ""); // user_pref("privacy.partition.serviceWorkers", ""); -/* 6052: prefsCleaner: deprecated ESR102 items from FF103-115 ***/ - // user_pref("browser.cache.offline.enable", ""); - // user_pref("extensions.formautofill.heuristics.enabled", ""); - // user_pref("network.cookie.lifetimePolicy", ""); - // user_pref("privacy.clearsitedata.cache.enabled", ""); - // user_pref("privacy.resistFingerprinting.testGranularityMask", ""); - // user_pref("security.pki.sha1_enforcement_level", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1103,7 +1070,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] // user_pref("privacy.partition.network_state.ocsp_cache", true); - // user_pref("privacy.query_stripping.enabled", true); // [FF101+] [ETP FF102+] + // user_pref("privacy.query_stripping.enabled", true); // [FF101+] // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] @@ -1160,7 +1127,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan /*** [SECTION 9000]: NON-PROJECT RELATED ***/ user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!"); /* 9001: disable welcome notices ***/ -user_pref("browser.startup.homepage_override.mstone", "ignore"); +user_pref("browser.startup.homepage_override.mstone", "ignore"); // [HIDDEN PREF] /* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); @@ -1209,6 +1176,15 @@ user_pref("security.family_safety.mode", 0); // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion // [-] https://bugzilla.mozilla.org/1697151 // user_pref("permissions.delegation.enabled", false); +// FF119 +// 0211: use en-US locale regardless of the system or region locale + // [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] + // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 + // [-] https://bugzilla.mozilla.org/1846224 + // user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] +// 0711: disable skipping DoH when parental controls are enabled [FF70+] + // [-] https://bugzilla.mozilla.org/1586941 +user_pref("network.dns.skipTRR-when-parental-control-enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From e4dd5aa4283560e538b4009039175018e24cdc28 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 24 Nov 2023 13:35:14 +0000 Subject: [PATCH 091/110] updater.sh v4.0 - removed group root/wheel check --- updater.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/updater.sh b/updater.sh index 88e6e33..72c77fc 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.9 +## version: 4.0 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp @@ -393,11 +393,11 @@ update_updater "$@" getProfilePath # updates PROFILE_PATH or exits on error cd "$PROFILE_PATH" || exit 1 -# Check if any files have the owner/group as root/wheel. -if [ -n "$(find ./ -user 0 -o -group 0)" ]; then +# Check if any files have the owner as root/wheel. +if [ -n "$(find ./ -user 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, you will need to change ownership of the following files to your user:\n' - find . -user 0 -o -group 0 + find . -user 0 cd "$CURRDIR" exit 1 fi From 4a510a4b4ceda8a177831a77309f2faccf7e18d5 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 24 Nov 2023 13:38:25 +0000 Subject: [PATCH 092/110] prefsCleaner.sh v2.1 - remove group root/wheel check --- prefsCleaner.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 6586609..b9739b2 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 2.0 +## version: 2.1 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -132,13 +132,13 @@ done ## change directory to the Firefox profile directory cd "$(dirname "${SCRIPT_FILE}")" -# Check if running as root and if any files have the owner/group as root/wheel. +# Check if running as root and if any files have the owner as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then fQuit 1 "You shouldn't run this with elevated privileges (such as with doas/sudo)." -elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then +elif [ -n "$(find ./ -user 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, you will need to change ownership of the following files to your user:\n' - find . -user 0 -o -group 0 + find . -user 0 fQuit 1 fi @@ -148,7 +148,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v2.0 ║" +echo " ║ v2.1 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 33a84b608c8a1f871c6ce9c4d2b932dc57078fae Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Feb 2024 20:09:30 +0000 Subject: [PATCH 093/110] v122 (#1764) --- user.js | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 1772671..bd7c46f 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 20 November 2023 -* version: 119 +* date: 5 February 2024 +* version: 122 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -56,6 +56,7 @@ 2600: MISCELLANEOUS 2700: ETP (ENHANCED TRACKING PROTECTION) 2800: SHUTDOWN & SANITIZING + 4000: FPP (fingerprintingProtection) 4500: RFP (resistFingerprinting) 5000: OPTIONAL OPSEC 5500: OPTIONAL HARDENING @@ -686,8 +687,32 @@ user_pref("privacy.cpd.cookies", false); * which will display a blank value, and are not guaranteed to work ***/ user_pref("privacy.sanitize.timeSpan", 0); +/*** [SECTION 4000]: FPP (fingerprintingProtection) + RFP (4501) overrides FPP + + In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled + by ETP (2701). FPP will also use Remote Services in future to relax FPP protections + on a per site basis for compatibility (pref coming). + + 1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) + https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc + 1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+) +***/ +user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); +/* 4001: enable FPP in PB mode [FF114+] + * [NOTE] In FF119+, FPP for all modes (7106) is enabled with ETP Strict (2701) ***/ + // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+] +/* 4002: set global FPP overrides [FF114+] + * Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are + * not used by RFP) e.g. "+AllTargets,-CSSPrefersColorScheme" or "-AllTargets,+CanvasRandomization" + * [NOTE] Be aware that not all RFP protections are necessarily in RFPTargets + * [WARNING] Not recommended. Either use RFP or FPP at defaults + * [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/ + // user_pref("privacy.fingerprintingProtection.overrides", ""); + /*** [SECTION 4500]: RFP (resistFingerprinting) - RFP covers a wide range of ongoing fingerprinting solutions. + RFP overrides FPP (4000) + It is an all-or-nothing buy in: you cannot pick and choose what parts you want [TEST] https://arkenfox.github.io/TZP/tzp.html @@ -741,8 +766,8 @@ user_pref("privacy.sanitize.timeSpan", 0); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable RFP - * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar - * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme + * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar. + * RFP also has a few side effects: mainly timezone is UTC, and websites will prefer light theme * [NOTE] pbmode applies if true and the original pref is false * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); // [FF41+] @@ -1069,7 +1094,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] - // user_pref("privacy.partition.network_state.ocsp_cache", true); + // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+] // user_pref("privacy.query_stripping.enabled", true); // [FF101+] // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); From c2f191448c0af23c961053b8e450f6c8a71e5567 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 6 Jun 2024 20:21:14 +0000 Subject: [PATCH 094/110] v126 (#1816) --- user.js | 127 +++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 89 insertions(+), 38 deletions(-) diff --git a/user.js b/user.js index bd7c46f..fdc692e 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 5 February 2024 -* version: 122 +* date: 7 June 2024 +* version: 126 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -35,7 +35,7 @@ - It is recommended to not use the updater, or you will get a later version which may cause issues. So you should manually append your overrides (and keep a copy), and manually update when you change ESR releases (arkenfox is already past that release) - - If you decide to keep updating, then the onus is on - also see section 9999 + - If you decide to keep updating, then the onus is on you - also see section 9999 * INDEX: @@ -95,8 +95,8 @@ user_pref("browser.startup.homepage", "about:blank"); user_pref("browser.newtabpage.enabled", false); /* 0105: disable sponsored content on Firefox Home (Activity Stream) * [SETTING] Home>Firefox Home Content ***/ -user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+] Pocket > Sponsored Stories -user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Sponsored shortcuts +user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+] +user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Shortcuts>Sponsored shortcuts /* 0106: clear default topsites * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); @@ -158,9 +158,6 @@ user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] user_pref("toolkit.coverage.endpoint.base", ""); -/* 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+] - * Defense-in-depth: currently covered by 0331 ***/ -user_pref("browser.ping-centre.telemetry", false); /* 0335: disable Firefox Home (Activity Stream) telemetry ***/ user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); @@ -303,12 +300,14 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0802: disable location bar contextual suggestions - * [SETTING] Privacy & Security>Address Bar>Suggestions from... + * [NOTE] The UI is controlled by the .enabled pref + * [SETTING] Search>Address Bar>Suggestions from... * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ -user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] -user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] + // user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false] + // user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false] + // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false] /* 0803: disable live search suggestions - * [NOTE] Both must be true for the location bar to work + * [NOTE] Both must be true for live search to work in the location bar * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); @@ -321,8 +320,9 @@ user_pref("browser.urlbar.addons.featureGate", false); // [FF115+] user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF] user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false] user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false] +user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ - // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: false] + // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: true FF125+] /* 0810: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2811) @@ -332,7 +332,7 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa user_pref("browser.formfill.enable", false); /* 0815: disable tab-to-search [FF85+] * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search - * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ + * [SETTING] Search>Address Bar>When using the address bar, suggest>Search engines ***/ // user_pref("browser.urlbar.suggest.engines", false); /* 0820: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive @@ -412,7 +412,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * but the problem is that the browser can't know that. Setting this pref to true is the only way for the * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? - * [STATS] SSL Labs (Nov 2023) reports over 99.5% of top sites have secure renegotiation [4] + * [STATS] SSL Labs (May 2024) reports over 99.7% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -517,6 +517,12 @@ user_pref("privacy.userContext.ui.enabled", true); * [NOTE] The menu is always shown on long press and right click * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/ // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); +/* 1703: set external links to open in site-specific containers [FF123+] + * [SETUP-WEB] Depending on your container extension(s) and their settings + * true=Firefox will not choose a container (so your extension can) + * false=Firefox will choose the container/no-container (default) + * [1] https://bugzilla.mozilla.org/1874599 ***/ + // user_pref("browser.link.force_default_user_context_id_for_external_opens", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); @@ -583,6 +589,11 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] /* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */ user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX] +/* 2630: disable content analysis by DLP (Data Loss Prevention) agents + * DLP agents are background processes on managed computers that allow enterprises to monitor locally running + * applications for data exfiltration events, which they can allow/block based on customer defined DLP policies. + * [1] https://github.com/chromium/content_analysis_sdk */ +user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false] /** DOWNLOADS ***/ /* 2651: enable user interaction for security by always asking where to download @@ -636,51 +647,70 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS | v2 migration is FF128+ ***/ /* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * [NOTE] If "history" is true, downloads will also be cleared - * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies - * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ + * [NOTE] If "history" is true, downloads will also be cleared ***/ user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true] user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true] // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] + // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false] /* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+] * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) * [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); -/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ ***/ +/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/ /* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below). * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) + * [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies * [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271) * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question) - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings + * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ user_pref("privacy.clearOnShutdown.cookies", true); // Cookies user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data +user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true) // Cookies, Site Data, Active Logins [FF128+] -/** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/ -/* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME] - * This dialog can also be accessed from the menu History>Clear Recent History +/** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+] + * Firefox remembers your last choices. This will reset them when you start Firefox + * [SETTING] Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data ***/ +user_pref("privacy.clearSiteData.cache", true); +user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions +user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true); + // user_pref("privacy.clearSiteData.siteSettings", false); + +/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS | clearHistory migration is FF128+ ***/ +/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME] * Firefox remembers your last choices. This will reset them when you start Firefox * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog - * for "Clear Recent History" is opened, it is synced to the same as "history" ***/ + * for "Clear Recent History" is opened, it is synced to the same as "history" + * [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/ user_pref("privacy.cpd.cache", true); // [DEFAULT: true] +user_pref("privacy.clearHistory.cache", true); user_pref("privacy.cpd.formdata", true); // [DEFAULT: true] user_pref("privacy.cpd.history", true); // [DEFAULT: true] + // user_pref("privacy.cpd.downloads", true); // not used, see note above +user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); +user_pref("privacy.cpd.cookies", false); user_pref("privacy.cpd.sessions", true); // [DEFAULT: true] user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false] -user_pref("privacy.cpd.cookies", false); - // user_pref("privacy.cpd.downloads", true); // not used, see note above +user_pref("privacy.clearHistory.cookiesAndStorage", false); // user_pref("privacy.cpd.openWindows", false); // Session Restore // user_pref("privacy.cpd.passwords", false); // user_pref("privacy.cpd.siteSettings", false); -/* 2822: reset default "Time range to clear" for "Clear Recent History" (2820) + // user_pref("privacy.clearHistory.siteSettings", false); + +/** SANITIZE MANUAL: TIMERANGE ***/ +/* 2840: set "Time range to clear" for "Clear Data" (2820) and "Clear History" (2830) * Firefox remembers your last choice. This will reset the value when you start Firefox * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown, @@ -692,15 +722,15 @@ user_pref("privacy.sanitize.timeSpan", 0); In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled by ETP (2701). FPP will also use Remote Services in future to relax FPP protections - on a per site basis for compatibility (pref coming). + on a per site basis for compatibility (4003). 1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc 1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+) ***/ -user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); +user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); /* 4001: enable FPP in PB mode [FF114+] - * [NOTE] In FF119+, FPP for all modes (7106) is enabled with ETP Strict (2701) ***/ + * [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/ // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+] /* 4002: set global FPP overrides [FF114+] * Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are @@ -709,6 +739,8 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); * [WARNING] Not recommended. Either use RFP or FPP at defaults * [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/ // user_pref("privacy.fingerprintingProtection.overrides", ""); +/* 4003: disable remote FPP overrides [FF127+] ***/ + // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled"; false); /*** [SECTION 4500]: RFP (resistFingerprinting) RFP overrides FPP (4000) @@ -720,7 +752,6 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); 418986 - limit window.screen & CSS media queries (FF41) 1281949 - spoof screen orientation (FF50) - 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 1333651 - spoof User Agent & Navigator API @@ -740,7 +771,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" Block: suppresses the ondevicechange event - 1039069 - warn when language prefs are not set to "en*" (also see 0210, 0211) (FF59) + 1039069 - warn when language prefs are not set to "en*" (FF59) 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59) Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. @@ -763,6 +794,9 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) 1422237 - return "srgb" with color-gamut (FF110) 1794628 - return "none" with inverted-colors (FF114) + 1554751 - return devicePixelRatio as 2 (previously FF41+ was 1) (FF127) + 1787790 - normalize system fonts (FF128) + 1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable RFP @@ -796,6 +830,12 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [WARNING] DO NOT USE unless testing, see [1] comment 12 * [1] https://bugzilla.mozilla.org/1635603 ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); +/* 4506: disable RFP spoof english prompt [FF59+] + * 0=prompt, 1=disabled, 2=enabled (requires RFP) + * [NOTE] When changing from value 2, preferred languages ('intl.accept_languages') is not reset. + * [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale. + * [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/ +user_pref("privacy.spoof_english", 1); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] @@ -867,7 +907,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow * [1] https://bugzilla.mozilla.org/1281959 ***/ // user_pref("browser.download.forbid_open_with", true); /* 5010: disable location bar suggestion types - * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ + * [SETTING] Search>Address Bar>When using the address bar, suggest ***/ // user_pref("browser.urlbar.suggest.history", false); // user_pref("browser.urlbar.suggest.bookmark", false); // user_pref("browser.urlbar.suggest.openpage", false); @@ -1108,7 +1148,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/ // user_pref("dom.webnotifications.enabled", false); /* 7019: disable Push Notifications [FF44+] - * [WHY] Push requires subscription + * [WHY] Website "push" requires subscription, and the API is required for CRLite (1224) * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" * [1] https://support.mozilla.org/kb/push-notifications-firefox ***/ // user_pref("dom.push.enabled", false); @@ -1119,6 +1159,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ // user_pref("media.peerconnection.enabled", false); +/* 7021: enable GPC (Global Privacy Control) in non-PB windows + * [WHY] Passive and active fingerprinting. Mostly redundant with Tracking Protection + * in ETP Strict (2701) and sanitizing on close (2800s) ***/ + // user_pref("privacy.globalprivacycontrol.enabled", true); /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING [WHY] They are insufficient to help anti-fingerprinting and do more harm than good @@ -1156,8 +1200,6 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // [HIDDEN PREF /* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); -/* 9003: disable What's New toolbar icon [FF69+] ***/ -user_pref("browser.messaging-system.whatsNewPanel.enabled", false); /* 9004: disable search terms [FF110+] * [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/ user_pref("browser.urlbar.showSearchTerms.enabled", false); @@ -1210,6 +1252,15 @@ user_pref("security.family_safety.mode", 0); // 0711: disable skipping DoH when parental controls are enabled [FF70+] // [-] https://bugzilla.mozilla.org/1586941 user_pref("network.dns.skipTRR-when-parental-control-enabled", false); +// FF123 +// 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+] + // Defense-in-depth: currently covered by 0331 + // [-] https://bugzilla.mozilla.org/1868988 +user_pref("browser.ping-centre.telemetry", false); +// FF126 +// 9003: disable What's New toolbar icon [FF69+] + // [-] https://bugzilla.mozilla.org/1724300 +user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From 9655743d8cc558e04e0742ff10d51cdda1b3c9ff Mon Sep 17 00:00:00 2001 From: eleius <42178466+eleius@users.noreply.github.com> Date: Fri, 7 Jun 2024 20:53:34 +0000 Subject: [PATCH 095/110] fixup missing semicolon (#1850) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index fdc692e..01954cc 100644 --- a/user.js +++ b/user.js @@ -677,7 +677,7 @@ user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [F user_pref("privacy.clearOnShutdown.cookies", true); // Cookies user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true] -user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true) // Cookies, Site Data, Active Logins [FF128+] +user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Site Data, Active Logins [FF128+] /** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/ /* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+] From 47cbf5b9740ef59ed866874346d3fee3379f8da3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 7 Jun 2024 21:36:53 +0000 Subject: [PATCH 096/110] fixup sysntax, tidy --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 01954cc..8087d85 100644 --- a/user.js +++ b/user.js @@ -322,7 +322,7 @@ user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: fal user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false] user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ - // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: true FF125+] + // user_pref("browser.urlbar.clipboard.featureGate", false); /* 0810: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2811) @@ -740,7 +740,7 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); * [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/ // user_pref("privacy.fingerprintingProtection.overrides", ""); /* 4003: disable remote FPP overrides [FF127+] ***/ - // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled"; false); + // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); /*** [SECTION 4500]: RFP (resistFingerprinting) RFP overrides FPP (4000) From 6446d73cf572fcdf631534a5a51276a64eec4a2d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 14 Jun 2024 06:14:26 +0000 Subject: [PATCH 097/110] add deprecated since FF119 --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6956979..1948d07 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 2-November-2023 + Last updated: 14-June-2024 Instructions: - [optional] close Firefox and backup your profile @@ -36,6 +36,8 @@ const aPREFS = [ /* DEPRECATED */ /* 116-128 */ + 'browser.messaging-system.whatsNewPanel.enabled', // 126 + 'browser.ping-centre.telemetry', // 123 'dom.webnotifications.serviceworker.enabled', // 117 'javascript.use_us_english_locale', // 119 'layout.css.font-visibility.private', // 118 From 23caf6961483e0e55544cd4f3594734d0aa35cf0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 22 Jun 2024 15:44:54 +0000 Subject: [PATCH 098/110] v127 deprecated --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 1948d07..5155259 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 14-June-2024 + Last updated: 23-June-2024 Instructions: - [optional] close Firefox and backup your profile @@ -36,6 +36,7 @@ const aPREFS = [ /* DEPRECATED */ /* 116-128 */ + 'browser.contentanalysis.default_allow', // 127 'browser.messaging-system.whatsNewPanel.enabled', // 126 'browser.ping-centre.telemetry', // 123 'dom.webnotifications.serviceworker.enabled', // 117 @@ -47,6 +48,7 @@ 'network.dns.skipTRR-when-parental-control-enabled', // 119 'permissions.delegation.enabled', // 118 'security.family_safety.mode', // 117 + 'widget.non-native-theme.enabled', // 127 /* 103-115 */ 'browser.cache.offline.enable', // 115 'extensions.formautofill.heuristics.enabled', // 114 From ff5c959cb9b5a65ede9aab82b00cbb283b160e14 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 9 Jul 2024 05:49:23 +0000 Subject: [PATCH 099/110] geo.provider* --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 5155259..50bcb8a 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 23-June-2024 + Last updated: 9-July-2024 Instructions: - [optional] close Firefox and backup your profile @@ -75,6 +75,8 @@ 'browser.fixup.alternate.enabled', 'browser.taskbar.previews.enable', 'browser.urlbar.dnsResolveSingleWordsAfterSearch', + 'geo.provider.network.url', + 'geo.provider.network.logging.enabled', 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', 'privacy.partition.always_partition_third_party_non_cookie_storage', From 11582f905a21971eb5869b48ef8c3f2d4eac4d89 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Aug 2024 04:37:00 +0000 Subject: [PATCH 100/110] geo.provider.use_gpsd https://bugzilla.mozilla.org/show_bug.cgi?id=1803234 - removed in FF131 and it doesn't work: https://bugzilla.mozilla.org/show_bug.cgi?id=1763347 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 50bcb8a..21e3438 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 9-July-2024 + Last updated: 6-August-2024 Instructions: - [optional] close Firefox and backup your profile @@ -77,6 +77,7 @@ 'browser.urlbar.dnsResolveSingleWordsAfterSearch', 'geo.provider.network.url', 'geo.provider.network.logging.enabled', + 'geo.provider.use_gpsd', 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', 'privacy.partition.always_partition_third_party_non_cookie_storage', From f906f7f3b41fe3f6aaa744980431f4fdcd086379 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Aug 2024 08:41:28 +0000 Subject: [PATCH 101/110] v128 (#1862) --- user.js | 122 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 53 deletions(-) diff --git a/user.js b/user.js index 8087d85..1dbf7d2 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 7 June 2024 -* version: 126 +* date: 26 August 2024 +* version: 128 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -57,7 +57,7 @@ 2700: ETP (ENHANCED TRACKING PROTECTION) 2800: SHUTDOWN & SANITIZING 4000: FPP (fingerprintingProtection) - 4500: RFP (resistFingerprinting) + 4500: OPTIONAL RFP (resistFingerprinting) 5000: OPTIONAL OPSEC 5500: OPTIONAL HARDENING 6000: DON'T TOUCH @@ -103,14 +103,9 @@ user_pref("browser.newtabpage.activity-stream.default.sites", ""); /*** [SECTION 0200]: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -/* 0201: use Mozilla geolocation service instead of Google if permission is granted [FF74+] - * Optionally enable logging to the console (defaults to false) ***/ -user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); - // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF] /* 0202: disable using the OS's geolocation service ***/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] -user_pref("geo.provider.use_gpsd", false); // [LINUX] [HIDDEN PREF] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] /*** [SECTION 0300]: QUIETER FOX ***/ @@ -236,7 +231,7 @@ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); - // user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] +user_pref("network.dns.disablePrefetchFromHTTPS", true); /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] @@ -284,7 +279,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" * [SETTING] Privacy & Security>DNS over HTTPS * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy - * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https + * [3] https://support.mozilla.org/kb/firefox-dns-over-https * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 3); /* 0712: set DoH provider @@ -303,13 +298,13 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * [NOTE] The UI is controlled by the .enabled pref * [SETTING] Search>Address Bar>Suggestions from... * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ - // user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false] - // user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false] - // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false] +user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] +user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] +user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] /* 0803: disable live search suggestions * [NOTE] Both must be true for live search to work in the location bar * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine - * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ + * [SETTING] Search>Show search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); user_pref("browser.urlbar.suggest.searches", false); /* 0805: disable urlbar trending search suggestions [FF118+] @@ -323,9 +318,13 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ // user_pref("browser.urlbar.clipboard.featureGate", false); +/* 0808: disable recent searches [FF120+] + * [NOTE] Recent searches are cleared with history (2811) + * [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/ + // user_pref("browser.urlbar.recentsearches.featureGate", false); /* 0810: disable search and form history - * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2811) + * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ @@ -377,8 +376,8 @@ user_pref("network.auth.subresource-http-auth-allow", 1); /*** [SECTION 1000]: DISK AVOIDANCE ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /* 1001: disable disk cache - * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this - * [NOTE] We also clear cache on exit (2811) ***/ + * [NOTE] We also clear cache on exit (2811) + * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/ user_pref("browser.cache.disk.enable", false); /* 1002: disable media cache from writing to disk in Private Browsing * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/ @@ -530,7 +529,7 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); /* 2003: force a single network interface for ICE candidates generation [FF42+] * When using a system-wide proxy, it uses the proxy interface - * [1] https://developer.mozilla.org/en-US/docs/Web/API/RTCIceCandidate + * [1] https://developer.mozilla.org/docs/Web/API/RTCIceCandidate * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ user_pref("media.peerconnection.ice.default_address_only", true); /* 2004: force exclusion of private IPs from ICE candidates [FF51+] @@ -592,8 +591,10 @@ user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: fa /* 2630: disable content analysis by DLP (Data Loss Prevention) agents * DLP agents are background processes on managed computers that allow enterprises to monitor locally running * applications for data exfiltration events, which they can allow/block based on customer defined DLP policies. + * 0=Block all requests, 1=Warn on all requests (which lets the user decide), 2=Allow all requests * [1] https://github.com/chromium/content_analysis_sdk */ -user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false] +user_pref("browser.contentanalysis.enabled", false); // [FF121+] [DEFAULT: false] +user_pref("browser.contentanalysis.default_result", 0); // [FF127+] [DEFAULT: 0] /** DOWNLOADS ***/ /* 2651: enable user interaction for security by always asking where to download @@ -638,12 +639,14 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF] * Opener and redirect heuristics are granted for 30 days, see [3] * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/ * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 - * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ + * [3] https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ // user_pref("privacy.antitracking.enableWebcompat", false); /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2810: enable Firefox to clear items on shutdown + * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and + * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); @@ -665,9 +668,8 @@ user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [F /** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/ /* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below). - * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for - * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) + * [NOTE] Exceptions: A "cookie" permission also controls "offlineApps" (see note below). For cross-domain logins, + * add exceptions for both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) * [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies * [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271) @@ -722,7 +724,9 @@ user_pref("privacy.sanitize.timeSpan", 0); In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled by ETP (2701). FPP will also use Remote Services in future to relax FPP protections - on a per site basis for compatibility (4003). + on a per site basis for compatibility (4004). + + https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc 1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc @@ -733,19 +737,27 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); * [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/ // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+] /* 4002: set global FPP overrides [FF114+] - * Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are - * not used by RFP) e.g. "+AllTargets,-CSSPrefersColorScheme" or "-AllTargets,+CanvasRandomization" - * [NOTE] Be aware that not all RFP protections are necessarily in RFPTargets - * [WARNING] Not recommended. Either use RFP or FPP at defaults + * uses "RFPTargets" [1] which despite the name these are not used by RFP + * e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone + * e.g. "-AllTargets,+CanvasRandomization,+JSDateTimeUTC" = no targets but do use FPP canvas and change timezone + * [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults * [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/ // user_pref("privacy.fingerprintingProtection.overrides", ""); -/* 4003: disable remote FPP overrides [FF127+] ***/ +/* 4003: set granular FPP overrides + * JSON format: e.g."[{\"firstPartyDomain\": \"netflix.com\", \"overrides\": \"-CanvasRandomization,-FrameRate,\"}]" + * [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults ***/ + // user_pref("privacy.fingerprintingProtection.granularOverrides", ""); +/* 4004: disable remote FPP overrides [FF127+] ***/ // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); -/*** [SECTION 4500]: RFP (resistFingerprinting) +/*** [SECTION 4500]: OPTIONAL RFP (resistFingerprinting) RFP overrides FPP (4000) - It is an all-or-nothing buy in: you cannot pick and choose what parts you want + FF128+ Arkenfox by default uses FPP (automatically enabled with ETP Strict). For most people + this is all you need. To use RFP instead, add RFP (4501) to your overrides, and optionally + add letterboxing (4504), spoof_english (4506), and webgl (4520). + + RFP is an all-or-nothing buy in: you cannot pick and choose what parts you want [TEST] https://arkenfox.github.io/TZP/tzp.html [WARNING] DO NOT USE extensions to alter RFP protected metrics @@ -800,13 +812,12 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable RFP - * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar. - * RFP also has a few side effects: mainly timezone is UTC, and websites will prefer light theme * [NOTE] pbmode applies if true and the original pref is false - * [1] https://bugzilla.mozilla.org/418986 ***/ -user_pref("privacy.resistFingerprinting", true); // [FF41+] + * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar. + * RFP also has a few side effects: mainly that timezone is GMT, and websites will prefer light theme ***/ + // user_pref("privacy.resistFingerprinting", true); // [FF41+] // user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+] -/* 4502: set new window size rounding max values [FF55+] +/* 4502: set RFP new window size max rounded values [FF55+] * [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen * [1] https://bugzilla.mozilla.org/1330882 ***/ user_pref("privacy.window.maxInnerWidth", 1600); @@ -815,7 +826,7 @@ user_pref("privacy.window.maxInnerHeight", 900); * [NOTE] To allow extensions to work on AMO, you also need 2662 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); -/* 4504: enable RFP letterboxing [FF67+] +/* 4504: enable letterboxing [FF67+] * Dynamically resizes the inner window by applying margins in stepped ranges [2] * If you use the dimension pref, then it will only apply those resolutions. * The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000") @@ -824,14 +835,12 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); * [WARNING] DO NOT USE: the dimension pref is only meant for testing * [1] https://bugzilla.mozilla.org/1407366 * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ -user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] + // user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] -/* 4505: experimental RFP [FF91+] - * [WARNING] DO NOT USE unless testing, see [1] comment 12 - * [1] https://bugzilla.mozilla.org/1635603 ***/ +/* 4505: disable RFP by domain [FF91+] ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); /* 4506: disable RFP spoof english prompt [FF59+] - * 0=prompt, 1=disabled, 2=enabled (requires RFP) + * 0=prompt, 1=disabled, 2=enabled * [NOTE] When changing from value 2, preferred languages ('intl.accept_languages') is not reset. * [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale. * [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/ @@ -839,12 +848,6 @@ user_pref("privacy.spoof_english", 1); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] -/* 4511: enforce non-native widget theme - * Security: removes/reduces system API calls, e.g. win32k API [1] - * Fingerprinting: provides a uniform look and feel across platforms [2] - * [1] https://bugzilla.mozilla.org/1381938 - * [2] https://bugzilla.mozilla.org/1411425 ***/ -user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true] /* 4512: enforce links targeting new windows to open in a new tab instead * 1=most recent window or tab, 2=new window, 3=new tab * Stops malicious window sizes and some screen resolution leaks. @@ -856,9 +859,8 @@ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3] /* 4513: set all open window methods to abide by "browser.link.open_newwindow" (4512) * [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/ user_pref("browser.link.open_newwindow.restriction", 0); -/* 4520: disable WebGL (Web Graphics Library) - * [SETUP-WEB] If you need it then override it. RFP still randomizes canvas for naive scripts ***/ -user_pref("webgl.disabled", true); +/* 4520: disable WebGL (Web Graphics Library) ***/ + // user_pref("webgl.disabled", true); /*** [SECTION 5000]: OPTIONAL OPSEC Disk avoidance, application data isolation, eyeballs... @@ -971,7 +973,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js * [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ // user_pref("javascript.options.asmjs", false); -/* 5505: disable Ion and baseline JIT to harden against JS exploits +/* 5505: disable Ion and baseline JIT to harden against JS exploits [RESTART] * [NOTE] When both Ion and JIT are disabled, and trustedprincipals * is enabled, then Ion can still be used by extensions (1599226) * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit @@ -1000,8 +1002,8 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); /* 5509: disable IPv6 if using a VPN * This is an application level fallback. Disabling IPv6 is best done at an OS/network * level, and/or configured properly in system wide VPN setups. - * [SETUP-WEB] PR_CONNECT_RESET_ERROR * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" + * [SETUP-WEB] PR_CONNECT_RESET_ERROR * [TEST] https://ipleak.org/ * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ // user_pref("network.dns.disableIPv6", true); @@ -1047,6 +1049,9 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] /* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ // user_pref("accessibility.force_disabled", ""); // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", ""); + // user_pref("geo.provider.network.url", ""); + // user_pref("geo.provider.network.logging.enabled", ""); + // user_pref("geo.provider.use_gpsd", ""); // user_pref("network.protocol-handler.external.ms-windows-store", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", ""); @@ -1261,6 +1266,17 @@ user_pref("browser.ping-centre.telemetry", false); // 9003: disable What's New toolbar icon [FF69+] // [-] https://bugzilla.mozilla.org/1724300 user_pref("browser.messaging-system.whatsNewPanel.enabled", false); +// FF127 + // 2630: disable content analysis by DLP (Data Loss Prevention) agents - replaced by default_result + // [-] https://bugzilla.mozilla.org/1880314 +user_pref("browser.contentanalysis.default_allow", false); +// 4511: enforce non-native widget theme + // Security: removes/reduces system API calls, e.g. win32k API [1] + // Fingerprinting: provides a uniform look and feel across platforms [2] + // [1] https://bugzilla.mozilla.org/1381938 + // [2] https://bugzilla.mozilla.org/1411425 + // [-] https://bugzilla.mozilla.org/1848899 +user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true] // ***/ /* END: internal custom pref to test for syntax errors ***/ From bc6a2ba1450cc03952c5a09c25dc3d900be51249 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 6 Nov 2024 15:24:03 +0000 Subject: [PATCH 102/110] network.http.referer.hideOnionSource since it was flipped to true for TB, not much point keeping it --- scratchpad-scripts/arkenfox-cleanup.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 21e3438..9cb7411 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -71,6 +71,8 @@ 'security.ssl3.rsa_des_ede3_sha', // 93 /* REMOVED */ + /* 129-140 */ + 'network.http.referer.hideOnionSource', /* 116-128 */ 'browser.fixup.alternate.enabled', 'browser.taskbar.previews.enable', From c6cfa10c0b647dc87fe08027af3fc086f9df72b3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Nov 2024 09:50:47 +0000 Subject: [PATCH 103/110] webchannel.allowObject.urlWhitelist --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 9cb7411..3e074b0 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 6-August-2024 + Last updated: 7-November-2024 Instructions: - [optional] close Firefox and backup your profile @@ -35,6 +35,8 @@ const aPREFS = [ /* DEPRECATED */ + /* 129-140 */ + 'webchannel.allowObject.urlWhitelist', // 132 /* 116-128 */ 'browser.contentanalysis.default_allow', // 127 'browser.messaging-system.whatsNewPanel.enabled', // 126 From eae5762d29f18115fbffd73d89bd9e2510b25427 Mon Sep 17 00:00:00 2001 From: Mizuki Nguyen <49761211+MagicalDrizzle@users.noreply.github.com> Date: Sat, 9 Nov 2024 19:55:49 +0700 Subject: [PATCH 104/110] Add missing -command argument in powershell call (#1909) * updater: add missing PowerShell argument * prefcleaner: add missing PowerShell argument --- prefsCleaner.bat | 6 +++--- updater.bat | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 2e3403f..62ca5f0 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.7 +REM ## version: 2.8 CD /D "%~dp0" @@ -15,7 +15,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.7 #### +ECHO #### v2.8 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -37,7 +37,7 @@ CALL :strlenCheck CALL :FFcheck CALL :message "Backing up prefs.js..." -FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# +FOR /F "delims=" %%# IN ('powershell -command get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js" CALL :message "Cleaning prefs.js..." diff --git a/updater.bat b/updater.bat index f6174f7..bc1078a 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.19 +REM ## version: 4.20 REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows SET v=4.19 @@ -177,7 +177,7 @@ IF EXIST user.js.new ( IF DEFINED _singlebackup ( MOVE /Y user.js user.js.bak >nul ) ELSE ( - FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# + FOR /F "delims=" %%# IN ('powershell -command get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# MOVE /Y user.js "user-backup-!ldt!.js" >nul ) REN user.js.new user.js From b8f18a3d91e01e44bde7879dd13325b43fab74ab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Jan 2025 15:49:26 +0000 Subject: [PATCH 105/110] v133 (#1892) --- user.js | 54 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 17 deletions(-) diff --git a/user.js b/user.js index 1dbf7d2..96eba49 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 26 August 2024 -* version: 128 +* date: 13 January 2025 +* version: 133 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -312,10 +312,11 @@ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.trending.featureGate", false); /* 0806: disable urlbar suggestions ***/ user_pref("browser.urlbar.addons.featureGate", false); // [FF115+] +user_pref("browser.urlbar.fakespot.featureGate", false); // [FF130+] [DEFAULT: false] user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF] user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false] user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false] -user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false] +user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ // user_pref("browser.urlbar.clipboard.featureGate", false); /* 0808: disable recent searches [FF120+] @@ -372,6 +373,9 @@ user_pref("network.auth.subresource-http-auth-allow", 1); * [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for... * [1] https://support.mozilla.org/kb/windows-sso ***/ // user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false] +/* 0907: enforce no automatic authentication on Microsoft sites [FF131+] [MAC] + * On macOS, SSO only works on corporate devices ***/ + // user_pref("network.http.microsoft-entra-sso.enabled", false); // [DEFAULT: false] /*** [SECTION 1000]: DISK AVOIDANCE ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); @@ -379,7 +383,7 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m * [NOTE] We also clear cache on exit (2811) * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/ user_pref("browser.cache.disk.enable", false); -/* 1002: disable media cache from writing to disk in Private Browsing +/* 1002: set media cache in Private Browsing to in-memory and increase its maximum size * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] user_pref("media.memory_cache_max_size", 65536); @@ -564,8 +568,6 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] /* 2616: remove special permissions for certain mozilla domains [FF35+] * [1] resource://app/defaults/permissions ***/ user_pref("permissions.manager.defaultsUrl", ""); -/* 2617: remove webchannel whitelist ***/ -user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2619: use Punycode in Internationalized Domain Names to eliminate possible spoofing * [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) @@ -646,7 +648,7 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF] user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2810: enable Firefox to clear items on shutdown * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and - * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815) + * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); @@ -728,6 +730,9 @@ user_pref("privacy.sanitize.timeSpan", 0); https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc + [NOTE] RFPTargets + granular overrides are somewhat experimental and may produce unexpected results + - e.g. FrameRate can only be controlled per process, not per origin + 1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc 1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+) @@ -763,7 +768,6 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); [WARNING] DO NOT USE extensions to alter RFP protected metrics 418986 - limit window.screen & CSS media queries (FF41) - 1281949 - spoof screen orientation (FF50) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 1333651 - spoof User Agent & Navigator API @@ -790,7 +794,7 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); 1337157 - disable WebGL debug renderer info (FF60) 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62) 1479239 - return "no-preference" with prefers-reduced-motion (FF63) - 1363508 - spoof/suppress Pointer Events (FF64) + 1363508 & 1826051 - spoof/suppress Pointer Events (FF64, FF132) 1492766 - spoof pointerEvent.pointerid (FF65) 1485266 - disable exposure of system colors to CSS or canvas (FF67) 1494034 - return "light" with prefers-color-scheme (FF67) @@ -806,9 +810,15 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) 1422237 - return "srgb" with color-gamut (FF110) 1794628 - return "none" with inverted-colors (FF114) - 1554751 - return devicePixelRatio as 2 (previously FF41+ was 1) (FF127) 1787790 - normalize system fonts (FF128) 1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128) + 1834307 - always use smooth scrolling (FF132) + 1918202 - spoof screen orientation based on spoofed screen size and platform (FF132) + previously it always returned landscape-primary and an angle of 0 (FF50+) + 1390465 - load all subtitles in WebVTT (Video Text Tracks) (FF133) + 1873382 - make spoofed devicePixelRatio and CSS media queries match (FF133) + previously FF41+ devicePixelRatio was hardcoded as 1 and FF127+ as 2 + previously FF41+ CSS media queries were spoofed as zoom level at a devicePixelRatio of 1 ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable RFP @@ -834,10 +844,12 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); * dislike the margins, then flip this pref, keeping in mind that it is effectively fingerprintable * [WARNING] DO NOT USE: the dimension pref is only meant for testing * [1] https://bugzilla.mozilla.org/1407366 - * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ + * [2] https://hg.mozilla.org/mozilla-central/rev/7211cb4f58ff#l5.13 ***/ // user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] -/* 4505: disable RFP by domain [FF91+] ***/ +/* 4505: disable RFP by domain [FF91+] + * [NOTE] Working examples: "arkenfox.github.io", "*github.io" + * Non-working examples: "https://arkenfox.github.io", "github.io", "*arkenfox.github.io" ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); /* 4506: disable RFP spoof english prompt [FF59+] * 0=prompt, 1=disabled, 2=enabled @@ -848,6 +860,8 @@ user_pref("privacy.spoof_english", 1); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] +/* 4511: disable using system accent colors ***/ +user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false WINDOWS] /* 4512: enforce links targeting new windows to open in a new tab instead * 1=most recent window or tab, 2=new window, 3=new tab * Stops malicious window sizes and some screen resolution leaks. @@ -1096,10 +1110,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] Passive fingerprinting and perf costs. These are session-only * and isolated with network partitioning (FF85+) and/or containers ***/ // user_pref("security.ssl.disable_session_identifiers", true); -/* 7006: onions - * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ - // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 - // user_pref("network.http.referer.hideOnionSource", true); // 1305144 /* 7007: referers * [WHY] Only cross-origin referers (1602, 5510) matter ***/ // user_pref("network.http.sendRefererHeader", 2); @@ -1136,9 +1146,11 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/ // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5] - // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] + // user_pref("network.cookie.cookieBehavior.optInPartitioning", true); // [ETP FF132+] // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] + // user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+] + // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+] // user_pref("privacy.query_stripping.enabled", true); // [FF101+] // user_pref("privacy.trackingprotection.enabled", true); @@ -1279,5 +1291,13 @@ user_pref("browser.contentanalysis.default_allow", false); user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true] // ***/ +/* ESR128.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable active ones +// FF132 +/* 2617: remove webchannel whitelist + // [-] https://bugzilla.mozilla.org/1275612 + // user_pref("webchannel.allowObject.urlWhitelist", ""); +// ***/ + /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From 80fa110f499d3d3f6763ea5db0f015e1a3bc3ad4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Jan 2025 19:01:32 +0000 Subject: [PATCH 106/110] dom.securecontext.allowlist_onions --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 3e074b0..8153642 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 7-November-2024 + Last updated: 13-January-2024 Instructions: - [optional] close Firefox and backup your profile @@ -74,6 +74,7 @@ /* REMOVED */ /* 129-140 */ + 'dom.securecontext.allowlist_onions', 'network.http.referer.hideOnionSource', /* 116-128 */ 'browser.fixup.alternate.enabled', From c25187332e19c633b956a6755a7971a6591d3e8d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Jan 2025 19:02:07 +0000 Subject: [PATCH 107/110] fix the year --- scratchpad-scripts/arkenfox-cleanup.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 8153642..34d1ba5 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 13-January-2024 + Last updated: 13-January-2025 Instructions: - [optional] close Firefox and backup your profile From 9bba5788aa07f67b37abc025782113a43c717b7f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 5 Mar 2025 07:21:39 +0000 Subject: [PATCH 108/110] legacy sanitizing prefs In FF128 these were used to migrate to - clearOnShutdown to clearOnShutdown_v2 - cpd to clearHistory They are then no longer used. The migration can be checked with - privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs2 - privacy.sanitize.cpd.hasMigratedToNewPrefs2 Note: in FF136 there was another migration, where it changes the `ToNewPrefs2` to false - privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs3 - privacy.sanitize.cpd.hasMigratedToNewPrefs3 AFAICT, cpd.hasMigrated* doesn't migrate until you open the clear history dialog. --- scratchpad-scripts/arkenfox-cleanup.js | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 34d1ba5..58a0e1f 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 13-January-2025 + Last updated: 5-March-2025 Instructions: - [optional] close Firefox and backup your profile @@ -76,6 +76,19 @@ /* 129-140 */ 'dom.securecontext.allowlist_onions', 'network.http.referer.hideOnionSource', + 'privacy.clearOnShutdown.cache', + 'privacy.clearOnShutdown.cookies', + 'privacy.clearOnShutdown.downloads', + 'privacy.clearOnShutdown.formdata', + 'privacy.clearOnShutdown.history', + 'privacy.clearOnShutdown.offlineApps', + 'privacy.clearOnShutdown.sessions', + 'privacy.cpd.cache', + 'privacy.cpd.cookies', + 'privacy.cpd.formdata', + 'privacy.cpd.history', + 'privacy.cpd.offlineApps', + 'privacy.cpd.sessions', /* 116-128 */ 'browser.fixup.alternate.enabled', 'browser.taskbar.previews.enable', From 3d76c74c80485931425464fec0e59d6cb461677a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 6 Mar 2025 02:52:08 +0000 Subject: [PATCH 109/110] v135 (#1929) --- user.js | 290 +++++++++++++++++++++++--------------------------------- 1 file changed, 118 insertions(+), 172 deletions(-) diff --git a/user.js b/user.js index 96eba49..08c51ca 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 13 January 2025 -* version: 133 +* date: 6 March 2025 +* version: 135 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -63,6 +63,7 @@ 6000: DON'T TOUCH 7000: DON'T BOTHER 8000: DON'T BOTHER: FINGERPRINTING + 8500: TELEMETRY 9000: NON-PROJECT RELATED 9999: DEPRECATED / RENAMED @@ -82,7 +83,7 @@ user_pref("browser.aboutConfig.showWarning", false); user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0102: set startup page [SETUP-CHROME] * 0=blank, 1=home, 2=last visited page, 3=resume previous session - * [NOTE] Session Restore is cleared with history (2811), and not used in Private Browsing mode + * [NOTE] Session Restore is cleared with history (2811+), and not used in Private Browsing mode * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page @@ -116,8 +117,8 @@ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] /* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); /* 0322: disable personalized Extension Recommendations in about:addons and AMO [FF65+] - * [NOTE] This pref has no effect when Health Reports (0331) are disabled - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations + * [NOTE] This pref has no effect when Health Reports (8501) are disabled + * [SETTING] Privacy & Security>Firefox Data Collection and Use>Allow personalized extension recommendations * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ user_pref("browser.discovery.enabled", false); /* 0323: disable shopping experience [FF116+] @@ -125,41 +126,13 @@ user_pref("browser.discovery.enabled", false); user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false] /** TELEMETRY ***/ -/* 0330: disable new data submission [FF41+] - * If disabled, no policy is shown or upload takes place, ever - * [1] https://bugzilla.mozilla.org/1195552 ***/ -user_pref("datareporting.policy.dataSubmissionEnabled", false); -/* 0331: disable Health Reports - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ -user_pref("datareporting.healthreport.uploadEnabled", false); -/* 0332: disable telemetry - * The "unified" pref affects the behavior of the "enabled" pref - * - If "unified" is false then "enabled" controls the telemetry module - * - If "unified" is true then "enabled" only controls whether to record extended data - * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2] - * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html - * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ -user_pref("toolkit.telemetry.unified", false); -user_pref("toolkit.telemetry.enabled", false); // see [NOTE] -user_pref("toolkit.telemetry.server", "data:,"); -user_pref("toolkit.telemetry.archive.enabled", false); -user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+] -user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+] -user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] -user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter -user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] -/* 0333: disable Telemetry Coverage - * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ -user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] -user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] -user_pref("toolkit.coverage.endpoint.base", ""); /* 0335: disable Firefox Home (Activity Stream) telemetry ***/ user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); /** STUDIES ***/ /* 0340: disable Studies - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to install and run studies ***/ + * [SETTING] Privacy & Security>Firefox Data Collection and Use>Install and run studies ***/ user_pref("app.shield.optoutstudies.enabled", false); /* 0341: disable Normandy/Shield [FF60+] * Shield is a telemetry system that can push and test "recipes" @@ -173,7 +146,7 @@ user_pref("breakpad.reportURL", ""); user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] // user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] [DEFAULT: false] /* 0351: enforce no submission of backlogged Crash Reports [FF58+] - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/ + * [SETTING] Privacy & Security>Firefox Data Collection and Use>Send backlogged crash reports ***/ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false] /** OTHER ***/ @@ -261,7 +234,7 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] * [1] https://bugzilla.mozilla.org/1433507 * [2] https://en.wikipedia.org/wiki/GVfs * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/ -user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" FF118+] +user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""] /* 0705: disable proxy direct failover for system requests [FF91+] * [WARNING] Default true is a security feature against malicious extensions [1] * [SETUP-CHROME] If you use a proxy and you trust your extensions @@ -320,11 +293,11 @@ user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ // user_pref("browser.urlbar.clipboard.featureGate", false); /* 0808: disable recent searches [FF120+] - * [NOTE] Recent searches are cleared with history (2811) + * [NOTE] Recent searches are cleared with history (2811+) * [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/ // user_pref("browser.urlbar.recentsearches.featureGate", false); /* 0810: disable search and form history - * [NOTE] We also clear formdata on exit (2811) + * [NOTE] We also clear formdata on exit (2811+) * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html @@ -337,7 +310,7 @@ user_pref("browser.formfill.enable", false); /* 0820: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing - * attacks. Don't forget clearing history on exit (2811). However, social engineering [2#limits][4][5] + * attacks. Don't forget clearing history on exit (2811+). However, social engineering [2#limits][4][5] * and advanced targeted timing attacks could still produce usable results * [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector * [2] https://dbaron.org/mozilla/visited-privacy @@ -380,7 +353,7 @@ user_pref("network.auth.subresource-http-auth-allow", 1); /*** [SECTION 1000]: DISK AVOIDANCE ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /* 1001: disable disk cache - * [NOTE] We also clear cache on exit (2811) + * [NOTE] We also clear cache on exit (2811+) * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/ user_pref("browser.cache.disk.enable", false); /* 1002: set media cache in Private Browsing to in-memory and increase its maximum size @@ -442,13 +415,14 @@ user_pref("security.tls.enable_0rtt_data", false); * [1] https://en.wikipedia.org/wiki/Ocsp ***/ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] /* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail - * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR + * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR | SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it * could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers) * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ - * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/ + * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html + * [3] https://letsencrypt.org/2024/12/05/ending-ocsp/ ***/ user_pref("security.OCSP.require", true); /** CERTS / HPKP (HTTP Public Key Pinning) ***/ @@ -463,7 +437,7 @@ user_pref("security.cert_pinning.enforcement_level", 2); * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default) * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071 * [2] https://blog.mozilla.org/security/tag/crlite/ ***/ -user_pref("security.remote_settings.crlite_filters.enabled", true); +user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+] user_pref("security.pki.crlite_mode", 2); /** MIXED CONTENT ***/ @@ -647,41 +621,33 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2810: enable Firefox to clear items on shutdown - * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and + * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811+), or manually via site data (2820+) and * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS | v2 migration is FF128+ ***/ -/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * [NOTE] If "history" is true, downloads will also be cleared ***/ -user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true] -user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true] - // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] - // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false] -/* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+] - * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) +/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/* 2811: set/enforce clearOnShutdown items (if 2810 is true) [SETUP-CHROME] [FF128+] ***/ +user_pref("privacy.clearOnShutdown_v2.cache", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [DEFAULT: true] + // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [DEFAULT: false] +/* 2812: set/enforce clearOnShutdown items [FF136+] ***/ +user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.downloads", true); +user_pref("privacy.clearOnShutdown_v2.formdata", true); +/* 2813: set Session Restore to clear on shutdown (if 2810 is true) [FF34+] + * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811+) * [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); -/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/ -/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * [NOTE] Exceptions: A "cookie" permission also controls "offlineApps" (see note below). For cross-domain logins, - * add exceptions for both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) - * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) - * [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies +/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS ***/ +/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] [FF128+] + * [NOTE] Exceptions: For cross-domain logins, add exceptions for both sites + * e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) * [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271) * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question) - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings - * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ -user_pref("privacy.clearOnShutdown.cookies", true); // Cookies -user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data -user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true] -user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Site Data, Active Logins [FF128+] + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ +user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); /** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/ /* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+] @@ -691,30 +657,24 @@ user_pref("privacy.clearSiteData.cache", true); user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true); // user_pref("privacy.clearSiteData.siteSettings", false); +/* 2821: set manual "Clear Data" items [FF136+] ***/ +user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", true); +user_pref("privacy.clearSiteData.formdata", true); -/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS | clearHistory migration is FF128+ ***/ -/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME] +/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME] [FF128+] * Firefox remembers your last choices. This will reset them when you start Firefox - * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog - * for "Clear Recent History" is opened, it is synced to the same as "history" * [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/ -user_pref("privacy.cpd.cache", true); // [DEFAULT: true] -user_pref("privacy.clearHistory.cache", true); -user_pref("privacy.cpd.formdata", true); // [DEFAULT: true] -user_pref("privacy.cpd.history", true); // [DEFAULT: true] - // user_pref("privacy.cpd.downloads", true); // not used, see note above -user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); -user_pref("privacy.cpd.cookies", false); -user_pref("privacy.cpd.sessions", true); // [DEFAULT: true] -user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false] +user_pref("privacy.clearHistory.cache", true); // [DEFAULT: true] user_pref("privacy.clearHistory.cookiesAndStorage", false); - // user_pref("privacy.cpd.openWindows", false); // Session Restore - // user_pref("privacy.cpd.passwords", false); - // user_pref("privacy.cpd.siteSettings", false); - // user_pref("privacy.clearHistory.siteSettings", false); +user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); // [DEFAULT: true] + // user_pref("privacy.clearHistory.siteSettings", false); // [DEFAULT: false] +/* 2831: set manual "Clear History" items [FF136+] ***/ +user_pref("privacy.clearHistory.browsingHistoryAndDownloads", true); // [DEFAULT: true] +user_pref("privacy.clearHistory.formdata", true); /** SANITIZE MANUAL: TIMERANGE ***/ -/* 2840: set "Time range to clear" for "Clear Data" (2820) and "Clear History" (2830) +/* 2840: set "Time range to clear" for "Clear Data" (2820+) and "Clear History" (2830+) * Firefox remembers your last choice. This will reset the value when you start Firefox * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown, @@ -740,7 +700,7 @@ user_pref("privacy.sanitize.timeSpan", 0); user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); /* 4001: enable FPP in PB mode [FF114+] * [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/ - // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+] + // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true] /* 4002: set global FPP overrides [FF114+] * uses "RFPTargets" [1] which despite the name these are not used by RFP * e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone @@ -763,7 +723,6 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); add letterboxing (4504), spoof_english (4506), and webgl (4520). RFP is an all-or-nothing buy in: you cannot pick and choose what parts you want - [TEST] https://arkenfox.github.io/TZP/tzp.html [WARNING] DO NOT USE extensions to alter RFP protected metrics @@ -771,8 +730,8 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 1333651 - spoof User Agent & Navigator API - version: android version spoofed as ESR (FF119 or lower) - OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android + JS: spoofed as Windows 10, OS 10.15, Android 10, or Linux + HTTP Header: spoofed as Windows 10 or Android 10.15 until FF136 then matches JS spoof 1369319 - disable device sensor API 1369357 - disable site specific zoom 1337161 - hide gamepads from content @@ -867,7 +826,6 @@ user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false * Stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window * [SETTING] General>Tabs>Open links in tabs instead of new windows - * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3] /* 4513: set all open window methods to abide by "browser.link.open_newwindow" (4512) @@ -935,7 +893,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow * [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ // user_pref("browser.urlbar.autoFill", false); /* 5013: disable browsing and download history - * [NOTE] We also clear history and downloads on exit (2811) + * [NOTE] We also clear history and downloads on exit (2811+) * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ // user_pref("places.history.enabled", false); /* 5014: disable Windows jumplist [WINDOWS] ***/ @@ -1060,16 +1018,20 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6012: enforce Quarantined Domains [FF115+] * [WHY] https://support.mozilla.org/kb/quarantined-domains */ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] -/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ - // user_pref("accessibility.force_disabled", ""); - // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", ""); - // user_pref("geo.provider.network.url", ""); - // user_pref("geo.provider.network.logging.enabled", ""); - // user_pref("geo.provider.use_gpsd", ""); - // user_pref("network.protocol-handler.external.ms-windows-store", ""); - // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", ""); - // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", ""); - // user_pref("privacy.partition.serviceWorkers", ""); +/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF128+ ***/ + // user_pref("privacy.clearOnShutdown.cache", ""); + // user_pref("privacy.clearOnShutdown.cookies", ""); + // user_pref("privacy.clearOnShutdown.downloads", ""); + // user_pref("privacy.clearOnShutdown.formdata", ""); + // user_pref("privacy.clearOnShutdown.history", ""); + // user_pref("privacy.clearOnShutdown.offlineApps", ""); + // user_pref("privacy.clearOnShutdown.sessions", ""); + // user_pref("privacy.cpd.cache", ""); + // user_pref("privacy.cpd.cookies", ""); + // user_pref("privacy.cpd.formdata", ""); + // user_pref("privacy.cpd.history", ""); + // user_pref("privacy.cpd.offlineApps", ""); + // user_pref("privacy.cpd.sessions", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1151,7 +1113,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] // user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+] // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] - // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+] + // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true] // user_pref("privacy.query_stripping.enabled", true); // [FF101+] // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); @@ -1210,6 +1172,58 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan // user_pref("ui.use_standins_for_native_colors", ""); // user_pref("webgl.enable-debug-renderer-info", ""); +/*** [SECTION 8500]: TELEMETRY + Arkenfox does not consider Firefox telemetry to be a privacy or security concern - comments below. + But since most arkenfox users prefer it disabled, we'll do that rather than cause overrides. + + Opt-out + - Telemetry is essential: a browser engine is a _very_ large complex beast costing billions to maintain + - Opt-in telemetry _does not_ work and results in data that is unrepresentative and may be misleading + Choice + - Every new profile on first use provides data collection/use policy and the abillty to opt-out + - It can be disabled at any time (Settings>Privacy & Security>Data Collection and Use) + Data + - no PII (Personally Identifiable Information) + - can be viewed in about:telemetry + - uses Prio [1][2][3], Glean [4], Oblivious HTTP [5][6] + + [1] https://crypto.stanford.edu/prio/ + [2] https://hacks.mozilla.org/2018/10/testing-privacy-preserving-telemetry-with-prio/ + [3] https://blog.mozilla.org/security/2019/06/06/next-steps-in-privacy-preserving-telemetry-with-prio/ + [4] https://firefox-source-docs.mozilla.org/toolkit/components/glean/index.html + [5] https://firefox-source-docs.mozilla.org/toolkit/components/glean/user/ohttp.html + [6] https://blog.mozilla.org/en/tag/oblivious-http/ +***/ +user_pref("_user.js.parrot", "8500 syntax error: the parrot's off the twig!"); +/* 8500: disable new data submission [FF41+] + * If disabled, no policy is shown or upload takes place, ever + * [1] https://bugzilla.mozilla.org/1195552 ***/ +user_pref("datareporting.policy.dataSubmissionEnabled", false); +/* 8501: disable Health Reports + * [SETTING] Privacy & Security>Firefox Data Collection and Use>Send technical... data ***/ +user_pref("datareporting.healthreport.uploadEnabled", false); +/* 0802: disable telemetry + * The "unified" pref affects the behavior of the "enabled" pref + * - If "unified" is false then "enabled" controls the telemetry module + * - If "unified" is true then "enabled" only controls whether to record extended data + * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2] + * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html + * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ +user_pref("toolkit.telemetry.unified", false); +user_pref("toolkit.telemetry.enabled", false); // see [NOTE] +user_pref("toolkit.telemetry.server", "data:,"); +user_pref("toolkit.telemetry.archive.enabled", false); +user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+] +user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+] +user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] +user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter +user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] +/* 8503: disable Telemetry Coverage + * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ +user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] +user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] +user_pref("toolkit.coverage.endpoint.base", ""); + /*** [SECTION 9000]: NON-PROJECT RELATED ***/ user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!"); /* 9001: disable welcome notices ***/ @@ -1223,74 +1237,6 @@ user_pref("browser.urlbar.showSearchTerms.enabled", false); /*** [SECTION 9999]: DEPRECATED / RENAMED ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* ESR115.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable active ones -// FF116 -// 4506: set RFP's font visibility level (1402) [FF94+] - // [-] https://bugzilla.mozilla.org/1838415 - // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] -// FF117 -// 1221: disable Windows Microsoft Family Safety cert [FF50+] [WINDOWS] - // 0=disable detecting Family Safety mode and importing the root - // 1=only attempt to detect Family Safety mode (don't import the root) - // 2=detect Family Safety mode and import the root - // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 - // [-] https://bugzilla.mozilla.org/1844908 -user_pref("security.family_safety.mode", 0); -// 7018: disable service worker Web Notifications [FF44+] - // [WHY] Web Notifications are behind a prompt (7002) - // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ - // [-] https://bugzilla.mozilla.org/1842457 - // user_pref("dom.webnotifications.serviceworker.enabled", false); -// FF118 -// 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] - // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed - // In normal windows: uses the first applicable: RFP over TP over Standard - // In Private Browsing windows: uses the most restrictive between normal and private - // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts - // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc - // [-] https://bugzilla.mozilla.org/1847599 - // user_pref("layout.css.font-visibility.private", 1); - // user_pref("layout.css.font-visibility.standard", 1); - // user_pref("layout.css.font-visibility.trackingprotection", 1); -// 2623: disable permissions delegation [FF73+] - // Currently applies to cross-origin geolocation, camera, mic and screen-sharing - // permissions, and fullscreen requests. Disabling delegation means any prompts - // for these will show/use their correct 3rd party origin - // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion - // [-] https://bugzilla.mozilla.org/1697151 - // user_pref("permissions.delegation.enabled", false); -// FF119 -// 0211: use en-US locale regardless of the system or region locale - // [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] - // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 - // [-] https://bugzilla.mozilla.org/1846224 - // user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] -// 0711: disable skipping DoH when parental controls are enabled [FF70+] - // [-] https://bugzilla.mozilla.org/1586941 -user_pref("network.dns.skipTRR-when-parental-control-enabled", false); -// FF123 -// 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+] - // Defense-in-depth: currently covered by 0331 - // [-] https://bugzilla.mozilla.org/1868988 -user_pref("browser.ping-centre.telemetry", false); -// FF126 -// 9003: disable What's New toolbar icon [FF69+] - // [-] https://bugzilla.mozilla.org/1724300 -user_pref("browser.messaging-system.whatsNewPanel.enabled", false); -// FF127 - // 2630: disable content analysis by DLP (Data Loss Prevention) agents - replaced by default_result - // [-] https://bugzilla.mozilla.org/1880314 -user_pref("browser.contentanalysis.default_allow", false); -// 4511: enforce non-native widget theme - // Security: removes/reduces system API calls, e.g. win32k API [1] - // Fingerprinting: provides a uniform look and feel across platforms [2] - // [1] https://bugzilla.mozilla.org/1381938 - // [2] https://bugzilla.mozilla.org/1411425 - // [-] https://bugzilla.mozilla.org/1848899 -user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true] -// ***/ - /* ESR128.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable active ones // FF132 From 7f852e94fc80fd0aa19f1c948319974e3301187f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 21 Apr 2025 15:04:04 +0000 Subject: [PATCH 110/110] media.ondevicechange.enabled --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 58a0e1f..3434fc7 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 5-March-2025 + Last updated: 21-April-2025 Instructions: - [optional] close Firefox and backup your profile @@ -36,6 +36,7 @@ const aPREFS = [ /* DEPRECATED */ /* 129-140 */ + 'media.ondevicechange.enabled', // 137 'webchannel.allowObject.urlWhitelist', // 132 /* 116-128 */ 'browser.contentanalysis.default_allow', // 127